Last updated: 7 February 2023
We, CompassList Pte. Ltd., (“The Company”, “we”, “our”, “us”) place great importance on the confidentiality, privacy and protection of your personal and transactional data. We handle all personal data provided to us in accordance with the standards prescribed by the Singapore Personal Data Protection Act (No. 26 of 2012) and the subsidiary legislation made thereunder, and where applicable, the European General Data Protection Regulation 2016/679.
2. INFORMATION WE COLLECT
2.1 When you access our website www.compasslist.com and all pages within the domain (the “Website”), we may collect the following personal information:
2.1.1 Basic Contact Information: These relate to the following information about you, some or all of which may be collected when you register for an account with us, sign up for a service or when you contact us or our representatives:
(b) Name of organisation
(c) Email address
2.1.2 Access Information: These relate to information about your computer or mobile device and your access patterns, some or all of which may be collected when you use the Website:
(a) IP address
(b) Geographic location
(c) Operating system and browser type
(d) Device type
(e) Web traffic data
(f) Time spent on the Website
(g) Number of webpages within the Website viewed
(h) Access from third party websites linking to our Website
(i) Advertising information, e.g. what ads were clicked and/or viewed
2.1.3 Logged In User and Account Information: These relate to information about actions you take while logged into your account and using the Website, such as what pages you access and your interactions with our product features (like Save, Download, Share etc.). Unless otherwise specified below as “non-public”, such personal data is processed on the basis that it is manifestly made public by the user.
(a) Encrypted password (non-public)
(b) Email address (non-public)
(c) Session activity (non-public)
(d) Linked social media accounts (non-public)
(e) Network interactions such as saved content and shared content on connected social media accounts etc (non-public)
2.1.4 Third Party Information: By creating an account on the Website, you may make certain personal data about yourself public and accessible to others through network interactions. We may receive information about you from third parties that we work closely with (e.g. delivery service providers, data analytics providers, advertising networks and social networking sites). Such information may be, but are not limited to, the various categories of Contact Information, Access Information, and Logged In User and Account Information listed in clauses 2.1.1, 2.1.2 and 2.1.3 above.
2.2 Where we collect, use or disclose the personal data of residents of the EU, we will also comply with any specific requirement of the GDPR:
b. We will not collect sensitive data, such as, race, ethnicity, political, religious or philosophical beliefs, trade union membership, genetic or biometric data, or sexual orientation unless: ⅰ. you give explicit consent ⅱ. it is in your vital interests that we collect the data ⅲ. is required for legal claims, public health, scientific or historical research purposes, or ⅳ. it is required for reasons of substantial public interest.
3. WHY WE COLLECT, USE AND DISCLOSE PERSONAL DATA
3.1 Insofar as the information collected allows you to be identified directly, or indirectly when combined with other information, it is “Personal Data”.
3.2 We will collect, use, process, store and/or disclose your Personal Data, for the following purposes, where necessary or applicable:
(a) To verify your identity;
(b) To enable your device and/or software to access the Website;
(c) For the smooth administration and improvement of the Website, including troubleshooting, site analysis, testing, research, statistical and survey purposes and to obtain feedback so as to enable us to improve the operation of the Website and offer you a better user experience;
(d) For reasonable business activities such as audit, customer service, risk management, business reporting, service quality control, administrative support, market research, business development, and advertising purposes;
(e) To send you marketing communications (including newsletters, notifications about new merchant additions, merchant engagements or merchant offers, conducting product surveys, advertising of similar products and services and event invitations) that you have subscribed to on this Website, and you have the right to unsubscribe from such marketing communications;
(g) To respond to any queries, requests or reports which you may have submitted;
(h) To perform a contract to which you are a party to or deliver any services you have requested;
(i) To recommend and/or display content and advertisements on the Website that may be of interest to you;
(j) To comply with any internal policies and/or the requirements under any applicable laws, regulations, codes of practice, guidelines or rules (including those related to fraud, anti-money laundering and anti-terrorism), or comply with requests from any competent authority, including but not limited to relevant governmental authorities, law enforcement agencies and regulatory bodies or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(k) Where required in any civil or criminal suit or for the protection and/or enforcement of our legal rights and obligations, contractual or otherwise, including investigations and participating in potential or actual litigation, arbitration or other legal process;
(l) For any other purposes for which you have provided your personal data; and/or
(m) To enable any third parties to perform any of the above where necessary and/or applicable, including but not limited to law enforcement agencies, regulatory bodies, our business partners, affiliates, suppliers and subcontractors.
3.3 If we intend to use your Personal Data for any purpose not listed above, we will notify you of this purpose and obtain your consent, unless otherwise allowed by any applicable law.
3.4 We may disclose and/or transfer your personal data both within and outside of Singapore for the purposes specified above and as permitted or required by applicable laws and regulations to the following entities:
(a) any entity within the Potato Productions group of companies, of which CompassList is one;
(b) any persons and entities involved in the provision of the Website and related services to you;
(c) any third-party service provider, agent, contractor or other organisation which we have engaged to carry out any of the purposes specified above in paragraph 3.2;
(d) any third party involved in or in connection with potential or actual litigation, arbitration or other legal process with us;
(e) any person or entity to whom we are under any obligation or otherwise required to make disclosure pursuant to legal process or legal or regulatory obligation or request, including disclosure to any relevant governmental and/or regulatory authorities, whether in Singapore or abroad; and
(f) any person to whom disclosure is reasonably considered by us to be necessary to provide you our services.
3.5 We will retain your Personal Data for the length of time required to fulfil the purposes for which the Personal Data was collected, save where continued retention is necessary for us to comply with our other legal obligations or to meet our business requirements.
3.6 In respect of the transfer of data to third parties, we will ensure that your Personal Data is transferred to recipients who are legally bound to uphold strong data protection standards and to comply with applicable data protection laws.
4.2 We use the following categories of cookies:
4.2.1 Strictly necessary cookies: These are cookies that are required for the operation of the Website and the provision of our services to you. Specifically, we run the cookies for the following purposes:
(a) To verify your user ID when you log in, and to enable you to stay logged in when using the Website;
(b) To enable you to log in to the Website through your social media accounts such as Facebook and LinkedIn;
(c) To enable you to make payment when you sign up for our services;
(d) To verify that you’re not a robot; and
(e) To remember preferences that you have set.
While you may disable these cookies in your internet browser settings, doing so may result in restrictions in your use of the Website and/or the failure of the Website to work properly for you.
4.2.2 Analytical/Performance/functionality/advertising cookies: These cookies enable us to collect information about how users use our Website, and to personalize our content and advertisements for you. Specifically, we use these cookies to:
(a) Perform data analytics of how users use the Website, in order for us to improve the Website, our content and services;
(b) Recommend other content on the Website which you may be interested in; and
(c) Provide you with targeted advertisements.
While you may disable these cookies in your internet browser settings, please note that you will still receive recommendations for Website content, and that you will still see the same number of advertisements on the Website, except that these will not be tailored to you based on your personal information.
5. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
5.1 You may write to our Data Protection Officer at dpo@compasslistcom to:
(a) Correct or update your Personal Data;
(b) Reasonably request for access to your Personal Data. Do note that we may impose reasonable charges for our provision of the Personal Data;
(c) Request for information relating to our use or disclosure of your Personal Data;
(d) Withdraw your consent for our collection, use or disclosure of your personal data;
(e) Request that we restrict the use of or stop processing your Personal Data for certain purposes;
(f) Delete any Personal Data we no longer have legally permissible grounds to use;
(g) Request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions; or
(h) Make a report about any actual or potential breach of security in relation to your Personal Data.
5.2 Upon receiving your request to withdraw consent to collect, use or disclose your Personal Data, stop processing your Personal Data or delete Personal Data, we will inform you of the consequences of your request. Please note that the withdrawal of your consent could affect the status of your contract for service with us. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
5.3 We may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) to action your request to withdraw consent to collect, use or disclose your Personal Data, stop processing your Personal Data or delete Personal Data, and for us to notify you of the consequences of us acceding to your request, including any legal consequences, which may affect your rights and liabilities to us. In general, we will process and complete your request within 10 business days of receiving it. If we need more time, we will inform you of how much longer we will take and provide you the reasons for it. We will endeavour to fulfill your request within 30 days.
5.4 For all other requests in 5.1 above, we will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request.
5.4 Do note that we may not be obliged to comply with your requests under certain conditions as prescribed by the applicable law. In such an event, we will notify you accordingly of the basis for not acceding to your request.
6. DATA PROTECTION AND SECURITY
6.1 We will put appropriate and reasonable technical and administrative security measures in place to help ensure that your information is protected against unauthorised or accidental access, use, alteration or loss.
6.2 We use a cloud service to store your personal data and the service provider is Amazon Web Services. We are satisfied that Amazon Web Services’ has taken reasonable steps to protect your personal data in accordance with the guidance of Singapore’s Personal Data Protection Commission (PDPC). You may find out more about Amazon Web Services’ privacy and security compliance policies at https://aws.amazon.com/compliance/data-privacy/
6.3 All of our employees who deal with Personal Data are trained in the proper handling and protection of Personal Data.
6.4 Any data protection breach will be handled in accordance with our internal procedures, a copy of which may be obtained from our Data Protection Officer at firstname.lastname@example.org
7. VARIATIONS; AMENDMENTS; MODIFICATIONS
8. GOVERNING LAW