Privacy and Data Protection Policy

Introduction
Collection and Use of Personal Data
Disclosure
Accuracy
Retention
Protection
Access and Requests
General

I. Introduction

1. We, HeySara Pte. Ltd. (“HeySara” or “our” or “us”) are committed to ensuring the safety and security of Personal Data (as defined below) and to conduct or business in compliance with the Singapore’s Personal Data Protection Act 2012 (the “PDPA”). We recognize the importance of the personal data you have provided to us and believe that it is our responsibility to properly manage, collect, protect and process your personal data.

2. “Personal Data” is defined under the PDPA as “data, whether true or not, about an individual who can be identified — a) from that data; or b) from that data and other information to which the organisation has or is likely to have access”.

3. The purpose of this document, HeySara’s Personal Data Protection Policy (our “Policy”) is to inform you and provide you with an understanding of how HeySara handle, collect, use, disclose and process your Personal Data. Any changes to this Privacy Policy are effective after posting to this Website. In case of conflict between the version in our mobile application and website, the Privacy and Data Protection Policy of our website version shall always prevail. Please read this Policy to understand what Personal Data is collected or processed by us, and for what purposes it is used.

4. We only collect such Personal Data that is necessary for us to provide you with the services that you have requested, understand your needs, and serve you better as a whole. By providing your personal data to us, you as our client or potential client acknowledge and agree that you have fully read and understood this Policy, and gives us your express consent to the collection, use, processing and disclosure of your personal data as described in this Policy.

II. Collection and Use of Personal Data

1. This Policy applies to Personal Data which we collect from you or about you as may be necessary for the Purposes (as defined in paragraph 2 below), and shall include data in our records as may be updated from time to time. To process your requests, we collect your Personal Data, such as:

a. Full name
b. NRIC or passport number (and a copy thereof) or other identification number or document
c. Telephone number(s)
d. Residential address
e. Email address
f. Other Personal Data required by government agencies
g. Signature (digitally, electronically or in wet-ink)
h. Photo/video of yourself and your identification document
i. Any other personal documents or information that may be required from time to time.

2. We collect your Personal Data for the following purposes (“Purposes”):

a. provision of our corporate services to you;
b. responding or attending to your enquiries or requests for assistance regarding our services;
c. performing a contract that we are about to enter into or have entered into with you;
d. disclosure to the relevant government agencies, including the Accounting and Corporate Regulatory Authority of Singapore and other statutory bodies;
e. conducting internal audits (including monitoring customer service quality, employee training and performance evaluation) and other administrative or operational processes within HeySara;
f. other legitimate business purposes;
g. marketing and promotional purposes;
h. legal, regulatory and other compliance requirements (including but not limited to providing assistance to law enforcement, judicial, regulatory or other government agencies and statutory bodies and complying with applicable laws, regulations and other requirements or guidelines); and
i. other purposes reasonably related to the foregoing uses.

3. The data protection provisions in the PDPA (parts III to VI of the PDPA) do not apply to:

a. Any public agency or organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
b. Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes. You may refer to the ADVISORY GUIDELINES ON KEY CONCEPTS IN THE PERSONAL DATA PROTECTION ACT.

4. Our Website and Application are set up to automatically collect anonymous information about visitors to help us understand our website visitors and their traffic patterns; to know when visitors have accessed our site, which devices they use for statistical purposes and to improve our service.

5. We do not share any information collected with any non-authorised third parties.

6. We use email, HeySara applications and social media accounts to communicate with clients regarding their requests and our services provided.

7. From time to time, HeySara will notify you of our new services and corporate special offers via applications or e-mail updates should you sign up or not for our newsletters.

8. We will not use Personal Data relating to you for purposes which we are not permitted to or required under the PDPA or any other applicable laws.

9. We will notify you in advance when we collect information for the purposes other than the Purposes listed above.

III. Disclosure

1. We disclose your Personal Data and business information only with government bodies for corporate and legal purposes as an organisation in the course of acting on behalf of public agencies or performing our services.

2. We may disclose your Personal Data and business information with authorised third parties, such as:

a. legal or audit firms;
b. banks or other financial institutions;
c. partners, vendors, agents, contractors or third-party service providers who provide services to us;
d. any other third parties as may be specifically authorised by you or your employees in writing (via email, or in wet-ink letters); and
e. any other persons to whom disclosure is reasonable for the Purposes listed in Part II, paragraph 2 above.

3. We will not disclose Personal Data relating to you for purposes which we are not permitted to or required under the PDPA or any other applicable laws.

IV. Accuracy

1. We will strive to keep Personal Data provided to us accurate.

2. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Your failure to do so may result in our inability to provide you with, or delay in our provision of, the services requested.

3. Further, when you provide us with any Personal Data relating to a third party, you represent to us that you have obtained the consent of the third-party for our collection, use and disclosure of their Personal Data in accordance with this Policy unless otherwise provided in the PDPA.

4. You may request us to correct any error or omission in your Personal Data that we have in our possession or under our control. If there is any Personal Data relating to you that you are unable to correct or update but which you wish to do so, you may contact our Data Protection Officer (whose details are set out below) and we will be happy to help you as best as we can.

V. Retention

1. We will retain your Personal Data (including documents containing such Personal Data or copies thereof) in so far as we have:

a. a business relationship with you as a client, or for only as long as there is a business or legal purpose (including but not limited to the Purposes); or
b. an obligation under the law to preserve data even after our business relationship is over for a period of time based on the prevailing statutory requirements and applicable laws.

2. In the event that retention of your Personal Data is no longer necessary for any business or legal purposes or when the purpose for which your Personal Data was collected is no longer being served by the retention of your Personal Data, we will remove, destroy or anonymise your Personal Data as we consider appropriate, including shredding hardcopy documents and irretrievably deleting softcopy records.

VI. Protection

We are committed to ensuring that your Personal Data is secure. To prevent unauthorized access or disclosure, HeySara has put in place appropriate physical, electronic and internal procedures and measures to secure the Personal Data and other information provided by you to HeySara. However, please note that, to the fullest extent permitted by law, we will not be held liable or responsible for any loss, misuse or alteration of Personal Data that may be caused by third parties.

VII. Access and Requests

1. If you wish to access the Personal Data that we have relating to you, inquire about the way in which Personal Data relating to you has been used or disclosed by us in the past year, or wish to withdraw your consent to our use of such Personal Data, you may contact our Data Protection Officer (whose details are set out below) and we will seek to attend to your request as best as we reasonably can. Please note that:

a. in order for us to provide any personal data we will need to verify your identity and may request further information about your request;
b. we may refuse access to your Personal Data if it would affect the privacy rights of other persons or if it breaches any confidentiality that attaches to that information;
c. we may also refuse your request where we are legally permitted to do so and give you such reasons;
d. you should be aware that we may take a reasonable time to process your application for access as we may need to retrieve information from storage and review the information in order to determine what information may be provided;
e. please also note that if you withdraw your consent to our use and/or disclosure of Personal Data relating to you, we may not be in a position to continue providing our products or services to you or perform on any contract we have with you; and
f. we may have to charge you a reasonable administrative fee for retrieving Personal Data relating to you.

2. HeySara is happy to share with you about our data protection practices, policies and complaints processes upon request. For more information contact our Data Protection Officer via: robinyoo@heysara.sg or at +65 6914 7939.

VIII. General

HeySara reserves the right to modify and update this Policy at any time to ensure it is consistent with industry trends and/or any changes in legal or regulatory requirements. Subject to any rights you may have at law, you agree to be bound by the prevailing terms of this Policy as may be updated by HeySara from time to time.
This Policy shall be governed in all respects by the laws of Singapore and the parties hereto submit to the exclusive jurisdiction of the courts of Singapore to resolve any dispute arising therefrom.