1.1 This Policy statement provides information on the obligations and policies of Vault@268 in respect of an individual customer’s Personal Data. Vault@268 undertakes to use reasonable efforts in applying, where practicable, those principles and the processes set out herein to its operations.
1.2 Vault@268’s officers, management, and members of staff shall use reasonable endeavours to respect the confidentiality of and keep safe any and all Personal Data collected and/or stored and/or disclosed and/or used for, or on behalf of, Vault@268. Vault@268 shall use reasonable endeavours to ensure that all collection and/or storage and/or disclosure and/or usage of Personal Data by Vault@268 shall be done in an appropriate manner and in accordance with the Act and this Policy.
1.3 By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Vault@268 as well as to its respective representatives and/or agents ("Representatives") (collectively referred to herein as "Vault@268", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to Vault@268’s authorised service providers and relevant third parties in the manner set forth in this Privacy Statement.
1.4 This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use or disclose your Personal Data.
1.5 For the purposes of this Policy, in line with the provisions under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) and the European Union General Data Protection Regulations (the “EU GDPR”) (collectively referred to as the “Act”), “Personal Data” shall mean data, whether true or not, about an individual customer who can be identified — from that data; or from that data and other information which an organisation has or is likely to have access. Such Personal Data shall also refer to that which is already in the possession of Vault@268 or that which shall be collected by Vault@268 in future.
2. Contacting the Data Protection Officer
2.1 Where you legitimately request access to and/or correction of Personal Data relating to you, such Personal Data which is in the possession and control of Vault@268, Vault@268 shall provide and/or correct that data within 30 days and in a manner in accordance with its standard procedures as stated hereinafter.
2.2 In accordance with the Act, Vault@268 has established a process for receiving and responding to any query or complaint that may arise with respect to the application of this Act. To ensure that Vault@268 receives your complaints and enquiries, please send the same via email to the Data Protection Officer (the “DPO”) of Vault@268 at the following email address: [email protected].
2.3 For identification purposes, please provide us with the following details when you contact us:
• Your name;
• Access card and box number;
• Email address/mailing address;
• Contact number;
• Nature of relationship between us; and
• Your request.
2.4 Please note that if your personal data has been provided to us by a third party (e.g. a member via a referral process), you should contact that individual to make such queries, complaints, and access and correction requests to Vault@268 on your behalf.
2.5 Should you not wish Vault@268 to use your Personal Data for any of the purposes listed in Clauses 3.2 to 3.4, or not to receive promotional materials from Vault@268, you may opt out by sending a clearly worded email to the DPO via the email address provided in Clause 2.2. Your request shall be processed within 30 days. Please note however that this may affect our ability to attend to your needs in the event where there is already an existing business relationship.
3. Statement of Practices
Types of Personal Data Collected:
3.1 As part of its day-to-day activity, Vault@268 may collect from you, through various means, including via our forms, websites, smart phone applications, events from time to time, some or all of the following Personal Data:
• Age / Birthday;
• NRIC Number / FIN Number / Passport Number (due to the nature of our business, we require the identity of our customers to be established to a high degree of accuracy);
• Mobile Number;
• Other Contactable phone number(s);
• Email Address (es);
• Residential Address;
• Business Address;
• Bank account details;
• Credit card details;
• Debit card details;
• Personal preferences in relation to being contacted by us; and/or
• Other relevant information required for us to serve you better.
As you would be aware, we are in the business of providing secure depositories/safe deposit boxes for your valuables and other ancillary services (whether through third parties or us), such ancillary services include but is not limited to insurance other measures to ensure the security of your valuables and value-added services such as our Client Portal (collectively, our “Services”). Accordingly, your Personal Data is required in order for us to ensure that your valuables are well-protected and that you receive the high-level security and service that you deserve. You further understand and agree that in order for us to provide you with our Services, the Personal Data that you provide to us must be accurate, and that all Personal Data as may be relevant for that particular purpose/circumstance must be provided (for example, in order to implement security measures in relation to the access of your valuables, we must necessarily possess copies of your identification documents).
Purpose of Collection of Personal Data
3.2 The Personal Data which we collect from you is therefore Personal Data voluntarily provided by you to our Company, Personal Data that is relevant for the provision of our Services to you, or for you to obtain more information regarding our Services (at your request). Your Personal Data may have also been provided to us by a third-party (authorised individual and/or organization) on your behalf, in which case you have the responsibility to ensure that such third-party has been duly authorised by you, and you therefore agree that it is reasonable for us to deem that such Personal Data provided to us through a third-party has been given to us with your permission and consent for the purposes below . Your Personal Data might have been submitted to us via any method including but not limited to our Website, application forms, request forms, agreement, quotation, proposals, invoices, emails, and/or text messages (such as SMS, Whatsapp, Telegram, WeChat, Line) for the purpose of your utilizing our Services or to receive information/updates regarding our Services (the “Purposes”) In addition, the Personal Data is collected for the purposes of:
• Considering and/or assessing your application or request for our Services;
• Processing your application for our Services;
• Processing your application or request for any transactions with us;
• Fulfilling specific request(s) from you, including responding to your queries or comments on our products and services, or carrying out your instructions;
• To provide you business services through our Client Portal located at client.vault268.com, managing marketing campaigns, sending of e-mailers, sending of invitation cards and/or promotional material through mail or email, management of sales and enquiries, organising and managing workshops and other activities pursuant to or related to our Services;
• To allow a business partner or third party service provider to contact you where you have requested for us to assist you in obtaining ancillary Services such as insurance for your valuables;
• Evaluation of applications for employment, participation in charitable activities, sponsorships, donations, and/or scholarships;
• Performing due diligence checks including identity verification or screening activities pursuant to our Services and/or in accordance with legal or regulatory obligations;
• For the receipt of professional advice and/or the maintenance of our records in accordance with legal requirements, such professional advice and/or maintenance of our records being performed by our third party book-keepers, accounting firms, audit firms, law firms and/or other professional advisory firms;
• Conducting research, analysis and development activities to improve our services and facilities in order to enhance your relationship with us, for which we may engage the services of a data intermediary subject to such data intermediary being bound by contractual or legal obligations to protect the confidentiality and security of your Personal Data
• Ascertaining if you are eligible for discounts, privileges or benefits or other related purposes;
• Marketing through voice calls; text messages such as SMS or Whatsapp and/or any communication made via mobile devices; email; direct mail and facsimile messages;
• For payment and/or credit control purposes;
• To notify you of any changes to our policies or services which may affect you;
• To respond to queries and feedback;
• For identification and access;
• For maintaining and updating your details; and
• Informing you of new developments, services, promotions of Vault@268 and other third parties which we are associated with.
Disclosure of Personal Data
3.3 In order to carry out the functions described above, Vault@268 may, from time to time, disclose your Personal Data between our affiliated or related companies, business partners, and/or third party service providers (collectively “Third Service Providers”), such Third Party Service Providers being necessary for your continued use of our Services and our Site. The aforesaid Third Party Service Providers provide necessary services such as administration, storing, hosting, backing up (whether for disaster recovery or otherwise) of your Personal Data, maintenance of our Site, maintenance of our Client Portal, assisting us to send you updates on our Services, mass mailing, ancillary or related services to our Services, etc. Where such Third Party Service Providers are located outside of Singapore, any transfer of Personal Data outside of Singapore to such Third Party Service Providers shall be subject to such Third Party Service Providers being contractually or legally obligated to protect Personal Data pursuant to obligations similar to/comparable with the requirements of the PDPA.
3.4 Without derogating from any of the above, Vault@268 may also disclose your Personal Data to the following third parties:
• Regulators and law enforcement officials;
• Third party service providers and consultants;
• Credit, debit and charge card companies, banks and other entities processing payment;
• Potential buyers or investors of Vault@268 or any of Vault@268’s companies; and
• Any agent or subcontractor acting on Vault@268’s behalf for the provision of Vault@268’s services.
3.5 Vault@268 may disclose your Personal Data to the abovementioned parties also in the occurrence of any of the following events:
• To the extent that Vault@268 is required to do so by the law;
• In connection with any legal proceedings or prospective legal proceedings;
• To establish, exercise or defend Vault@268’s legal rights;
• To the purchaser (or prospective purchaser) of any business or asset which Vault@268 is (or is contemplating) selling;
• To any person and/or entity for the purpose of processing such information on Vault@268’s behalf;
• To third parties who provide services to Vault@268 or on its behalf;
• To any third party that purchases Vault@268 or Vault@268’s business or any part of Vault@268 or Vault@268’s business;
• With your consent; and
• For the purposes of disaster recovery.
Optional Provision of Personal Data
3.6 In some instances, you may also be requested to provide certain Personal Data that may be used to further improve Vault@268’s products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalised service, or provision of a product or dependent on your providing all requested data, failure to provide the requested data may prevent Vault@268 from providing the service to you.
3.7 Under certain circumstances, telephone calls made to any of Vault@268’s companies to order and/or service hotlines and/or inquiry telephone numbers are recorded for the purposes of quality control, appraisal, as well as staff management and development. In such an event, by agreeing to this Policy, you hereby give your consent for the collection, use and disclosure of such Personal Data for the purposes of our records, following up with your enquiry and/or transaction, and for quality control and training purposes.
4. Transfer of Personal Data Overseas
Your Personal Data may be processed by Vault@268, its affiliates, agents and third parties providing services to Vault@268, in jurisdictions outside of Singapore. In this event Vault@268 will comply with the terms of the Act.
5. Accuracy of Personal Data
Where possible, Vault@268 will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, Vault@268 is able to validate the data provided against pre-existing data held by Vault@268. In some cases, Vault@268 is required to see original documentation before we may use the Personal Data such as with Personal Identifiers and/or proof of address. To assist in ensuring the accuracy of your Personal Data in the possession of Vault@268, please inform us of any updates of any parts of your Personal Data by sending a clearly worded email to the DPO at the email address provided at Section 2.2.
6. Protection of Personal Data
Vault@268 uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your Personal Data and will not knowingly allow access to this data to anyone outside Vault@268, other than to you or as described in this Policy. However, Vault@268 cannot ensure or warrant the security of any information you transmit to Vault@268 and you do so entirely at your own risk. In particular, Vault@268 does not warrant that such information may not be accessed, altered, collected, copied, destroyed, disposed of, disclosed or modified by breach of any of Vault@268’s physical, technical, or managerial safeguards.
7. Access and Correction of Personal Data
7.1 In accordance with Clause 2.1 of this Policy, you have the right to:
(a) check whether Vault@268 holds any Personal Data relating to you and, if so, obtain copies of such data; and
(b) require Vault@268 to correct any Personal Data relating to you which is inaccurate for the purpose for which it is being used.
7.2 If you wish to verify the details you have submitted to Vault@268 or if you wish to check on the manner in which Vault@268 uses and processes your personal data, Vault@268’s security procedures mean that Vault@268 may request proof of identity before we reveal information. This proof of identity will take the form of full details of name, access card and box number and NRIC or Passport or Fin number. You must therefore keep this information safe as you will be responsible for any action which Vault@268 takes in response to a request from someone using your details.
8. Storage and Retention of Personal Data
8.1 Vault@268 will delete, as reasonably possible, or otherwise anonymise any Personal Data in the event that the Personal Data is not required for any reasonable business or legal purposes of Vault@268 and where the Personal Data is deleted from Vault@268’s electronic, manual, and other filing systems in accordance with Vault@268’s internal procedures and/or other agreements.
8.2 We will retain your Personal Data for the duration that is necessary for us to:-
(i) provide our Services to you;
(ii) fulfil our contractual obligations to you;
(iii) provide our services and information to you pursuant to any ongoing relationship between us;
(iv) send you updates on our Services;
(v) send you information and/or updates on any other matters (including marketing materials not related to our Services) if you have so requested it of us and have not revoked your request or consent; and
(vi) comply with applicable laws and regulations, assist in any legal investigations, meet the demands from any regulatory or law enforcement bodies, for utilization in legal proceedings, minimizing fraud, collection of debts, resolving disputes, identifying issues, enforcing contractual breaches and/or claiming for damages.
8.3 In the event there is no proper termination of our Services by you, we will hold on to your Personal Data for an indefinite period of time, until our Services have been terminated properly. This is to safeguard against any claim by a client’s estate/attorney in the event there is any unforeseen circumstances such as a client passing away or losing mental capacity prior to terminating our Services. Proper termination of our Services shall have to be done by you sending an email using your email address in our records stating that you wish to terminate our Services, followed by the return of the keys and card(s) issued to you.
8.4 Notwithstanding Clauses 8.1 to 8.3 above, in compliance with the EU GDPR, you shall have the right to have your personal data forgotten, erased, ceased to be disseminated, or have third parties halt the processing of your personal data. However, this can only be done should there be no outstanding fees due to us by you, and a proper termination has been done in accordance with Clause 8.3. Please note that we will not be able to provide our Services to you should you wish to have your personal data removed from our records.
9. Contacting you
To the extent that any of the communication means which you have provided Vault@268 with (which may include, your telephone number and fax number) is/will be listed on the Do Not Call Registry (the “DNC”), by giving us express consent or by any other means of indication, you hereby grant Vault@268 your clear and unambiguous consent to contact you using all of your communication means you have provided to Vault@268 including using via voice calls, SMS, Whatsapp, MMS, fax or other similar communications applications or methods, for the purposes as stated above in Paragraph 3.2. This will ensure your continued enjoyment of Vault@268’s promotional rates and services.
10. Change Policy
11. Governing Law
This Policy is governed by and shall be construed in accordance with the laws of Singapore. You hereby submit to the non-exclusive jurisdiction of the Singapore courts.
12.1 This Policy only applies to the collection and use of Personal Data by Vault@268. It does not cover third party sites to which we provide links, even if such sites are co-branded with our logo. Vault@268 does not share your Personal Data with third party websites. Vault@268 is not responsible for the privacy and conduct practices of these third party websites, so you should read their own privacy policies before disclosure of any Personal Data to these websites.
12.2 Vault@268 will not sell your personal information to any third party without your permission, but we cannot be responsible or held liable for the actions of third party sites which you may have linked or been directed to Vault@268’s website.
12.3 Vault@268’s websites do not target and are not intended to attract children under the age of 18 years old. Vault@268 does not knowingly solicit personal information from children under the age of 18 years old or send them requests for personal data.
© Vault@268 Pte Ltd Updated 8 May 2019