Last Updated: [7 September 2021]
The privacy of your Personal Data is important to us and we are committed to accord the information the due level of care in compliance with the Personal Data Protection Act of Singapore (the “Act”).
For the avoidance of doubt, this Policy applies to our customers (including our customers’ insured persons), passengers, agents, vendors, suppliers, partners, contractors and service providers (collectively “you”, “your” or “yours”). In addition, this Policy will also provide you with more information on the basis upon which we may lawfully collect, use, and/or disclose your Personal Data without your consent, where permitted by applicable law.
This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and any consents you may have provided in connection with this Policy are cumulative and additional to any rights which we may have under applicable law to collect, use or disclose your Personal Data.
In this Policy, “Personal Data” refers to any personal data, as defined under the Act, obtained by us in the course of and as a result of the provision of any products and services by us to you. Depending on the nature of your interaction with us, such Personal Data collected, used and disclosed to us may include, but not limited to, your name, mailing address, telephone number(s), personal email address, NRIC number, payment-related information, location data (such as your geographical location) your images taken by us, transactional data, and any other information (including without limitation information relating to any individual) which you may have provided in any form to us.
COLLECTION OF PERSONAL DATA
Personal Data may be collected from you in a number of ways, such as, but not limited to:
- when you use our products and/or services;
- when you visit us in our service centres, any of our transportation platforms, premises, roadshows or events hosted by us;
- when you ask us to provide a product or service over the telephone, social media or internet;
- provide information to assess your eligibility to provide services as our driver partner (such as your driver's license information, vehicle information and background check results (as legally permissible)); and/or
- when you use, access and/or interact with us via any of our websites, mobile applications and/or other channels (the “Platforms”).
If you provide us with any Personal Data relating to a third party (e.g. information on your customers, spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of such third party to you providing us with their Personal Data for the respective purposes.
PURPOSE FOR COLLECTION, USE, AND DISCLOSURE OF PERSONAL DATA
We collect Personal Data for the purposes stated in this Policy. These purposes include, but are not limited to:
- providing you with our products and services, including processing requests for those products and services;
- engaging you to provide products and services;
- responding to your request or enquiries;
- receiving feedback and dealing with complaints and disputes;
- processing orders, payments, and administering accounts;
- providing customer support, such as service maintenance reminders;
- obtaining and sending quotations from different insurance companies;
- communicating with you and/or any third parties (whose information is provided by you) in relation to any products and/or services we provide which are relevant to your existing relationship with us in connection with any of the purposes stated in this Policy;
- offering you updated marketing and promotional packages you can benefit from, including products and services offered by our partners;
- product updates and upgrades;
- training and development, research, surveys, statistical analysis, and business strategy development;
- conducting due diligence checks (such as age, identity, credit and background checks), including without limitation identification/verification and information checks (where required by the Monetary Authority of Singapore (“MAS”)), Anti-Money Laundering and Counter-Terrorism Financing Act 2006, FAA-N06 and other application legislation);
- detecting or preventing fraud, unlawful or improper activities;
- meeting or otherwise complying with all applicable laws, including without limitation compliance, audit, regulatory, and legal obligations (e.g. reporting to regulatory and industry entities), and enforcing our corporate policies and legal rights;
- any other purpose that may be made known by you; and/or
- any other purpose relating to or reasonably necessary for any of the above.
Our products and services include ride-hailing or other transportation services (“Transportation Services”). When you access or use the Transportation Services, we may access and use your location to:
- facilitating and processing ride-hail bookings and requests for the Transportation Services (such as to determine your pick-up location); and/or
- detect and provide location-based discounts.
In addition, we may also collect, use and/or disclose your Personal Data for the following purposes if you are a customer of any of our insurance-related products and/or services, depending on the nature of our relationship:
- providing you and/or your insured persons with our insurance broking services, including but not limited to obtaining quotation(s) for an insurance product(s), insurance applications, to arrange for worksite and affinity schemes, to bind coverage or pay premium(s) in respect of insurance placement(s), reinsurance broking services, risk management and other consulting services;
- applying or placing, issuing, managing and administering services and insurance products provided to you and/or your insured persons, including claims investigation, management, handling and settlement;
- issuing and administering insurance policies, including the processing of the Personal Data for underwriting purposes, payment of premiums and/or claims purposes, and for statistical, compliance, audit and regulatory purposes; and/or
(d) any other purposes relating to or reasonably necessary for any of the above.
In addition, and without prejudice to the generality of the foregoing, where permitted under applicable law, we may also collect, use, disclose and/or process your Personal Data for any of the following purposes (“Additional Purposes”):
- providing or marketing services, products and benefits to you, including promotions, loyalty reward, and/or similar programmes, including joint marketing and/or cross promotions with third parties;
- matching or combining Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the development, customisation, provision or offering of products, services, marketing or promotions, whether by the CDG Group, our service providers, and/or other third parties;
- administering contests and competitions, and personalising your experience at the CDG Group's touchpoints;
- sending you details or products, services, special offers and rewards, either to our customers generally, or which we have identified may be of interest to you;
- conducting market research or customer satisfaction research, or analysing and/or profiling your location, preferences, demographics, purchases, transactions, and/or behaviour so as enable us, our service providers, and/or third parties to design goods and/or services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of goods and/or services, and/or to provide you with personalised goods and/or services (e.g. special offers and marketing programmes which may be relevant to your preferences and profile);
- to enable us, insurance companies, product and other tertiary service providers to develop, identify and offer products, worksite and affinity marketing schemes and services that may interest you and/or third parties;
- recommending, identifying and contacting you to inform you of products and services that are or may be relevant to you, including on behalf of third parties, or sharing your personal data with such third parties or their service providers for them to collect, use, disclose or process your personal data for such purposes; and/or
- collection, use, disclosure and/or processing of customer data by our business partners for data monetisation purposes.
In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use, disclose and/or process your Personal Data. If so, subject to applicable law, we shall have the right to collect, use, disclose and/or process your Personal Data for such purposes as well.
We may for the purposes set out in this section contact you via mail (including electronic mail), telephone, SMS or other communication (text or image) applications for mobile devices, and facsimile.
If you access, download or use any of our Platforms, you agree we may collect, use, disclose and/or process your Personal Data for any of the following purposes:
- where the Platform includes subscription services, to process your application for these services;
- to maintain your account with us and to ensure your access of the Platform is within the scope of your subscription;
- to verify and process your personal particulars and payments in relation to provision of goods and services connected to the Platform;
- to provide you with the goods and services which you have signed up for and to push articles to you which may be relevant to you;
- communicating with you to inform you of changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
- resolving complaints and handling requests and enquiries;
- conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you; and/or
- the processing of your Personal Data in relation to any of the purposes stated above.
Subject to applicable law, you hereby agree, acknowledge and consent that your Personal Data may be disclosed for any of the purposes listed above in this Policy (as applicable), to the following entities or parties, regardless whether they are located overseas or in Singapore:
- any of the CDG Group's affiliates;
- any agent, contractor or third party service provider who provide services to the CDG Group, including Market Research Companies, insurers, and reinsurers, as well as their respective employees, agents and/or other third parties that any of the foregoing persons rely on to provide their respective services and products;
- any vendor or third party business partner, including any vendor who offers goods and services or sponsor contests or other promotional programs on any Platform (whether in conjunction with us or not), advertisers and/or marketplace aggregators;
- any external business and charity partner in relation to corporate promotional events;
- the Credit Bureau Singapore, and/or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
- any person to whom we transfer or may transfer our rights and duties;
- banks, credit card companies and their respective service providers;
- our professional advisors such as our auditors and lawyers;
- relevant government regulators, authorities or law enforcement agencies to comply with any laws or rules and regulations imposed by any governmental authority;
- analytics, search engine providers or other third party service providers that assist us in delivering any of our products, services, and/or Platforms as well as improving and optimising the same; and/or
- any other party to whom we are authorised by you or by law to disclose your Personal Data.
DIRECT MARKETING / Marketing and promotions
From time to time, we may contact you via mail, electronic-mail, telephone (call or SMS-Text) or facsimile, to inform about our products and services, or about special offers and promotions that we think may be of interest to you. If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, we may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services (including discounts and special offers).
You can let us know at any time if you no longer wish to receive marketing material (by unsubscribing from such marketing material or contacting the relevant Data Protection Officer indicated below) and we will remove your details from our direct marketing database.
We may use your Personal Data to market our partners’, sponsors’ and advertisers’ products, services, events or promotions by sending you newsletters, updates, mailers, promotional materials, special privileges, festive greetings; and invite and manage your participation in our events or activities.
We may communicate our publicity promotions by post, telephone call, short message service, online messaging service, push notification by hand and by email through the contact points you provided us. You may unsubscribe to the processing of your Personal Data for any of the marketing and promotions by clicking on the unsubscribe link in any email or message. Alternatively, you may also update your preferences via our apps.
In addition to the matters set forth above, subject to and in accordance with applicable law, you shall be deemed to have consented to us collecting, using, disclosing and sharing amongst ourselves your Personal Data, and disclosing such Personal Data to the CDG Group's authorised service providers and relevant third parties:
- where in response to a request for your Personal Data in connection with identified purposes, you voluntarily provide such Personal Data to us for such purpose(s) and it is reasonable that you would voluntarily provide such Personal Data; and
- where the collection, use or disclosure of your Personal Data is reasonably necessary for the conclusion and/or performance of a contract, between you and us or any other organisation entered into at your request, which may include recipients of your Personal Data not indicated in this Policy.
OTHER BASIS FOR HANDLING OR PROCESSING YOUR PERSONAL DATA
In addition to and without limiting the consents you have provided to our collection, use, and/or disclosure of your Personal Data for the purposes set out elsewhere in this Policy, where permitted by applicable law, we may also in accordance with the requirements thereof collect, use and/or disclose your Personal Data as further detailed below including without your consent, where we meet the requirements of applicable law:
- for our legitimate interests or the legitimate interests of another person, but not for sending you direct marketing messages unless you have otherwise provided your consent; and
- for CDG to collect your Personal Data from any of the CDG Group, for CDG to use your Personal Data, and for any of the CDG Group to disclose your Personal Data to CDG, for improving our products, services, processes or business, understanding customer preferences and personalised experiences and recommendations (whether you are an existing or prospective customer of any of the CDG Group).
COOKIES WEB BEACONS AND OTHER TECHNOLOGIES
Our Platform(s) may include technologies that automate the collection, use, disclosure, and/or processing of data (including your Personal Data). Such technologies may include cookies, web beacons and other web analytics. If you do not wish to have your data collected through such technologies you should disable the operation of these technologies on your devices (where possible), or refrain from using our Platform(s).
The CDG Group may also use independent companies and service providers ("Market Research Companies"), and our Platform(s) may be coded with software or other technologies to assist the Market Research Companies in measuring and analysing the user behaviour across any of our Platforms, and to track visitors. For example, we may use the Market Research Companies’ services to collect the following information on the usage of our Platform(s), including without limitation: (a) the number of page views or page impressions that occur on our Platform(s); (b) the number of unique visitors to our Platform(s); (c) how long these unique visitors (on average) spend on our Platform(s) when they do visit; (d) common entry and exit points into our Platform(s); (e) user travel patterns; (f) location data (including geographical location); (g) time spent at a particular location, (h) quantity and value of transactions for purchases on our Platform(s); (i) user spending behaviour; (j) user's choice of goods and/or services purchased or used on our Platform(s); and (k) "dwell time" information. Such information is provided by the Market Research Companies to the CDG Group to assist the CDG Group in analysing the usage of our Platform(s).
WITHDRAWAL OF CONSENT
You may refuse to give or withdraw your consent for us to collect, use or disclose your Personal Data by giving us reasonable notice as long as there are no legal or contractual restrictions preventing you from doing so. Please note that if you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you or administer any contractual relationship in place, and this may also result in the termination of any agreements with us and you being in breach of your contractual obligations or undertakings, and our legal rights and remedies in such event are expressly reserved. Withdrawing of such consent may also result in termination of providing other services such as service reminders, and keeping of records of our customer-management history.
Please note that if your Personal Data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests to CDG on your behalf.
Should you wish to withdraw your consent, please notify us by writing to our Data Protection Officer (“DPO”), the contact details are listed in the last paragraph of this policy. We may require up to 2 weeks, upon receipt of your request, for your request to take effect.
ACCESS TO AND CORRECTION OF PERSONAL DATA
If you wish to make (a) a request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our DPO.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request. We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request.
If we are unable or not required to grant an access or correction request, we shall generally inform you of the reasons (except where we are not required to do so under the PDPA).
ENSURING PERSONAL DATA IS UP-TO-DATE
We rely on the Personal Data we hold in conducting our business. Therefore, it is very important that the Personal Data we hold is accurate, complete and up-to-date. You shall ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. Please update us immediately if there is any change to the Personal Data you submitted to us.
SECURITY OF PERSONAL DATA
Security of Personal Data is very important to us and we take all reasonable precautions and care to protect your Personal Data from misuse, loss, unauthorised access, modification or disclosure.
Some of the ways we protect Personal Data include:
- external and internal premises security;
- restricting access to Personal Data only to staff who need it to perform their day to day functions;
- maintaining technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and anti-virus software; and
- maintaining physical security over paper records.
We will retain your Personal Data for a reasonable period for the purposes as cited herein or as required by law.
TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE
If we transfer your personal data to countries outside of Singapore, we will do so according to the requirements under applicable law and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
We are not responsible for the Personal Data policies (including Personal Data protection and cookies), content or security of any third party websites linked to any Platform.
If you believe that the privacy of your Personal Data has been compromised, please contact us immediately and we will take the relevant steps to address your concerns.
RIGHT TO AMEND THE POLICY
We reserve the right to update or modify this Policy from time to time, and send you notification of updates to this Policy in any form as we may deem appropriate. While you should regularly check this Policy, we may also inform you of how we process your Personal Data by publishing (or amending) this Policy and, where required by applicable law, by posting a notice, or reaching you via other forms of communication (e.g. sending you an SMS message or email) according to such contact particulars that we may have of you in our records from time to time. You may also contact us in the manner disclosed in this Policy to learn about our handling or processing of your Personal Data. To the maximum extent permissible under applicable law, you agree to be bound by the prevailing terms of this Policy as may be updated from time to time on https://www.comfortdelgro.com/web/guest/personal-data-protection and/or on our other websites, and/or as you may be notified. Hence, please check back regularly for updated information on the handling of your Personal Data.
CONTACTING OUR DATA PROTECTION OFFICER
For any questions relating to your Personal Data or about this Policy, including without limitation our reliance on the legitimate interests and/or deemed consent bases of collecting, using, and/or disclosing your Personal Data as described in this Policy, you may contact any of our DPO at their respective emails:
This Policy shall be governed in all respects by the laws of Singapore.