PRIVACY POLICY
This privacy policy (“Policy”) sets out the basis on which RIMM SUSTAINABILITY PTE. LTD. (Company Registration No.: 201731339Z) (“we”, “our” or “us”, and together with our subsidiaries, holding company, or subsidiaries of our holding company from time to time, the “Rimm Group”) collect Personal Data (as defined below) from you and how such Personal Data is used, disclosed and/or retained by us.
By using, visiting and/or accessing our website (“Website”), and/or accessing any of the products or services available on our Website, the platform thereon (“Platform”) and/or in any other circumstances as we may from time to time indicate, you are deemed to have agreed to the terms of this Policy and to have consented to us (as well as our representatives and/or agents) collecting, using, disclosing and/or otherwise processing your Personal Data in accordance with the terms of this Policy.
We may update this Policy from time to time without notice, to ensure that it is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements. Such changes shall apply from the time the updated Policy is posted on our Website. Your continued use of our Website, Platform and/or services after any changes to this Policy will be taken as acceptance of the updated Policy, but we will seek your fresh consent before we collect more Personal Data from you or if we wish to use or disclose your Personal Data for new purposes, and will only do so if and when your consent is obtained. It is your responsibility to check this Policy regularly for any updated information on the handling of your Personal Data.
This Policy forms part of the terms and conditions governing your relationship with us and should be read in conjunction with any other terms and conditions applicable to your access of our Website and/or Platform and/or the use of any of our services.
1. DEFINITIONS
In this Policy, unless the context otherwise requires:
“Applicable Data Protection Laws” means the Personal Data Protection Act 2012 of Singapore, the General Data Protection Regulation (Regulation (EU) 2016/679) (as may be applicable) and any other applicable data protection laws of the applicable governing jurisdiction.
“Personal Data” means data, whether true or not, about an individual who can be identified (i) from that data; or (ii) from that data and other information to which we have or are likely to have access.
2. COLLECTION OF PERSONAL DATA
Depending on the nature of your interaction with us, we may collect and process the following Personal Data about you:
(a) Information you give us – Information that you provide us (which may include your name, passport or other identification number, address, e-mail address, telephone number, credit card information, billing address, bank account information, employment details, methods of payment used where payment is made through our Website and/or Platform, and other personal descriptions) by filling in forms on our Website and/or Platform, or by corresponding with us (by phone, e-mail or otherwise), for example when you:
(i) register for an account with us on our Website and/or Platform;
(ii) report any problem to us;
(iii) use certain features on our Website and/or Platform;
(iv) request any support from us;
(v) provide us with information via e-mail;
(vi) complete any survey or questionnaire we send you;
(vii) subscribe to our newsletters or mailing lists (if any);
(viii) provide us with comments or suggestions;
(ix) request for information about our Platform or services; or
(x) contact us via phone, e-mail or other forms of communication.
(b) Information we collect about you – Information automatically collected when you visit our Website, for example:
(i) technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet and your log-in information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(ii) details of any transactions, purchases and payments you made on our Website; and
(iii) information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
For the avoidance of doubt, the Singapore National Registration Identification Card (NRIC) number will only be collected, used and/or disclosed if necessary and only in accordance with the guidelines set out by the Personal Data Protection Commission of Singapore.
3. PURPOSES FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
3.1. Generally, we collect, use and/or disclose your Personal Data for the following purposes:
(a) providing, operating and administering our Website, Platform and/or services, which shall include the maintenance, servicing and termination of any accounts registered with our Platform;
(b) processing applications for the use of our Website, Platform and/or services, including the facilitation execution or administration of any transaction(s) requested and/or authorized by you;
(c) improving, enhancing and developing our Website, Platform and/or services;
(d) researching, designing and launching new features or products;
(e) managing, administering or presenting content and information on our Website and/or Platform in the most effective manner for you and for the device you use;
(f) providing you with alerts, updates, materials or information about our services or other types of information that you requested or signed up to;
(g) maintaining and administering any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Website, Platform and/or services;
(h) carrying out our contractual obligations arising from contracts entered into between you and us and for the enforcement of our legal or contractual rights;
(i) collecting overdue amounts;
(j) verifying your identity so as to ensure the safety and integrity of the transactions made through our Platform (including through any payment processor);
(k) monitoring electronic communications and calls for management quality control and training;
(l) where applicable, for legal and compliance purposes under applicable local and foreign laws and regulations that include the conduct of due diligence procedures for opening of accounts and ongoing monitoring purposes, the monitoring and compliance procedures that are in line with internal risk management procedures, audit/financial accounting and for management reporting purposes;
(m) complying with any applicable legislation, law, regulations, codes of practice and rules, including where information is to be disclosed to law enforcement agencies and other relevant authorities for investigations, crime prevention and detection purposes;
(n) preventing and/or detecting fraudulent behavior or transactions, or potential illegal or criminal activity, as part of our efforts to keep our Platform safe and secure;
(o) responding or taking part in legal proceedings, including seeking professional advice;
(p) for direct marketing purposes (please see further details in Clause 3.2 below);
(q) communicating with you and responding to your questions or requests;
(r) storing, hosting or backing up (whether for disaster recovery or otherwise) of your Personal Data, whether within or outside of your jurisdiction;
(s) dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves us as a participant or involves one or more of our related corporations or affiliates as participant(s), and there may be other third party organizations who are participants in such transaction. A “business asset transaction” refers to the purchase, sale, lease, merger, amalgamation or any other acquisition, disposal or financing of an organization or a portion of an organization or of any of the business or assets of an organization;
(t) for internal operations, including troubleshooting and data analysis to learn about and understand the behavior and preferences of users, testing, research, statistical and survey purposes to identify products or services which we might offer to existing and future users; and/or
(u) any other purposes which are reasonably related to the above or which we notify you of at the time of obtaining your consent.
3.2. We may use your Personal Data in direct marketing (i.e. offering or advertising products or services by sending the relevant information directly to you). Where we are required to do so, we will obtain your consent before using your Personal Data for direct marketing. If you prefer not to receive our direct marketing communications and/or not to have your Personal Data shared among the members of the Rimm Group for the purpose of marketing, you can have your name deleted from our direct marketing and/or shared information lists by clicking ‘unsubscribe’ at the footer of our e-mails or submitting a request to our Data Protection Officer at the contact details provided below.
3.3. We are legally required to process your Personal Data only for certain permitted purposes, and confirm that we only carry out processing: (a) with your consent; (b) in line with our legitimate business interests; (c) to comply with a legal or regulatory obligation; and/or (d) pursuant to a contract in place between us and you.
3.4. If we need to collect, use and/or disclose your Personal Data for additional purposes, unless excepted by law, we will inform you of the new purposes and seek prior consent from you before your Personal Data will be collected, used and/or disclosed by us.
4. DISCLOSURE OR TRANSFER OF PERSONAL DATA
4.1. In order to provide you with effective and satisfactory services and products, we may, subject to the Applicable Data Protection Laws, disclose and/or transfer your Personal Data to our third party service providers, agents, affiliates or related corporations, and/or other third parties, which may be located in Singapore or outside of Singapore, for one or more of the above-stated purposes. Such third party service providers, agents, affiliates or related corporations, and/or other third parties would be processing your Personal Data either on our behalf or otherwise, for one or more of the above-stated purposes. We endeavor to ensure that the third parties and our affiliates keep your Personal Data secure from unauthorized access, collection, use, disclosure, processing or similar risks and retain your Personal Data only for as long as your Personal Data is needed for the above-mentioned purposes. Such third parties include, without limitation:
(a) any member of the Rimm Group;
(b) personnel, agents, advisers, auditors, contractors, financial institutions, and third party service providers in connection with our operations or services (for example, staff engaged in the fulfilment of your order, the processing of your payment and the provision of support services);
(c) vendors and other third party service providers in connection with promotions, online campaigns, products and services offered by the Rimm Group;
(d) our overseas offices, affiliates, business partners and counterparts (on a need-to-know basis only);
(e) persons under a duty of confidentiality to us;
(f) credit bureaus and credit reporting agencies;
(g) our professional advisers such as financial advisors, auditors and lawyers;
(h) relevant regulatory bodies, government agencies, statutory boards, administrative bodies, authorities or law enforcement agencies to comply with any court orders, requirements of legal authorities, laws, rules, guidelines and regulations or schemes to which the Rimm Group may be subject, whether situated locally or overseas;
(i) a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by us about our users is among the assets transferred; or to a counterparty in a business asset transaction that we or any of our affiliates or related corporations is involved in; and
(j) persons to whom we are required to make disclosure under applicable laws and regulations in or outside of Singapore.
4.2. Where there is a necessity to transfer any of your Personal Data to a country or territory outside of Singapore, we endeavor to do so in accordance with the requirements of the Applicable Data Protection Laws, to ensure that the standard of protection applied to the transferred data is adequate and comparable to the protection under the Applicable Data Protection Laws, and where necessary, subject to appropriate safeguards.
5. COOKIES
5.1. Our Website and Platform uses cookies and similar technologies. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website.
5.2. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree to the use of cookies. Cookies contain information that is transferred to your computer’s hard drive.
5.3. We use persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Website or a partner website that uses our services. Session cookies only last for as long as the session (usually the current visit to a website or a browser session).
5.4. We use the following cookies:
(a) Strictly necessary cookies – These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
(b) Analytical/performance cookies – They allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
(c) Functionality cookies – These are used to recognize you when you return to our Website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
(d) Targeting cookies – These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the information displayed on it more relevant to your interests.
5.5. Cookies may be erased when you exit our Website or close the browser. Other cookies are saved on your device for your next visit. You can delete all cookies placed by our Website on your device at any time. You can also set your browser to prevent all cookies from being placed by our Website or to provide you with a warning before a cookie is placed. However, please note that some functionalities of our Platform may not work if all cookies are rejected. Please check your browser’s instructions or help screen to learn more about these functions. You can also find more information about cookies, how we use them and how to manage cookie preferences by clicking ‘Cookies’ and ‘Cookies Preferences’ on our Website or visiting https://rimm.io/cookies-notice/.
5.6. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, which we do not have any control over. These cookies may include analytical/performance cookies and targeting cookies.
6. CONSENT
6.1. Generally, when we request for your Personal Data in the course of providing a service or product to you, and where you provide us with such Personal Data, there is implied consent that you agree to provide us with your Personal Data in order that we may provide you with the requested service or product.
6.2. In some circumstances and as required by the Applicable Data Protection Laws, we will seek your express consent when collecting your Personal Data. This is particularly where fresh consent is required for a new purpose in which your Personal Data will be used.
6.3. You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the above-mentioned purposes at any time by submitting your request via e-mail to our Data Protection Officer at the contact details provided below.
6.4. If you have consented or signed up to receive marketing or promotional materials, you may withdraw your consent at any time and request us to stop sending you marketing or promotional materials or to stop using your Personal Data for any other marketing or promotional activities by submitting your request via e-mail to our Data Protection Officer at the contact details provided below. However, please note that we may require some time to process your withdrawal request. During this period of time, you may still receive marketing or promotional materials or communications from us.
6.5. Please note that depending on the nature and scope of your request for withdrawal of consent, this may (materially or otherwise) affect the way in which we are able to provide our Platform, services and/or products to you.
7. ACCESS
7.1. You are entitled to certain access rights to your Personal Data. Should you wish to make a request, you may contact us by submitting your request via e-mail to our Data Protection Officer at the contact details provided below. We will inform you should we be unable to accede to your request for any reason.
7.2. Kindly note that we may charge an administrative fee in connection with any requests made for accessing your Personal Data. We will notify you of such administrative fees (if any) in advance.
8. ACCURACY AND CORRECTION OF PERSONAL DATA
We will endeavor to ensure the accuracy and completeness of the Personal Data you provide to us and/or update your Personal Data associated with your account on our Platform. However, we will also require you to provide us with accurate, up-to-date and complete information. In order to ensure that the Personal Data that we maintain is accurate, up-to-date and complete, you may at any time send our Data Protection Officer requests to correct, amend or update your Personal Data by submitting your request via e-mail to our Data Protection Officer at the contact details provided below.
9. SECURITY OF PERSONAL DATA
9.1. The security of your Personal Data is our utmost priority. We will implement appropriate technical and organizational measures to safeguard your Personal Data, for example:
(a) access to your account is controlled by a password of your choice and which you are responsible for maintaining the security of;
(b) all Personal Data you provide to us is stored on our secure servers;
(c) any payment transactions will be encrypted using Transport Layer Security (TLS) or Secure Socket Layer (SSL) technology;
(d) we restrict access to Personal Data to our employees, service providers and contractors on a strict need-to-know basis and ensure that those persons are subject to contractual confidentiality obligations; and
(e) we review our Personal Data collection, storage and processing practices from time to time to guard against unauthorized access, processing or use.
9.2. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Website and/or Platform, you are responsible for keeping this password confidential. We ask you not to share this password with anyone. If you lose control of your password, you may lose substantial control over your Personal Data and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately notify us and change your password.
9.3. We will never ask for your password by phone or e-mail, so if you receive such an inquiry, please report the incident to our Data Protection Officer.
9.4. If you access our Website and/or Platform from a shared computer or a computer in an internet cafe, a PC room or a library, certain information about you, such as your user ID, activity or reminders from our Website and/or Platform, may also be visible to other individuals who use the computer after you. To protect your Personal Data from being disclosed to others, you should log out and close the web browser after using our Website and/or Platform.
9.5. While we have put in place measures to safeguard your Personal Data, you acknowledge and agree that the transmission of information via the Internet is not completely secure and, for this reason, we cannot guarantee the security or integrity of any Personal Data that is transferred from you or to you via the Internet. Any transmission of information via the Internet will be at your own risk.
9.6. In the event that there is a security breach involving your Personal Data, we will endeavor to take all reasonable steps to contain the breach, and notify you and the relevant supervisory authorities of the incident as soon as reasonably practicable in accordance with the Applicable Data Protection Laws.
10. RETENTION OBLIGATIONS
10.1. We will retain and use your Personal Data for so long as is necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory and internal requirements.
10.2. To determine the appropriate retention period for the Personal Data we hold, we will consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorized use or disclosure of your Personal Data, the reasons why we handle your Personal Data, whether we can achieve those purposes through other means, and the Applicable Data Protection Laws.
10.3. We will ensure that your Personal Data is destroyed or removed from our records and/or anonymized so that it no longer contains personally identifiable information when we have reasonably determined that: (a) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; (b) retention is no longer necessary for any legal or business purposes; and (c) no other legitimate interests warrant further retention of such Personal Data. If you cease using our Website and/or Platform, or your permission to use our Website, Platform and/or services is terminated or withdrawn, we may continue storing, using and/or disclosing your Personal Data in accordance with this Policy and our obligations under the Applicable Data Protection Laws. Subject to the Applicable Data Protection Laws, we may securely dispose of your Personal Data without prior notice to you.
10.4. Where we anonymize your Personal Data so that it can no longer be associated with you, we may retain and use such information indefinitely without further notice to you.
11. THIRD-PARTY SITES
11.1. Our Platform, Website and/or communication with you may, from time to time, contain links to websites of our partner networks, advertisers, affiliates, third-party service providers and/or other third parties, over which we have no control.
11.2. If you follow a link to any of these websites, please note that they have their own privacy policies. We encourage you to read the privacy policies or statements of these websites to understand your rights. We accept no responsibility or liability for your access to third-party websites, for these privacy policies or for any Personal Data that may be collected from you through these websites or services.
12. CONTACT DETAILS
12.1. Our Data Protection Officer is responsible for taking reasonable endeavors to protect Personal Data and preventing unauthorized disclosure. Our Data Protection Officer is not responsible for damage or loss of information due to unexpected incident due to hacking or other risks inherent to the network that may occur despite technical safeguards.
12.2. If you have any questions, comments or requests regarding Personal Data, please contact our Data Protection Officer by e-mail at dataprotection@rimm.io. Please note that you also have the right to lodge a complaint about the way we handle or process your Personal Data with the relevant supervisory authorities.
Last updated: 01 September 2023