Privacy policy
This Privacy Policy Notice (“Notice”) sets out how One Good Team Pte. Ltd. (“we”, “us”, or “our”) collect, use, disclose or otherwise process the personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”) and the General Data Protection Regulation (“GDPR”). We are committed to protecting the privacy and security of your personal information. This notice outlines the types of information we collect from you, how we use that information, and how we protect your privacy. This notice applies to personal data in our possession or under our control, including personal data in the possession of organisations that we have engaged to collect, use, disclose or process personal data for our purposes.
PERSONAL DATA
As used in this Notice:
“Customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered a contract with us for the supply of any goods or services by us; and
“Personal data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include contact information (name, telephone number, email address) displayed images, company information, academic information, social media handles and external web links.
In addition, we may collect information about your use of our website and services using cookies and similar technologies. This information may include your IP address, browser type, device type, and other information about how you interact with our website.
Other terms used in this Notice shall have the meanings given to them in the PDPA and GDPR (where the context so permits).
COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
Our purpose for collecting and processing your personal data is to facilitate the functionalities of a smart digital name card. This includes creating and maintaining your digital profile, storing and sharing your contact information, and enabling you to connect with others easily and efficiently. We also use your data to improve and enhance our platform's functionalities, such as providing personalised recommendations and optimising your user experience. We only collect and process the minimum amount of data necessary to carry out these functionalities and will always strive to protect your privacy and data security.
We generally do not collect your personal data unless it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after
you (or your authorised representative) have been notified of the purposes for which the data is collected, and;
you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or collection and use of personal data without consent is permitted or required by the PDPA, GDPR or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
We may collect and use your personal data for any or all of the following purposes:
performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
verifying your identity;
responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
managing your relationship with us;
complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority;
any other purposes for which you have provided the information; and
any other incidental business purposes related to or in connection with the above.
We may disclose your personal data where such disclosure is required for performing obligations during or in connection with our provision of the goods and services requested by you.
We may share your information with third-party service providers (subcontractors) who assist us in providing our services to you. We will not sell, trade, or otherwise transfer your personal information to outside parties unless we provide you with advance notice and obtain your consent to do so.
WITHDRAWING YOUR CONSENT
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing or via email to our Data Protection Officer at the contact details provided below.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
ACCESS TO AND CORRECTION OF PERSONAL DATA
You have the right to access, correct, or delete the personal information we collect from you. You also have the right to restrict or object to our processing of your information, and to receive a copy of the information we have collected from you in a structured, machine-readable format.
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
We will respond to your request as soon as reasonably possible. In general, our response will be within ten (10) business days. Should we not be able to respond to your request within thirty (30) days of receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or GDPR).
PROTECTION OF PERSONAL DATA
We implement reasonable measures to safeguard the information that we gather from you against any unauthorised access, disclosure, alteration, or destruction. To protect your personal data from potential risks such as unauthorised access, collection, use, disclosure, copying, modification, or disposal, we have implemented suitable administrative, physical, and technical measures. These measures include authentication and access controls (such as good password practices and need-to-basis for data disclosure), encryption of personal data, regular patching of operating systems and other software, secure erasure of storage media in devices before disposal, and conducting routine web security reviews and testing.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
ACCURACY OF PERSONAL DATA
We generally rely on personal data provided by you (or your authorised representative). To ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
RETENTION OF PERSONAL DATA
We may retain your personal data for as long as it is necessary to fulfil the purpose of the engagement period for which it was collected, or as required or permitted by applicable laws.
We will cease to retain your personal data or remove how the data can be associated with you under the following circumstances:
as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes;
upon successful termination or withdrawal from our services by your authorised representative, provided with reasonable notice of (10) business days to properly effect the aforementioned changes.
DATA BREACHES
We are committed to ensuring that all personal data under our control is protected against unauthorised access or misuse. We implement industry-standard security measures and employ best practices to prevent any unauthorised access to or misuse of personal data. In the unlikely event of a data breach, we will take prompt action to mitigate the breach and notify affected users in accordance with applicable laws and regulations. Our goal is to maintain the trust and confidence of our users by safeguarding their personal data.
In the event of a data breach, we will take immediate action to contain and minimise the impact of the breach. This includes conducting a thorough investigation to determine the extent of the breach and identifying the affected individuals. We will notify the relevant authorities and affected individuals within 72 hours of becoming aware of the breach, as required by law. We will also provide guidance and support to affected individuals on steps they can take to protect their personal information. We take data breaches very seriously and are committed to taking all necessary measures to safeguard our users' personal information.
SAFE AND COMPLETE DELETION
Once we commence the process of deleting the data, we will safely and completely delete the data from our storage systems. Safe deletion is important to protect our users and customers from accidental data loss. Complete deletion of data from our servers is equally important for users’ peace of mind. This process generally takes around 1 month from the time of deletion. This often includes up to a month-long recovery period in case the data was removed unintentionally.
Once a user decides to delete their account, we will commence with a soft delete operation which consists of transferring their data from the live server to a storage server. During this period, their account will be tagged so that they can still retrieve their information if they wish to do so by just logging in and confirming the reactivation process. 30 days from the date of confirmed deletion, their data will be deleted from the storage server permanently along with their authentication credentials.
EFFECT OF NOTICE AND CHANGES TO NOTICE
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.