Privacy Policy

May 01, 2021

  1. INTRODUCTION

    1. Protection of your personal data is important to us. This igloocompany Privacy Policy (“Privacy Policy”) outlines how we manage the personal data that we hold. igloocompany Pte. Ltd. (referred to as “igloocompany”, “we”, “us”, or “our”) respects the confidentiality of personal data and privacy of individuals and are committed to complying with the Singapore Personal Data Protection Act (Act 26 of 2012) (“PDPA”) and other applicable data protection laws, including the European Union (“EU”) General Data Protection Regulation (“GDPR”) and UK GDPR, where applicable.

    2. Please read this Privacy Policy so that you know and understand the purposes for which we collect, use and disclose your personal data.

  2. QUESTIONS ABOUT THIS PRIVACY POLICY

    1. If, at any time, you have any queries on this Privacy Policy or any other queries in relation to how we manage, protect and/or process your personal data, please do not hesitate to contact our data protection officer at legal@igloocompany.co.

  3. WHAT PERSONAL DATA DOES IGLOOCOMPANY COLLECT ABOUT YOU?

    1. Personal data is any data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which we have or is likely to have access. Examples of such personal data which you may provide us include (depending on the nature of your interaction with us):

      1. Your name, national identification number, passport number or other identification number, telephone number, mailing address, email address, facial image in a photograph or video recording, fingerprint, geolocation, IP address, and any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with you;

      2. Information about your use of your igloohome, iglooworks, or igloocompany Product (“Product”), the software application that may be downloadable to your mobile device to operate the Product (“Mobile App”), the igloodeveloper API and SDK hosted on igloocompany’s online platform (“API/SDK”), the website located at igloocompany.co or igloohome.co and their sub-domains (each a “Site”), and the services offered by igloocompany through the Products, Sites, API/SDK and Mobile App (the “Services”), including cookies, IP addresses, subscription account details and membership details; and

      3. Your payment related information; such as your bank account or credit card information, and your credit history.

  4. HOW DOES IGLOOCOMPANY COLLECT YOUR PERSONAL DATA?

    1. Generally, we collect your personal data in the following ways:

      1. when you submit forms relating to any of our Products or Services, or otherwise contact us in relation to our Products or Services;

      2. when you register for or use any of our Services on websites, platforms and apps owned or operated by us or when you register as a member on any of our websites, platforms and apps owned or operated by us;

      3. when you register for or use any of our Services, including accessing our Products at your or third party’s properties;

      4. when you use or purchase our Products or Services;

      5. when you establish any online account with us;

      6. when you request that we contact you;

      7. when you respond to our request for additional personal data;

      8. when you ask to be included in an email or other mailing list;

      9. when you respond to our promotions or other initiatives;

      10. when you submit a job application;

      11. when we receive references from business partners and third parties, for example, where you have been referred by them;

      12. when you submit your personal data to us for any other reason; and

      13. when you browse our website. Please refer to our Cookie Policy for more information.

    2. We may monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation, and identity verification purposes, and while receiving feedback, responding to your queries, requests and complaints and other related purposes. Such monitoring or recording will be done in accordance with the applicable law.

    3. Your personal data may also be collected, used and/or disclosed if we have assessed that to do so would be in our legitimate interests and/or for business improvement purposes. Legitimate interests include protecting against physical and cyber security risks, and ensuring business continuity, and business improvement purposes include improvement or enhancement of any goods or services, or methods or processes for operations and for learning about and understanding customers’ behaviour and preferences. Before doing so, we will take steps to ensure that any adverse effects that might arise for you have already been identified and eliminated, reduced or mitigated.

    4. We may receive personal data about you from other sources (for example, when you authorise a third-party service to interact directly with our Products, Mobile App, Sites or Services to provide or receive personalised information about you).

  5. WHAT DOES IGLOOCOMPANY USE YOUR PERSONAL DATA FOR?

    1. We may collect, use and/or disclose your personal data, where permitted by applicable data protection laws, for the following purposes:

      1. Provision of Products, Sites, API/SDK, Mobile App, and Services:

        1. providing our Products, Sites, API/SDK, Mobile App, or Services;

        2. providing promotional items upon request;

        3. communicating with you in relation to those Products, Sites, API/SDK and Mobile Apps, or Services;

        4. performing our obligations, and protecting, exercising or enforcing our rights under our agreement(s) with you;

        5. ensuring that our Sites, API/SDK and/or Mobile App are presented in the best manner for you;

        6. offering you additional products and services provided by us or our third-party partners; and

        7. for any purpose connected with your agreement(s) with us, including the maintenance of a central database of customers.

      2. Compliance checks:

        1. fulfilling our regulatory compliance obligations;

        2. “Know Your Client’ checks;

        3. confirming and verifying your identity;

        4. use of credit reference agencies; and

        5. screening against government and/or law enforcement agency sanctions lists and other legal restrictions.

      3. Operating our business:

        1. administering our business activities;

        2. facilitating Business Asset Transactions (as defined below);

        3. operating and managing our Sites, API/SDK and Mobile App, and our Services;

        4. providing content to you;

        5. displaying advertising and other information to you;

        6. communicating and interacting with you through our, Sites, Mobile App, or our Services;

        7. notifying you of changes to any of our Products, Sites, API/SDK and Mobile App, or our Services; and

        8. providing customer service, including handling enquiries and complaints.

      4. Communications and marketing:

        1. communicating with you through any means (including by email, telephone, text message, social media, post or in person) promotions, campaigns, events, news and analysis that we believe may be of interest to you, subject always to obtaining your prior opt-in consent to the extent required under applicable law;

        2. telling you about changes to our Products, Sites, Mobile App, API/SDK and Services, and their functionality;

        3. providing you with information about other products and services we offer;

        4. keeping you informed about industry developments; and

        5. maintaining and updating your contact information where appropriate.

      5. Management of IT systems:

        1. management and operation of our communications, IT and security systems; and

        2. audits (including security audits) and monitoring of such systems.

      6. Health and safety:

        1. health and safety assessments and record keeping;

        2. providing a safe and secure environment at our premises; and

        3. compliance with related legal obligations.

      7. Financial management:

        1. sales; finance; corporate audit; and vendor management; and

        2. handling customer and vendor orders and billing.

      8. Surveys: engaging with you for the purposes of obtaining your views on our Products, Sites, Mobile App, API/SDK and Services.

      9. Security:

        1. physical security of our premises (including records of visits to our premises);

        2. CCTV recordings; and electronic security (including login records and access details).

      10. Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.

      11. Legal proceedings: establishing, exercising and defending legal rights.

      12. Legal compliance: compliance with our legal and regulatory obligations under applicable law.

      13. Improving our Products, Sites, API/SDK and Mobile App, and Services:

        1. identifying issues with our Products, Sites, API/SDK and Mobile App, or Services;

        2. conducting research and planning improvements to our Products, Sites, API/SDK, Mobile App, or Services; and creating new websites, software development tools, apps, or services.

      14. Fraud prevention: detecting, preventing and investigating fraud.

    2. The above purposes are not exhaustive and depending on the nature of your relationship with us (for example, if you are a customer or vendor), we may collect, use and disclose your personal data for additional purposes which you will be notified of, in accordance with applicable terms and conditions.

  6. WHO DOES IGLOOCOMPANY SHARE YOUR PERSONAL DATA WITH?

    1. In order for us to offer our Products and Services to you, we may have to disclose your personal data to third parties in order for them to process it on our behalf. This may include the following categories of recipients:

      1. Our service providers – for example, service providers in charge of storing and analysing data, providing customer service, advertising, and payment processing;

      2. Our agents – who may be delivering parts of our Products or Services on our behalf;

      3. Our related companies – who may be delivering parts of our Products or Services on our behalf; and

      4. Other third-party service providers – whose services or applications we may make available for your use on our Products and/or Services.

    2. As we continue to develop our business, we might sell or buy other businesses or assets which include any Business Asset Transactions. “Business Asset Transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation. In such transactions, we may disclose your personal data to a third party without first obtaining your consent under the PDPA or applicable data protection laws.

    3. We may disclose any of the personal data we collect to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries, and to protect and defend the rights, interests, safety, and security to igloocompany, our affiliates, users, or the public. We may also share any of the personal data we collect to enforce any terms applicable to the use of our Products and/or Services, to exercise or defend any legal claims, and comply with any applicable law.

    4. Where we are required to transfer your personal data outside of Singapore, we shall take such steps to ensure that the receiving organisation is bound by legally enforceable obligations such as:

      1. where the receiving party is an associated or affiliated organisation or related organisation, a set of binding corporate rules; and

      2. where the receiving party is an unrelated third party; a contract or written agreement,

      to provide a standard of protection to the personal data so transferred that is comparable to the standard of protection afforded under the PDPA or applicable data protection laws.

    5. We will only disclose your personal data to third parties where we are allowed to do so under data protection laws. More specifically, we will not disclose your personal data to any third parties without your prior consent to do so, unless such disclosure is sanctioned under the PDPA exemptions.

    6. When sharing your personal data with third parties, we will always ensure that appropriate safeguards are in place to protect the security and confidentiality of your personal data when in the hands of such third parties. Those safeguards will always comply with the minimum requirements set out in data protection laws.

  7. REQUESTS FOR ACCESS, CORRECTION AND/OR PORTING OF PERSONAL DATA

    1. You may request to access, correct and/or port the personal data currently in our possession, or object to the collection, use and/or disclosure of your personal data in our possession or under our control, at any time by submitting your request to our Data Protection Officer.

    2. For a request to access personal data, we will provide you with a copy of the relevant personal data within a reasonable amount of time from when the request is made.

    3. For a request to correct personal data, we will process your request as soon as practicable after the request has been made. Such correction may involve necessary verification, which may include sending the corrected personal data to other organisations to which the personal data was disclosed by igloocompany within a year before the date the correction was made (unless that other organisation does not need the corrected personal data for any legal or business purpose), or if you so consent, only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.

    4. For a request to port personal data, once we have sufficient information from you to deal with the request, we will seek to port your personal data within 30 calendar days. Where we are unable to do so within the said 30 calendar days, we will notify you of the soonest practicable time within which we can carry out the data porting.

    5. We may also charge a reasonable fee for the handling and processing of your requests to access, correct and/or port your personal data. You will be notified in advance of such costs.

    6. For a request to object to the processing of your personal data by us, we will process your request within a reasonable time from when the request is made. Such requests may adversely impact your relationship with us or the quality of the services and products we deliver to you. We will notify you in advance of such impacts.

  8. HOW DOES IGLOOCOMPANY PROTECT YOUR PERSONAL DATA?

    1. We will take appropriate measures to keep your personal data accurate, complete and updated.

    2. We will take precautions and preventive measures to ensure that your personal data is adequately protected and secured in accordance with data protection laws. Appropriate security arrangements will be made to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration to or of your personal data.

    3. We will also make reasonable efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that:

      1. The purpose for which that personal data was collected is no longer being served by the retention of such personal data; and

      2. Retention is no longer necessary for any other legal or business purposes.

  9. PERSON LOCATED INSIDE THE EUROPEAN ECONOMIC AREA (“EEA”) AND THE UK

    1. If you are located inside the EEA or the UK, the provisions set out in Appendix 1 will also apply to your personal data.

  10. UPDATES TO THIS PRIVACY POLICY

    1. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.

    2. We may amend the terms of this Privacy Policy at our absolute discretion. Any amended policy will be posted on our website, and we will notify you if we make any significant changes to this Privacy Policy where required to do so under applicable laws.


APPENDIX 1

(Additional provisions applicable to individuals located inside the European Economic Area and the UK)

The following provisions apply to your personal data if you are located inside the European Economic Area (“EEA”) and the UK. These apply in addition to the rest of this Privacy Policy.

In the event of any conflict between this Appendix 1 and the rest of this Privacy Policy, the provisions contained in this Appendix 1 will prevail.

  1. WHAT IS IGLOOCOMPANY LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA?

    1. We will always process your personal data in accordance with data protection laws, and will only process it where it has a legal justification to do so. The table below provides some details of the lawful bases we rely on to collect and use your personal data.

      Purposes

      Legal Basis for processing

      1. Provision of Products, Sites, API/SDK, Mobile App and Services:

        1. providing our Products, Sites, API/SDK and Mobile App, or our Services;

        2. providing promotional items upon request;

        3. communicating with you in relation to those Products, Sites, API/SDK and Mobile App, or our Services;

        4. performing our obligations, and protecting, exercising or enforcing our rights under our agreement(s) with you;

        5. ensuring that our Products, Mobile App and Sites are presented in the best manner for you;

        6. offering you additional products and services provided by us or our third-party partners; and

        7. for any purpose connected with your agreement(s) with us, including the maintenance of a central database of customers.

      • The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us;

      • We have a legitimate interest in carrying out the processing for the purpose of providing our Products, Sites, API/SDK, Mobile App, or Services; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Compliance checks:

        1. fulfilling our regulatory compliance obligations;

        2. “Know Your Client’ checks;

        3. confirming and verifying your identity;

        4. use of credit reference agencies; and

        5. screening against government and/or law enforcement agency sanctions lists and other legal restrictions.

      • The processing is necessary for compliance with a legal obligation;

      • The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us;

      • We have a legitimate interest in carrying out the processing for the purpose of fulfilling our regulatory and compliance obligations; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Operating our business:

        1. administering our business activities;

        2. facilitating business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of our entities;

        3. operating and managing our Sites, API/SDK, Mobile App, and our Services;

        4. providing content to you;

        5. displaying advertising and other information to you;

        6. communicating and interacting with you through our Sites, API/SDK and Mobile App, or our Services;

        7. notifying you of changes to any of our Product firmware, Sites, API/SDK and Mobile App, or our Services; and

        8. providing customer service, including handling enquiries and complaints.

      • The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us;

      • We have a legitimate interest in carrying out the processing for the purpose of providing our Products, API/SDK, Mobile App, Sites;

      • or our Services to you; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Communications and marketing:

        1. communicating with you through any means (including by email, telephone, text message, social media, post or in person) promotions, events, campaigns, news and analysis that we believe may be of interest to you, subject always to obtaining your prior opt-in consent to the extent required under applicable law;

        2. telling you about changes to our Products, Sites, API/SDK and Mobile App, and their functionality;

        3. providing you with information about other Products and Services we offer;

        4. keeping you informed about industry developments; and

        5. maintaining and updating your contact information where appropriate.

      • The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us;

      • We have a legitimate interest in carrying out the processing for the purpose of contacting you, subject always to compliance with applicable law; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Management of IT systems:

        1. management and operation of our communications, IT and security systems; and

        2. audits (including security audits) and monitoring of such systems.

      • The processing is necessary for compliance with a legal obligation; or

        We have a legitimate interest in carrying out the processing for the purpose of managing and maintaining our communications and IT systems.

      1. Health and safety:

        1. health and safety assessments and record keeping;

        2. providing a safe and secure environment at our premises; and

        3. compliance with related legal obligations.

      • The processing is necessary for compliance with a legal obligation; or

      • The processing is necessary to protect the vital interests of any individual.

      1. Financial management:

        1. sales; finance; corporate audit; and vendor management; and

        2. handling customer and vendor orders and billing.

      • We have a legitimate interest in carrying out the processing for the purpose of managing and operating the financial affairs of our business; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to the processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Surveys:

        1. engaging with you for the purposes of obtaining your views on our Sites, API/SDK and Mobile App, or our Services.

      • We have a legitimate interest in carrying out the processing for the purpose of conducting surveys, satisfaction reports and market research; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to the processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Security:

        1. physical security of our premises (including records of visits to our premises);

        2. CCTV recordings; and electronic security (including login records and access details).

      • The processing is necessary for compliance with a legal obligation;

      • We have a legitimate interest in carrying out the processing for the purpose of ensuring the physical and electronic security of our business and our premises.

      1. Investigations:

        1. detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.

      • The processing is necessary for compliance with a legal obligation; or

      • We have a legitimate interest in carrying out the processing for the purpose of detecting, and protecting against, breaches of our policies and applicable laws.

      1. Legal proceedings:

        1. establishing, exercising and defending legal rights.

      • The processing is necessary for compliance with a legal obligation; or

      • We have a legitimate interest in carrying out the processing for the purpose of establishing, exercising or defending our legal rights.

      1. Legal compliance:

        1. compliance with our legal and regulatory obligations under applicable law.

      • The processing is necessary for compliance with a legal obligation.

      1. Improving our Products, Sites, API/SDK and Mobile App, and Services:

        1. identifying issues with our Sites, API/SDK and Mobile App, or our Services;

        2. planning improvements to our Sites, API/SDK and Mobile App, or our Services; and creating new Products, websites, API/SDK and apps, or Services.

      • We have a legitimate interest in carrying out the processing for the purpose of improving our Products, Sites, API/SDK and Mobile App, or our Services; or

      • We have obtained your prior consent to the processing (this legal basis is only used in relation to the processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

      1. Fraud prevention:

        1. detecting, preventing and investigating fraud.

      • The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or

      • We have a legitimate interest in carrying out the processing for the purpose of detecting and protecting against fraud.

  2. WILL YOUR PERSONAL DATA BE TRANSFERRED OUTSIDE OF THE EEA or the UK?

    1. As igloocompany is located in Singapore, your personal data will be transferred and processed outside of the EEA or the UK (as the case may be).

    2. Where we transfer your personal data from within the EEA or the UK (as the case may be) to a country outside the EEA or the UK (as the case may be), we ensure that adequate safeguards are in place to offer equivalent protection as your personal data would receive within the EEA or the UK (as the case may be) and in compliance with applicable data protection laws.

    3. You may contact us to find out more about the safeguards we have in place for transfers outside the EEA or the UK (as the case may be).

  3. HOW LONG DOES IGLOOCOMPANY KEEP YOUR PERSONAL DATA FOR?

    1. Personal data that we collect will be retained only for as long as is necessary to fulfil the purposes refer to in section 1 of this appendix. This will generally (but not in all cases) be linked to the duration of time you are registered with us as a customer or work for/with us as an employee/vendor, or to comply with our legal obligations.

    2. When determining the relevant retention periods for your personal data, we will take a number of factors into account, including:

      1. Our contractual obligations and rights in relation to the personal data involved;

      2. Our legal obligations under applicable laws to retain data for a certain period of time;

      3. Our legitimate interests;

      4. Statute of limitations under applicable laws;

      5. (Potential) disputes; and

      6. Guidelines issued by relevant data protection authorities.

      Otherwise, we will securely erase or anonymise your personal data where we do not have a legitimate reason for keeping it.

  4. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?

    1. In addition to the rights listed in section 7 of this Privacy Policy, you have a number of rights (subject to certain conditions) when it comes to your personal data, as detailed in the table below.

    2. You can exercise any of these rights by contacting our data protection officer.

    3. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.

      Rights

      What does this mean?

      1. The right to be informed

      You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy.

      1. The right of access

      You have the right to obtain a copy of your personal data (if we are processing it), and certain other information (similar to that provided in this Privacy Policy) about how it is used.

      This is so you are aware and can check that we are using your information in accordance with data protection law.

      We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person's rights.

      1. The right to rectification

      You can ask us to take reasonable measures to correct your personal data if it is inaccurate or incomplete. E.g., if we have a wrong name or address of you.

      1. The right to erasure

      This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g., where we need to use your personal data in defence of a legal claim.

      1. The right to restrict processing

      You have rights to ‘block’ or suppress further use of your personal data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.

      1. The right to data portability

      You have rights to obtain and reuse certain personal data for your own purposes across different organisations.

      1. The right to object

      You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party. We will be allowed to continue to process your personal data if we can demonstrate “compelling legitimate grounds for the processing which override your interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims.