We at Krowme Sdn. Bhd. (“Krowme”) take our responsibilities under the Personal Data Protection Act 2012 (“PDPA”) seriously. Krowme respects your privacy and is committed to protecting your personal information. We comply with the principles of the PDPA and aim to maintain consistency of best practices in our processing of your personal information. Your privacy is important to us and maintaining your trust is our top priority.
Our Data Protection Policy is designed to ensure your understanding of how we collect, use and/or disclose the personal data you provide to us, as well as to assist you in making an informed decision before providing us with any of your personal data.
1 INTRODUCTION TO THE PDPA
1.1 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organization has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, medical records, photographs and video images.
1.2 We will collect your personal data in accordance with the PDPA either directly from you or your authorised representatives, and/or through our third party service providers. In general, before we collect any personal data from you, we will notify you of the purposes for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.
- PURPOSES FOR COLLECTION, USE & DISCLOSURE OF PERSONAL DATA
2.1 The personal data which we collect from you may be collected, used and/or disclosed for the following purposes :
- (a) To facilitate the provision of agreed services that you have engaged us under contract or arrangement. This may be done via meetings, emails, letters or telephone conversations between our employees and you;
- (b) for administrative matters and HR operations on your products and service related reasons that you have subscribed to, signed up for, or participate in (e.g. To ensure your awareness of changes in your subscription, reminding you of a password or username, or providing your user access to an online community, answering your queries you have made on our website, etc);
- (c) to provide you consultancy services and advice on our software application processes and issues;
- (d) managing your enquiries and instructions, sending you marketing and/or promotional information and materials relating to products and/or services that we are selling or marketing;
- (e) Sending you invitations to events held by us; (collectively, the “Purposes”)
2.2 Your personal data may be disclosed to third party service providers, agents and related corporations that we have engaged to assist us in our provision of services to you. Such data may also be transferred to our employees or parties located outside Singapore and in such cases, we will take steps to ensure that a reasonable standard of protection necessary to maintain security and integrity of your personal data are in place.
- SPECIFIC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
3.1 We respect the confidentiality of the personal data you have provided to us.
3.2 In that regard, we will not disclose any of your personal data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your personal data when compelled to do so by law; in particular for the prevention or detection of crime, the capture or prosecution of offenders; and the assessment or collection of tax or duty; in the event we propose to sell or buy any business assets of our company, we may disclose your personal data to the prospective seller or buyer of such business or assets where relevant, on a strictly confidential basis.
3.3 In all other instances of disclosure of personal data to third parties with your express consent, we will endeavour to provide adequate supervision over the handling and administration of your personal data by such third parties, as well as to provide for adequate forms of protection over such personal data.
- REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
4.1 You may request to access and/or correct the personal data currently in our possession at any time by submitting your request through the following methods :
- (a) Malaysia telephone number : +65 6346 1511
- (b) E-mail : firstname.lastname@example.org or email@example.com (Data Protection Officer)
- (c) Office address : 849 Geylang Road; Tanjong Katong Complex #04-19; Singapore 400845
4.2 For a request to access personal data, we will provide you with the relevant personal data within a reasonable time from such a request being made.
4.3 If any of the personal information that we hold about you is incorrect, you can contact us at support@Krowme.com.sg and we will update your details as soon as practically possible.
4.4 Depending on the nature of the work required to process your access request, we may be required to charge you a reasonable fee for the handling and processing of your requests to access your personal data to recover administrative costs. Our Data Protection Officer will determine whether such a fee should be imposed on a case-by-case basis. Where such a fee is imposed, we shall provide you with a written estimate of the fee for your consideration. We shall only begin processing your access request upon receiving your agreement to the payment of the fee.
- REQUEST TO WITHDRAW CONSENT
5.1 You may at any time give us written notice of your withdrawal of consent to collect, use or disclose the personal information. If you choose to withdraw your consent to any or all or the disclosure of your personal data, please note that we may not be in a position to continue providing some of our services to you.
5.2 We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your personal data in the manner stated in your request.
5.3 Should we not be able to respond to your access request within 30 days after receiving your access request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws)
- ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
6.1 We will take appropriate measures to keep your personal data accurate, complete and updated.
6.2 We will also take commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
6.3 We will also take commercially reasonably efforts to ensure that the personal data in our possession or under our control is destroyed and/or made anonymous as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
6.4 Our employment contracts include confidentiality and PDPA obligations and appropriate disciplinary actions for PDPA breaches by our employees.
- DATA INTERMEDIARY
7.1 For the purposes of the Act, we are considered to be a data intermediary when we process personal data on behalf of and for the purposes of another organisation. At the same time, we also collect use and disclose personal data for purposes that are reasonable and appropriate. Accordingly, we shall :
- (a) observe the relevant obligations under the Act in the performance of our services;
- (b) process the personal data we receive from you only to the extent necessary for the purposes specified in the engagement and in accordance with your instructions from time to time given in writing and shall not process the personal data for any other purpose;
- (c) ensure that access to the personal data is limited to employees who need to access to meet our obligations to you;
- (d) for purpose of performing the Services, share the personal data with the Service Provider’s related corporations, whether in Singapore or elsewhere. When doing so, the Service Provider will require them to ensure that the personal data are kept secure and confidential.
- (e) use reasonable degree of professional care to prevent unauthorised use, dissemination or disclosure of personal data, and shall implement any generally applicable physical, technical and administrative measures such as encryption of personal data in transit or storage, to protect the personal data from accidental or unauthorized disclosure, alteration, loss or destruction;
- (f) notify you promptly in writing if we become aware of any accidental or unauthorized disclosure, alteration, destruction or loss of personal data unless prohibited from doing so by law;
- (g) take reasonable action within reasonable time, and investigate the security incident, and use its best efforts to mitigate the impact and scope of any security incident, and to carry out such recovery or other action we determine necessary in the circumstance to remedy the security incident; and
- (h) not hold personal data any longer than required by law for the purpose of performing or having performed the services or for legal or business purposes.
7.2 In the same regard, if we process personal data on your behalf and for your purposes, you:
- (a) will provide us with specific written instructions with regard to the processing of personal data. Oral instructions given by your authorised representatives will be accepted by us in case of emergency only and subject to immediate written confirmation;
- (b) undertake and warrant that you have lawfully obtained personal data of your employees and have sufficient legal grounds, including all necessary authorizations, consents or permissions to provide us with the personal data, and that the same are accurate and provided in any form, to us in a secured way;
- (c) shall inform us immediately in writing of any change, including any error or omission, with regard to the lawful processing and use of any of the personal data; and shall inform us as soon as reasonably possible of any access request, request for correction or blocking or deletion of personal data or any objection made by the employees related to the processing of their personal data.
- RETENTION AND DELETION OF PERSONAL DATA
8.1 Once we have obtained your Personal Data, it will be maintained securely in our system for the period necessary to fulfil the purposes for which the data was collected as set out in section 4 (Purpose for collection, use and disclosure of personal data above).
8.2 We may retain your Personal Data even after you have terminated your account or services with us if the retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements resolve disputes, prevent fraud and abuse, or enforce this Policy or other agreements with us.
8.3 We will cease to retain Personal Data, or remove the means by which the data can be associated with an individual, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes
- ACCURACY OF PERSONAL DATA
9.1 We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below
- TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE
10.1 We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA
- CHANGES/UPDATES ON DATA PROTECTION POLICY
11.1 As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
11.2 We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website.
11.3 You are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection. Continued use of our services and website following the posting of changes to this Data Protection Policy shall constitute your consent to such changes.
- COOKIES & YOUR PRIVACY
12.1 In order to enable us to provide you with a personalised browsing experience, our website uses ‘cookie’ information collection technology. “Cookies” are small pieces of information that are issued to your computer when you enter a website. Cookies are stored by your browser on your computer’s hard drive, and they can be used for a wide range of purposes, such as identifying your computer’s previous visits to a website, and to ascertain the most popular features of a website.
- INQUIRY ON POLICY
13.1 If you have any further questions or comments concerning your privacy, please contact;
Krowme Sdn Bhd
Unit SO-06-08, Menara 1,
No 3 Jalan Bangsar,
KL Eco City,
59200 Kuala Lumpur Malaysia
Tel : +60177700821
Email : firstname.lastname@example.org (Data Protection Officer)
13.2 If your personal data was provided to us by a third party, kindly contact that organisation to make such a request or query on your behalf.
- GOVERNING LAW
14.1 This Data Protection Policy and your use of our website shall be governed in all respects by the laws of Singapore.
Last Reviewed on: 11 OCTOBER 2022