DyStar Group Privacy Notice

DyStar Group Privacy Notice

DyStar Singapore Pte. Ltd. and each of its subsidiaries and affiliates (collectively, known as “DyStar”, “DyStar Group”, “we”, “us” or “our”) respect the privacy of individuals and are committed to safeguarding your personal data in accordance with the Singapore Personal Data Protection Act (No. 26 of 2012) (“PDPA”) and other applicable data protection laws, including the European Union (“EU”) General Data Protection Regulation (“GDPR”) where applicable.

As part of our commitment to protecting your personal data, we have adopted and implemented this privacy policy (“Policy”), which sets out our practices regarding the collection, processing, use and disclosure of your personal data, and describes your privacy rights.

Please take a moment to read and understand this Policy as it is intended to assist you in making informed decisions when you (i) visit our site, www.dystar.com, or associated sites or pages (the “Sites”), (ii) engage with us to use the products or services that DyStar provides (our “Services”), (iii) engage with us in the context of a business relationship, or (iv) when you apply to work at DyStar.

1. Our Role in Processing your Personal Data

Generally, the identity of the data controller of your personal data depends on which DyStar entity you interact, engage or contract with. [For a list of the entities within the DyStar Group and their contact details, please refer to the Appendix of this Policy.]

If you have any queries, requests or clarifications regarding how we manage your personal data, please contact our Data Protection Officer at globaldpodl@dystar.com.

To understand which DyStar Group company is the data controller specifically responsible for your personal data on this website, please refer to our list of data controllers  [View Data Controllers]

For the purposes of this Policy, the following words shall have the following meanings:

  • data controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • data processor” refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
  • DyStar eShops” refer to the online shops that DyStar may operate and run from time to time, including without limitation the DyStar Shop, DyStar Eliot and DyStar CSI Shop;
  • personal data” refers to any information, whether true or not, relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • process” or “processing” refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and
  • special categories of data” refers to personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms, including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

2.  How we collect Personal Data

Depending on the nature of your interaction with us, we use different methods to collect personal data from and about you. The manner and type of information collected may also vary by jurisdiction to accommodate local legal requirements.

Generally, we may collect your personal data from the following sources:

(a) Direct Interactions

We may collect your personal data through our direct interactions with you, including personal data which you may provide when you:

  • visit any DyStar Sites;
  • register, request, interact with or engage us for and in relation to any of our Services, business opportunities or recruitment opportunities, whether in writing, orally or through our Sites;
  • request or register for our marketing materials (e.g. promotions, news, updates, etc.); and/or
  • submit your personal data to us for any other reason, whether voluntarily or otherwise.

(b) Automated Interactions

We may collect your personal data automatically in the following situations:

  • when you access any DyStar Site, submit information through our Sites and/or your browser loads our internet cookies;
  • when interact with us via email or other electronic communications; and/or
  • when your image is captured by us through Closed Circuit Television (CCTV) recordings while you are within our premises, or through photographs, videos and/or audio recordings taken by us or our representatives when you participate in any of our events or activities.

(c) Third Parties

We may collect your personal data from other third party sources in the following situations:

  • we work closely with third parties providing services to us (including without limitation business partners, subcontractors, advertising networks, social networking platforms, analytics providers, and search information providers);
  • we receive references from business partners and third parties, including where you have been referred by them;
  • we seek information from third parties about you in relation to any of our Services, business opportunities or recruitment opportunities you register, request, interact with or engage us for;
  • we receive information from your employer;
  • your personal data is in publicly available sources (e.g. public databases or credit reference agencies);
  • if you connect your social media accounts via our Sites, certain personal data from your accounts will be shared with us; and/or
  • we may combine information we collect about you from other sources with the information we collect from you directly.

Where personal data is collected from third parties, we will only use such personal data either where you have provided your consent to the third party or to DyStar to the sharing of your personal data or where DyStar has a legitimate interest to use the personal data in order to provide you with our Services.

If you are submitting personal data of another individual to us, you confirm that it is true and correct and that you will not provide us with any personal data unless you have ensured that you have obtained all necessary consents or other legal justification and/or provided any required notices to the data subjects, or that you are otherwise permitted to provide such information to us, so that we can use it for the purposes and on the bases set out in this Policy.

3. What Personal Data we collect

We may collect personal data from and about you in the course of our business, including through your use of our Sites, when you contact or request information from us, when you engage us for or in connection with any of our Services or as a result of your relationship with DyStar. While the type of personal data we collect may vary depending on the nature of our interactions, it will typically include the following kinds of personal data:

  • Identification Data, including your name, place of work, payment details, location data or online identifiers (such as your IP address).
  • Contact Data, including your contact number, email address or physical address, particularly where you have requested receipt of regular communication with us.
  • Behavioural Data, including technical data about your equipment, browsing actions and patterns that we may automatically collect when you interact with our Sites.

As far as possible, we will endeavour not to collect, use, process, store and transfer any special categories of data without your consent unless permitted under the applicable law.

We will endeavour to ensure that any personal data collected shall be adequate, relevant and limited to what is necessary in relation to the purposes for which the personal data is processed.

The following is a non-exhaustive list which reflects the categories of personal data we typically collect in our interactions with you:

Nature of InteractionCategories of Personal Data
When you visit any of our Sites• Personal data you actively and voluntarily provide by completing any subscription, registration and application form, or when you contact us with any inquiries; and

• Information that is automatically sent to us by your web browser or device, such as your IP address, device or browser type, referring site, resources assessed during your visit and volume of traffic.
When you register for any of the DyStar eShops• Personal data that you provide in connection with the registration process in order to access the DyStar eShops, including your name, email address, department, login language, address data, contact number and any other relevant information necessary for the provision of our Services under the DyStar eShops;

• Personal data you actively and voluntarily provide when using our DyStar eShops; and

• Information required for technical reasons will be stored in a log file on the server each time you access any DyStar eShop, such as your IP address, email address, date and time of any request, requested content, device or browser type, operating system and internet service provider.
When you have a business relationship with DyStar (e.g. existing or prospective customers, suppliers, vendors and partners)• Identification and Contact Data, such as your full name, company name, job title, work address, telephone number and email address;

• Payment information necessary for processing payments and fraud prevention, including credit card or debit card details, bank account details, transaction history and any other related billing information;

• Information necessary in connection with our contractual relationship or voluntarily provided by you as part of the provision of our Services, including project details and transaction or order details;

• Personal data collected from publicly available sources, such as public databases and credit agencies; and

• Information legally required for compliance screenings, such as anti-fraud, anti-bribery, Know-Your-Customer (KYC), Anti-Money Laundering, Counter Financing of Terrorism (CFT) or our internal intake procedures.
When you apply for employment with us• Identification and Contact Data, such as your full name, company name, job title, work address, telephone number and email address;

• Information provided in a curriculum vitae, application form or cover letter, including records of qualifications, references, education and employment history, and other similar information you may provide;

• Information provided to us during interviews or assessments;

• Personal data collected from publicly available sources, such as public databases and credit agencies;

• Information necessary as part of our pre-employment screening checks, such as financial probity, eligibility to work, vocational suitability, criminal record checks, bankruptcy checks and other background or reference screenings;

• Special categories of data where processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law, subject always to the applicable law; and

• Any other information relevant to assessing the potential recruitment to DyStar.

4. How we use Personal Data

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will only do so if legally permitted and with appropriate notice.

Please note that if you choose not to provide us with your personal data or choose not to consent to our processing of your personal data, we may not be able to provide some or all of our Services to you or respond to your other requests.

These purposes may continue to apply even in situations where your relationship with us has been terminated or altered in any way. In such cases, we may still retain personal data relating to you and use or disclose such information for legal or business purposes, including for compliance with the PDPA, GDPR and/or other applicable laws.

Notwithstanding any other purpose permitted by applicable law, we will generally process your personal data in accordance with, inter alia, the following:

(a) Visitors on our Sites

Processing PurposeLegal Basis for Processing
To administer your use of our Sites and provide you with our Sites’ services and functions

• We will process your contact information and any other relevant information which you provide us when you use any of our user interfaces on our Site(s) to allow us to respond to your requests or inquiries.
Where your communication is in relation to our Services, business opportunities or recruitment opportunities, it is necessary for us to process your personal data for the performance of a contract and/or to take steps at your request prior to entering into a contract.

We may also process personal data where it is necessary for our legitimate interest to use your personal data to provide efficient and effective client service.
To enhance and personalise user experience on our Site(s)

• We will retain and evaluate information on your visits and activities on our Site(s) for analytics purposes to understand how people use our Site(s) so that we can make it more intuitive.

• We will keep a record of the resources assessed during your visit and the referring site to provide you with suggestions on the Site(s) that are relevant to your interests
We may process your personal data where it is necessary for our legitimate interest to use your personal data to tailor our approach towards our users and improve in the provision of our Services.

Where necessary, we may also obtain your consent for processing your personal data according to this purpose.
To administer and protect our business

• We will process information on your visits and activities on our Site(s) for security purposes such as the maintenance of our systems, troubleshooting, preventing or detecting crime, and analysing commercial or cybersecurity risks.

• Where applicable and necessary, we will also keep a record of your personal data to verify your identity.
We may process your personal data where it is necessary for compliance with any of our legal obligations.

We also process your personal data where it is necessary for our legitimate interest of preventing system issues, fraud or crime, and ensuring compliance with regulations, laws, standards and professional obligations.

(b) Customers (existing and prospective)

Processing PurposeLegal Basis for Processing
To manage our contractual relationship with you and enable us to perform our obligations and/or Services

• We collect and maintain personal data that enable us to plan, perform and manage our contractual relationship with you, including information relating to transactions and orders of our products or services, our communications, processing of payments, accounting, auditing, shipments and deliveries, and customer support services.

• We collect your contact information and any other relevant to communicate with you about our products and services, such as responding to your queries or requests.
We process your personal data as it is necessary for the performance of a contract and/or to take steps at your request prior to entering into a contract.

Furthermore, the processing of your personal data is also necessary for our legitimate interest to uphold the efficient performance and management of relationships with our customers, and to ensure the smooth running of our business activities.
To improve our business and customise the Services we provide to you

• We retain your purchase history to make suggestions to you for other products or promotions which we believe you will also be interested in.

• We keep a record of your communications with us to facilitate any customer support services and to enhance our Services based on our understanding of user preferences.
We process your personal data as it is necessary for the performance of a contract and/or to take steps at your request prior to entering into a contract.

We may also process your personal data where it is necessary for our legitimate interest to develop the business, facilitate the provision of any support services to our customers and/or to enhance our marketing strategy based on your customer experience.
To administer and protect our business

• We maintain a record of your personal data to verify your identity when you contact us from time to time.

• We collect and process personal data relevant to the maintaining and protecting of the security of our products, services and business, such as preventing and detecting fraud or other illegal activities.

• We keep records of personal data to ensure compliance with our legal obligations, such as anti-fraud, anti-bribery, KYC, AML or CFT obligations.

• We maintain personal data to ensure compliance with DyStar policies, industry standards and our professional obligations.

• We retain personal data necessary to establish and defend our legal rights.
We may process your personal data where it is necessary for compliance with any of our legal obligations.

We also process your personal data where it is necessary for our legitimate interest of preventing fraud or crime, and ensuring compliance with regulations, laws, standards and professional obligations.

(c) Suppliers (existing and prospective)

Processing PurposeLegal Basis for Processing
To manage our contractual relationship with you and enable us to perform our obligations

• We collect and maintain personal data that enable us to plan, perform and manage our contractual relationship with you, including information relating our transactions, our communications, processing of payments, accounting, auditing, and shipments and deliveries.

• We collect your contact information and any other relevant to communicate with you in connection with our contractual relationship, including responding to any inquiries or requests.
We process your personal data as it is necessary for the performance of a contract and/or to take steps at your request prior to entering into a contract.

Furthermore, the processing of your personal data is also necessary for our legitimate interest to uphold the efficient performance and management of relationships with our suppliers, and to ensure the smooth running of our business activities.
To improve our business and personalise our interactions with you

• We retain the history of our transactions to make suggestions to you for other business opportunities which we believe you may be able to assist in.

• We keep a record of your communications with us to facilitate our business arrangement and enable us to enhance our vendor relationships.
We process your personal data as it is necessary for the performance of a contract and/or to take steps at your request prior to entering into a contract.

We may also process your personal data where it is necessary for our legitimate interest to expand the business and develop strong relationships with our suppliers and service providers.
To administer and protect our business

• We maintain a record of your personal data to verify your identity when you contact us from time to time.

• We collect and process personal data relevant to the maintaining and protecting of the security of our products, services and business, such as preventing and detecting fraud or other illegal activities.

• We keep records of personal data to ensure compliance with our legal obligations, such as anti-fraud, anti-bribery, KYC, AML or CFT obligations.

• We maintain personal data to ensure compliance with DyStar policies, industry standards and our professional obligations.

• We retain personal data necessary to establish and defend our legal rights.
We may process your personal data where it is necessary for compliance with any of our legal obligations.

We also process your personal data where it is necessary for our legitimate interest of preventing fraud or crime, and ensuring compliance with regulations, laws, standards and professional obligations.

(d) Job Applicants

Processing PurposeLegal Basis for Processing
To assess your suitability, eligibility and qualifications for employment

• We collect, evaluate and retain personal data relevant to the recruitment process for evaluative purposes, such as to assess your qualifications and skills for the job role, carry out background or reference checks, and keep records relating to our recruitment processes.

• We collect personal data you may provide to us voluntarily when you apply for a position with DyStar, including during the application, interview or assessment stage.
We process your personal data as it is necessary to take steps at your request prior to entering into a contract.

Additionally, the processing of your personal data is also necessary for our legitimate interest to ensure that DyStar makes an informed recruitment decision on the applicant’s suitability for the role.
To communicate with you

• We collect and maintain contact information to communicate with you about the recruitment process, including the scheduling of meetings, requesting additional information and updating you on the applicant outcome.
We process your personal data as it is necessary to take steps at your request prior to entering into a contract.
To administer and protect our business

• We maintain a record of your personal data to verify your identity when you contact us from time to time.

• We collect and process personal data to ensure compliance with legal and regulatory requirements, internal policies, industry standards and professional obligations.

• We retain personal data necessary to establish and defend our legal rights.
We may process your personal data where it is necessary for compliance with any of our legal obligations.

We also process your personal data where it is necessary for our legitimate interest of preventing fraud or crime, ensuring compliance with regulations, laws, standards and professional obligations, and demonstrating that we have conducted our recruitment processes in a fair and transparent manner.

(e) Employees

Processing PurposeLegal Basis for Processing
To manage our employment relationship with you

• We collect, process and retain your personal data relevant to your employment with us for the purpose of managing or terminating the employment relationship between us, including personal data collected during your recruitment process.

• We process your personal data for evaluative purposes to determine your suitability, eligibility and qualifications for the job.

• We retain personal data included in documents produced in the course of your employment, provide the purpose of this collection is consistent with the purposes for which the documents were produced.
We process your personal data as it is necessary for the performance of a contract.

Additionally, the processing of your personal data is also necessary for our legitimate interest to ensure that our workforce is high quality and efficient.
To administer and protect our business

• We maintain a record of your personal data to verify your identity when you contact us from time to time.

• We collect and process personal data to ensure compliance with legal and regulatory requirements, internal policies, industry standards and professional obligations.

• We retain personal data necessary to establish and defend our legal rights.
We may process your personal data where it is necessary for compliance with any of our legal obligations.

We also process your personal data where it is necessary for our legitimate interest of preventing fraud or crime, ensuring compliance with regulations, laws, standards and professional obligations, and demonstrating the fairness and transparency of our employment processes.

5. Disclosing your Personal Data

We may disclose your personal data to third parties from time to time, but will only transfer such personal data in these circumstances to a reasonable extent necessary for achieving the intended purpose and only where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required.

Some of these parties we may share your personal data with include:

Third PartyDetails
DyStar GroupAs the DyStar Group is a group of companies that share various operations and business processes, your personal data may be shared with other members of the DyStar Group in order to perform our obligations in accordance with any contract that we have with you.

We may also share personal data where it is in our legitimate interest or a third party’s legitimate interest to use such personal data to ensure the efficient provision of any services or fulfilment of any obligations.
Service ProvidersWe may rely on a set of external vendors, consultants, marketing partners, subcontractors or other service providers to provide us with services that enable our business to operate properly, including the following core service providers:
• Hosting services or cloud storage providers
• Mailing services
• Accounting services
• Distribution or delivery services
• Payment processors and providers
• IT services and support, including data analytics
• Insurance and financing services
• Marketing services and marketing platform providers

In each case, we will only share personal data necessary for their provision of the relevant services to us. Where appropriate, we shall also ensure that they only process the personal data in accordance with our specific instructions and have in place appropriate technical and organisational security measures to protect your personal data.
Regulatory or Supervisory AuthoritiesWe may share your personal data if we, in good faith, reasonably believe that such action is necessary to comply with the law, respond to requests from a regulatory or supervisory authority, uphold national security, protect the safety of any person, and/or facilitate any litigation or criminal investigation.
Purchasers of our businessIf there are any changes to our group structure or ownership structure, we may need to share your personal data to the new owner or prospective buyer.

Kindly note that DyStar will continue to ensure the confidentiality of your personal data at all times and will provide you with notice prior to transferring your personal data.

6. Data Protection and Retention

(a) Protection and Security

As part of our commitment to protecting your privacy, we implement appropriate technical and organisation measures to protect your personal data against accidental, unauthorised or unlawful use, disclosure, access, destruction, loss, change or damage. Some of the measures we have taken include encryption, limited access and robust retention policies.

Further, where we collect any special category data, we will apply additional security controls to protect that personal data.

Nevertheless, do note that while we will endeavor to take all reasonable measure to protect your personal data, you should similarly take all necessary precautions, such as implementing strong passwords, limiting access to your computer and avoiding misplacing any documents.

(b) Retention

We keep your personal data only for as long as necessary to perform our obligations to you and to fulfil our processing purposes, in accordance with our legal obligations and for legitimate business purposes.

The retention period for your personal data may vary based on the specific circumstances. Nevertheless, in determining the appropriate period to lawfully retain your personal data, we will consider, inter alia, the following factors:

  • amount of personal data;
  • nature and sensitivity of the personal data;
  • purposes for which personal data is retained;
  • appropriate security measures and, if any, relevant technical constraints;
  • risks from accidental, unauthorised or unlawful use or disclosure;
  • necessity of the personal data for the processing purposes; and
  • applicable legal requirements.

Kindly note that if you request that we stop sending you marketing materials, we may keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us. In such instances, we will endeavor to retain only minimal personal data to effect the above.

Nonetheless, if you withdraw your consent (where we rely on consent as our legal basis) or object to our processing of your personal data, you may at any time request that we erase or delete your personal data. Upon receipt of such request, we shall, within a reasonable time, delete or anonymise your personal data unless we are legally permitted or required to retain such personal data (e.g. ongoing dispute, tax or obligations, accounting purposes, compliance with any legal obligations).

7. Transfer to other countries

Due to DyStar’s global setup, the personal data we collect may be transferred to and processed by third parties in other countries in the course of conducting business. In all such instances, DyStar shall ensure that the transfer of your personal data is carried out in accordance with any applicable laws and that appropriate safeguards (e.g. contractual, technical and organisational measures) are put in place before such transfer takes place. Subject to any applicable law, where personal data is transferred between DyStar Group companies within the EU and DyStar companies in non-EU countries, we will ensure that such safeguards include contractual measures based on standard data protection clauses adopted by the European Commission.

8. Data Processing when using DyStar Sites

(a) Data Tracking

When you access any of our Sites, we automatically collect and process technical data transmitted from your browser in a log file on our web servers. The data recorded in this matter is generally limited to that of your IP address, email address, date and time of any request, requested content, device or browser type, operating system and name of your internet service provider.

Our collection of such data is for technical administration purposes and to facilitate our legitimate interests of ensuring the stability and security of our web servers and Sites.

As far as possible, the processing of such data will be performed for statistical purposes without any personal references.

(b) Use of Cookies

To facilitate your user experience when browsing or accessing any of our Sites, we sometimes use “cookies” on our Site(s). These are widely used in order to make websites function efficiently and securely.

A “cookie” is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. They contain a unique number which does not have any significance outside of our Sites.

The cookies we use on our Sites can be broadly described as follows:

  • “Session Cookies” enable us to attribute various requests from your browser for the duration of your browsing session, such us recognising you when you open multiple web pages on our Sites. It also enables us to recognise your activities on our Sites during your browsing session to facilitate your user experience (e.g. remembering items you put in your cart). Such cookies are deleted after the end of your browsing session.
  • “Persistent Cookies” enable us to recognise your browser for subsequent visits to our Sites and can assist in simplifying your use of our Sites by saving settings (e.g. order history). Such cookies have a specified expiration date and will be automatically deleted after a certain period of time, or may be manually deleted in your browser’s security settings.

DyStar uses cookies which are necessary for the functioning and operation of our Sites, and for ensuring their security (e.g. authentication when logging in). In addition, we may also use cookies that allow us to track, record and analyse data in relation to the online activity or that allow us to recognise you whenever you return to our website for us to customise your browsing experience based on your preferences.

If you wish not to receive cookies, kindly change your cookie setting in your browser under the “options” or “preferences” tool selection. As the process to disable cookies through your browser may vary from browser-to-browser, please visit your browser’s help menu for further information.

Please note that if you choose not to receive cookies, you may still continue to use our Sites, although we may not be able to provide you with their full functionality.

(c) Third Party Websites

On our Sites, we may, from time to time, display advertisements from third parties or provide links to third party websites.

In these instances, kindly note that DyStar cannot be held responsible or liable for the privacy practices and policies of the third party. As such, please read the privacy policies of such third parties to find out how they process and collect your personal data.

(d)  Web Analysis

Our Sites use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies collected and the information produced by such cookies concerning the use of our Sites will generally be transmitted to a Google server in the United States and stored there.

If the IP anonymisation is activated on this website, your IP address will however be shortened in advance by Google within member states of the EU or in other contractual states of the agreement on the European Economic Area. Only in exceptional cases will the complete IP address be transmitted to a Google server and abbreviated there.

Google will use this information to evaluate your use of our Sites to compile reports concerning the website activities and to render additional services linked with the use of the website and the internet for the website operator. The IP address transmitted from your browser by Google Analytics is not merged with other Google data.

In addition to changing your browser settings to stop receiving cookies, you can additionally prevent the recording of the data generated by the cookie and obtained through your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

(e) Social Network Plugins

Plugins of the social network sites are integrated on our Sites. You may recognise the plugins on the “share it“ button and the corresponding logo of the social network site.

If you visit one of our Sites which contains one of these plugins your browser establishes a direct connection with the servers of the social network. In this way the social network obtains the information that you have visited our Site with your IP address. If you are logged on the social network, it can assign the visit to your account.

If you interact with the plugins or submit a comment the corresponding information will be directly transmitted from your browser to the social network and stored there.

Due to the fact this transmission runs directly we do not obtain any knowledge of the data transmitted. To obtain information about the purpose and scope of the data collection, the additional processing and use of the data by the social network and your rights and setting options for the protection of your private sphere please consult the data protection guidelines of the corresponding social network:

Facebook http://de-de.facebook.com/privacy/explanation.php
Twitter https://twitter.com/privacy
Pinterest http://www.addthis.com/privacy?utm_source=mm&utm_medium=img&utm_content=AT_privacy_LT&utm_campaign=AT_privacy

9. How to Access and Control your Personal Data

Individuals are given rights in relation to their personal data pursuant to the applicable law. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Where we are data processors, we will assist the data controller as far as reasonably possible to help them respond to your requests.

For security reasons, kindly note that, in relation to certain rights, we may request for information to verify your identity before processing your request.

In general, the rights afforded to individuals are:

(a) Right to Access

The right to be informed of and request access to the personal data that we process about you. This will enable you to check what personal data we are processing and whether the processing is lawful.

(b) Right of Correction/Rectification

The right to request that we amend or update your personal data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the personal data we collect is accurate and complete, you are responsible for ensuring the accuracy of the personal data that you provide to us directly.

(c) Right to Withdrawn Consent

You have right to withdraw your consent at any time, where consent is the legal basis of the processing of your personal data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations to you.

For individuals who are covered by the GDPR, they will also be afforded the following rights (as available and subject to any applicable law):

(a) Right to Erasure

The right to request that we temporarily or permanently stop processing all or some of your personal data.

(b) Right to Restriction of Processing

The right to request the restriction of processing of your personal data in circumstances where the grounds for erasure or rectification require further verification or are in dispute between ourselves and you.

(c) Right to Object

The right to object to your personal data being processed by us for direct marketing purposes, or to, at any time, object to us processing your personal data on grounds relating to your particular situation.

(d) Right to Data Portability

The right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.

(e) Right not to be subject to Automated Decision-making

The right to not be subject to a decision based solely on automated decision-making where the decision would have a legal effect on you or produce a similarly significant effect.

If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection at no cost. The electronic marketing messages you receive from us (e.g. email updates) will also include an “unsubscribe” option within the message itself to enable you to manage your personal data. Please note that if you opt-out of receiving direct marketing materials, we may still send you non-promotional messages, such as receipts or information about the Services we are providing to you.

Additionally, you have the right at any time to lodge a complaint with your local Data Protection Authority if you are unhappy with the way in which we are using your personal data.

10. Changes to this Policy

We may update this Policy from time to time.

When we make any material changes to the Policy, we will provide you with notice as appropriate under the circumstances of such change, including by displaying the notice within our website or by sending you an email. Additionally, you may also wish to refer to the “last modified” date at the end of this Policy.

To the extent permitted under applicable law, by engaging us for our Services after such notice, you consent to our updates to this Policy.

Last modified: 4 July 2018