Data Policy

GENERAL DATA PROTECTION POLICY

Crystal Net Pte Ltd (“CRYSTAL NET”) takes all legal responsibilities under the Singapore Personal Data Protection Act 2012 (“PDPA”) in full earnestness. We understand the importance of protecting our client’s personal data and task ourselves with the responsibility of properly processing, managing and protecting such data.

This Data Protection Policy is made to help you understand how Crystal Net collects, uses, discloses and processes any personal data that you have given us, along with assisting you to make informed decisions with regards to sharing or disclosing any personal data to us.

If you have any inquiries regarding this data policy, or any clarifications you wish to make relating to how we process, manage and protect your data, we encourage you to reach our Data Protection Office (“DPO”) at 6727 6000 or send us an email at dpo@crystalvoice.com.sg.

  1. INTRODUCTION TO THE PDPA
    1. Under the PDPA, “Personal Data” is defined as any information, whether genuine or false, about a person who is identifiable from such information, or from other information, to which an organization has or will likely have access to.
    2. In accordance to the rules of the PDPA, Crystal Net will collect your personal data, as provided either by you, an authorised representative, or a 3rd-party service provider (such as a partner or a reseller). You will be notified of the purpose in every case where the concerned data will be collected, used, disclosed or processed; and no personal data will be collected, used, disclosed or processed—for any purposes—without your consent, unless there is a clear legal stipulation allowing the collection, use, disclosure or processing of such data without your consent.
  2. PURPOSES FOR THE COLLECTION, USE, PROCESSING AND DISCLOSURE OF PERSONAL DATA
    1. Any and all personal data made known to Crystal Net may be collected, used, processed or disclosed for different reasons, as depends on circumstances in which Crystal Net needs to process such data. These circumstances include, but are not limited to:
      1. Facilitating the provision of Crystal Net’s products and services that you use;
      2. Communicating with you or responding to your inquiries,
      3. Sending promotional, marketing or advertising materials or information relating to products and services that we or our partners are marketing or selling, as well as those being marketed or sold by 3rd-party groups that we are collaborating with;
      4. Processing administrative matters, such as facilitating your purchase of products or services, management of your account(s) or subscriptions, administering sign-ups or registrations to mailing lists, etc.;
      5. Conducting market researches and client satisfaction analyses; and
      6. Other purposes (collectively called “Purposes) in which we will notify you and obtain your consent.
    2. The Purposes: as the purposes for which Crystal Net may or will collect, use, process or disclose personal data will depend on specific circumstances, not all such purposes appear above; however, you will be notified of such other purposes at the moment in which we obtain your consent, unless the processing of personal data without your consent is allowed by the law.
    3. In order for Crystal Net provide our products and services more efficiently and fulfill the Purposes stated above, we may need to share or disclose your personal data to our affiliates and partner organisations, 3rd-party service providers, and other related corporations—whether located in Singapore or overseas—for any of the Purposes stated above. These partner organisations, affiliates, 3rd-party service providers, related corporations and other affiliate organisations will process your given personal data on behalf of Crystal Net or for any of the Purposes stated above.
  3. SPECIFIC ISSUES RELATING TO THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
    1. Crystal Net respects the confidentiality of our clients’ personal data and takes serious measures in its security.
    2. Concerning this, we will not share or disclose your personal data to any third party without first having obtained your consent for such action. In consideration of that, there are certain circumstances where we may need to disclose the personal data you have given us to a third party without your express consent. These circumstances include, but not limited to the following cases:
      1. Wherein the disclosure is necessary or considered authorised in accordance to Singapore laws and regulations;
      2. Wherein the purpose of the disclosure is inarguably in your interest, and if consent could not be obtained in a timely manner;
      3. Wherein the disclosure is essential in adequately responding to a situation that threatens your life, safety or health, or that of another individual;
      4. Wherein the disclosure is required as part of an investigation or legal proceeding;
      5. Wherein the disclosure of your personal data is required by an officer from a recognized law enforcement agency, and upon presentation of a signed legal document authorised by the director or head of the agency concerned or by an official of sufficient authority, which certifies that your personal data is required in the performance of the officer’s duties or functions;
      6. Wherein a government or public agency is requiring the disclosure in order to fulfill its functions;
      7. Wherein the PDA or other legal stipulation allows the disclosure without your consent.
    3. The cases mentioned in the above section 3.2 does not comprise an exhaustive list. For additional information regarding the exceptions, please review the PDPA’s 2nd, 3rd and 4th Schedules. You can find the Schedules at http://statutes.agc.gov.sg.
    4. Where you have given consent to us to disclose your personal data to a third party, we will take strong measures to enforce such third party to protect and maintain the confidentiality of your data.
  4. REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
    1. You may correct or change information in your personal data that is in our database or that is in our control by submitting a letter of request. In such cases, we will require you to provide certain information to ascertain your identity, avoid the misuse of your personal data, and properly address your request. You are requested to submit all requests to dpo@cyrstalnet.com.
    2. Regarding requests to access your personal data, once we have ascertained your identity and intent, we will aim to provide the requested information no later than 30 days upon receiving the request. If we find that we would not be able to provide a satisfactory response within 30 days, we will inform you of the soonest time when we will be able to do so. In that regard, keep in mind that under the PDPA, we may prevent you from accessing certain types of information.
    3. Regarding requests to change or correct your personal data, once we have ascertained your identity and intent, we will:
      1. Make the appropriate change(s) no later than 30 days upon request. If we find that we would not be able to the amendment(s) within 30 days, we will inform you of the soonest time when we will be able to do so. In that regard, keep in mind that under the PDPA, we may prevent you from making any changes on certain types of information, and that there are situations in which we may refuse to grant your request;
      2. In consideration of paragraph 4.4, Crystal Net will forward the changed or corrected information to other organisations to which we have disclosed your personal data within a year prior to the date of correction, except when any of such organisations does not require the amended information for commercial or legal purposes.
    4. Accounting for paragraph 4.3.b, Crystal Net may, with your consent, forward the amended personal data to certain organisations only to which we have disclosed the concerned information within a year prior to the date of correction.
    5. We will charge a reasonable fee for processing or facilitating your request to access your personal data. Upon your request to access, you will be provided with an estimated fee of how much it will cost. Note that unless you agree to pay such fee, we will not be required to facilitate your request to access your personal data.
  5. REQUEST TO WITHDRAW CONSENT
    1. You have the right to withdraw consent for the collection, use and/or disclosure of your personal data that is in our database. You may do so by submitting a letter of request to dpo@crystalvoice.com.sg and filling out the form found therein.
    2. Your request to withdraw consent will be processed at the soonest reasonable time. Once processed, Crystal Net will thereafter stop from collecting, using and/or disclosing your personal data in the manner specified in your request.
    3. Please be aware that withdrawing your consent will likely result in certain legal complications. Given that, and in consideration of the extent of your withdrawal of consent for us to use your personal data in the manner we require to provide our service, such withdrawal may result to the termination of our relationship.
  6. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
    1. Crystal Net takes reasonable efforts to ensure your personal data is correct, updated and complete, particularly if we would need such information to take any action that would affect you, or if we have to disclose or share such information to other organisations. In light of this, you are required to update or make appropriate changes to your personal data. We will not be liable for issues or complications arising due to incorrect or outdated data that is due to your failure to update or amend the personal data you have initially provided us.
    2. We have set place different safeguard measures to guarantee the safety and protection of your personal data, particularly regarding the prevention of any unauthorised access, use, collection, disclosure, copying, leakage, modification, damage, alteration and/or loss of the personal data that you have entrusted upon us. However, we cannot guarantee the complete protection from any misuse of your personal data by other organisations or third parties using factors that are beyond our control.
    3. We have also set place measures to turn all personal date you have provided us or are under our control to be erased, destroyed or otherwise made inaccessible once we confirm that (i) such personal data no longer serves the purpose for which it was collected, or have been made redundant by other data; and (ii) retaining such data no longer serves any legal or commercial purposes.
    4. If the personal data you’ve given us is made available outside of Singapore, we will observe all rules under PDPA. This includes obtaining a consent from you unless there is an exception for such under Singaporean laws or the PDPA, as well as taking safety measure to ensure that any foreign organizations receiving the personal data is under enforceable laws that provide the given personal data standard level of protection that is commensurate to the protection given by the PDPA. In this regard, Crystal Net may enter with such foreign organisations into a suitable contract pertaining to the transfer and protection of the personal data; or allowing the transfer of the data without an additional contract if allowed by the law and the PDPA.
  7. ADDRESSING COMPLAINTS
    1. For any complaints or objections regarding our management of your personal data or our compliance of laws under the PDPA, we encourage you to reach us and discuss your concerns.
    2. You may reach us through the following:
      1. Telephone number: +65 6727 6000
      2. E-mail: dpo@crystatlnet.com (with Attention to: “Data Protection Officer”)
      3. Postal: 69 Ubi Road 1 Oxley Bizhub #05-29 Singapore, Singapore 408731
    3. Crystal Net promises to address all complaints or grievances considerately and as soon as possible.
  8. UPDATES ON DATA PROTECTION POLICY
    1. Crystal Net strives to properly manage and protect our clients’ personal data at all times. In view of this, we will continually review our policies and update it as we deem beneficial for both parties involved.
    2. Crystal Net reserves the right to change or update this Data Protection Policy at our sole discretion. We strongly advise our clients to check for any changes to this Policy occasionally by visiting crystalvoice.com.sg, where we will post any changes or updates.
    3. It is the responsibility of each user to keep themselves updated regarding any changes in the policy by following the above guideline.
COOKIE POLICY
  1. Keep in mind that our website uses cookies, encrypted text files that are sent to your computer when you access our site and which store or record information about your manners in using our site so as to enhance your user experience. These information include your browsing habits. Please see below to know how we use cookies in our site; for more information, you may also visit aboutcookies.org. You may always opt to disable cookies.
  2. The following, collectively called “Purposes”, are why Crystal Net uses cookies:
    1. Improve the user experience of the website
    2. Remember the preferences of each user
    3. Monitor website traffic
    4. Enable the optimum function of the website
    5. Allow us to better understand the performance of the site
  3. You may control how cookies are used by adjusting your browser settings, controlling for which information to send out and which to keep. Please note that disallowing or disabling cookies on our website may prohibit you from using the full range of functions available in our website.
  4. Personal data that collected using cookies, if any, may be shared to affiliated third party organisations – whether based in Singapore or overseas – for (i) the management or administration of our website; (ii) the purpose of data storage, hosting or backup; or (iii) any of the Purposes mentioned above.
  5. Your use of our site constitutes your agreement to our use of cookies and to the matters set out herein.