Version as at 20 July 2022
This Policy supplements but does not supersede or replace any previous consent which an Individual may have provided to Sircured, nor does it affect any rights that Sircured may have at law or otherwise in connection with the collection, use and/or disclosure of any personal data. The provisions relating to data protection and the PDPA found in vaultbox’s terms & conditions are hereby incorporated by reference in this clause. A copy of vaultbox’s prevailing terms & conditions is available at https://www.vaultbox.tech/terms-of-service.
Sircured may from time to time update this Policy to ensure it is consistent with its business purposes or to accommodate future changes to applicable legal or regulatory requirements. All updates to this Policy will be published at https://www.vaultbox.tech ("vaultbox Website") and appropriate notifications of any material revisions will be published on the vaultbox Website. Notifications may also be issued separately to relevant persons as may be determined by Sircured. Subject to an Individual's rights at law or otherwise, the prevailing terms of this Policy from time to time shall apply. By continuing their relationship with Sircured after any changes have been introduced and published on the vaultbox Website, Individuals shall be deemed to have accepted the updated Policy.
For purposes of this Policy:
"Individual" means a natural person, whether living or deceased and "Individuals" shall be construed accordingly;
“Personal Data” means data that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to Sircured;
"Personnel" means any Individual engaged under a contract of service with Sircured, permanent or temporary employees as well as trainees and interns engaged by Sircured from time to time; and
“Sensitive Personal Data” includes data relating to race or ethnic origin, political opinions, religions or similar, trade union membership, physical or mental health, sexual life or criminal record.
2. Personal Data collected, used or disclosed by Sircured
Sircured will only collect, use or disclose Personal Data about an Individual which it reasonably considers necessary for the relevant purposes underlying such collection, use or disclosure, where such purposes are as notified in this Policy. If Sircured requires to collect Personal Data for purposes other than as notified herein, such purposes will be notified to the Individual in question ahead of any collection, use or disclosure of the Personal Data. It is not our policy to seek Sensitive Personal Data, but if an Individual voluntarily provides us with Sensitive Personal Data for any reason, they shall be deemed to have consented to such collection, use or disclosure of such Sensitive Personal Data in accordance with the relevant provisions of the PDPA. Depending on the specific nature of an Individual’s interaction with Sircured, Personal Data which Sircured collects, uses or discloses concerning an Individual may variously include but is not limited to the following:
a. the Individual's name, gender and contact particulars, including telephone number(s), residential/mailing address(es) and email address;
b. details of the Individual's identification documents (such as, NRIC or passport numbers), and applicable visa or permits (such as employment pass, work permit, permanent residency status);
c. details of the Individual's employment history and academic qualifications;
d. the name and contact particulars of the Individual’s next-of-kin;
e. the Individual's network usage data and other information gathered automatically by our computer systems, including the Individual’s computer IP address, links visited and other activities conducted online or using our computer systems;
f. photographs and video or CCTV recordings of the Individual; and
g. other information which the Individual may provide to Sircured, from time to time, in the course of such Individual’s interaction with Sircured.
3. How Sircured collects, uses or discloses Personal Data
Sircured is a Singapore-registered FinTech Company certified by the Singapore FinTech Association as a Wealth Management, Blockchain & DLT and Capital Markets provider. We collect Personal Data for the purpose of providing such services to our clients worldwide where we have a legitimate interest or other legal interest for collecting, using or disclosing such information.
Generally, Sircured may collect Personal Data from an Individual in one or more of the following ways or circumstances:
a. when the Individual interacts with Sircured's Personnel via telephone calls, emails, or other correspondence and/or face- to-face interactions;
b. when the Individual visits Sircured's premises;
c. when the Individual specifically requests that Sircured contact him or her or requests to be included in an email or any mailing list maintained by Sircured;
d. when the Individual responds to any request by Sircured for the provision of Personal Data;
e. when Sircured receives references or referrals from its business partners or other third parties;
f. when the Individual attends or participates in any event organised by Sircured;
g. when the Individual voluntarily provides his or her Personal Data to Sircured as a potential candidate for engagement;
h. when the Individual subscribes to Sircured' publication(s); and/or
i. when the Individual voluntarily provides his or her Personal Data to Sircured for any other reason arising from or in connection with the ordinary course of business.
Sircured may also compile data from searches of an Individual’s professional information publicly available via social media platforms such as LinkedIn, Google, Twitter, company websites, the press or other publications as part of our research and assessment.
4. Purposes of collection, use and disclosure of Personal Data
Generally, Sircured collects, uses and/or discloses Personal Data from Individuals for one or more of the following purposes:
A. Provision of services
a. administering and managing the Individual’s commercial relationship with Sircured;
b. providing the Individual with information about services provided by Sircured and/or the services provided by any external vendor that is providing services or products in partnership or collaboration with Sircured;
c. responding to the Individual’s complaints, queries and/or requests;
d. facilitating and/or organising face-to-face or non-face-to-face interactions such as meetings, interviews or events; and
e. informing the Individual of changes and/or updates to Sircured' policies, terms and conditions and/or other administrative information.
B. Security measures
a. verifying the Individual's identity or monitoring the Individual's activities, including without limitation via CCTV observation and/or recording; and
b. preventing, detecting and investigating fraud, misconduct, any unlawful action, omission or dispute, and whether or not there is any suspicion of the aforementioned.
C. General business operations of Sircured
a. operation and maintenance of web and mobile applications for assets/liabilities record-keeping, including without limitation documents, contacts, events and passwords;
b. research and consulting;
c. administering and managing Sircured's commercial relationships with potential clients and partners; and;
d. satisfying or complying with any applicable rules, laws, regulations, codes of practice or guidelines which are binding on Sircured (including but not limited to responding to regulatory complaints, disclosure to regulatory bodies and conducting audit checks, due diligence and investigations).
D. Managing Personnel
a. administering, managing and/or terminating Sircured' relationship with Personnel;
b. evaluating the performance of Personnel;
c. undertaking staff training and quality assurance activities; and
d. providing Personnel with services, facilities and/or other benefits being offered or made available by Sircured to such Personnel as well as information about such services, facilities and benefits.
a. circulation of Sircured’s publications or marketing information to an Individual;
b. dissemination of relevant marketing information to an Individual relating to services offered by Sircured (whether through Sircured or its business partners) which Sircured thinks is or may be of benefit or interest to him/her via any means of contact previously provided to Sircured.
a. for transfer to third party data intermediaries to facilitate any of the aforesaid purposes;
b. for any purposes reasonably related to any of the above purposes; and
c. for any other purposes in relation to which Sircured has specifically obtained the Individual's consent.
Other than as provided for under applicable law or this Policy, Sircured will not collect, use or disclose an Individual's Personal Data without his or her express consent.
Sircured will take reasonable steps to highlight the purposes relevant to an Individual, by appropriate means, before or during collection of the Personal Data from such Individual, including:
a. a via express provisions in contracts, application forms and/or registration forms to be signed with or provided to Sircured;
b. via notifications on Sircured's websites (including without limitation, the vaultbox Website); and
c. in the course of verbal communications.
Where feasible, Sircured will inform the Individual of purposes that are intrinsic to the relationship between Sircured and the Individual, or to the provision of services to such Individual, as well as purposes that are optional.
In so far as any purpose(s) are intrinsic to the relationship or provision of services, Sircured reserves the right to decline to engage in the relevant relationship or to provide the relevant services to the Individual if he or she does not consent to Sircured's collection, use or disclosure of his or her Personal Data for such purpose.
a. voluntarily provide their Personal Data to Sircured for the specified purposes;
b. use or access Sircured's website(s), vaultbox Website or computer network;
c. enter Sircured's premises or use any of the facilities thereon; and/or
d. attend or participate in meetings, events or programmes organised by Sircured
will be deemed to agree and consent to Sircured collecting, using and/or disclosing their Personal Data in the manner and for the purposes set forth in this Policy.
An Individual who provides Sircured with Personal Data relating to a third party for any particular purpose, represents to Sircured that he/she has obtained the consent of the relevant third party to Sircured collecting, using or disclosing such Personal Data for the relevant purpose.
In so far as Sircured collects Personal Data of an Individual from any third party(ies), Sircured will take reasonable steps to inform the relevant third party(ies) of Sircured's purposes for collecting the Personal Data and to verify that consent to such disclosure from the Individual has been obtained by the relevant third party(ies) for the intended purpose.
6. Disclosure of Personal Data
In carrying out one or more of the above Purposes, Sircured may be required to disclose Individuals' Personal Data to the following third parties for one or more of the above Purposes:
a. Sircured's clients. We will only disclose what is necessary for providing our services and will obtain consent from an Individual before disclosing any Personal Data;
b. third party service providers or agents or external vendors that are providing services or products in partnership or collaboration with Sircured;
c. Sircured's auditors and professional advisors;
d. any person to whom disclosure is permitted or required by law;
e. any permitted assigns;
f. any local or foreign regulatory body, government agency, statutory board, ministry, department or other government body and/or its officials; and/or
g. other parties with the Individual’s consent or at their direction.
7. Withdrawal of Consent
Any Individual who wishes to withdraw his or her consent to any collection, use or disclosure of their Personal Data by Sircured as set out in this Policy may do so by contacting Sircured's Data Protection Officer at email@example.com.
Depending on the extent to which an Individual withdraws consent to the collection, use or disclosure of his or her Personal Data by Sircured, such withdrawal of consent may result in Sircured's inability to continue providing its services to the Individual and may be considered as a termination by the Individual of any agreement between Sircured and the Individual. In such an event, Sircured expressly reserves all its legal rights and remedies.
8. Verification of Personal Data & Notification of Changes
Where feasible, Sircured will take reasonable steps to verify the accuracy of Personal Data received at the point of collection but Individuals remain primarily responsible for ensuring that all Personal Data provided by them to Sircured is complete and accurate. Information voluntarily provided by an Individual to Sircured shall prima facie be deemed to be complete and accurate.
Sircured will also take reasonable steps to periodically verify Personal Data in its possession, taking into account the exigencies of its operations, but Individuals are nonetheless responsible for notifying Sircured, from time to time, of any applicable changes to such Personal Data. For the avoidance of doubt, an Individual may request for a correction of its Personal Data at any time by reaching out to the relevant Personnel or through Sircured’s Data Protection Officer at firstname.lastname@example.org.
Sircured shall not be held liable for any inability on its part to provide services to an Individual who fails to ensure that his or her Personal Data submitted to Sircured is complete and accurate or who fails to notify Sircured of any relevant changes to such Personal Data.
9. Protection of Personal Data
Sircured makes reasonable physical and technical security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to Personal Data in its possession and ensures its Personnel are equipped with the necessary skills and training to support this.
If Sircured transfers Personal Data outside Singapore, Sircured takes reasonable steps to ensure that such Personal Data transferred receives a standard of protection comparable to the protection required under PDPA and GDPR and such transfer shall be subject to this Policy. Sircured strives to ensure that third parties who receive Personal Data from Sircured protect such Personal Data in a manner consistent with this Policy and not use such Personal Data for any purposes other than those specified by Sircured, by subjecting these third parties to comparable data protection and security obligations. Sircured is not responsible in any way for the security and/or management of Personal Data shared by Individuals with third party websites which may be accessible via links on Sircured's website.
10. Contacting Sircured-Access and Correction of Personal Data
Any Individual who:
a. has questions or feedback relating to this Policy; and/or
b. would like to obtain access to his or her Personal Data held by Sircured; and/or
c. would like to obtain information about the ways in which his or her Personal Data held by Sircured has been or may have been used or disclosed by Sircured in the year preceding the request; and/or
d. would like to update or make corrections to his or her Personal Data held by Sircured; and/or
e. would like to exercise other rights he or she has under applicable legislation, such as the right to restrict/block, object, erase, move, copy or transfer his or her Personal Data held by Sircured; and/or
f. would like to revoke consent to any applicable aspect of this Policy,
should contact Sircured's Data Protection Officer at email@example.com.
Individuals should note that Sircured is not required, under the PDPA, to provide access and correction to Personal Data in certain exempted situations as set out in the PDPA.
The PDPA allows and Sircured reserves the right to charge a reasonable fee for the handling and/or processing of access requests by an Individual pursuant to paragraphs (b) or (c) above.
11. Governing Law and Jurisdiction
This Policy shall be governed by and construed in accordance with the laws of Singapore without regard to its conflict of laws principles. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.