Advocado collects information on its users when you sign up for an account, when using the mobile applications and when you make transactions with merchants. When you register, we may ask you for information about you, including your first name, last name, email address, gender and birth year (collectively known as ‘Personal Data’).
If you have any queries on this policy or in relation to how we may manage, protect and/or process personal data provided to us, please contact our Data Protection Officer (the “DPO”) via email@example.com.
1.1. The Personal Data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances for which we may/will need to process Personal Data.
1.2. The purposes for which we have been collecting, using, disclosing and processing your Personal Data include:
1.2.1. to provide and administer Advocado Loyalty Program Accounts;
1.2.2. to respond to your requests for support;
1.2.3. creation of records as to the business carried on by us;
1.2.4. providing and sending you marketing materials and/or documents via any communication to your email addresses, or via electronic messages, SMSes, voice calls and/or facsimiles to your telephone numbers (based on our records), such messages to these telephone numbers only being sent in accordance with the requirements of the PDPA, relating to the Advocado Loyalty Programs provided, promoted or marketed by us and/or our authorised merchants and agents where you have separately provided consent to us in relation thereto;
1.2.5. page visits or mobile application usage that may store information about your computer or mobile phone configuration such as your IP address, location, where you have executed transactions stored within the application, screens viewed within the mobile application, cookie information and the pages you requested. Advocado may use this information to help make changes to the service to better serve you and our users;
1.2.6. any other purposes which we notify you of at the time of obtaining your consent. (to be referred to collectively as the ‘Purposes’)
1.3. As the Purposes for which we may/will collect, use, disclose or process Personal Data provided may also depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining the necessary consent(s), unless processing of Personal Data without consent is permitted by the PDPA or by law.
2.1. We respect the confidentiality of the Personal Data you have provided to us.
2.2. In that regard, we will not disclose Personal Data provided to us to third parties without first obtaining the relevant consent(s) permitting us to do so. However, please note that we may disclose the Personal Data you provided to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
2.2.1. cases in which the disclosure is required or authorised based on the applicable laws and/or regulations;
2.2.2. cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
2.2.3. cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
2.2.4. cases in which the disclosure is necessary for any investigation or proceedings;
2.2.5. cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer;
2.2.6. cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
2.2.7. where such disclosure without your consent is permitted by the PDPA or by law.
3.2.3. The instances listed above at paragraph 2.2 are not intended to be exhaustive. For more information on the exceptions, you are encouraged to peruse the Second, Third and Fourth Schedules of the PDPA which is publicly available at http://statutes.agc.gov.sg.
2.4. Where we disclose Personal Data you provided to third parties with your consent, we require such third parties to protect the Personal Data.
3.1. You may request to access and/or correct the Personal Data currently in our possession or control by contacting us at firstname.lastname@example.org. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to process your request.
3.2. For a request to correct Personal Data, once we have sufficient information from you to process the request, we will correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Please note that the PDPA exempts certain types of personal data from being subject to your correction request.
3.3. We will also be charging you a service fee for the handling and processing of your requests to access your Personal Data. We will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to or process your access request unless you have agreed to pay the fee.
4.1. You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control by emailing your opt-out notice, the extent of your withdrawal of consent with reference to the Purposes in Paragraph 1.2, and account details to email@example.com.
4.2. When promotional messages are sent to your phone by Advocado or our authorized Merchants, you will have the option to unsubscribe from such promotional messages via a reply SMS.
4.3. We will process your request within 30 days from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your Personal Data in the manner stated in your request.
4.4. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we will not be able to continue your existing relationship with us.
4.5. If you should withdraw consent for the collection, use and/or disclosure of your Personal Data but desire to continue using the services provided by Advocado, we reserve the right to send you essential communications relating to the Advocado service, such as service announcements, administrative messages and service notifications that are considered part of your Advocado Account, without offering you the opportunity to opt-out of receiving them.
5.1. You can delete your Advocado account by e-mailing firstname.lastname@example.org and requesting that we delete your account. You will not be able to recover any transaction progress or rewards from stored value, prepaid item, loyalty stamps and loyalty points campaigns once your account has been deleted.
5.2. Any information that may have been collected from your registration with and use of Advocado may remain after your account has been permanently deleted for aggregated reporting and analysis, and will be handled with reference to Paragraph 6.3.
6.1. We will take reasonable efforts to ensure that the Personal Data you provided is reflected accurately and completely, if your personal data is likely to be used by Advocado to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in relation to Personal Data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete Personal Data arising from you not updating us of any changes in the Personal Data that you had initially provided us with.
6.2. We will also put in place reasonable security arrangements to ensure that the provided Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of the Personal Data provided. However, we cannot assume responsibility for any unauthorised use of such Personal Data by third parties which are wholly attributable to factors beyond our control.
6.3. We will also put in place measures such that Personal Data you provided in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.
6.4. Where Personal Data you provided is to be transferred out of Singapore, we will comply with the PDPA in doing so. In this regard, this includes us obtaining the necessary consent(s) unless an exception under the PDPA or law applies, and taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the Act. This may include us entering into an appropriate contract with the foreign recipient organisation dealing with the Personal Data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits us to.
7.1. If you have any questions or complaints regarding how we are handling the personal data you have provided, please contact our Data Protection Officer through email at email@example.com.
8.1. As part of our efforts to ensure that we properly manage, protect and process Personal Data provided to us, we will be reviewing our policies, procedures and processes from time to time.
8.3. You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection
Last Updated on 21 June 2016