We, CompassList Pte. Ltd., (“The Company”, “we”, “our”, “us”) place great importance on the confidentiality, privacy and protection of your personal and transactional data. We handle all personal data provided to us in accordance with the standards prescribed by the Singapore Personal Data Protection Act (No. 26 of 2012) and the subsidiary legislation made thereunder, and where applicable, the European General Data Protection Regulation 2016/679.
2. INFORMATION WE COLLECT
2.1 When you access our website www.compasslist.com and all pages within the domain (the “Website”), the following types of information may be collected from you:
2.1.1 Contact and Billing Information: These relate to the following information about you, some or all of which may be collected when you register for an account with us, sign up for our subscription service or when you contact us or our representatives:
(b) Name of organisation
(c) Residential address
(d) Contact number
(e) Email address
(f) Billing address
2.1.2 Access Information: These relate to information about your computer or mobile device and your access patterns, some or all of which may be collected when you use the Website:
(a) IP address
(b) Geographic location
(c) Operating system and browser type
(d) Device type
(e) Web traffic data
(f) Time spent on the Website
(g) Number of webpages within the Website viewed
(h) Access from third party websites linking to our Website
(i) Advertising information, e.g. what ads were clicked and/or viewed
2.1.3 Logged In User and Account Information: These relate to information about actions you take while logged into your Lister Premium account and using the Website, such as what pages you access and your interactions with our product features (like Save, Comment, Download, Highlight, Share, Gift etc). Logged-in users may choose to interact publicly with the Website services in the form of sharing content on social media and leaving comments on selected content. Unless otherwise specified below as “non-public”, such personal data is processed on the basis that it is manifestly made public by the user.
(b) Encrypted password (non-public)
(c) Email address (non-public)
(d) Session activity (non-public)
(e) Linked social media accounts (non-public)
(f) Network interactions such as saved content such as insights; saved database profiles such as startups, founders and investors; saved sectors and technologies; highlighted content and personal notes; downloaded content; shared content to friends via Gift and shared content on connected social media accounts etc (non-public)
(g) Comments and responses posted by logged in user
2.1.4 Third Party Information: By creating an account on the Website, you may make certain personal data about yourself public and accessible to others through network interactions. Due to the public nature of information posted to the Website, it may be possible for third parties to derive identifying personal data from your name and comments, whether by reading, inference, supplemental research, or automated extraction and analysis. We may receive information about you from third parties that we work closely with (e.g. payment and delivery service providers, data analytics providers, advertising networks and social networking sites). Such information may be, but are not limited to, the various categories of Contact and Billing Information, Access Information, and Logged In User and Account Information listed in clauses 2.1.1, 2.1.2 and 2.1.3 above.
2.1.6 Where we collect, use or disclose the personal data of residents of the EU, we will also comply with any specific requirement of the GDPR:
b. We will not collect sensitive data, such as, race, ethnicity, political, religious or philosophical beliefs, trade union membership, genetic or biometric data, or sexual orientation unless ⅰ. you give explicit consent ⅱ. it is in your vital interests that we collect the data ⅲ. is required for legal claims, public health, scientific or historical research purposes, or ⅳ. it is required for reasons of substantial public interest.
3. WHY WE COLLECT, USE AND DISCLOSE PERSONAL DATA
3.1 Insofar as the information collected allows you to be identified directly, or indirectly when combined with other information, it is “Personal Data”.
3.2 We will collect, use, process, store and/or disclose your Personal Data, for the following purposes, where necessary or applicable:
(a) To verify your identity;
(b) To enable your device and/or software to access the Website;
(c) For the smooth administration and improvement of the Website, including troubleshooting, site analysis, testing, research, statistical and survey purposes and to obtain feedback so as to enable us to improve the operation of the Website and offer you a better user experience;
(d) For audit, customer service, administrative support, market research, business development, and advertising purposes;
(e) To send you newsletters that you have subscribed to on this website
(g) To respond to any queries, requests or reports which you may have submitted;
(h) For payment and delivery of goods or services;
(i) To perform a contract to which you are a party to or deliver the services you have requested, such as our subscription service;
(j) To recommend and/or display content and advertisements on the Website that may be of interest to you;
(k) To comply with the requirements under any applicable law or requests from any competent authority, including but not limited to relevant governmental authorities, law enforcement agencies and regulatory bodies;
(l) Where required in any civil or criminal suit or for the protection and/or enforcement of our legal rights and obligations;
(m) In the event we sell or buy any business or assets, where necessary for the purposes of the sale or purchase; and/or
(n) To enable any third parties to perform any of the above where necessary and/or applicable, including but not limited to law enforcement agencies, regulatory bodies, our business partners, affiliates, suppliers and subcontractors.
3.3 If we intend to use your Personal Data for any purpose not listed above, we will notify you of this purpose and obtain your consent, unless otherwise allowed by any applicable law.
3.4 We will retain your Personal Data for the length of time required to fulfil the purposes for which the Personal Data was collected, save where continued retention is necessary for us to comply with our other legal obligations or to meet our business requirements.
3.5 In respect of the transfer of data to third parties, we will ensure that your Personal Data is transferred to recipients who are legally bound to uphold strong data protection standards and to comply with applicable data protection laws.
4. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
4.1 You may write to our Data Protection Officer at firstname.lastname@example.org to:
(a) Correct or update your Personal Data;
(b) Reasonably request for access to your Personal Data. Do note that you may face reasonable charges for our provision of the Personal Data;
(c) Request for information relating to our use or disclosure of your Personal Data;
(d) Withdraw your consent for our collection, use or disclosure of your personal data;
(e) Request that we restrict the use of or stop processing your Personal Data for certain purposes;
(f) Delete any Personal Data we no longer have legally permissible grounds to use;
(g) Request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.or
(h) Make a report about any actual or potential breach of security in relation to your Personal Data.
4.2 Upon receiving your request to withdraw consent to collect, use or disclose your Personal Data, stop processing your Personal Data or delete Personal Data, we will inform you of the consequences of your request. Please note that the withdrawal of your consent could affect the status of your contract for service with us. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
4.4 We may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) to action your request to withdraw consent to collect, use or disclose your Personal Data, stop processing your Personal Data or delete Personal Data, and for us to notify you of the consequences of us acceding to your request, including any legal consequences, which may affect your rights and liabilities to us. In general, we will process and complete your request within 10 business days of receiving it. If we need more time, we will inform you of how much longer we will take and provide you the reasons for it. We will endeavour to fulfill your request within 30 days.
4.4 For all other requests in 4.1 above, we will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request.
4.5 Do note that we may not be obliged to comply with your requests under certain conditions as prescribed by the applicable law. In such an event, we will notify you accordingly of the basis for not acceding to your request.
5. DATA PROTECTION AND SECURITY
5.1 We will put appropriate and reasonable technical and administrative security measures in place to help ensure that your information is protected against unauthorised or accidental access, use, alteration or loss.
5.2 We use a cloud service to store your personal data and the service provider is Amazon Web Services. We are satisfied that Amazon Web Services’ has taken reasonable steps to protect your personal data in accordance with the guidance of Singapore’s Personal Data Protection Commission (PDPC) . You may find out more about Amazon Web Services’ privacy and security compliance policies at https://aws.amazon.com/compliance/data-privacy/
5.3 All of our employees who deal with Personal Data are trained in the proper handling and protection of Personal Data.
5.4 Any data protection breach will be handled in accordance with our internal procedures, a copy of which may be obtained from our Data Protection Officer at dpo@compasslistcom