PERSONAL DATA PROTECTION AND PRIVACY POLICY FOR CUSTOMERS
Progressive Car Care Pte Ltd (“Progressive”, “we”, “us”, or “our”) places significant importance on safeguarding the privacy of your Personal Data. As a responsible entity, we meticulously adhere to the regulations stipulated in the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”). Rest assured that we handle the collection, usage, disclosure, and sharing of your Personal Data with utmost care and diligence in strict compliance with the PDPA. Your privacy is of the highest concern to us.
By providing information to us, engaging in communication, or utilising the goods and services we offer, you hereby give your agreement and consent to Progressive for the collection, usage, disclosure, and sharing of your Personal Data with Progressive’s authorised service providers and pertinent third parties. This process will be carried out in strict accordance with the provisions outlined in this Personal Data Protection and Privacy Policy for customers (“Policy”). Furthermore, this Policy will furnish you with additional information regarding the legal grounds under which we may lawfully collect, use, and/or disclose your Personal Data without requiring your consent, as permitted by the applicable laws in force.
This Policy serves as a supplement and does not override or replace any previous consents you may have provided to us concerning your Personal Data. Any consents given in connection with this Policy are considered cumulative and additional to any rights we may possess under the applicable laws to collect, use, or disclose your Personal Data. In essence, this Policy does not diminish any existing rights or permissions you may have previously granted us regarding your Personal Data.
PERSONAL DATA
1. In this Policy:
“Customer” pertains to an individual who either
(a) Has initiated contact with us through any means to inquire about the goods or services we offer; or
(b) May, or has, entered into a contract with us for the procurement of any goods or services by us; and
“Personal Data” refers to information, whether true or not, that pertains to a customer and can be identified either
(a) Solely from that data; or
(b) From that data and other information to which we have or are likely to have access.
2. Depending on the nature of your interactions with us, some examples of Personal Data which are collected, used and disclosed to us include, but are not limited to, your name, residential address, personal email address, personal mobile phone number, National Registration Identity Card (“NRIC”), nationality, gender, date of birth, marital status, date of driving pass, vehicle registration number, accident details including date, time, and location, payment-related information, images of you and your car taken by us, and any other information (including information relating to any other individual) which you may have provided to us through any means.
3. Any other terms used in this Policy shall have the meanings ascribed to them in the PDPA, where applicable, and if the context permits.
COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
4. Our general practice is not to collect your Personal Data unless either:
(a) You voluntarily provide it to us directly or through a third party who has been duly authorised by you (referred to as your “authorised representative”). Prior to the collection, you (or your authorised representative) will be informed of the purposes for which the data is being collected, and your written consent will be obtained for the collection and usage of your Personal Data for those specified purposes; or,
(b) The collection and usage of Personal Data without consent are either permitted or required by the PDPA or other applicable laws.
In cases where we require additional Personal Data or intend to use your Personal Data for purposes not previously notified to you, we will seek your consent before proceeding, except in instances where such collection or usage is permitted or authorised by law.
5. We may collect and use your Personal Data for any or all of the following purposes:
(a) Performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
(b) Verifying your identity for authentication purposes;
(c) Processing accident reporting and/or insurance claims when necessary;
(d) Addressing and handling any queries, requests, applications, complaints, or feedback you have provided to us;
(e) Managing and maintaining our relationship with you;
(f) Processing payment or credit transactions related to our services;
(g) Complying with applicable laws, regulations, codes of practice, guidelines, or rules, and cooperating in law enforcement and governmental/regulatory investigations when required;
(h) Utilising the information for any other purposes you have explicitly provided consent for;
(i) Transmitting the information to unaffiliated third parties, including our third-party service providers, agents, and relevant governmental/regulatory authorities, both within and outside Singapore, for the aforementioned purposes; and/or
(j) Engaging in any other incidental business purposes related to or connected with the aforementioned objectives
6. We may disclose your Personal Data under the following circumstances:
(a) Where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you;
(b) To third party service providers, agents and other organisations with whom we have engaged to carry out functions related to the purposes mentioned above;
(c) Relevant government regulators, authorities or law enforcement agencies to comply with any laws or rules and regulations imposed by any governmental authority;
(d) Banks, credit card companies, and their respective service providers;
(e) Our professional advisors, including Information Technology (“IT”) support team, auditors and lawyers; and/or
(f) Any other party to whom we are authorised by you or by law to disclose your Personal Data.
7. The purposes mentioned in the previous clauses will continue to be applicable even in situations where your relationship with us, such as a contractual agreement, has been terminated or modified in any manner. This applicability will extend for a reasonable period thereafter (including, where applicable, a period necessary for us to enforce our rights under a contract with you).
RELIANCE ON THE LEGITIMATE INTERESTS EXCEPTION
8. In compliance with the PDPA, we may collect, use or disclose your Personal Data without requiring your consent when it serves the legitimate interests of Progressive or another individual. In relying on the legitimate interests’ exception of the PDPA, Progressive will carefully assess the potential adverse effects on the individual and ensure that the legitimate interests outweigh any adverse effect.
9. Adhering to the legitimate interests’ exception, we will collect, use or disclose your Personal Data for the following purposes:
(a) Fraud detection and prevention;
(b) Detection and prevention of misuse of services;
(c) Network analysis to prevent fraud and financial crime, and perform credit analysis; and
(d) Collection and use of Personal Data on company-issued devices to prevent data loss.
The purposes outlined in the preceding clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or modified in any way, for a reasonable period thereafter.
USE OF COOKIES, WEB BEACONS AND OTHER TECHNOLOGIES
10. Our company website may employ technologies such as cookies, web beacons, and other web analytics that facilitate the collection, usage, disclosure, and/or processing of data, including Personal Data. If you prefer not to have your data collected through these technologies, you can disable them on your devices whenever possible or choose not to use our website.
11. We may also collaborate with independent companies and service providers for our marketing research purposes and our website might be integrated with software or other technologies to assist these companies in measuring and analysing user behaviour across our website. This helps track visitor activity on our website. Information, which includes but is not limited to, may be provided to us:
(a) The number of page views or page impressions on our website.
(b) The number of unique visitors to our website.
(c) The average time these unique visitors spend on our website during their visits.
(d) Location data, including geographical location.
(e) Time spent at specific locations.
(f) User spending behaviour.
This data assists us in analysing the usage of our website.
12. You have the option to adjust your device settings to block the use of cookies, web beacons, and/or other web analytics. However, if you choose to block these technologies used on our website, please be aware that you may not be able to access certain features and functions of our website.
WITHDRAWING YOUR CONSENT
13. The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until you withdraw it in writing. If you wish to withdraw your consent and request us to stop collecting, using and/or disclosing your Personal Data for any or all of the purposes listed above, you can submit your request in writing or via email to our Data Protection Officer (“DPO”) using the contact details provided in clause 27 below.
14. Upon receiving your written request to withdraw consent, we may require a reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) to process your request and notify you of the any consequences, including potential legal implications that may affect your rights and liabilities to us. In general, we aim to process your request within ten (10) business days from the date of receipt.
15. Whilst we respect your decision to withdraw your consent, it is important to be aware that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you. In such circumstances, we will notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing following the procedure described in clause 13 above.
16. It is essential to note that withdrawing consent does not affect our right to continue collecting, using, and disclosing Personal Data where such actions without consent are permitted or required under applicable laws.
17. Please be aware that if your Personal Data was provided to us by a third party, you should directly contact that party for any inquiries, feedback, and requests related to access and correction of your data on your behalf with Progressive. In such cases, the third party will be better equipped to address your concerns regarding the data they have shared with us.
ACCESS TO AND CORRECTION OF PERSONAL DATA
18. If you wish to make:
(a) An access request to obtain a copy of the Personal Data we hold about you or information about how we use or disclose your Personal Data, or
(b) A correction request to rectify or update any of your Personal Data in our possession, you may submit your request in writing or via email to our DPO using the contact details provided in clause 27 below.
19. Please note that there may be a reasonable fee associated with an access request. If such a fee applies, we will inform you of the fee before processing your request.
20. We will make every effort to respond to your request as soon as possible. Typically, our response time is within thirty (30) business days. In the event that we are unable to respond within this timeframe, we will notify you in writing within thirty (30) days, providing an estimate of when we expect to be able to fulfill your request. If, for any reason, we are unable to provide you with the requested Personal Data or carry out the correction as per your request, we will generally explain the reasons for our inability to do so (unless exempted from such disclosure under the PDPA).
PROTECTION OF PERSONAL DATA
21. To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have implemented various administrative, physical and technical measures. These measures include minimising the collection of Personal Data, implementing authentication and access controls (such as strong password practices, need-to-basis for data disclosure, etc.), encrypting data, anonymising data, maintaining up-to-date antivirus protection, regularly patching operating system and other software, securely erasing storage media in devices before disposal, implementing web security measures against risks, using one time password (OTP)/2 factor authentication (2FA)/multi-factor authentication (MFA) to secure access, and conducting regular security reviews and testing to enhance our information security measures.
22. Itis essential to note that while we take every possible precaution to secure your data, no method of transmission over the Internet or electronic storage can be entirely foolproof. Despite our efforts, complete security cannot be guaranteed. Nevertheless, we continuously strive to enhance and review our information security measures to protect your information to the best of our abilities.
ACCURACY OF PERSONAL DATA
23. We rely on the Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by informing our DPO through written communication or via email using the provided contact details in clause 27 below.
RETENTION OF PERSONAL DATA
24. Your Personal Data will be kept for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by the applicable laws.
25. We will stop retaining your Personal Data, or take steps to disassociate it from you, once it becomes reasonably clear that keeping the data no longer serves the original purpose for which it was collected, and when it is no longer necessary for legal or business purposes.
TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE
26. While we typically do not transfer your Personal Data to countries outside of Singapore, if such a situation arises, we will seek your consent for the transfer. Moreover, we will take appropriate measures to ensure that your Personal Data continues to receive a level of protection that is at least equivalent to the standards provided under the PDPA. Safeguarding your Personal Data and maintaining its security and privacy remain our priority, regardless of any international transfers.
DATA PROTECTION OFFICER (“DPO”)
27. If you have any inquiries, feedback, or requests related to our Personal Data protection policies and procedures, you can contact our DPO using the following method:
Name of DPO : Daryl Lim / Wan Ling
Email Address : dpo.pcc@outlook.com
Address : 3022A, Ubi Road 1, #01-45/46 Singapore 408716
Please feel free to reach out to our DPO if you have any concerns or require further information regarding the handling of your Personal Data. We are committed to addressing your inquiries and requests promptly and in accordance with applicable data protection laws and regulations.
In the event that you suspect the privacy of your Personal Data has been compromised, we urge you to contact us immediately. Resolving such issues and safeguarding the privacy and security of Personal Data are our top priorities. Rest assured, we are dedicated to addressing concerns promptly and taking appropriate measures to rectify any issues that may arise. Your trust and privacy are of utmost importance to us, and we remain dedicated to safeguarding the confidentiality of your Personal Data at all times.
EFFECT OF POLICY AND CHANGES TO POLICY
28. This Policy is applicable in conjunction with any other relevant policies, contractual clauses, and consent clauses that pertain to the collection, use, and disclosure of your Personal Data by us.
29. We reserve the right to revise this Policy periodically without prior notice. To determine if any changes have been made, please refer to the “last updated” date mentioned in this Policy. By continuing to use our services after any such revisions, you acknowledge and accept the updated terms and conditions of this Policy. Your ongoing use of our services signifies your consent to abide by the modified policies and practices regarding the handling of your Personal Data.
Effective date : 26/07/2023
Last updated : 26/07/2023