Privacy and Cookies
01. Privacy and Cookies
1.1 This is the privacy and cookies policy of Xprenia (“XPN”) and its affiliated organisation(s) as listed on https://www.xprenia.com/. (each an “affiliated organisation”). The terms “we”, “us”, and “our” in this Policy refer to Xprenia and/or any affiliated organisation(s) which has adopted this Policy, as appropriate.
1.2 Application. BSL and each affiliated organisation have different channels of collecting personal data, but each is committed to complying with this Policy in its collection, use and disclosure of personal data to ensure accountability and uniformity in the way we protect your personal data. Although this Policy is in common use by BSL and the affiliated organisations, each is responsible to you to the extent of its collection, use and disclosure of your personal data and its actions.
1.3 Compliance with this Policy. This Policy applies to all personal data you provide to us or that we may collect about you. If you do not accept this Policy, please do not provide any personal data to us.
We may also require you to accept this Policy when you contact, interact, transact or deal with us or when you access and use our website, applications or services. If you notify us that you do not accept this Policy, we may not establish a relationship with you or be able to service your requests.
In recognition of our operations beyond Singapore, to places such as the European Union (the “EU”), United States or the United Kingdom, we have been especially keen to ensure that this Policy takes account of the relevant data protection principles operating overseas. In particular, we have measured and modelled this Policy against the high standards of protection for personal data as contained and promoted in the EU’s benchmark General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
1.4 Contacting Us. You may contact our Data Protection Officer if you have any feedback or enquiries in relation to your personal data or about this Policy, or wish to make any request in the following manner:
Data Protection Officer
Email address: firstname.lastname@example.org
1.5 Governing Law and Dispute Resolution. Irrespective of the country from which you access or use our site, products or services, to the extent permitted by law, this Policy shall be governed in accordance with the laws of Singapore without regard to choice or conflicts of law principles, and you hereby agree to submit to the exclusive jurisdiction of the courts of Singapore to resolve any claims or disputes which may arise in connection with this Policy. Any disputes concerning this Policy and claims concerning breach or inadequacy of Personal Data protection raised by an EU Individual will be dealt with in accordance (to the maximum permissible extent) with the GDPR.
1.6 Effect of this Policy and Changes to this Policy. This Policy applies in conjunction with any other policies, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Policy from time to time without any prior notice to comply with applicable laws or update our data usage and handling processes. The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. You may determine if any such revision has taken place by referring to the date this Notice was last updated. Your continued use of our website, application and products/services constitutes your acknowledgement and acceptance of such changes.
02. Personal Data
2.1 What Personal Data We Collect. The personal data we collect depends on the purposes for which we require the personal data and what you have chosen to provide. This may include your name, address, contact information (for example, telephone number and email address), identification number, photograph, video image and any other information that may identify you or is personal to you.
2.2 How We Collect Personal Data. We collect personal data pertinent to our relationship with you. We may collect your personal data directly or indirectly through various channels, including when:
(i) you use our services or enter into transactions with us (or express interest in doing so);
(ii) you apply to be a member of any of our programs, respond to our promotions, or subscribe to our mailing lists;
(iii) you visit our website, download or use our mobile applications;
(iv) you register an account with us through our website or applications;
(v) you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls and emails;
(vi) we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a customer, investor or shareholder; or
(vii) you submit your personal data to us for any other reason.
Depending on your relationship with us, we may also collect your personal data from third parties, including:
(i) from BlackStorm Consulting (see http://blackstormco.asia/) and any affiliated organisations;
(ii) from your family members or friends who provide your personal data to us on your behalf; and
(iii) from public agencies or other public sources.
Our website and applications may also contain or involve certain technologies that automate data collection (including personal data). These technologies include cookies, web beacons and web analytics. Suppose you do not wish to have your data collected through such technologies. In that case, you may disable the operation of these technologies on your devices (where possible), or you may refrain from using our website and applications.
2.3 Voluntary Provision of Personal Data. Your provision of personal data to us is voluntary, and you have the right to withdraw your consent for us to use your personal data at any time by submitting a request to us. Your withdrawal will take effect after your request is processed. However, if you choose not to provide us with the personal data we require, it may not be possible for us to fulfil the purposes for which we require the personal data, including providing products and services you need from us.
2.4 Providing Personal Data Belonging to Others. In certain circumstances, you may also provide the personal data of persons other than yourself (including your family members). If you do so, you are responsible for informing him/her of the purposes for which we require his/her personal data and warrant that you are validly acting on behalf of him/her to consent to our collection, use and disclosure of his/her personal data.
2.5 Accuracy and Completeness of Personal Data. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that all personal data that you provide is current, true, accurate and complete, please promptly update us of any changes to the personal data by informing us via email (refer to paragraph 1.4 above for contact details).
2.6 Minor. If you are a child, minor or not of legal age, please inform and seek the consent of your parent or guardian before you provide your personal data to us. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us to request the erasure of their personal data (refer to paragraph 1.4 above for contact details).
3.1 We collect, use and disclose your personal data where:
(i) you have given us consent;
(ii) necessary to comply with our legal or regulatory obligations;
(iii) necessary for our business interests, provided that this does not override your interests or rights; and/or
(iv) necessary to perform a contract or transaction you have entered into with us, or provide a service that you have requested or required from us.
3.2 General Purposes. Generally, we collect, use and disclose your personal data for purposes connected or relevant to our business, including:
(i) processing your transactions with us, or to provide products and services to you;
(ii) managing your relationship with us;
(iii) facilitating your use of our platforms, products and services;
(iv) assisting you with your requests, enquiries and feedback;
(v) administrative purposes, g. accounting, risk management and record-keeping, business research, data, planning and statistical analysis, and staff training;
(vi) security and safety purposes, g. protecting our platforms from unauthorised access or usage and to monitor for security threats, and security cameras may capture your image;
(vii) carrying out research, data and statistical analysis;
(viii) compliance with laws and regulations, internal policies and procedures, e.g. audit, accounting, risk management and record keeping;
(ix) enforcing legal obligations owed to us, or responding to complaints, litigation or investigations concerning us;
(x) managing and engaging third parties or data processors that provide services to us, e.g. IT services, data analytics, marketing, and other professional services;
(xi) such purposes that may be informed to you when your personal data is collected;
(xii) carrying out our legitimate business interests (listed below); and/or
(xiii) any other reasonable purposes related to the aforesaid
3.3 Marketing Purposes. Where you give us consent, we collect, use and disclose your personal data for purposes of:
(i) managing and/or administering your request to receive news (including events and product launches), promotions and marketing information from us (and/or our affiliates or related entities) and on our products/services;
(ii) analysing and/or profiling your purchases, transactions and/or likes or dislikes to be better able to send you relevant or targeted news (including events and product launches), promotion and marketing information from us (and/or our affiliates or related entities) and on our products/services; and/or
(iii) sending you news (including events and product launches) and promotions from us (and/or our affiliates or related entities) as well as marketing information from us (and/or our affiliates or related entities) and on our products/services.
3.4 Business. Our business interests include:
(i) managing our business and relationship with you, and providing services to our users and customers;
(ii) protecting our rights and interests and those of our users and customers;
(iii) preventing and investigating possible misuse of our website, applications and services;
(iv) understanding and responding to inquiries and feedback;
(v) understanding how our users use our website, applications and services;
(vi) identifying what our users want and improving our website, applications, services and offerings;
(vii) enforcing obligations owed to us, or protecting ourselves from legal liability; and
(viii) sharing data in connection with acquisitions and transfers of our business.
3.5 Purposes involving BlackStorm Consulting Pte Ltd and any Affiliated Organisations. Xprenia has responsibility for BlackStorm Consulting Pte Ltd as well as any affiliated organisations. For administrative efficiencies and to allow Xprenia to serve your needs better, your personal data will also be collected, used and disclosed to BlackStorm Consulting Pte Ltd and any affiliated organisations for the following purposes:
(i) facilitating the provision of centralised administrative and management services;
(ii) facilitating the use of centralised resources e.g. shared information technology resources and systems;
(iii) facilitating internal audits, reporting and management of our operations; and/or
(iv) facilitating the conduct of centralised business activities and functions, e.g. data analytics.
3.6 The purposes listed in paragraphs 3.2, 3.3, 3.4 and 3.5 may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
3.7 Use Permitted Under Applicable Laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.
3.8 Contacting You. When using your personal data to contact you for the above purposes, we may contact you via mail, email, SMS, telephone, pop-up notifications (when you are using our applications), or any other means.
We will not contact you for marketing purposes unless with your consent, or we are exempted by applicable law from obtaining consent. When contacting you for marketing purposes, we will not contact you through your telephone number unless you have specifically consented to such a mode of communication. If you do not wish to receive any communication or information from us or wish to restrict how we may contact or send you information, you may contact us to do so.
04. Disclosure of Personal Data
4.1 Disclosure to BlackStorm Consulting Pte Ltd and any Affiliated Organisations. We may disclose or share your personal data with BlackStorm Consulting Pte Ltd and any affiliated organisations for the purposes described in paragraphs 3.2, 3.3, 3.4 and 3.5.
4.2 Other Disclosures. We may also disclose or share your personal data in connection with the purposes described in paragraphs 3.2, 3.3 and 3.4:
(i) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or
(ii) to third-party service providers, agents, regulatory authorities and other organisations we have engaged.
When disclosing personal data to third parties, we will (where appropriate and required by applicable law) enter into contracts with these third parties to protect your personal data in a manner that is consistent with applicable laws and/or ensure that they only process your personal data in accordance with our instructions.
05. Transfers of Personal Data Out of Singapore
5.1 Disclosure to BlackStorm Consulting Pte Ltd and any Affiliated Organisations. We may disclose or share your personal data with BlackStorm Consulting Pte Ltd and any affiliated organisations for the purposes described in paragraphs 3.2, 3.3, 3.4 and 3.5.
We may transfer your personal data out of Singapore for the purposes set out in paragraph 3. When transferring personal data outside Singapore, we will require recipients of the personal data to protect personal data at a standard comparable to that under the laws of Singapore. For example, we may enter into legally enforceable agreements with the recipients to ensure that they protect your personal data.
06. Protection of Personal Data
6.1 Retention of Personal Data. We may retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, satisfy our business and legal purposes, or as required or permitted by applicable laws. How long we keep your personal data depends on the nature of the data. Certain information may also be retained for longer where we are required to do so by law. We will cease to retain your personal data or remove the means by which the data can be associated with you as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.
6.2 Anonymised Data. In some circumstances, we may anonymise your personal data so that it no longer identifies you, in which case we are entitled to retain and use such anonymised data without restriction, including for data analytics.
6.3 Unauthorised Access and Vulnerabilities. While we take reasonable precautions to safeguard your personal data in our possession or under our control, we cannot be held responsible for unauthorised or unintended access beyond our control, including hacking or cybercrimes. We also do not guarantee that our website and applications are invulnerable to security breaches or that your use of our website and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
07. Links to Third Party Websites
7.1 When clicking on a link within a course step or in a course email, you may be taken to a third party website, the use of which has been arranged by and is the responsibility of the third-party organisation.
7.3 The third-party entity will only use your personal information for the purpose stated in the course and according to the third party website terms.
7.4 Whether you follow a link in a course and submit your personal information or not, your course progress will in no way be affected. Nor will your Xprenia profile.
(i) recognise your browser as a previous visitor and save any preferences that may have been set during your last visit to our website;
(ii) obtain information about your preferences, online movements and use of the Internet;
(iii) track website analytics and carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitors’ or customers’ requirements and interests;
(iv) customise and target our marketing and advertising campaigns and those of our partners more effectively by providing personalised interest-based advertisements;
(v) measure and research the effectiveness of our interactive online content, features, advertisements, and other communications;
(vi) make your online experience more efficient and enjoyable.
8.4 Managing Cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org. or www.allaboutcookies.org
Find out how to manage cookies on popular browsers:
Microsoft Internet Explorer
To find information relating to other browsers, visit the browser developer’s website.
To opt-out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
09. Your Rights
9.1 Withdrawal of Consent. The consent you provide for collecting, using, and disclosing your personal data will remain valid until you are withdrawing it in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing and email to our Data Protection Officer (refer to paragraph 1.4 above for contact details). Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within fourteen (14) days of receiving it. While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you, and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing and email our Data Protection Officer (see paragraph 1.4 above for contact details). Please note that withdrawing consent does not affect our right to continue collecting, using and disclosing personal data where such collection, use and disclosure without consent is permitted or required under applicable laws. If you are located in the EU, we will seek and rely on your consent as a legal basis for using your personal data where we have expressly sought it for the specific purpose(s). You will be asked to provide clear and affirmative consent to collect, process, and use your personal data. If we do rely on your consent to use your personal data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
9.2 Access to and Correction of Personal Data. If you wish to make (A) a request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (B) a request to correct or update any of your personal data which we hold about you, you may submit your request in writing and email to our Data Protection Officer (refer to paragraph 1.4 above for contact details). Where permitted by law, we may charge you a fee to process your access request. If so, we will inform you of the fee before processing your request. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or make a correction requested by you, we shall generally inform you of why we are unable to do so (except where we are not required to do so under the PDPA). We may also be permitted under applicable laws to refuse a request.
9.3 Limitations. We may be permitted under applicable laws to refuse your request to exercise your rights. For example, we may refuse (A) a request for erasure where the personal data is required in connection with claims, or (B) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.
Effective date: 11 August 2021
Last updated: 11 August 2021