PRIVACY POLICY

  1. Overview

1.1 We, ALEVATE TRAINING SINGAPORE PTE. LTD. (the “Company”, “we”, “us”, or “our”) are committed to ensuring the safety and security of Personal Data (as defined below) of the users of this website (https://royphay.com/) (“Website”) and/or of the services (“Services”) provided via this Website (“Users” or “you”).

1.2 We only collect such Personal Data (as defined below) that is necessary to provide you with the Services or to facilitate your use of this Website, understand your needs and serve you better as a whole.

1.3 The purpose of this privacy policy (as updated from time to time) (this “Policy”) is to inform you as to how we manage, collect, use, and disclose Personal Data. In Singapore, such activities are subject to the Personal Data Protection Act 2012 of Singapore (the “PDPA”). We conduct our business in compliance with the PDPA and have implemented various measures to ensure that any and all Personal Data remains safe and secure.

1.4 By using the Website and/or our Services, interacting with us, submitting information to us, or taking any other action indicating your intent to do so, you agree and consent to the Company [and its affiliates, other related persons/agents/representatives/service providers (whether overseas or otherwise)] collecting, using and disclosing your Personal Data (as defined below) in the manner set forth in this Policy.

1.5 For the avoidance of doubt, you shall be deemed to have complied with all applicable laws by agreeing to be bound by this Policy through your use of the Website and/or our Services.

 

  1. Personal Data

2.1 In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time, both directly and indirectly through an electronic and a non-electronic system.

2.2 Personal Data may include information such as your name, date of birth, residential address, telephone number, and contact information.

 

  1. Collection of Personal Data

3.1 We may collect Personal Data from or about you as may be necessary for the Purposes (as defined below) including your name, identification number, email address, contact number, date of birth, and any other Personal Data necessary for us to provide the Services. For the avoidance of doubt, we will not collect or retain any User’s payment information which includes but is not limited to a User’s credit or debit card number, bank account details, and/or billing address.

3.2 Typically, we collect User’s Personal Data when:

(a) Users register for the Services [and/or create an account on the Website];

(b) verifying and/or authenticating each User’s identity;

(c) Users submit any forms relating to the Services to us;

(d) Users access and/or use our Services;

(e) the Company receives, responds to, handles, and/or processes queries, requests, applications, complaints and feedback from Users;

(f) Users contact us with enquiries, complaints, or requests for assistance; or

(g) any other incidental business or transaction related to or in connection with our Services and/or the use of our Website. 

3.3 Apart from collecting such Personal Data directly from you, we may also collect Personal Data in other ways (e.g. using automated technology such as click-stream data, cookies, flash cookies, web beacons and tracking links) and from third parties (e.g. your use of third party websites and applications that interact with our Website) or from publicly available sources.

3.4 [Please note that our Website and/or any applications related or in connection to our Website and/or Services may offer location-enabled services. If Users access and/or use any such related application, they may receive information about such Users’ actual locations (such as GPS signals sent the relevant User’s device) or information that can be used to approximate a location. Users will always be asked if the location-enabled service may be activated and Users may also withdraw their consent to such location-enabled service within the Website or related applications.]

3.5 For the avoidance of doubt, if any applicable laws (including the PDPA) permits the collection of any User’s Personal Data without such User’s consent, such permission granted by the laws shall continue to apply.

 

  1. Use of Personal Data

4.1 We may use, disclose, and/or process each User’s Personal Data for any or all of the following purposes:

(a) providing our Services;

(b) verifying and/or authenticating each User’s identity;

(c) internal data analytics;

(d) internal audits and research;

(e) improving or enhancing our Website and/or Services;

(f) security and risk management;

(g) identifying or investigating Users who violate the terms of use of our Website and/or Services;

(h) investigating and/or answering any inquiries or complaints from Users; 

(i) complying with legal and regulatory requirements (including providing assistance to law enforcement, judicial, regulatory or other government agencies and statutory bodies);

(j) for marketing and advertising, and in this regard, to send to each User by various modes of communication marketing and promotional information and materials relating to products and/or services (including, without limitation, products and/or services of third parties) that the Company may be marketing or promoting, whether such products or services exist now or are created in the future;

(k) other work and business related requirements;

(l) any other purpose which we notify you at the time of obtaining your consent; and

(m) for any other purpose reasonably related to the purposes listed at paragraphs 4.1(a) to (l) above,

(collectively, the “Purposes” and each, a “Purpose”).

4.2 We will not use any Personal Data for purposes which we are not permitted to or required under the PDPA or any other applicable laws and regulations.

4.3 Notwithstanding the above, we may collect any Personal Data without your consent provided that it is in accordance with any applicable laws, including but not limited to the PDPA. 

 

  1. Disclosure of Personal Data

5.1 We will not disclose Personal Data to any third party without obtaining the prior consent of the relevant User(s) save for the cases below and/or where such provision is permitted by the PDPA or other applicable laws and regulations:

(a) to our partners, vendors, agents, contractors, or third party service providers who provide services to the Company including but not limited to verification and authentication services;

(b) our partners, licensors, vendors, agents, contractors or third party service providers who provide operational services to the Company including but not limited to courier services, telecommunications, IT, payment, printing, billing, payroll processing, technical services, training, market research, call centre, security or other such services;

(c) our partners, licensees, agents, contractors, or third party service providers who provide operational services for and on behalf of the Company;

(d) to companies or persons affiliated with the Company, and such affiliates may in turn disclose your Personal Data to third-party service providers engaged by such affiliates (i) to store your Personal Data for us and/or our affiliates, and/or (ii) in connection with, or which is necessary for, the provision of the Services and/or the use of this Website;

(d) in the event of an actual or prospective business asset transaction (such as any merger, acquisition or asset sale), any business partner, investor, assignee, or transferee for the purposes of facilitating such a transaction;

(e) any relevant government regulators, statutory boards or authorities or law enforcement agencies as required by any laws, rules, guidelines and regulations or schemes imposed by any government to bodies and authorities; and

(f) any other persons to whom disclosure is reasonable for the Purposes.

5.2 Personal Data is disclosed to the above only for the Purposes or to protect the individual’s interests.

5.3 In exceptional circumstances, we may be required to disclose Personal Data, where there are grounds to believe that disclosure is necessary including but not limited to preventing a threat to life, health, or property of a person, or for law enforcement purposes.

5.4 In some cases, we may encrypt, anonymise, and aggregate Personal Data before disclosing it. “Anonymising” means stripping the information of personally identifiable features and “aggregating” means presenting the information in groups or segments (e.g. age groups).

 

  1. Accuracy and Updating of Personal Data

6.1 We will strive to keep Personal Data accurate.

6.2 Each User represents that all Personal Data (including any Personal Data relating to a third party) submitted to us is complete, accurate, true, correct and not misleading. If you fail to do so, you acknowledge that such failure may result in our inability to provide you with, or delay our provision of, the Services or your use of the Website and we shall not be liable for any damage, loss, cost, and/or expense you incur in connection thereto.

6.3 Further, when you provide us with any Personal Data relating to a third party (including your spouse, children, parents and/or employees), you represent to us that you have obtained the consent of such third party to provide us with their Personal Data unless otherwise provided in the PDPA.

6.4 If there is any Personal Data relating to a User and that User is unable to update or wishes to make corrections to such Personal Data, that User may contact our Data Protection Officer (whose contact details are set out below) and we will be happy to help you as best as we can.

 

  1. Access to Personal Data 

7.1 If you wish to access the Personal Data that we have relating to you, inquire about the way in which Personal Data relating to you has been used or disclosed by the Company in the past year, or wish to withdraw your consent to our use of such Personal Data, you may contact our Data Protection Officer (whose contact details are set out below) and we will seek to attend to your request as best as we reasonably can. Please note that:

(a) in order for us to provide any Personal Data we will need to verify your identity and may request further information about your request;

(b) we may refuse access to your Personal Data if it would affect the privacy rights of other persons or if it breaches any confidentiality that attaches to that information;

(c) we may also refuse your request where we are legally permitted to do so and give you such reasons;

(d) you should be aware that we may take a reasonable time to process your application for access as we may need to retrieve information from storage and review the information to determine what information may be provided; and

(e) we may have to charge you a reasonable administrative fee for retrieving Personal Data relating to you.

7.2 For the avoidance of doubt, if we refuse to grant you access to your Personal Data, we shall preserve a complete and accurate copy of the Personal Data for a period of 30 days after the date which we notify you of our refusal to do so.

 

  1. Protection of Personal Data

8.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, loss, copying, alteration, modification, disposal or similar risks, we have implemented the following appropriate administrative, physical and technical measures: 

(a) Minimised collection of Personal Data;

(b) Authentication and access controls (e.g. good password practices, need-to-basis for data disclosure, etc.);

(c) Encryption of data and data anonymisation;

(d) Up-to-date antivirus protection;

(e) [Usage of one time password/2 factor authentication/multi-factor authentication to secure access];

(f) Regular security reviews and testing; and

(g) Other security measures that the Company deems appropriate from time to time or is required by law.

8.2 While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, please note that we will not be held liable or responsible for any loss, misuse or alteration of Personal Data that may be caused by third parties.

 

  1. Retention of Personal Data

9.1 We will retain Personal Data only for as long as the retention of the Personal Data continues to serve any Purpose and there is a business or legal need.

9.2 In the event that retention of Personal Data is no longer necessary for any business or legal purposes or when the purpose for which the Personal Data was collected is no longer being served by the retention of the Personal Data, we will remove, destroy or anonymise the Personal Data.

 

  1. Transfer of Personal Data Outside Singapore

In the event that we transfer Personal Data overseas, we will ensure that the recipient overseas organisations will provide a standard of protection to Personal Data so transferred that is comparable to the protection under the PDPA. 

 

  1. Breach of Personal Data

In the event of a data breach of the users’ Personal Data (“Breach”), we will promptly conduct an assessment of whether the Breach is notifiable to the Personal Data Protection Commission (“PDPC”) in accordance with the PDPA. If the Breach is notifiable to the PDPC, we will also notify the relevant parties of the occurrence of the Breach in accordance with the PDPA.

 

  1. Disclosure of Personal Data and Complaint Procedures

If you believe that we have breached this Policy, or any other applicable privacy or data protection laws or regulations which may apply to the Company, you should make a complaint to the Company in the first instance. You should address your complaint in writing to our Data Protection Officer (whose contact is set out below), and you should include as much detail as you can about the Personal Data affected, and the circumstances that you believe amount to a breach of this Policy or the applicable privacy or data protection law or regulation.

 

  1. Data Portability

In the event that you wish to transfer any of your Personal Data that is in our possession or control to another organization, please submit a request in writing to our Data Protection Officer (whose details are set out below) and we will assist as best as we can to transmit such Personal Data to the other organization in a commonly used machine-readable format.

 

  1. Data Protection Officer

14.1 We have designated a Data Protection Officer to be responsible for ensuring that we comply with the PDPA. Please contact our Data Protection Officer at the following email address support@royphay.com.

14.2 If you have any questions about our Policy or concerns about our commitment to your privacy, please feel free to email or write to the Data Protection Officer.

 

  1. Changes to the Policy

We reserve the right to modify and update this Policy at any time to ensure that it is consistent with industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our Website.

 

Effective Date: 12 December 2022

Last updated: 12 December 2022