Personal Data Policy
Effective Date: 28 May 2024
This Personal Data Policy (“Policy”) sets out the basis which XPS Technologies Pte Ltd (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of and furnished by individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; in accordance with the Personal Data Protection Act (“PDPA”).
1. Personal Data
"Personal data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
2. Collection, Use, and Disclosure of Personal Data
We may collect and use your personal data for any or all of the following purposes:
-
Performing obligations in connection with our provision of goods and/or services requested by you;
-
Verifying your identity;
-
Responding to queries, requests, applications, complaints, and feedback from you;
-
Managing your relationship with us;
-
Processing payment or credit transactions;
-
Sending you marketing information about our goods or services, including notifying you of marketing events, initiatives, and promotions;
-
Complying with applicable laws, regulations, codes of practice, guidelines, or rules, or assisting in law enforcement and investigations conducted by governmental and/or regulatory authorities;
-
Any other purposes for which you have provided the information;
-
Transmitting to unaffiliated third parties, including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes;
-
Visiting our physical premises;
-
Any other incidental business purposes related to or in connection with the above.
​
We may disclose your personal data:
-
Where such disclosure is required for performing obligations in connection with our provision of goods or services requested by you; or
-
To third-party service providers, agents, and other organizations we have engaged to perform any of the functions listed above for us.
​
You may, in certain circumstances, provide us with personal data relating to third parties. In such cases, you are deemed to have obtained the consent of such third party to provide their personal data to us for processing.
​
You have choices regarding our collection, use, or disclosure of your personal data. You have the right to object to the processing of your personal data and withdraw your consent as described below. However, if you choose not to provide us with the personal data required for the purposes notified to you, we may not be able to fulfill our obligations or facilitate the purposes you require from us.
​
We may collect, disclose, or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law in situations such as:
-
Responding to an emergency that threatens your life, health, or safety, or that of another individual; and
-
Situations necessary in the national interest, for any investigation or proceedings.
​
If personal data needs to be collected, used, disclosed, or processed for a purpose not covered above, we will notify you of such purposes at the time of obtaining your consent, unless permitted by the PDPA or any other applicable law to process your personal data without your consent.
3. Access and Correction of Personal Data
If you wish to make (a) an access request for a copy of the personal data we hold about you or information about the ways we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
​
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
​
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving it, we will inform you in writing within thirty (30) days of the time by which we will be able to respond. If we are unable to provide you with any personal data or make a correction requested by you, we shall generally inform you of the reasons why (except where we are not required to do so under the PDPA).
​
You understand that we rely on you to provide us with accurate and complete personal data, and to update us on any changes to your personal data. We will not be responsible for any inaccurate or incomplete personal data you have provided and/or have failed to update.
​
The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
4. Accuracy of Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading, and kept up-to-date, taking into account its intended use. Where possible, we will validate the personal data provided by you using generally accepted practices and guidelines. If we are in an ongoing relationship with you, it is important that you update us with any changes to your business contact information.
5. Retention of Personal Data
We will retain your personal data only for as long as the purposes for which such data is collected or used (as notified to you) continue, or where necessary, for our legal or business purposes. We will securely dispose of or delete documents containing your personal data when the retention limit described in our Retention and Destruction Policy is reached or as soon as it is reasonable to assume that the permitted purpose is no longer being served by their retention.
6. Data Breach Notification
In the event of a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact. If it is assessed as a notifiable data breach, we shall report it within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you if the breach is likely to result in significant harm after our notification to PDPC. We may also notify other relevant regulatory agencies, where required.
7. Withdrawing Your Consent
You may withdraw your consent for the collection, use, and/or disclosure of your personal data that is in our possession or under our control by writing to us via email to our Data Protection Officer at the contact details provided below.
​
We will process your request within a reasonable time and will thereafter not collect, use, and/or disclose your personal data in the manner stated in your request.
​
Your withdrawal of consent may result in certain consequences. For example, we may not be able to provide you with certain products or services you have requested or continue your existing relationship with us. We will inform you of such consequences after receiving your request for withdrawal.
​
Notwithstanding your withdrawal of consent, we will still be entitled to collect, use, or disclose your personal data if required or authorized to do so under the PDPA or any other applicable law.
8. Protection and Destruction of Personal Data
To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks, we have introduced appropriate administrative, physical, and technical measures. These measures secure all storage and transmission of personal data by us and ensure disclosure only on a need-to-know basis to authorized third-party service providers and agents.
​
We have implemented measures to ensure that any personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that:
-
The purpose for which that personal data was collected is no longer being served by its retention; and
-
Retention is no longer necessary for any other legal or business purposes.
9. Updates to the Policy
We reserve the right to modify or change this Policy at any time and will place such amendments on this website. This Policy applies in conjunction with contractual and consent clauses related to the collection, use, and disclosure of your personal data by us. Your continued use of our services constitutes your acknowledgment and acceptance of this Policy and any changes.
10. Contact Us
You may contact us or send any requests or complaints by post or email to the following address:
​
Data Protection Officer
XPS Technologies Pte Ltd
60 Paya Lebar Road #07-54, Paya Lebar Square, Singapore 409051
​
Email: dpo@xpstechnologies.com
​
As part of our efforts to properly manage, protect, and process your personal data, we will be reviewing our policies, procedures, and processes from time to time.
​
We reserve the right to amend the terms of this Personal Data Policy at our absolute discretion. Any amended Personal Data Policy will be posted on our website, and you may access and view it at any time.