The App and/or Websites may contain links to or information about other websites operated by third parties that are outside Our control and/or custody (“Third Party Websites”). When You use the Services and/or when You click on the link to these Third Party Websites in the App and/or Websites, You may be re-directed to these Third Party Websites and Your personal data may be collected and thereafter, used, disclosed and/or processed by parties that own/operate these Third Party Websites (the “Third Parties”) (further details for which is provided below). These Third Party Websites may contain their own privacy policies and You should review the privacy policies of each of those Third Party Websites to understand how Your Personal Data is collected, used, disclosed and/or processed by the Third Parties. We are not responsible for the privacy practices of any third party (including any Third Party), external website (including any Third Party Website) or mobile application.
Please read this Policy carefully. By accessing the App and Websites and/or using the Services, You acknowledge that You have read and understood this Policy, and consent to Our collection, use, processing disclosure of Your Personal Data in accordance with and for the purposes set out in this Policy.
This Policy applies to Our customers, partners, suppliers, contractors and service providers (collectively “You”, “Your” or “Yours”).
In this Policy:
“Data Protection Laws” means all applicable laws and regulations in any jurisdiction which relate to the collection, disclosure, use or processing of Personal Data, including without limitation to the Singapore Personal Data Protection Act 2012 (“PDPA”), including all amendments thereto and subsidiary legislation enacted thereunder, whether now or in the future.
“Personal Data” refers to any data, whether true or not, about an individual who can be identified, (a) from that data, or (b), from that data and other information to which an organisation has or is likely to have access, and includes, without limitation, Your name, nationality, identification numbers, age, telephone numbers, mailing address and date of birth.
“Data Intermediary” refers to a data intermediary that processes Personal Data on behalf of and for the purposes of BlueSG.
COLLECTION AND PROCESSING OF PERSONAL DATA
Where Your Personal Data is collected and/or processed by one of Our affiliate entity or a parent company, any subcontractor or third party, that entity, acting as a Data Intermediary will act as a subcontractor of BlueSG and will collect and process Your Personal Data strictly within the scope of providing the carsharing and ancillary services to You and other BlueSG members.
PERSONAL DATA COLLECTED
(i) Data You Provide
When You register as a member of the Services and use the Services, the following Personal Data may be collected, used, processed and disclosed in accordance with this Policy:
· information stated on Your NRIC for Singaporeans and Permanent Residents (“PRs”) such as Your name, address, date of birth and NRIC number;
· information stated on Your driver’s licence such as the issue date and driver’s licence number;
· information stated on Your passport or employment pass or work permit for non-Singapore citizens and PRs such as Your name, date of birth and passport or; employment pass or work permit number
· information stated on Your international driver’s license number for non-Singapore citizens and PRs;
· Your phone number;
· Your email address;
· Your postal mailing address;
· Your payment card information;
· Your PIN code registered to access the Services;
· any information provided by You when You contact the BlueSG CRC or otherwise share with Our staff members on Our In-App messaging system, before, during or after the termination of Your membership to the Services (“Membership”); and
· any other Personal Data We may require at Our sole discretion.
(ii) Information Collected Automatically
The software used in the provision of the Services may automatically collect the following information from You that may alone or in connection with other information, constitute Personal Data:
· Your Internet Protocol (“IP”) address;
· Your device ID numbers such as Apple Advertising ID;
· to the maximum extent permitted by law, Your location in accordance with the privacy settings of the device used to access the Services;
· information about Your browsing activity such as Your browser type, Internet service provider, referring/exit pages, the files viewed on the Websites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data; and
· in order to use some of the functions provided by the App (such as locating a carsharing station), We use an application program interface which uses GPS, WIFI and mobile network information technology to determine Your current location when using the App. When You first open the App, We will ask You for Your consent to use Your location data for this purpose. When You are not using the App, We do not collect location data. You can withdraw Your consent at any time by changing Your location data settings in the App or on Your mobile device, but this will affect Your ability to use the Services.
(iii) Car and Positioning Data
BlueSG Cars and BlueSG Charge Points include technology that enables Us to effectively service Memberships. Included within such technology is a technology that allows Us to collect certain information and GPS data to identify the location of BlueSG Cars in real-time (collectively, “Car and Positioning Data”).
By using the Services, You authorize and expressly consent to Our use of the technology included in the BlueSG Car to the maximum extent permitted by law.
We may also collect Personal Data through the use of common information-gathering tools known as cookies. A cookie helps the Websites to remember You and customize Your visit. You have the option to delete or decline cookies by changing Your browser’s settings.
(v) Web Beacons and Site Visits
We may also use single-pixel images on the Websites or in Our emails to You. This technology tells Us more about browsing, click-tracking, viewing, and buying activity.
Finally, Google Analytics is an element of the Websites. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the Websites, the IP address, and the type of operating system used in the devices used to access the Websites. By using a browser plugin provided by Google, You can opt-out of Google Analytics.
INDIVIDUALS UNDER 18
We do not market and do not knowingly collect any Personal Data from or about any individual under the age of 18 without the consent of such individual’s parent or legal guardian. If We discover that We have inadvertently collected Personal Data from an individual under 18 years of age, We will promptly take all reasonable measures to delete such Personal Data from Our systems.
USE OF PERSONAL DATA COLLECTED
Direct Marketing: We may use Personal Data to generate and send marketing communications to You directly for products and services available for purchase on the Services and/or Our affiliate websites, coupons, or other marketing opportunities. If You do not wish to receive marketing communications directly from Us, You may unsubscribe from the marketing email or communication sent to You by following the instructions in that communication.
We may also use Your Personal Data for the following purposes:
· to communicate with You;
· to verify Your identity;
· to prevent and investigate fraud and other misuses;
· to offer additional transportation services with other transportation providers;
· to comply with a request for information from, or assist in investigations or law enforcement conducted by government and/or authorities whether in Singapore or abroad (including without limitation to the Land Transport Authority of Singapore, Singapore Police Force, Traffic Police, Urban Redevelopment Authority) or as otherwise required by any applicable laws, regulations, codes of practices, guidelines or rules;
· to protect Our rights and/or Our property;
· to operate Our products and Services;
· to manage the Services and/or the Websites and/or App;
· to enable You to obtain access to products and services and engage in offered activities;
· to provide You with information about new and upgraded products and Services, and other information where You have consented to be contacted for such purposes;
· to aggregate data;
· to improve Our products and Services and Your experience interacting with Us;
· to audit and analyze the Websites; and
· to ensure the technical functionality and security of the Websites.
Telematics system: The BlueSG Cars are equipped with GPS or other “electronic surveillance technology” (collectively, “Telematics System”). You acknowledge that such Telematics System utilizes wireless technology to transmit data and, therefore, privacy cannot be guaranteed and is specifically disclaimed by You. You consent to and expressly authorize Us to monitor the BlueSG Cars through such Telematics System to the extent permitted by law. Further, You acknowledge and agree that:
· We, the operators of the Telematics System, or third parties may have access to the information supplied by the Telematics System including:
o Location of the BlueSG Car before, during and at the time of the conclusion of Your rental period, including the real-time location of any BlueSG Car at any given time;
o date and time of departure and return of the BlueSG Car;
o Your driving behaviour and habits;
o total mileage driven;
o recorded driving information;
o the charge level of the BlueSG Car; and
o other diagnostic, safety, and performance information to identify and/or repair any technological defects disclosed thereby.
· We, the operators of the Telematics System, or third parties may use or disclose such information to third parties to:
o to provide navigation assistance to You;
o to provide additional services for You such as personalized insurance and other services tailored for Your needs;
o determine the date and time the BlueSG Car departs from and is returned to a BlueSG Charge Point, and the total mileage driven and the charge level of the returned vehicle;
o locate a stolen, abandoned or missing BlueSG Car;
o allow for remote locking and unlocking of the BlueSG Car;
o respond to an accident or other emergency or otherwise to ensure Your safety;
o respond to a specific request from law enforcement;
o respond, process, pay for or transfer liability for any ticket, citation, fine or penalty issued by any respective authority;
o establish or prove the validity of charges We impose to Your account; and
o at Your request, provide You with roadside assistance, such as towing, changing a flat tire, or charging services, and otherwise, to the extent permitted by law.
SHARING OF PERSONAL DATA COLLECTED
We may disclose or transfer Personal Data about You to the following categories of third parties:
· Our parent companies, affiliates, and subcontractors: You agree to allow Us, Our parent and affiliated companies, and Our and their subcontractors, some of whom may be located outside of Singapore, including, without limitation, in France, in the US and in the UK, to collect, use, process and disclose the data collected by Us from You for the purposes set out in this Policy. Those companies, including Our providers and subcontractors, are contractually bound to ensure adequate protection for Your Personal Data are maintained while Your Personal Data is in Our possession or under Our control.
· Service Providers: These entities assist Us in fulfilling orders from Our members, providing marketing and advertising services, billing, delivering packages, sending mail, providing search results and links, or similar services.
· Regulatory Bodies: If You apply for Membership, some of the Personal Data about You may be shared with regulatory bodies (whether in Singapore or abroad) to obtain Your driving record or to comply with any legal, regulatory or contractual obligation We may have.
· Law Enforcement and other authorities: Personal Data about You may be shared with law enforcement officials (whether in Singapore or abroad) if it relates to a criminal investigation or alleged illegal activity or breach of any applicable laws and regulations, including but not limited to any traffic or parking laws or regulations.
· Necessary for Safety, Security or Protection Reasons: We may also disclose Personal Data about You if required or permitted to do so by law, for fraud protection and credit risk reduction purposes, or in the good-faith belief that such action is necessary to protect and defend Our rights or property, that of Our members, or of the users of the App and Websites.
· Fraud and Risk Management: You agree to allow Us to collect and disclose the Personal Data about You to a credit reference agency and that such credit reference agency may lawfully process and keep a record of Your Personal Data for the purpose of conducting identity verification and prevent fraud.
· Reorganization / Business Transfer: We may also transfer Your Personal Data in connection with any sale, merger, demerger, divestment, consolidation, restructuring and/or acquisition of all or a portion of Our assets, business and/or share capital by or into another entity or any similar transaction or combination thereof. Any such successor entity, assignee and/or purchaser may use Personal Data pursuant to its own privacy policies, and those policies may differ from this Policy. For such transfer of Your Personal Data, Your consent will be requested. If You do not agree with the transfer of your Personal Data, the transfer will not be carried out. Consequently, Your Membership with Us will terminate on the date of Your refusal and You will then have a period of 30 calendar days to proceed with the recovery of Your Personal Data. If You wish to recover Your Personal Data, You shall address Your request at the following email address: firstname.lastname@example.org. If You do not address Us with Your wish to recover Your Personal Data within this period, We may delete Your Personal Data from Our servers. Notwithstanding the foregoing, We shall be authorized to retain Your Personal Data as long as may be necessary for Our legal and/or business purposes, in compliance with applicable laws.
· General Marketing: We may share Personal Data with third parties for the purpose of marketing products or services to You in compliance with applicable laws.
COLLECTION OF PERSONAL DATA BY THIRD PARTIES
When accessing or using certain functions or features within the Services and/or when You click on the link to these Third Party Websites in the App and/or Websites, Your Personal Data may be collected directly by these Third Parties (such as payment service providers). For example,
· When making payments through the App, Your Personal Data will be collected directly by Worldpay, LLC and its subsidiaries and related entities (collectively known as “Worldpay”). Worldpay will use, process and/or disclose Your Personal Data as a data controller in the manner and for the purposes as set out in Worldpay’s Privacy Statement, which may be found here: https://online.worldpay.com/terms/privacy.
We will provide links to Third Parties’ privacy policies on the pages within Our Services, App and/or Websites where Your Personal Data may be collected by such Third Parties in order to provide You with with certain functions or features (such as payments). By accessing or using such functions or features, You acknowledge and agree that:
· You have read and understood such Third Parties’ privacy policies, and consent to the collection, use, disclosure and/or processing of Your Personal Data by such Third Parties pursuant to their privacy policies;
· We do not control such Third Parties, and the manner in which and purposes for which Your Personal Data may be collected, used, processed and/or disclosed is determined solely by such Third Parties as data controllers; and
· to the maximum extent permissible by law, We shall not be liable for any liabilities, losses or damages that may be incurred by You as a result of the collection, use, disclosure and/or processing of Your Personal Data by any Third Party.
PROTECTION OF PERSONAL DATA
Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while We take reasonable measures to protect all Personal Data in the manner detailed herein, We cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify You in the event We become aware of a security breach involving Personal Data in accordance with the requirements under applicable Data Protection Laws. By disclosing Your email address to Us for any reason, You expressly consent to receiving electronic notices from Us in the event of such a security breach.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Some of the elements of the Services and/or Websites and/or App may be hosted on servers located in countries outside Singapore. The laws applicable to the protection of Personal Data in such countries may be different from those applicable in Singapore or Your country of residence. If We are required to transfer Your Personal Data out of Singapore or Your country of residence, We will ensure that such transfers are compliant with the requirements under the applicable Data Protection Laws. In this regard, We will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations (such as local laws, data transfer agreements or binding corporate rules where applicable) to ensure that these overseas recipients provide a standard of protection to the Personal Data so transferred that is comparable to the protection under the applicable Data Protection Laws.
YOUR SINGAPORE DATA PRIVACY RIGHTS
Subject to the exceptions as set out in the Personal Data Protection Act 2012, You are permitted to request for access to Your Personal Data that is in Our possession or under Our control and information about the ways in which such Personal Data has been used or disclosed by Us within a year before the date of Your request. In addition, You may request Us to correct any error or omission in Your Personal Data that is in Our possession or under Our control. If You would like to make such a request, please email Us at email@example.com.
Do Not Call Registry. The main messages (SMS, MMS, WhatsApp messages) that We may send to Your registered telephone number, or when You are using Our App, are specifically linked to the proper information about and delivery of the Services to You. Such messages are therefore not considered as “specified messages” under the PDPA.
We may send You from time to time marketing messages pursuant to a special product or service offer or a voucher to Your registered telephone number via SMS or WhatsApp if You have given Us Your clear and unambiguous consent to do so.
You may check when this Policy was last modified by viewing the “Last Updated” legend above. Subject to applicable laws, we reserve the right to update this Policy from time to time, and You should check the Websites periodically for changes.
For any questions regarding this Policy, You may contact Us via Our Websites or by email to Our Data Protection Officer at firstname.lastname@example.org.