Privacy and Cookies
- Privacy and Cookies
- This is the privacy and cookies policy of Xprenia (“XPN”), and its affiliated organisation(s) as listed on https://www.xprenia.com/. (each an “affiliated organisation”). The terms “we”, “us” and “our” in this Policy refer to Xprenia, and/or any affiliated organisation(s) which has adopted this Policy, as appropriate.
- Application. BSL and each affiliated organisation have different channels of collecting personal data, but each is committed to complying with this Policy in its collection, use and disclosure of personal data, to ensure that there is accountability and uniformity in the way we protect your personal data. Although this Policy is in common use by BSL and the affiliated organisations, each is responsible to you to the extent of its own collection, use and disclosure of your personal data, and its own actions.
with this Policy. This Policy
applies to all personal data you provide to us, or that we may
collect about you. If you do not accept this Policy, please do not
provide any personal data to us.
We may also require you to accept this Policy when you contact, interact, transact or deal with us, or when you access and use our website, applications or services. If you notify us that you do not accept this Policy, we may not be able to establish a relationship with you or be able to service your requests.
In recognition of our operations beyond Singapore, to places such as the European Union (the “EU”), United States or the United Kingdom, we have been especially keen to ensure that this Policy takes account of the relevant data protection principles operating overseas. In particular we have measured and modelled this Policy against the high standards of protection for personal data as contained and promoted in the EU’s benchmark General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
Us. You may contact our Data
Protection Officer if you have any feedback or enquiries in relation
to your personal data or about this Policy, or wish to make any
request, in the following manner:
Data Protection Officer
Email address: email@example.com
- Governing Law and Dispute Resolution. Irrespective of the country from which you access or use our site, products or services, to the extent permitted by law, this Policy shall be governed in accordance with the laws of Singapore without regard to choice or conflicts of law principles, and you hereby agree to submit to the exclusive jurisdiction of the courts of Singapore to resolve any claims or disputes which may arise in connection with this Policy. Any disputes concerning this Policy and claims concerning breach or inadequacy of Personal Data protection raised by an EU Individual will be dealt with in accordance (to the maximum permissible extent) with the GDPR.
- Effect of this Policy and Changes to this Policy. This Policy applies in conjunction with any other policies, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Policy from time to time without any prior notice, to comply with applicable laws or as we update our data usage and handling processes. The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our website, application and products/services constitutes your acknowledgement and acceptance of such changes.
- What Personal Data We Collect. The personal data we collect depends on the purposes for which we require the personal data and what you have chosen to provide. This may include your name, address, contact information (for example, telephone number and email address), identification number, photograph, video image and any other information that may identify you or is personal to you.
We Collect Personal Data. We
collect personal data pertinent to our relationship with you. We may
collect your personal data directly or indirectly through various
channels, including when:
- you use our services or enter into transactions with us (or express interest in doing so);
- you apply to be a member of any of our programs, respond to our promotions, or subscribe to our mailing lists;
- you visit our website, download or use our mobile applications;
- you register an account with us through our website or applications;
- you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls and emails;
- we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a customer, investor or shareholder; or
- you submit your personal data to us for any other reason.
- from BlackStorm Consulting (see http://blackstormco.asia/) and any affiliated organisations;
- from your family members or friends who provide your personal data to us on your behalf; and
- from public agencies or other public sources.
- Voluntary Provision of Personal Data. Your provision of personal data to us is voluntary and you have the right to withdraw your consent for us to use your personal data at any time by submitting a request to us. Your withdrawal will take effect after your request is processed. However, if you choose not to provide us with the personal data we require, it may not be possible for us to fulfil the purposes for which we require the personal data, including providing products and services which you need from us.
- Providing Personal Data Belonging to Others. In certain circumstances, you may also provide the personal data of persons other than yourself (including your family members). If you do so, you are responsible for informing him/her of the purposes for which we require his/her personal data and warrant that you are validly acting on behalf of him/her to consent to our collection, use and disclosure of his/her personal data.
- Accuracy and Completeness of Personal Data. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that all personal data that you provide is current, true, accurate and complete, please promptly update us of any changes to the personal data by informing us via email (refer to paragraph 1.4 above for contact details).
- Minor. If you are a child, minor or not of legal age, please inform and seek the consent of your parent or guardian, before you provide your personal data to us. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us to request for erasure of their personal data (refer to paragraph 1.4 above for contact details).
We collect, use and disclose your
personal data where:
- you have given us consent;
- necessary to comply with our legal or regulatory obligations;
- necessary for our business interests, provided that this does not override your interests or rights; and/or
- necessary to perform a contract or transaction you have entered into with us, or provide a service that you have requested or required from us.
collect, use and disclose your personal data for purposes connected
or relevant to our business, including:
- processing your transactions with us, or to provide products and services to you;
- managing your relationship with us;
- facilitating your use of our platforms, products and services;
- assisting you with your requests, enquiries and feedback;
- administrative purposes, g. accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training;
- security and safety purposes, g. protecting our platforms from unauthorised access or usage and to monitor for security threats, and your image may be captured by security cameras;
- carrying out research, data and statistical analysis;
- compliance with laws and regulations, internal policies and procedures, e.g. audit, accounting, risk management and record keeping;
- enforcing legal obligations owed to us, or responding to complaints, litigation or investigations concerning us;
- managing and engaging third parties or data processors that provide services to us, e.g. IT services, data analytics, marketing, and other professional services;
- such purposes that may be informed to you when your personal data is collected;
- carrying out our legitimate business interests (listed below); and/or
- any other reasonable purposes related to the aforesaid
Purposes. Where you give us
consent, we collect, use and disclose your personal data for purposes
- managing and/or administering your request to receive news (including events and product launches), promotions and marketing information from us (and/or our affiliates or related entities) and on our products/services;
- analysing and/or profiling your purchases, transactions and/or likes or dislikes so as to be better able to send you relevant or targeted news (including events and product launches), promotion and marketing information from us (and/or our affiliates or related entities) and on our products/services; and/or
- sending you news (including events and product launches) and promotions from us (and/or our affiliates or related entities) as well as marketing information from us (and/or our affiliates or related entities) and on our products/services.
Our business interests include:
- managing our business and relationship with you, and providing services to our users and customers;
- protecting our rights and interests and those of our users and customers;
- preventing and investigating possible misuse of our website, applications and services;
- understanding and responding to inquiries and feedback;
- understanding how our users use our website, applications and services;
- identifying what our users want and improving our website, applications, services and offerings;
- enforcing obligations owed to us, or protecting ourselves from legal liability; and
- sharing data in connection with acquisitions and transfers of our business.
involving BlackStorm Consulting Pte Ltd and any Affiliated
has responsibility for BlackStorm Consulting Pte Ltd as well as any
affiliated organisations. For administrative efficiencies and to
allow Xprenia to better serve your needs, your personal data
will also be collected, used and disclosed to BlackStorm Consulting
Pte Ltd and any affiliated organisations for the following purposes:
- facilitating the provision of centralised administrative and management services;
- facilitating use of centralised resources e.g. shared information technology resources and systems;
- facilitating internal audits, reporting and management of our operations; and/or
- facilitating the conduct of centralised business activities and functions e.g. data analytics.
- The purposes listed in paragraphs 3.2, 3.3, 3.4 and 3.5 may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
- Use Permitted Under Applicable Laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.
You. When using your personal
data to contact you for the above purposes, we may contact you via
mail, e-mail, SMS, telephone, pop-up notifications (when you are
using our applications), or any other means.
We will not contact you for marketing purposes unless with your consent, or we are exempted by applicable law from having to obtain consent. When contacting you for marketing purposes, we will not contact you through your telephone number, unless you have specifically consented to such a mode of communication. If you do not wish to receive any communication or information from us, or wish to restrict the manner by which we may contact or send you information, you may contact us to do so.
- We collect, use and disclose your personal data where:
Disclosure of Personal Data
- Disclosure to BlackStorm Consulting Pte Ltd and any Affiliated Organisations. We may disclose or share your personal data with BlackStorm Consulting Pte Ltd and any affiliated organisations for the purposes described in paragraph 3.2, 3.3, 3.4 and 3.5.
Disclosures. We may also
disclose or share your personal data in connection with the purposes
described in paragraphs 3.2, 3.3 and 3.4:
- where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or
- to third party service providers, agents, regulatory authorities and other organisations we have engaged.
Transfers of Personal Data Out of Singapore
- We may transfer your personal data out of Singapore for the purposes set out in paragraph 3. When transferring personal data outside Singapore, we will require recipients of the personal data to protect personal data at a standard comparable to that under the laws of Singapore. For example, we may enter into legally enforceable agreements with the recipients to ensure that they protect your personal data.
Protection of Personal Data
- Retention of Personal Data. We may retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, to satisfy our business and legal purposes, or as required or permitted by applicable laws. How long we keep your personal data depends on the nature of the data. Certain information may also be retained for longer where we are required to do so by law. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
- Anonymised Data. In some circumstances we may anonymise your personal data so that it no longer identifies you, in which case we are entitled to retain and use such anonymised data without restriction, including for data analytics.
- Unauthorised Access and Vulnerabilities. While we take reasonable precautions to safeguard your personal data in our possession or under our control, we cannot be held responsible for unauthorised or unintended access that is beyond our control, including hacking or cybercrimes. We also do not guarantee that our website and applications are invulnerable to security breaches, or that your use of our website and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Links to Third Party Websites
- When clicking on a link within a course step or in a course email, you may be taken to a third party website, the use of which has been arranged by and is the responsibility of the third party organisation.
- The third party entity will only use your personal information for the purpose stated in the course and in accordance with the terms of the third party website.
- Whether you follow a link in a course and submit your personal information or not, your course progress will in no way be affected. Nor will your Xprenia profile.
enhance your experience of Xprenia and to better understand
how people use our website. This may also include cookies from third
party websites. Cookies are small files containing small amounts of
information which are automatically downloaded into your computer (or
other electronic devices) when you access the sites. Cookies help us
to measure the number of visits, average time spent, page views and
other statistics relating to your access to our website. This
information allows us to better administer our website, and provide a
more tailored and user-friendly service to our users. Cookies also
enable you to use or access certain features or services of our
website. Each time you visit our website from the same computer or
device, the cookie will be retrieved from your computer or device,
enabling our website to recognise your computer or device as having
previously visited our website and thereby increase the functionality
of our website on your computer or device. Therefore, generally, we
- recognise your browser as a previous visitor and save any preferences that may have been set during your last visit to our website;
- obtain information about your preferences, online movements and use of the Internet;
- track website analytics and carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitors’ or customers’ requirements and interests;
- customise and target our marketing and advertising campaigns and those of our partners more effectively by providing personalised interest-based advertisements;
- measure and research the effectiveness of our interactive online content, features, advertisements, and other communications;
- make your online experience more efficient and enjoyable.
web browsers allow some control of most cookies through the browser
settings. To find out more about cookies, including how to see what
cookies have been set, visit www.aboutcookies.org.
Find out how to manage cookies on popular browsers:
Microsoft Internet Explorer
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
- Withdrawal of Consent. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing and email to our Data Protection Officer (refer to paragraph 1.4 above for contact details). Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within fourteen (14) days of receiving it. While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing and email to our Data Protection Officer (see paragraph 1.4 above for contact details). Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws. If you are located in the EU, we will seek and rely on your consent as a legal basis for using your personal data where we have expressly sought it for specific purpose(s). You will be asked to provide clear and affirmative consent to the collection, processing and use of your personal data. If we do rely on your consent to a use of your personal data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
- Access to and Correction of Personal Data. If you wish to make (A) a request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (B) a request to correct or update any of your personal data which we hold about you, you may submit your request in writing and email to our Data Protection Officer (refer to paragraph 1.4 above for contact details). Where permitted by law, we may charge you a fee to process your access request. If so, we will inform you of the fee before processing your request. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA). We may also be permitted under applicable laws to refuse a request.
- Limitations. We may be permitted under applicable laws to refuse your request to exercise your rights, for example, we may refuse (A) a request for erasure where the personal data is required for in connection with claims, or (B) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.
Effective date: 13 June 2021
Last updated: 13 June 2021