Privacy Policy

Changi City Point

PRIVACY POLICY AND PERSONAL DATA PROTECTION 

  1.     Privacy Policy

1.1 This is the privacy policy and personal data protection (“Policy”) of Changi Times Square Pte Ltd, a private company incorporated in Singapore with limited liability (“CTS”).

The terms “we”, and “our” in this Policy refer to CTS which have adopted this Policy. This Policy is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us.

  1. Application. Each member of the CTS is committed to complying with the Personal Data Protection Act 2012 (“PDPA”) and this Policy in its collection, use, disclosure and/or processing of personal data, to ensure that there is accountability and uniformity in the way we protect your personal data. Although this Policy is in common use by Link and its affiliated organisations, each is severally responsible to you to the extent of its own collection, use and disclosure of your personal data, and its own actions.

1.3 Compliance with this Policy. This Policy applies to all personal data you provide to us, or that we may collect about you. Please do not provide any personal data to us if you do not accept and consent to the collection, use, disclosure and/or processing of your personal data under this Policy. 

We may also require you to accept this Policy when you contact, interact, transact or deal with us, or when you access and use our websites, applications or services. If you do not accept and consent to the collection, use, disclosure and/or processing of your personal data under this Policy, we may not be able to transact with you or provide our services to you.

1.4  Concerns and Contacting Us. If you have any feedback or issues in relation to your personal data, or about this Policy, or wish to make a complaint to us, you may contact us at dpo.sg@theelegantgroup.com

1.5  Amendment to this Policy. We may amend this Policy from time to time to comply with applicable laws or as we update our personal data usage and handling processes. The amended Policy will take effect when made available at https://changicitypoint.com.sg/privacy-policy/The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. By continuing to contact, interact, transact or deal with us, you agree to be bound by the terms of the amended Policy.

  1. Personal Data

2.1  What personal data we collect. “Personal data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have accessThe personal data we collect depends on the purposes for which we require the personal data and what you have chosen to provide. This may include your name, address, contact information (e.g. telephone number and email address), photograph, video image and any other information that may identify you.

2.2 How we collect personal data. We collect personal data relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, including when:

  • You use our services or enter into transactions with us (or express interest in doing so);
  • You register an account with us through our websites or applications;
  • when you interact with our customer service officers;
    • You apply to be a member of any of our loyalty programs, respond to our   promotions, or subscribe to our mailing lists;
  • You participate in events and programs, competitions, contests or games organised by us;
  • You visit our websites, download or use our mobile applications;
  • You transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters;
  • Your images are captured via photographs or videos taken by us or our representatives when you are within our premises or attend events organised by us;
  • We may seek information about you and collect your personal data in connection with your relationship with us (for example,  as a job-applicant, customer at any our shopping malls, an investor or a shareholder); or
  • You submit your personal data to us for any other reason.

Depending on your relationship with us, we may also collect your personal data from third parties, including:

  • From other organisations and entities which are part of the CTS;
  • From public agencies or other public sources.
  • From your family members or friends who provide your personal data to us on your behalf; and

Our website and applications may also contain or involve certain technologies that automate the collection of data (including personal data). These technologies include cookies, web beacons and web analytics. If you do not wish to have your data collected through such technologies you may disable the operation of these technologies on your devices (where possible), or you may refrain from using our websites and applications.

2.3  Voluntary provision of personal data. Your provision of personal data to us is voluntary and you have the right to withdraw your consent for us to use your personal data at any time by contacting and submitting a request to us. Your withdrawal will take effect after your request is processed. However, if you choose to withdraw your consent for us to collect, use, disclose and/or process some or all of the personal data we require, it may not be possible for us to fulfill the purposes for which we require such personal data, including providing some or all of the products and services which you need from us.

2.4  Providing personal data belonging to others. In certain circumstances, you may also provide the personal data of persons other than yourself (including your family members). If you do so you are responsible for informing them of the purposes for which we require their personal data and you hereby warrant that you are validly acting on behalf of them and that you have obtained their consent to disclose their personal data to us for the purposes for which we will be collecting, using and/or disclosing their personal data.

2.5  Accuracy and Completeness of personal data. You must ensure that all personal data that you provide is true, accurate and complete and promptly inform us of any changes to the personal data.

2.6  Minor. If you are a child, minor or not of legal age, please inform and seek the consent of your parent or guardian, before you provide your personal data to us. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us to request for us to cease the use, disclosure and/or processing of such personal data. 

  1. Purposesand Consent

3.1 We collect, use and disclose your personal data where:

  • You have given us consent;
  • Necessary to comply with our legal or regulatory obligations;
  • Necessary for our legitimate business interests provided that this does not override your interests or rights. Such legitimate interest are stated at paragraph 3.4 below. Before doing so, we will take steps to ensure that any adverse effects that might arise for you have already been identified and eliminated, reduced or mitigated; and/or
  • Necessary to perform a contract or transaction you have entered into with us, or provide a service that you have requested or require from us.

3.2  General purposes. Generally, we collect, use and disclose your personal data for purposes connected or relevant to our business, including: 

  • Processing your transactions with us, or to provide products and services to you;
  • Administering, processing and managing our loyalty program(s) and activities conducted, for example, lucky draws, competitions and contests;
  • Managing your relationship with us;
  • Assisting you with your requests, enquiries and feedback, including any requests for access and/or correction of your personal data;
  • Managing, operating, providing and/or administering your use of and/or access to any of our online platforms, including but not limited to our website(s) and mobile application(s));
  • Administrative purposes, e.g. accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training;
  • Conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our products and services in order to enhance your relationship with us or for your benefit;
  • Security and safety purposes, e.g. protecting our premises from unauthorised access, monitoring our premises for security threats and keeping records of your visits to our premises via CCTV recording or otherwise;
  • Compliance with laws and regulations, internal policies and procedures, e.g. audit, accounting, risk management and record keeping;
  • Enforcing legal obligations owed to us, or responding to complaints, litigation or investigations concerning us;
  • Storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
  • Managing and engaging third parties or data processors that provide services to us, e.g. It services, data analytics, marketing, and other professional services;
  • Conducting customer due diligence or other screening and personal identification processes in accordance with all laws, regulations or risk management procedures that may be required by law or that may have been put in place by us;
  • Complying with or as required by any request or direction of any governmental authority, or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
  • Complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;
  • Preventing or investigating any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned;
  • Such other purposes that may be informed to you when your personal data is collected;
  • Carrying out our legitimate business interests (listed below); and/or
  • Any other reasonable purposes related to the aforesaid.

3.3  Marketing purposes. Where you have previously given us consent to provide you with marketing messages, we may use your personal data for the following purposes:

  • Analyzing and/or profiling your purchases, transactions and/or likes or dislikes so as to be better able to send you relevant or targeted news (including events and product launches), promotion and marketing information from us (and/or our affiliates or related entities) and on our group products;
  • Managing and/or administering your request to receive news (including events and product launches), promotions and marketing information from us (and/or our affiliates or related entities) and on our group products and/or loyalty program(s);
  • Sending you news (including events and product launches) and promotions from us (and/or our affiliates or related entities) as well as marketing information from us (and/or our affiliates or related entities) and on our group products; and/or
  • Sending you notifications of benefits, privileges, promotions and/or updates and marketing and promotional messages in relation to our loyalty program(s) and/or products, services, offers and promotions offered by any Link shopping mall(s) or any entity in the shopping mall(s) (including via SMS, WhatsApp, any social media platforms, or other modes of communication using your e-mail address, telephone numbers, social media account, which we may have in our records from time to time or otherwise available publicly).

3.4  Legitimate business interests. Our legitimate business interests include: 

  • Managing our business and relationship with you, and providing services to our users and customers;
  • Understanding how our users use our websites, applications and services;
  • Understanding and responding to inquiries and feedback;
  • Preventing and investigating possible misuse of our websites, applications and services;
  • Protecting our rights and interests and those of our users and customers;
  • Identifying what our users want and improving our websites, applications, services and offerings;
  • Enforcing obligations owed to us, or protecting ourselves from legal liability; and
  • Sharing data in connection with acquisitions and transfers of our business.

3.5  Purposes involving CTS. For administrative efficiencies and to allow us to better serve your needs, your personal data will also be collected, used and disclosed to an organisation within CTS for the following purposes:

  • Facilitating use of centralized resources e.g. Shared information technology resources and systems;
  • Facilitating the provision of centralized administrative and management services;
  • Facilitating internal audits, reporting, and management of our operations; and/or
  • Facilitating the conduct of centralized business activities and functions e.g. Data analytics.

3.6  Use permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.

3.7  Contacting you. When using your personal data to contact you for the above purposes, we may contact you via email, WhatsApp, SMS, pop-up notifications (when you are using our applications), or any other means.

We will not contact you for marketing purposes unless you have consented to such purposes. When contacting you for marketing purposes, we will not contact you through your telephone number, unless you have specifically consented to such a mode of communication. If you do not wish to receive any communication or information from us or wish to restrict the manner by which we may contact or send you information, you may contact us to do so.

  1. Disclosure of Personal Data

4.1 Disclosure to CTS. We may disclose or share your personal data with other members of the CTS (whether located in Singapore or overseas) for the purposes described in paragraph 3.2, 3.3 and 3.5.

4.2  Other Disclosures. We may also disclose or share your personal data in connection with the purposes described in paragraphs 3.2, 3.3 and 3.4 above, including to the following parties (whether located in Singapore or overseas):

  • Third parties who are appointed to provide services to us, e.g. IT vendors, marketing companies and event organisers;
  • Third parties that we conduct joint marketing and cross promotions with; and/or
  • Regulatory authorities and public agencies.

When disclosing personal data to third parties, we will (where appropriate and required by applicable law) enter into contracts with these third parties to protect your personal data in a manner that is consistent with applicable laws and/or ensure that they only process your personal data in accordance with our instructions.

  1. Cross-Jurisdiction Transfers of Personal Data

5.1  Safeguards. We may transfer your personal data out of Singapore for the purposes set out in paragraph 3 above. When transferring personal data outside Singapore, we will require recipients of the personal data to protect personal data at a standard comparable to that under the laws of Singapore, in compliance with the PDPA. For example, we may enter into legally enforceable agreements or put in place binding corporate policies with the recipients to ensure that they protect your personal data. You may obtain details of these safeguards by contacting us.

  1. Protection of Personal Data

6.1  Period of retention. We keep your personal data only for so long as we need the data to fulfil the purposes we collected it for and to satisfy our business and legal purposes, including audit, accounting or reporting requirements. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Certain information may also be retained for longer, e.g. where we are required to do so by law.

6.2  Anonymised data. In some circumstances, we may anonymise your personal data so that it no longer identifies you, in which case we are entitled to retain and use such anonymised data without restriction, including for data analytics.

6.3  Unauthorised access and vulnerabilities. We will protect personal data in our possession or under our control by making reasonable security arrangements to prevent (a) unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks; and (b) the loss of any storage medium or device on which personal data is stored. However, we cannot be held responsible for unauthorized or unintended access that is beyond our control. We also do not guarantee that our websites and applications are invulnerable to security breaches, or that your use of our websites and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities.

  1. Your Rights

7.1 You enjoy certain rights at law in relation to your personal data that we hold or control. These rights include:

  • Withdrawal of consent: You may withdraw consent for our use of your personal data.
  • Correction. You may request that any incomplete or inaccurate data that we hold or control be corrected.
  • Access. You may ask if we hold or control your personal data and if we are, you can request access or a copy of such data.

7.2  Exercising your rights. If you wish to exercise your rights, you may contact us to do so (see paragraph 1.4 above for contact details). We may require that you submit certain forms or provide certain information to process your request. Where permitted by law, we may charge you a fee to process your request. We may also be permitted under applicable laws to refuse a request.

7.3  Limitations. We may be permitted under applicable laws to refuse a request you have made in respect to your personal data. For example, we may refuse (a) a request to cease the use and/or disclosure of your personal data where it is required in connection with disputes / claims; or (b) a request to not collect, use, and/or disclose your personal data where we have legitimate interests to do so.