The purpose of this document (“Data Protection Policy”) is to inform you of how Assurity Trusted Solutions Pte Ltd ("ATS") manages Personal Data which is subject to the Personal Data Protection Act 2012 (the “Act”). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use, and disclose your Personal Data.
Please note that this Data Protection Policy does not govern the collection, use, and disclosure of information by companies and/or entities that we do not control, nor by individuals not employed or managed by us.
By submitting information to us, signing up for or using any of the products and/or services offered by us, you agree and consent to ATS and its representatives/agents (collectively referred to herein as “we” or “us” or “our”) collecting, using, and disclosing your Personal Data in the manner described in this Data Protection Policy.
1. Personal Data
1.1 In this Data Protection Policy, unless otherwise defined or unless the context otherwise suggests, when the following words and phrases are used, they will have the following meanings –
“ADEX Service” means the service of ATS facilitating users' access to the general data sharing service accessible through ADEX, which is the portal available at https://adex.gov.sg/ and messaging protocols;
“Personal Data” means any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time; and
1.2 Examples of such Personal Data may include your name, NRIC, passport or other identification number, telephone number(s), email address, residential address, network data, and any other information relating to you or any individuals.
1.3 Please note that when you browse our website, we do not capture data that allows us to identify you individually.
2. Purposes for the Collection, Use, and Disclosure of your Personal Data
2.1 Personal Data collected from you may be used, disclosed and processed by us for any, some or all the following purposes:
(a) to process your application or request for any products or services we provide;
(b) to provide you with products or services you have requested for or subscribed to;
(c) to perform our certification authority operations and related services, including:
i) to authenticate your identity and process your application for us to issue a digital certificate to you;
ii) to generate and issue digital certificates;
iii) to perform certificate management, revocation or suspension;
iv) to maintain our certificate repository;
v) to report certificate revocation status (via the Online Certificate Status Protocol and/or Certificate Revocation List) or validity; and
vi) to generate and transmit digital signatures, where you have requested us to do so;
(d) to perform our role as authorised provider of Singpass Products to third-parties, where your Personal Data is provided to us by such third-parties in connection with the Singpass Products;
(e) to perform our role as authorised provider of the ADEX Service to third-parties, where your Personal Data is provided to us by such third-parties in connection with the ADEX Service;
(f) to respond to and resolve your queries, complaints and/or requests;
(g) to enable us to contact you or communicate with you on any matters relating to your use of our products or services;
(h) to verify or authenticate your identity;
(i) to respond to any claims, actions or proceedings and/or to safeguard and enforce our legal rights and obligations (including but not limited to obtaining legal advice and dispute resolution);
(j) to conduct or assist to conduct investigations, including to prevent or investigate any fraud, unlawful activity or omission or misconduct via the use of your digital certificate, whether or not there is any suspicion of the aforementioned;
(k) to meet or comply with any order or request of any court or government, and assisting in investigations and law enforcement by the relevant authorities;
(l) to meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);
(m) to perform audit logging and archiving;
(n) to store or create backups of your Personal Data for contingency or business continuity purposes;
(o) to generate internal reports (including but not limited to annual, operational and management reports); and
(p) to analyze your use of our products and/or services to help us improve, review, develop and efficiently manage the products or services offered to you;
(collectively, the “Purposes”).
2.2 If you provide us with any Personal Data relating to any third-party individual (e.g. information of your spouse, children, parents etc.), you shall, prior to disclosing to us Personal Data relating to such third-party individual:
(a) notify such individual (i) that you will be providing such individual’s Personal Data to us; and (ii) of the Purposes for which we will be collecting, using, disclosing and processing their Personal Data; and
(b) obtain the consent from such individual whose Personal Data is being disclosed, permitting (i) you to disclose the Personal Data to us; and (ii) us to collect, use, disclose and process such individuals' Personal Data, for the Purposes.
2.3 By submitting any third-party individual’s Personal Data to us, you represent and warrant to us that you have the valid authority and consent from such third-party individual to act on such third-party individual’s behalf and to provide such third-party individual’s Personal Data to us to collect, use, disclose and process for the Purposes.
2.4 You should ensure, and you represent and warrant to us that all Personal Data you submit to us, (whether of yourself or a third-party individual) is complete, accurate, true, and correct. Failure on your part to do so may result in our inability to provide you or the relevant third-party individual with the product or service requested for.
3. Protection & Disclosure of Personal Data
3.1 The security of your Personal Data is important to us, and ATS takes all reasonable steps to safeguard your Personal Data. All electronic storage and transmission of Personal Data is secured with appropriate security technology.
3.2 ATS maintains security arrangements in respect of Personal Data to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. However, ATS cannot guarantee the security of information transmitted. ATS implements technical and organizational measures in accordance with good industry practices such as encryption.
3.3 Subject to the provisions of any applicable law, we may share, transfer and disclose Personal Data provided by you for the Purposes stated herein, to any one or more of the following:
(a) agents, contractors and third-party service providers who provide operational services to us including but not limited to courier services, telecommunications, information technology, technical services, payment, call centre, security, or other services to ATS;
(b) service providers to facilitate their provision of content or services to you, or for interconnection, inter-operability, system operation and maintenance and billing between service providers;
(c) in connection with our certification authority operations, registration authorities, hash-signing servers, digital signing application providers and other third-party service providers who perform functions on our behalf or provide services to us, for us to perform our certification authority operations and related services;
(d) in relation to your Personal Data provided to us by third-parties (for whom we are authorised provider of the Singpass Products) in connection with the Singpass Products, and the Government of Singapore (as the proprietor of Singpass Products), including its agencies; and
(e) in relation to your Personal Data provided to us by third-parties (for whom we are authorised provider of the ADEX Service) in connection with the ADEX Service, and GovTech (as the provider and operator of ADEX).
3.4 If you choose to have us issue you document signing certificates, the full content of each such document signing certificate, including your Personal Data as contained in any such document signing certificate, will be provided to relevant third-parties you choose, for use in conjunction with digital signing services and other products or services separately provided by any digital signing application providers (whom we may approve from time to time). These third-parties may include the relevant approved digital signing application provider. If you choose to digitally sign a document using any document signing certificate we have issued, you should be aware that the full content of such document signing certificate, which includes your Personal Data, will form part of each such digitally signed document.
4. Contacting Us – Withdrawal of Consent, Access to and Correction of Personal Data
4.1 If you:
(a) have any questions or feedback relating to your Personal Data;
(b) would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
(c) would like to make (i) an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data, or (ii) a correction request to correct or update any of your Personal Data which we hold about you:
Write in: Data Protection Officer
Assurity Trusted Solutions Pte Ltd
460 Alexandra Road
4.2 Please note that if your Personal Data has been provided to us by a third-party, you should contact that organisation or individual to make such queries, complaints, and access and correction requests to ATS on your behalf.
4.3 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, ATS may not be in a position to continue to provide any products and /or services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with ATS, and your being in breach of your contractual obligations or undertakings. ATS’ legal rights and remedies in such event are expressly reserved.
5. Retention of Personal Data
5.1 We will cease to retain Personal Data, as soon as it is reasonable to assume that the purpose for collection of such Personal Data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.
6. Transfer of Personal Data
6.1 Personal Data may be accessed by or transferred to our servers anywhere in the world, as is necessary to facilitate the provision of services to you. Personal Data may also be accessed by or transferred to our affiliates, data processors and/or intermediaries, or subcontractors for the purposes of providing you with the services. By providing us with Personal Data, you consent to such transfer and/or access.
7. Governing Law
7.1 This Data Protection Policy and your use of our website shall be governed in all respects by the laws of the Republic of Singapore.