This Data Protection Policy outlines how GCC Exchange Pte Ltd collects, uses,
maintains and discloses your Personal Data. GCC safeguards your Personal Data in accordance with the Singapore
Personal Data Protection Act (No. 26 of 2012) (“the Act”). This Data Protection Policy supplements but does not
supersede nor replace any other consents which you may have previously provided to us, and your consents herein
are additional to any rights which we may have as required by our regulators MAS to collect, use or disclose
your Personal Data.
1.Your consent is important
When you request our services, you may be required to provide us with your Personal
Data. In doing so, you agree and consent to GCC Exchange Pte Ltd and its related corporations (collectively
referred to herein as “GCC”, “us”, “we” or “our”) as well as our respective agents, authorised service providers
and relevant third parties collecting, using, disclosing and/or sharing your Personal Data in accordance with
this Data Protection Policy.
Failure to provide such Personal Data or withdrawal of your consent for us to
process your Personal Data may result in GCC being unable to provide you with effective and continuous services.
If you should withdraw your consent to the processing or handling of your Personal
Data in respect of any purpose which we may reasonably consider to be essential in order for us to provide you
with the services requested / applied for, we may not be in a position to continue to provide our services to
you or administer any contractual relationship which may be in place between us. Furthermore, we shall be
entitled to treat such withdrawal as your termination of any account / agreement which you may have with us,
without prejudice to any rights and remedies which we may have at law against you.
Notwithstanding the generality of the foregoing and for avoidance of doubt, upon
the termination or expiry of your contractual relationship with us, we may still continue using or disclosing
your personal data as may be necessary, required, authorised or permitted for compliance with applicable law or
as may be requested by the relevant regulatory bodies, government agencies, statutory boards, administrative
bodies, authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or
schemes to which we may be subject, whether situated locally or overseas.
2.What types of Personal Data do we collect?
In this Data Protection Policy, “Personal Data” refers to any data, whether true or
not, about an individual who can be identified (a) from that data; or (b) from that data and other information
to which we have or are likely to have access, including data in our records as may be updated from time to
time.
Examples of such Personal Data you may provide to us may include (depending on the
nature of your interaction with us) your name, NRIC, passport or other identification number, telephone
number(s), mailing address, email address and any other information relating to any individuals which you have
provided us in any forms you may have submitted to us, or via other forms of interaction with you.
The Personal Data we collect can be either obligatory or voluntary. Obligatory
Personal Data are those that we require in order to provide you our services. If you do not provide us with
obligatory Personal Data, we would not be able to provide you services. Voluntary Personal Data are those that
are not mandatory in order for us to provide you with our services. If you do not provide us with voluntary
Personal Data, you can still sign up for our products and services. Obligatory and voluntary Personal Data
differ for each products and services and will be indicated in the application forms.
3.How do we collect your Personal Data?
Generally, we obtain your Personal Data in various ways, such as:
- When you submit application forms or other forms relating to any of services
- When you use some of our services (including but not limited to websites, apps and any online accounts
established with us)
- When you request that we contact you, be included in an email or other mailing list; or when you respond to
our request for additional Personal Data, our promotions and other initiatives
- When you sign up for or use one of the many services we provide or when you register an account at any GCC
websites
- When you contact any GCC entities through various methods such as application forms, emails and letters,
telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you
using telephone, we may monitor or record the phone call for quality assurance, training and security
purposes
- From our analysis of your transactions (including but not limited to transaction history)
- When you participate in customer surveys or when you sign up for any of our competitions or promotions
- When you submit a job application
- When we receive references from business partners and third parties, for example, where you have been
referred by them
- When we seek information from third parties about you in connection with your transaction applications or
job applications, for example, from your ex-employer and the relevant authorities
- When you submit your Personal Data to us for any other reasons
4.What is the purpose of processing your Personal Data?
Generally, GCC collects, uses and discloses your Personal Data for the following purposes:
- Responding to your queries and requests
- Verifying due diligence checks
- Managing the administrative and business operations of GCC and complying with internal policies and
procedures
- Matching any Personal Data held which relates to you for any of the purposes listed herein
- Resolving complaints and handling requests and enquiries
- Preventing, detecting and investigating crime, including fraud and money-laundering, and analysing and
managing commercial risks
- Maintaining security of GCC premises (including but not limited to CCTV surveillance and issuing building
access passes)
- Meeting or complying with any applicable laws, regulations, directives, rules, codes of practice or
guidelines issued by any legal or regulatory bodies which GCC may be subject to, whether local or overseas
(including but not limited to disclosures to regulatory bodies, conducting audit checks, surveillance and
investigation)
- Legal purposes (including but not limited to obtaining legal advice and dispute resolution)
- Purposes which are reasonably related to the aforesaid
If you are an employee of an external service provider of GCC, GCC also collects, uses and
discloses your Personal Data for the following purposes:
- Issuing building access pass and maintaining building security
- Managing project tenders
- Processing and payment of vendor invoices
- Profiling in media activities
- Any other purpose reasonably related to any of the above
If you submit an application to us as a candidate for an employment or
representative position, GCC also collects, uses and discloses your Personal Data for the following purposes:
- Conducting interviews
- Processing your application (including pre-recruitment checks involving your qualifications)
- Providing or obtaining employee references and for background screening
- Evaluating and assessing your suitability for the position applied for
- Any other purposes reasonably related to any of the above.
Where permitted under the Act, GCC may also collect, use and disclose your Personal
Data as follows:
- Providing cross-referrals to other members of the GCC
- Conducting analytics with regard to services which you might be interested in
- administering contests, lucky draws and competitions;o organising promotional events and corporate social
responsibility projects (including but not limited to taking pictures and recording your video/audio
feedback and testimony in relation thereto)
- Providing services, products and benefits to you, including promotions, loyalty and reward programmes
- Matching Personal Data with other data collected for other purposes and from other sources (including third
parties) in connection with the provision or offering of services, whether by GCC or other third parties
- Sending you details of products, services, special offers and rewards, either to our customers generally, or
which we have identified may be of interest to you (including but not limited to cross selling and
telemarketing)
- Conducting market research, understanding and determining customer location, preferences and demographics
for us to review, develop and improve our products, services and also develop special offers and marketing
programmes.
If you have provided your Singapore telephone number(s) and have indicated that you
consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time
to time, GCC may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or
other means) with information about our products and services (including discounts and special offers).
In relation to particular products or services or in your interactions with us, we
may also have specifically notified you of other purposes for which we collect, use or disclose your Personal
Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless
we have specifically notified you otherwise.
You have a choice to withdraw your consent for receiving marketing or promotional
materials / communication. You may contact us using the contact details found below.
Please be aware that once we receive confirmation that you wish to withdraw your
consent for marketing or promotional materials/communication, we will require some time to process your
withdrawal request. During this period of time you may still receive marketing or promotional
materials/communication. Please note that even if you withdraw your consent for the receipt of marketing or
promotional materials, we may still contact you for other purposes in relation to the accounts, facilities or
services that you hold or have subscribed to with GCC.
5.To whom do we disclose your Personal Data?
Your Personal Data held by us shall be kept confidential. However, in order to
provide you with effective and continuous products and services, and for the purposes listed above (where
applicable), your Personal Data may be disclosed to the following parties:
- Entities within GCC including our head office and any of its branches, representatives offices,subsidiaries,
related corporations and affiliates
- Agents, contractors or third party service providers who provide operational services to GCC, such as
courier services, telecommunications, information technology, payment, payroll, processing, training,
survey, market research, storage, archival or other services to GCC;o vendors and other third party service
providers in connection with promotions, online campaigns, products and services offered by GCC
- Credit bureaus and credit reporting agencies
- Any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset
transactions (which may extend to any merger, acquisition or asset sale)
- Other financial institutions, banks and their respective service providers
- Our professional advisers such as financial advisors, auditors and lawyers
- Relevant regulatory bodies, government agencies, statutory boards, administrative bodies, authorities or law
enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes to which GCC may
be subject, whether situated locally or overseas
- Counterparties, billing organisations and their respective banks or our distribution agents in relation to
fund transfers, and payments
- Any other party to whom you authorise us to disclose your Personal Data to.
6.How do we protect your data?
Employee access is only limited to authorised employees who are fully trained in
handling your information. These authorised personnel are required to ensure the confidentiality of your
information and to respect your privacy at all times. Employees who have access to your information will be
subjected to disciplinary action should they fail to observe this Data Protection Policy and other guidelines,
codes or policies which we may issue to them from time to time.
If we disclose any of your Personal Data to our authorised agents or service
providers, we will require them to appropriately safeguard the Personal Data provided to them.
7.How long may we retain your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the
purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements.
8.Changes to this Data Protection Policy
Please note that we may update this Data Protection Policy from time to time to
ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any
changes in legal or regulatory requirements. If there are material changes to this Data Protection Policy, we
will notify you by posting a notice of such changes on our website or by sending you a notification directly. Do
periodically review this Data Protection Policy to stay informed on how we are protecting and managing your
information.
Subject to your rights at law, you agree to be bound by the prevailing terms of the
Data Protection Policy.
This Data Protection Policy was last updated in April 2015.
9.Access and correction of your Personal Data
You should ensure that all Personal Data submitted to us is complete, accurate,
true and correct. Failure on your part to do so may result in our inability to provide you with products and
services you have requested / applied for.
We are committed to ensure that the Personal Data we hold about you is accurate,
complete, and up-todate. If there are any changes to your Personal Data or if you believe that the Personal Data
we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact us so that we may take
steps to update your Personal Data.
You have the right to access your Personal Data. If you would like to request
access to your Personal Data, please contact us. Please note that depending on the information requested we may
charge a small fee. We may also take steps to verify your identity before fulfilling your request for access to
your Personal Data.
10.How can you contact us?
If you need to contact us, you may visit our branch, call our Data Protection
Officer on (65) 6836 2011 or (65) 6294 7081 (Overseas) or visit us at
GCC Exchange Pte Ltd
111 North Bridge Road,
#06-14/15/16,
Peninsula Plaza S(179098)
Alternatively, you may also write to our Data Protection Officer as follows:
GCC Exchange Pte Ltd
111 North Bridge Road,
#06-14/15/16,
Peninsula Plaza S(179098)
Effective date: 1st July 2017