STASH NEXTGEN PERSONAL DATA PROTECTION POLICY
STASH NextGen Pte. Ltd. (“Stash”) is committed to the protection of your personal data. Stash collects, uses, discloses and retains your personal data in accordance with the Personal Data Protection Act 2012 (“PDPA”) and our own policies and procedures.
The purpose of this Data Protection Policy (“Policy”) is to inform you how Stash collects, uses, discloses and retains personal data. This Policy as part of our on-going commitment to the protection of your personal data.
When we act as a data processor on behalf of another controller, we collect, use, and disclose certain personal data only under the controller’s instruction, and our processing of your personal data is subject to their instructions and privacy policies.
In this Policy, personal data refers to data, whether true or not, about an individual who can be identified from:
- that data; or
- that data and other information to which Stash has, or is likely to have, access.
Where we collect your personal data to comply with law, or to enter into or perform an agreement with you, we will inform you at the time of such data collection. If we cannot collect this data, we may be unable to on-board you as a client or provide products or services to you.
The objectives of this Policy are to:
- provide a set of privacy and personal data protection standards that govern our procedures and protect the privacy of your personal data;
- demonstrate our on-going commitment to protecting your privacy and addressing any privacy concerns that you might have;
- describe the ways in which we collect, use, disclose and retain your data;
- ensure that we comply with the PDPA; and
- facilitate our compliance with any further developments in the protection of personal data.
2. Personal Data Protection Act 2012 (“PDPA”)
This information sets out how we collect, use, disclose and retain your personal data in accordance with the PDPA and how we administer this Policy.
3.1. Consent Required
3.1.1. Stash shall not collect, use, or disclose your personal data unless:
- you give, or are deemed to give, consent to the collection, use or disclosure of your personal data; or
- the collection, use, or disclosure of your personal data without your consent is required or authorised under the PDPA or written law.
We do not sell your personal data to third-parties.
3.2. Provision of Consent
3.2.1. Stash shall not, as a condition of providing a product or service to you, require you to consent to the collection, use or disclosure of your personal data beyond what is reasonable to provide the product or service to you.
3.3. Deemed Consent
3.3.1. You are deemed to consent to the collection, use or disclosure of your personal data for a purpose if:
- you voluntarily provide your personal data to Stash for that purpose, albeit without actually expressly providing your consent; and
- it is reasonable that you would voluntarily provide the data; or
- you create an account with us and use our loyalty system.
3.3.2. Stash collects information about you when you sign up for an account, when using the mobile application, and when you visit pages on our websites. Stash may also collect information about you from other public websites or social networks. When you register with us, you are not anonymous to us. Page visits or mobile application usage may also store information about your computer or mobile phone configuration. This may include, for example, your IP address, location, the screens you have viewed, cookie information, and page requests
3.3.3. You are deemed to consent to share your information with merchants listed on the Stash system or any new merchant that may subscribe to Stash subsequent to your use.
3.3.4. If you subscribe to our newsletters, we will use your name and email address to send them to you. You may choose to stop receiving our newsletter or marketing emails at any time by following the unsubscribe instructions included in these emails or accessing the email preferences in your account.
3.3.5. You consent to the placement of Cookies on your computer or mobile device created as a result of your use of or mobile application or web sites. Cookies are small files with a unique identifier that are transferred to your browser through our websites. These technologies allow us to collect information such as browser type, time spent on our websites, pages visited, language preferences, and your relationship with us. We can use this information to analyse trends, administer the website(s), track users’ movements around the website, measure the effectiveness of our communications, tailor our advertising to you, and gather demographic information about our user base as a whole. These technologies may provide us with information about devices and networks you utilise to access our services, and other information regarding your interactions with us and the services we offer.
3.3.6. Subject to local law restrictions, we may disclose certain information (such as your email address) with third parties – such as Facebook so that we can better target ads and content to our users, and others with similar interests on these third parties’ platforms or networks (“Custom Audiences”). We may also work with third-party ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. Out websites may include social media features, such as the Facebook “Like” button, either hosted by a third-party or hosted directly on our website (“Widgets”). Please refer to the privacy policies of the relevant third-party websites or services to find out more about the collection, use, and disclosure of your information through such features. We will comply with any legal obligations placed on the use of these technologies by certain jurisdictions, which may affect how these Widgets function.
3.4. Withdrawal of Consent
3.4.1. On providing reasonable notice to Stash, you may at any time withdraw any consent given, or deemed to be given, in respect of the collection, use or disclosure of your personal data by Stash for any purpose.
3.4.2. You may submit the withdrawal of consent via mail, email, or by selecting the provided options in our application.
3.4.3. On receipt of such notice, Stash shall inform you of the likely consequences of withdrawing your consent.
3.4.4. Please allow up to 30 days for Stash to process and update your request if delivered by mail or email. You may still receive marketing messages and other product information from Stash within these 30 days while we process your request.
3.4.5. Stash shall not prohibit you from withdrawing your consent to the collection, use or disclosure of your personal data.
3.4.6. If you withdraw your consent, then Stash shall cease collecting, using or disclosing your personal data unless otherwise required under the PDPA or other written law.
4. Purpose Limitation Obligation
4.1. Limitation of Purpose
4.1.1. Stash shall collect, use or disclose your personal data only for purposes:
- that a reasonable person would consider appropriate in the circumstances; and
- where you have been informed in accordance to clause 3.2 of this Policy, to the extent applicable.
4.1.2. Stash may use your personal data to help make changes to the service to better serve you and our users. We also use the information to customise content on the site or in our mobile applications to match offers to you to provide you better service.
4.2. Notification of Purpose
4.2.1. Stash shall provide you with the following information whenever we seek to obtain your consent to the collection, use or disclosure of your personal data, except under circumstances where your consent is deemed or is not required:
- the Stash Terms and Conditions of Use on sign-up or before collecting your personal data;
- any other purpose(s) for the use of your personal data of which you have not been informed under clause 3.2.1 of this Policy, before the use or disclosure of your personal data for that purpose; and
- on request by you, the contact details of the Stash Data Protection Officer who can answer your questions about collection, use or disclosure of your personal data.
4.3 Personal Data and Business Partners
4.3.1 In accordance with clause 3.3, information may be shared with merchants. Stash does not assume liability or responsibility of how the information is used by the merchant.
5. Accessing and correcting your personal data
5.1. Access to Your Personal Data
5.1.1. On your request, and subject to the restrictions set forth in the PDPA, Stash shall, as soon as reasonably possible, provide you with:
- your personal data that is in retained by or controlled by Stash; and
- information about the ways in which your personal data has or may have been used or disclosed by Stash within a year before the request.
5.2. Correction of Your Personal Data
5.2.1. You may request Stash correct an error or omission in your personal data that is under control or possession by Stash. Unless Stash is satisfied on reasonable grounds that a correction should not be made or the law states otherwise, Stash shall:
- correct your personal data as soon as practicable; and
- send your corrected personal data to every organisation to which your personal data was disclosed by Stash within a year before the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
5.2.2. Stash is not required to correct or alter an opinion, including professional or an expert opinion.
6. International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as Singapore, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
7. Protection Obligation
Stash shall protect personal data in its possession or control by making reasonable security arrangements such as encryption to prevent unauthorised access, collection, use, disclosing, copying, modification, disposal or any other similar risks.
The security of your personal data is important to us. We have implemented safeguards designed to protect the personal data submitted to us. Please note that no data transmission over the internet cannot be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any personal data that we process.
Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Policy, so we encourage individuals to read them before using those websites.
8. Retention Limitation
Stash shall cease to retain your personal data, or remove the means by which your personal data can be associated with you, as soon as it is reasonable to assume that:
- the purpose for which your personal data was collected is no longer being served by retention of your personal data; and
- retention is no longer necessary for legal or business purpose.
9. Transfer Limitation Obligation
Stash shall not transfer your personal data outside of Singapore except in accordance with the requirements of the PDPA.
10. Complaint Handling Procedure
10.1. Should you be unhappy with our treatment of your personal data or you believe there has been a breach of this Policy, please contact the Stash Data Protection Officer (details in clause 13 below) and clearly set out the nature of your concern.
10.2. Complaints may be initially made orally, or in writing. Where a complaint is made orally, you must confirm the complaint in writing as soon as possible. If you require assistance in lodging your complaint, please contact us.
10.3. Your complaint will be reviewed and you will be provided with a written response within 15 working days.
11. Compliance with this Policy
11.1. Stash implements this Policy through the use of proper procedures and staff training to ensure compliance with this Policy.
11.2. We ensure that our employees and any representatives who deal with personal data are aware of the standards of this Policy.
11.3. Stash requires that all of its employees and representatives with access to personal data maintain confidentiality concerning that personal data. We implement that requirement through appropriate contractual terms and internal policies.
11.4. Our procedures for handling personal data are developed to implement the standards of this Policy. Stash trains its employees in the proper conduct of those procedures that are relevant to their duties.
12. Review of the Stash Data Protection Policy
12.1. Stash ensures that this Policy remains current and continues to fulfil its objectives. This is achieved through periodical reviews, having regards to:
12.1.(a) the need to actively consider privacy and data protection issues as new products and services are developed or offered;
12.1.(b) any guidance issued in relation to PDPA; and
12.1.(c) any changes to PDPA.
12.2. Stash will provide a notification on our website when this Policy has been updated or changed.
13. Contact us
For further information about this Policy or to access our complaint handling procedures, please address your correspondence to:
STASH NextGen Pte. Ltd. Data Protection Officer