1 October 2019
BlueBox Group Privacy Policy
Respecting Your Choice
Your privacy matters, and BlueBox Group respects that. We treat your personal information with the utmost care and adopt strict practices to protect your privacy. The way we carry out this responsibility is defined in the BlueBox Group Privacy Policy, which describes how BlueBox Group subscribes to the principles and requirements of the Personal Data Protection Act 2012 (PDPA).
Personal Data refers to any information about you from which you can be identified. Examples include your personal particulars, billing and payment details, and other information about your use of our products, services or websites.
We will continue to review this Policy and all privacy-related information made publicly available by BlueBox Group, to ensure it is relevant and remains current with changing technologies, laws and regulations, and the evolving needs of BlueBox Group.
Definitions
For the purposes of this Policy, the following capitalised terms, unless elsewhere defined in this Policy, shall have the following meanings:
“Act” | means the Personal Data Protection Act, in force as at the date of this Policy. |
“DPO” | means data protection officer(s) appointed by BlueBox Group pursuant to the Act. |
“Laws” | means the Act, other Statutes, regulations made thereunder and any other applicable laws, regulations, guidelines, directives, codes of practice or, where the context so requires the order or other lawful request made by any Public Agency. |
“BlueBox Group of Companies or BlueBox Group” | means BlueBox Group Private Ltd and/or its subsidiaries. |
“Policy” | means this BlueBox Group Protection Policy, as may be amended or supplemented by BlueBox Group in its discretion from time to time. |
“Person” | means any individual to whom the Act applies, and includes an individual customer, prospective customer and any past or present user of our Services but excludes any corporate entity (including corporate customers) and any other entity that is excluded under the Act. |
“Personal Data” |
means personal data of a Person that BlueBox Group generally collects, uses or discloses which includes the following: (a) Contact information, including name, address, telephone number and e-mail address and/or other identification information; (b) Billing information, including payment details, credit history, credit card number, bank account, NRIC, passport or other equivalent identification number; (c) Your preferences; (d) Information from other organisations which include fraud prevention agencies, credit reference agencies we believe you may have authorised to provide your personal details on your behalf; PROVIDED ALWAYS that the Person can be identified from such data. |
“Premises” | means BlueBox Group’s offices. |
“Public Agency” | means any Government body, including any ministry, department, agency (including law enforcement agencies), or organ of State, any judicial or quasi-judicial body or disciplinary, arbitral or mediatory body appointed under any written law in Singapore or any statutory body established under a public Act for a public function that is so appointed by the Minister by notification in the Gazette for the purposes of the Act. |
“Services” | means the services as may be offered by BlueBox Group or third parties (through BlueBox Group) to Persons including any updates, upgrades, re-contracting and/or renewals thereto. |
Applicability
The scope and application of this Policy is as follows:
- This Policy applies to entities within BlueBox Group that is (a) offering Services, and (b) collecting, using or disclosing the Personal Data; to the extent as may be required by the Act;
- This Policy covers all practices regarding Personal Data;
- This Policy applies to all Persons. The Person who holds the account with the relevant entity within BlueBox Group must ensure that all end users under the same account understand and agree to this Policy;
- The application of this Policy is subject to applicable Laws, and to the extent that any Laws pre-existing the Act apply, such pre-existing Laws may supersede the applicability of the Act in the event of inconsistency, to the extent stipulated under the Act;
- This Policy does not supersede or replace any earlier consents you may have provided to BlueBox Group, and this Policy supplements all such pre-existing consents concerning the collection, disclosure and/or use of your Personal Data;
- References to the male gender include a reference to the female gender;
- References to the singular include a reference to the plural as the context so requires;
Policy Provisions
1. | Data Protection Officers |
1.1 | The DPO has been appointed to oversee compliance with the Act. Other employees within BlueBox Group may be delegated to act on behalf of the DPO or to take responsibility for the day-to-day collection and processing of Personal Data. |
1.2 |
BlueBox Group shall make known, upon request, the title of the person or persons designated as DPO. The DPO may be contacted at: Email: dpo@bluebox.com.sg |
2. | Collection of Personal Data |
2.1 |
Personal Data may be collected from you in the following ways:
|
2.2 | Unless permitted by Laws, BlueBox Group shall not collect Personal Data without the consent of the Person. |
2.3 | All Persons warrant and represent to BlueBox Group that Personal Data which he discloses to BlueBox Group, or to another entity that subsequently provides it to BlueBox Group, is accurate and complete. |
2.4 | A Person who volunteers Personal Data of another person to BlueBox Group also warrants and represents to BlueBox Group that he/is authorised by such other person to disclose such Personal Data to us, and that such Personal Data is accurate and complete. |
2.5 | The collection of your Personal Data is necessary for BlueBox Group to provide you with the Services. If you are unable to provide the Personal Data, BlueBox Group is unable to provide the Services requested by you. |
3. | Purposes for Collection, Use and Disclosure of Personal Data |
3.1 |
Depending on the Services which you subscribe to, your Personal Data may be collected, used and/or disclosed for the following purposes:
|
3.2 |
Your Personal Data will be disclosed for the purposes indicated below to our officers and employees, third parties, service providers, advisors, which includes without limitation, the following persons or entities:
Where this involves the transfer of your Personal Data outside Singapore, we will comply with the Act and take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the Act. |
3.3 | Unless permitted by Laws, BlueBox Group shall not use or disclose the Personal Data for any other purpose, without first identifying and documenting the other purpose and obtaining the consent of the Person. |
3.4 | Upon request by a Person, our employees collecting Personal Data shall explain this Policy. |
4. | Deemed Consent |
4.1 |
Persons are deemed to have given their consent for the collection, use and disclosure of Personal Data in the following circumstances: (a) When the Person voluntarily provides his Personal Data to us; (b) When the Person is aware of the purposes for which he is providing his Personal Data to us; (c) It is reasonable for the Person to have provided the Personal Data to us in the circumstances; and (d) In any other circumstances where consent is deemed under the Act. |
5. | Limiting Collection, Use and Disclosure of Personal Data |
5.1 | BlueBox Group collects Personal Data primarily from Persons who are our customers (including prospective customers). The collection of Personal Data is limited to that which is necessary for the identified purposes. |
5.2 | Unless permitted by Laws, BlueBox Group will not disclose Personal Data to other persons or entities for the advertising, promotion or marketing of such other party’s products and services, and BlueBox Group will not sell for payment the Personal Data to anyone for any marketing purpose; without your consent. |
6. | Retention of Personal Data |
6.1 | BlueBox Group will collect, and retain Personal Data via the procedures described in this Policy and/or other reasonable controls and practices at BlueBox Group’s discretion, for as long as such Persons remain our customers and for as long as it is necessarily required or relevant for business or legal purposes. |
7. | Withdrawal of Consent |
7.1 | Persons are able to withdraw their consent to our continued use and disclosure of Personal Data as described in this Policy at any time. Such withdrawal should be made formally in writing to the DPO. We shall process your withdrawal request within a reasonable time (depending on the complexity of the request and its impact on our relationship with you), and in any event no later than within ten (10) business days of receiving your request. |
7.2 | If consent is withdrawn, the Person acknowledges that BlueBox Group may no longer be able to provide the Services. Accordingly, BlueBox Group may, insofar as such consent is integral to the provision of the Services, cease to provide the Services to the Person. Notwithstanding any withdrawal of consent, (a) unless otherwise agreed by BlueBox Group, Persons will still be bound by their contract(s) for Services with the relevant entity in BlueBox Group, and should the Person choose to terminate the relevant contract(s), early termination charges and other charges, penalties or contractual consequences may apply in accordance with the contract(s) or under Laws and BlueBox Group reserves its rights thereof, and (b) BlueBox Group has the right to terminate the contracts in its discretion, without liability to the Person. |
7.3 | Persons may write in to the DPO at dpo@bluebox.com.sg for more information regarding the implications of withdrawing consent. |
8. | Protection of Personal Data |
8.1 | To the extent required by the Act, BlueBox Group shall protect Personal Data in its possession or under its control against risks of unauthorised access, collection, use, disclosure, copying, modification, disposal or destruction, through reasonable and appropriate security measures. |
9. | Accuracy and Correction of Personal Data |
9.1 | To the extent required by the Act, BlueBox Group will use reasonable efforts to ensure that the Personal Data it uses is sufficiently accurate and complete to minimise the possibility that incorrect Personal Data may be used to make a decision that impacts the Person to whom the Personal Data relates, or if such Personal Data is likely to be disclosed to a third party. However, you acknowledge that there may be circumstances where BlueBox Group is entitled to assume such accuracy and completeness, in accordance with Laws. |
9.2 | We encourage Persons to inform us when there are any changes to the Personal Data which they have provided to BlueBox Group, so as to ensure that we have the most current, accurate and complete information. Upon request by a Person, BlueBox Group may, in accordance with the Act, correct or complete any Personal Data found to be inaccurate or incomplete as soon as practicable. Any unresolved differences as to accuracy or completeness of Personal Data shall be noted in the Person’s records. Save as otherwise required under the Act, the Person may only correct any Personal Data which the Person has provided to BlueBox Group. BlueBox Group reserves the right to not correct Personal Data where permitted under the Act. |
9.3 | We will respond to your correction request as soon as reasonably possible, and in any event no later than within ten (10) days of receiving the request. You may contact our DPO at dpo@bluebox.com.sg to request a correction. |
10. | Access to Personal Data |
10.1 | To the extent required by the Act, upon request, BlueBox Group shall provide a Person with an account of his Personal Data which is in BlueBox Group’s possession or control. Such information requested for shall be provided within a reasonable time (and in any event no later than within thirty (30) days) and at reasonable cost to the individual. |
10.2 | To the extent required by the Act, upon request by a Person, BlueBox Group shall provide information relating to how the Person’s Personal Data has been or may have been used or disclosed within a year before the date of such request. BlueBox Group may also provide a standard list of possible third parties as part of its response to all access requests for information relating to the disclosure of Personal Data during such period, and the same shall suffice as performance of BlueBox Group’s obligation in respect thereof. Such information requested for shall be provided within a reasonable time and at reasonable cost to the individual. |
10.3 | Subject to the Act, BlueBox Group may not be able to provide access to all of the Personal Data that they hold about a Person. For example, BlueBox Group may not provide access to Personal Data if such provision could reveal Personal Data about another person, if such information is subject to legal privilege or if such provision will be contrary to national interest. If access to Personal Data cannot be provided, the reasons for denying access will be provided upon request, to the extent permitted under Laws. |
10.4 | Persons may seek access to their Personal Data by writing in to the DPO at dpo@bluebox.com.sg |
11. | Procedures and Practices |
11.1 |
BlueBox Group has implemented the following procedures to give effect to this Policy:
|
12. | General |
12.1 | BlueBox Group may revise and/or amend and/or supplement this Policy at its discretion from time to time. Such changes will be published on this website. Persons are advised to check back periodically to ensure that they are aware of any such changes. To the fullest extent permissible under Laws, you agree to be bound by the prevailing terms of this Policy. |
12.2 | To the fullest extent permitted under Laws, BlueBox Group cannot be responsible for a third party’s acts, omissions, data policies or their use of cookies, nor the content or security of any third party websites, even if linked to BlueBox Group’s website, and any such liability is expressly disclaimed and excluded. |
12.3 | For more information on the Personal Data Protection Act 2012 or to contact the Personal Data Protection Commission (PDPC) please visit http://www.pdpc.gov.sg/ |