1.1 ENSTK (SG) Company PTE. LTD. (referred to herein as the “Company”, “ENSTK (SG)”, “we”, “us” or “our”), as well as its assigns and affiliates value the privacy of Enstack users (“you”, the “User” or “Users”) and any person who may use, access, download, browse or register with any of the Enstack website, the Enstack mobile application (the “Enstack Application”), or other related digital medium or media including social media (each and collectively the “Enstack Facility”).
2. Collection of Personal Data
2.1 Types of Personal Data Collected
2.1.2 Examples of Personal Data that the Company collects include: -
- full name, permanent and residential address, contact number/s, email address, birth date and/or age, gender and credit card and/or financial account information;
- private IDs, social media, e-commerce, or other online/mobile account details which prove the identity of the User;
- other information from which the User’s identity may not be apparent or which may not reasonably and directly identify the User, and other information submitted when using the Enstack Facility;
- information related to the User from publicly available sources, including but not limited to social media, public repositories, websites, and similar sources;
- user behaviour available and/or accessible in the medium of access (i.e., mobile device, web browser, desktop) including but not limited to traffic, usage, device, location, application usage, history, connectivity and other information generated, collected, stored or found in the User’s device (i.e., the mobile phone), access medium, a portal, or any other medium of access to the Enstack Facility; and
- information collected using cookies, web beacons, web crawlers, flash cookies, general log information, browser, computer, mobile and operating system information (in each case in accordance with the User’s permission settings in the application and in such devices), User browsing behaviour, User searches and transactions and referral information.
- The Company may also collect non-personally identifiable information about you, including but not limited to your use of the Enstack Facility, anonymous, technical, network and interaction data, internet protocol addresses, visited pages, time spent, and aggregated data related to your use of the Enstack Facility, including the Enstack Application.
2.2 Collection of Personal Data
2.2.1 The Company will/may collect personal data in the following circumstances. This list is non-exhaustive, and merely highlights the most common instances in which your Personal Data may be collected:-
- when using the Enstack Facility, or interacting with the Enstack Application. This includes, without limitation, through cookies;
- when inquiring/reviewing/browsing any product or service available in the Enstack Facility and/or Enstack Application;
- upon creating or registering an Enstack account (the “Enstack Account”), and where applicable, for Account verification;
- when you grant permissions on your device to share information with us;
- upon entering into any agreement with us, to which you provide documentation or information in respect of your interactions with us, or when you use our services;
- upon submitting any form, including, but not limited to, application, contest, feedback, giveaway, interest, survey or other forms relating to any of our products or services, whether online or by way of a physical form;
- upon updating your profile and other Personal Data submitted to us;
- when interacting with us via telephone calls, letters, face-to-face meetings, fax, online chat, social media, messaging apps, emails and other communication channels available now or as may be made available in the future, including communications with any customer service officer, Data Protection Officer, marketing representatives or any other assigns or employees;
- when carrying out transactions on the Enstack Facility, and upon making payment using a bank, a payment gateway, a payment provider, or through other payment partners/channels;
- when we receive references from business partners and third parties, for example, where you have been referred by them (i.e., the User uses a referral code from a company etc.);
- upon opting in to receive information or making a request to be contacted, be included in an email or other mailing list, or otherwise;
- when providing us with any feedback, comments and/or complaints; and/or
- when you submit Personal Data to us for any other reason.
2.2.2 When you use the Enstack Application on a mobile platform, we may also collect and record certain information such as your unique device ID (persistent/non-persistent), the hardware type, media access control (“MAC”), address, international mobile equipment identity (“IMEI”), the version of your operating system, your device name, your email address, your profile information (if connected to any other online account including Facebook), and your location based on your internet protocol address. This information is useful to us for troubleshooting and helps us to understand usage trends. Whenever you use the Enstack Application, we may collect data about all of your interactions with the Enstack Application or usage of certain features of the Enstack Facility via server log files.
2.3 Collection of Personal Data by Third Parties
2.4.2 The data collected by these cookies or other features is collected for analysis and evaluation purposes. The data helps to improve the Enstack Facility, and enable us to personalise content and suggest products and advertisements to you based on your preferences. Such features also allow us to keep track of your shopping cart, and to allow for aggregated data analysis and usage monitoring.
2.5 Validity and Accuracy of Information Submitted
2.5.1 The Company will endeavour to take all reasonable steps so as to ensure that any Personal Data collected from you will be accurate, complete, and up-to-date, if the Personal Data is likely to be used by us to make a decision that affects you, or if it is likely to be disclosed to another organisation. Nonetheless, you should still ensure that all Personal Data submitted to us is complete, accurate, true and correct, and to keep it up-to-date and inform us of changes as soon as practicable. Failure on your part to do so may result in our inability to provide you with the products and services you have requested. We reserve the right at our sole discretion to require further documentation to verify the information provided by you.
2.5.2 If there are any other errors, omissions and/or inaccuracies in the personal data that has been provided to us, please contact and provide our Data Protection Officers with the relevant details. Unless we are satisfied on reasonable grounds that a correction should not be made, we shall correct the personal data as soon as practicable, and send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
3. Purpose of Personal Data
3.1 Personal Data shall generally be collected, used, disclosed and/or processed for the following purposes (collectively, the “Purposes”):
- to operate and provide use and access to the Enstack Facility, the Enstack Application and/or services, as well as your relationship and Enstack Account with us;
- to identify and verify the identity of Users;
- to facilitate and process the registration of Enstack Accounts and/or assist in delivering our products and/or services to the User and any directly related purposes;
- to contact, communicate with and respond to Users in relation to their Enstack Accounts, their comments, complaints, inquiries, instructions, requests and/or any requested information, as well to administer any events, contests, or giveaways;
- to allow other Users to interact, connect or communicate with you, including direct messages, comments, and reviews;
- to send related information, including confirmations, technical notices, updates, security alerts, support and administrative messages to Users, as well as to inform Users regarding promotions, rewards, upcoming events, and other news about products and services offered by Enstack and selected partners of Enstack;
- to enforce our Terms of Service or any other applicable policies and guidelines, as well as to prevent or investigate any actual or suspected violations of our Terms of Service, fraud, illegal activity or misconduct;
- to facilitate and process any transactions via the Enstack Facility;
- to conduct surveys, data analytics and market research to enable the ENSTK Group to understand and determine customer location, preferences and demographics to develop special offers, products or marketing programs in relation to products and services, and to improve (i.e. customized offers and products) such products and services;
- to carry out marketing, advertising and promotional initiatives relating to the Company, local affiliates of the ENSTK Group, ENSTK’s partners, and our products and services, whether by electronic means, by email and post, or by telephone, SMS or social media, or by sending newsletters (for example, for the Users to be updated on new products or features and to publicize events, contests, demonstrations, loyalty programmes, and other activities organized by the ENSTK Group), also by using automated means. Such communications will relate to products and services of the financial products, services and the like. In addition, the ENSTK Group will process and share User data for market research, statistical analyses, or other research to improve its products, development of new products and customer satisfaction analysis;
- to analyse User behavior or for user profiling, (e.g. in relation to financing products availed, provided, viewed, and searched) in order to improve, and develop better products and services in the Facility including to provide better matches among lenders and borrowers consistent with their respective priorities;
- to recommend, suggest, advertise, or otherwise promote products and services available through or in association with the Enstack Facility and/or the Enstack Application, as well as products and services based on User request or demand;
- to conduct investigations relating to disputes, payment, suspected illegal activities or fraud;
- to respond to any claims, threatened or actual, as asserted by third parties against us or any other claim that any content violates the rights of third parties;
- to store, host and back-up your Personal Data, whether within or outside of your jurisdiction;
- to develop, enhance and maintain a risk assessment process and model, offline and online;
- to execute, monitor, manage and analyse the Enstack Facility and to develop, enhance, and upgrade the features, functions, products and services in the Enstack Facility, including promotions, loyalty and reward programs;
- to maintain and administer any software updates and/or other updates and support that may be required from time to time;
- to produce statistics and research for internal and statutory reporting and/or record-keeping requirements, as well as internal records;
- for auditing purposes;
- to monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
- to link or combine with other information provided to us from third parties, to help understand User preferences with the aim of providing Users with better services;
- to protect personal safety and the rights, property or safety of others;
- for any other legal and/or regulatory purposes (including but not limited to obtaining legal advice and dispute resolution) and legitimate business purposes and to carry out all mandatory administrative, operational and legal duties applicable to ENSTK (SG), the ENSTK Group and its subsidiaries and affiliates pursuant to the prevailing laws and regulations;
- to deal with or facilitate any business asset transactions, potential or actual, such as any proposed merger or acquisition involving the Company; and/or
- any other purposes which we notify you of at the time of obtaining your consent.
4.1 Your Personal Data may be shared with the ENSTK Group and its affiliates in the conduct of its business for processing as may be required in the maintenance and performance of its duties and responsibilities under the Enstack Facility, in accordance with applicable laws, rules and regulations. The ENSTK Group or entities which are its subsidiaries or within its affiliate network may, as necessary, be engaged by ENSTK (SG) as subcontractors or data processors in each case with respect to the Purposes enumerated above.
4.2 Your Personal Data may also be disclosed to the following parties, where necessary for one or more of the above Purposes, and where the third parties’ collection and use of the Personal Data is for one or more of the Purposes:
- our subsidiaries, affiliates, and entities within the ENSTK Group or its affiliate network;
- buyers or sellers you have transacted with or interacted with on the Enstack Facility;
- other Users for one or more of the above Purposes;
- banks, credit card companies, payment gateway providers and other service providers who facilitate transactions on the Enstack Facility;
- our agents, contractors, partners, suppliers, service providers and other third parties who support and facilitate the functioning of the Enstack Facility, its services and the Enstack Application, such as advertising and marketing partners, communication service providers, data centres, and mailing houses;
- professional advisers (where necessary), such as our lawyers, accountants and auditors;
- relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority, including but not limited to the PDPA;
- in cases of emergency where disclosure is required to safeguard the life or health of an individual; and/or
- any other third party which we notify you of at the time of obtaining your consent.
5.1 You may opt-out of receiving promotional emails or other notification channels from us, or withdraw your consent to the Company collecting, using, disclosing or otherwise processing your Personal Data by contacting our Data Protection Officers via: email@example.com at any time, except where (1) such use or disclosure is required by law, (2) on national/public interest grounds, (3) the personal data in question was collected from publicly available sources or (4) such use or disclosure is necessary in an emergency where the life or health of a person is at risk.
5.2 We use your Personal Data to enable the proper functioning of the Enstack Facility and to ensure that we can provide you with the relevant Enstack services. While you have the right to withdraw your consent to any use of your Personal Data, you agree and acknowledge that doing so may result in the Company being unable to ensure the proper functioning of the Enstack Facility, and may result in the inability to provide you with the relevant services, and/or resulting in the termination of any agreement, Account, or relationship with the Company.
5.3 Please note that should you agree to sharing of information with other third parties for their own marketing purposes, handling of your Personal Data shall be subject to their separate privacy policies. Should you wish to opt-out of marketing through promotional emails or other notification channels from these third parties, you should contact these parties directly.
6. Access, Correction and Updating
6.1.1 In general, Users can access their Personal Data currently in our possession or control through their Enstack Account.
6.1.2 Otherwise, upon request of any User, the Company shall, as soon as reasonably possible, provide the User with Personal Data about the User that is in the possession or under the control of the Company, and information about the ways in which the Personal Data has been or may have been used or disclosed by the organisation within a year before the date of the request.
6.1.3 In accordance with the PDPA, the Company reserves the right to provide access to your Personal Data, where the PDPA requires and/or entitles an organisation to refuse to provide access in stated circumstances. In relation to such matters in which the Company is entitled to refuse to provide access, the Company shall be entitled to decide whether to respond to such requests in its absolute and sole discretion.
6.1.4 We may charge you a reasonable fee for the handling and processing of your requests to access your personal data, based on your request. If so, we will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.
6.2 Correction and Updating
6.2.1 In general, Users can update / correct their Personal Data currently in our possession or control through their Enstack Account.
6.2.2 Otherwise, upon request of any User to correct an error or omission in the Personal Data about the individual that is in the possession or under the control of the Company, unless the Company is satisfied on reasonable grounds that a correction should not be made, or where the PDPA entitles or requires the Company to refuse such request, the Company shall correct the Personal Data as soon as practicable, and send the corrected personal data to every other organisation to which the personal data was disclosed by the organisation within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.In general, Users can update / correct their Personal Data currently in our possession or control through their Enstack Account.
7.1 Your Personal Data will be retained by the Company for the duration of your activities and transactions in connection with the products and services availed of in this Enstack Facility and/or for such period of time required for legal and regulatory and/or other legitimate business purposes.
7.2 Once it is reasonable to assume that the purpose for which your Personal Data was collected is no longer being served by retention of the Personal Data, and that retention is no longer necessary for legal or business purposes, the Company shall cease to retain its documents containing your Personal Data, or remove the means by which the Personal Data can be associated with you, through disposal in a secure manner.
8. International Transfers
8.2 If your Personal Data is to be transferred out of Singapore, we will take appropriate steps to ensure that the recipients thereof are bound by legally enforceable obligations (such as laws, contracts, binding corporate rules or any other legally binding instrument), so that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
9.1 The Company values the Personal Data collected, used, retained and stored through the Enstack Facility and/or the Enstack Application. To this end, we have adopted and will maintain reasonable technical, organisational and physical measures to protect your Personal Data from loss, misuse, and unauthorized access, use, disclosure, alteration, modification, or destruction.
9.2 Although we make good faith efforts to store the information collected on the Enstack Facility and/or the Enstack Application in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our system. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third party “hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties.
9.3 In the event you become aware of or reasonably suspect any breach of security, including without limitation any loss, theft, or unauthorized disclosure of the login information, you must immediately notify us and modify your login information. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.
9.4 In the event of a data breach, our Data Protection Officers shall be notified. Where we have reason to believe that a data breach affecting personal data in our possession or under our control has occurred, we shall conduct in a reasonable and expeditious manner an assessment of whether the data breach is notifiable within 30 calendar days. A data breach will be deemed to be notifiable if we assess that it results in, or is likely to result in, significant harm to an affected individual, or is, or is likely to be of a significant scale, in accordance with the PDPA and its associated guidelines.
9.5 If the data breach is determined to be notifiable, we shall take reasonable measures to contain and assess the data breach. Further, our Data Protection Officers shall contact the Personal Data Protection Commission of Singapore (PDPC) within 3 calendar days, and notify each affected individual in any reasonable manner in the circumstances.
10.1 THE COMPANY AND/OR THE ENSTK GROUP DOES NOT, AND CANNOT, GUARANTEE THE SECURITY OF YOUR PERSONAL DATA AND/OR ANY OTHER INFORMATION THAT YOU MAY PROVIDE EITHER TO US OR TO ANY THIRD PARTY. WHILE WE HAVE IMPLEMENTED REASONABLE TECHNICAL, ORGANISATIONAL AND PHYSICAL MEASURES TO PREVENT THE LOSS, MISUSE, AND UNAUTHORISED ACCESS, USE, DISCLOSURE, ALTERATION, MODIFICATION OR DESTRUCTION OF YOUR PERSONAL DATA, TO THE FULLEST EXTENT ALLOWED BY LAW, THE COMPANY DISCLAIMS ANY AND ALL RESPONSIBILITY OR LIABILITY FOR ANY CLAIM, DAMAGE, OR LOSS CONNECTED TO SUCH LOSS, MISUSE, OR UNAUTHORISED ACCESS, USE, DISCLOSURE, ALTERATION, MODIFICATION OR DESTRUCTION OF PERSONAL DATA.
10.2 USERS ARE ALSO PERSONALLY RESPONSIBLE FOR KEEPING THEIR ENSTACK ACCOUNT DETAILS, PASSWORDS, AND LOGIN INFORMATION SECURE AND CONFIDENTIAL. THE COMPANY AND/OR THE ENSTK GROUP WILL NOT BE LIABLE FOR ANY LOSS THAT THE USER MAY INCUR AS A RESULT OF A THIRD PARTY’S USE OF THEIR ENSTACK ACCOUNT OR PASSWORD, WHETHER AUTHORISED OR UNAUTHORISED, WITHOUT FAULT OR NEGLIGENCE ON THE PART OF THE COMPANY AND/OR THE ENSTK GROUP.
10.3 THE USER MAY BE HELD LIABLE FOR ANY LOSS OR DAMAGE INCURRED BY THE COMPANY AND/OR THE ENSTK GROUP IN CONNECTION WITH OR ARISING FROM A THIRD PARTY’S USE OF THE USER’S ENSTACK ACCOUNT OF PASSWORD, WITHOUT FAULT OR NEGLIGENCE ON THE PART OF THE COMPANY AND/OR THE ENSTK GROUP.
10.4 THE COMPANY AND/OR THE ENSTK GROUP MAY WORK WITH THIRD PARTIES TO PROVIDE YOU WITH THE ENSTACK SERVICES OR TO ENABLE THE PROPER FUNCTIONING OF THE ENSTACK FACILITY. WE HAVE NO CONTROL OVER THESE THIRD PARTIES, EACH OF WHICH HAS INDEPENDENT AND SEPARATE PRIVACY POLICIES. THEREFORE, YOU ACCESS THESE ENSTACK FACILITY, ENSTACK APPLICATIONS AND ENSTACK SERVICES AT YOUR OWN RISK. THE COMPANY AND/OR THE ENSTK GROUP HAS NO RESPONSIBILITY OR LIABILITY FOR THE CONTENT, SECURITY ARRANGEMENTS AND ACTIVITIES OF THESE THIRD PARTIES.
11. Contact Us
13. Governing Law
BY USING ANY ENSTACK FACILITY OR OPENING AN ENSTACK ACCOUNT, I ACKNOWLEDGE THAT I HAVE READ THESE TERMS OF SERVICE, AND AGREE TO ALL OF THE PROVISIONS CONTAINED ABOVE, ANY ADDITIONAL TERMS, CONDITIONS AND POLICIES REFERENCED HEREIN, AND ANY FUTURE REVISION TO THESE TERMS OF SERVICE. BY CLICKING THE “SIGN UP” OR “CONNECT” OR “REGISTER” OR “SUBMIT” BUTTON OF ANY SOCIAL MEDIA OR PUBLIC PLATFORMS LINKED TO THE ENSTACK FACILITY OR ENSTACK APPLICATION, I UNDERSTAND THAT I AM CREATING A DIGITAL SIGNATURE, WHICH I INTEND TO HAVE THE SAME FORCE AND EFFECT AS IF I HAD SIGNED MY NAME MANUALLY.