1 WHAT INFORMATION DO WE COLLECT?
1.1 In order to provide and operate the Services, we may collect, store, and process the following information: 1.1.1 personal information, being information about an identifiable individual such as the individual's full legal name, date of birth, driver's license number, passport number, marital status, postal or residential address, email address, telephone number, nationality, income, bank account details, and taxation details; 1.1.2 accounting and financial information relating to your investment portfolios; and 1.1.3 non-identifiable information relating to your use of the Services such as device-related information (browser type, IP (internet protocol) address), and server log information (date and time of day of your visit and pages you accessed). We also collect information that you input into the Website while accessing CBIPAY. 1.1.4 Any personal financial information you wish to disclose to enable us providing relevant financial services for you.
2 USES MADE OF THE INFORMATION
2.1 The purposes for which information may be used by us in and outside Singapore include (each a Purpose): 2.1.1 as will be required by law, such as in connection with our obligations under know-your-client (KYC), anti-money laundering and countering the financing of terrorism (AML/CFT), Monetary Authority of Singapore regulations and Inland Revenue Authority of Singapore regulation; 2.1.2 in connection with the operation of CBIPAY, such as (without limitation) processing of applications, redemptions, transfers, deposits, payments, generating reports and acquisitions; 2.1.3 carrying out our obligations arising from any contracts entered into between you and us or entered into in connection with CBIPAY generally; 2.1.4 ensuring that content from the Website is presented in the most effective manner for you and for your computer; 2.1.5 providing you with alerts, newsletters, education materials or information that you requested or signed up to; 2.1.6 allowing you to participate in interactive features of CBIPAY, when you choose to do so; 2.1.7 designing and conducting surveys/questionnaires for client profiling/segmentation, statistical analysis, improving and furthering the provision of our products and services; 2.1.8 complying with laws and regulations applicable to us or any of our related companies (as defined in the Companies Act 1994 Rev Ed.) in or outside Singapore; 2.1.9 legal proceedings, including collecting overdue amounts and seeking professional advice; 2.1.10 researching, designing and launching services or products including seminars/events/forums; 2.1.11 promoting and marketing services and products subject to your exercise of the opt-out right (please see further details in Clause 11.3 below); or 2.1.12 purposes directly related or incidental to the above. 2.2 The lawful basis for which we process personal information is to perform the Services for you, to protect our legitimate interests and to comply with our obligations at law. 2.3 By using the Services, you agree that we can access, aggregate, and use non-personally identifiable data that has been collected through the use of the Services. This data will in no way identify you or any other individual. We may use this aggregated non-personally identifiable data without notice or liability to you, too: 2.3.1 assist us in understanding better how our clients are using CBIPAY; 2.3.2 provide users and potential users of CBIPAY with further information regarding the uses and benefits of CBIPAY; and 2.3.3 otherwise to improve CBIPAY.
3 DISCLOSURE OF THE INFORMATION
5 LINKS TO OTHER WEBSITES
6 SECURITY AND PROTECTION OF THE INFORMATION
6.1 All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential and secure. We ask you not to share a password with anyone. 6.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to protect your personal information from misuse, loss, and unauthorized access. 6.3 We will never contact you to ask you to disclose your security credentials. Be cautious about opening links contained in SMS messages or emails and beware of phishing scams.
7 WHERE DO WE STORE THE INFORMATION?
7.1 We may store your Data on servers in Singapore, Australia, and the United States. We may also transfer your data to people or entities listed at Clause 4 above, who may be located in or outside of Singapore.
8 RETAINING THE INFORMATION
8.1 We only retain information for so long as it is necessary for the purposes for which the information can lawfully be used or longer if required by applicable laws such as obligations under KYC, AML/CFT, and IRAS regulations. 8.2 To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
10 YOUR CONSENT AND RIGHTS
11 GOVERNING LAW AND JURISDICTION
12 GLOBAL DATA PROTECTION REGULATION
12.1 Where we process personal information which is subject to the European Union's General Data Protection Regulation (GDPR Data), we do so as a data processor, acting only on the instructions of a relevant data controller. Where we are a processor of GDPR Data, we have entered into a data processing agreement with the relevant data controller, which outlines how we may process that GDPR Data. 12.2 In relation to GDPR Data, you have the right to withdraw your consent or to object to our use of your personal information. You can ask us to delete it, to restrict its use, or to object to our use of your personal information for certain purposes such as marketing. If you would like us to stop using your data in any way, please get in touch. If we are still providing Services to you, we will need to continue using your information to deliver those Services. In some circumstances, we are obligated to keep processing your information for a set period of time. If you withdraw your consent or object to certain processing, we may not be able to provide certain Services to you. We will advise you if this is the case at the time you withdraw your consent or object.