The terms “we”, and “our” in this Policy refer to Mercatus, and/or any affiliated organisation which has adopted this Policy, as appropriate.
1.2 Application. Mercatus and each affiliated organisation have different channels of collecting personal data, but each are committed to complying with this Policy in its collection, use and disclosure of personal data, to ensure that there is accountability and uniformity in the way we protect your personal data. Although this Policy is in common use by Mercatus and the affiliated organisations, each is responsible to you to the extent of its own collection, use and disclosure of your personal data, and its own actions.
1.3 Compliance with this Policy. This Policy applies to all personal data you provide to us, or that we may collect about you. Please do not provide any personal data to us if you do not accept this Policy.
We may also require you to accept this Policy when you contact, interact, transact or deal with us, or when you access and use our websites, applications or services. If you notify us that you do not accept this Policy, we may not be able to establish a relationship with you or be able to service your requests.
1.4 Concerns and Contacting Us. If you have any feedback or issues in relation to your personal data, or about this Policy, or wish to make a complaint to us, you may contact our Data Protection Officer whose contact details are set out below.
Data Protection Officer
Email address: DPO@mercatus.com.sg
1.5 Amendment to this Policy. We may amend this Policy from time to time without notice to you, to comply with applicable laws or as we update our data usage and handling processes. The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. The amended Policy will take effect when made available at https://corp.mercatus.com.sg/privacy-policy/
2. Personal Data
2.1 What personal data we collect. The Personal data we collect depends on the purposes for which we require the personal data and what you have chosen to provide. This may include your name, address, contact information (e.g. telephone number and email address), photograph, video image and any other information that may identify you or is personal to you.
2.2 How we collect personal data. We collect personal data relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, including when:
Depending on your relationship with us, we may also collect your personal data from third parties, including:
Our website and applications may also contain or involve certain technologies that automate the collection of data (including personal data). These technologies include cookies, web beacons and web analytics. If you do not wish to have your data collected through such technologies you may disable the operation of these technologies on your devices (where possible), or you may refrain from using our websites and applications.
2.3 Voluntary provision of personal data. Your provision of personal data to us is voluntary and you have the right to withdraw your consent for us to use your personal data at any time by contacting and submitting a request to us. Your withdrawal will take effect after your request is processed. However, if you choose not to provide us with the personal data we require, it may not be possible for us to fulfill the purposes for which we require the personal data, including providing products and services which you need from us.
2.4 Providing personal data belonging to others. In certain circumstances, you may also provide the personal data of persons other than yourself (including your family members). If you do so, you are responsible for informing him / her of the purposes for which we require his/her personal data and warrant that you are validly acting on behalf of him/her to consent to our collection, use and disclosure of his / her personal data.
2.5 Accuracy and Completeness of personal data. You must ensure that all personal data that you provide is true, accurate and complete and promptly inform us of any changes to the personal data.
2.6 Minor. If you are a child, minor or not of legal age, please inform and seek the consent of your parent or guardian, before you provide your personal data to us. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us to request for the erasure of their personal data.
3. Purposes and Consent
3.1 We collect, use and disclose your personal data where:
3.2 General purposes. Generally, we collect, use and disclose your personal data for purposes connected or relevant to our business, including:
3.3 Marketing purposes. Where you give us consent, we collect, use and disclose your personal data for purposes of:
3.4 Previous Consent. You agree that any consent granted by you in respect of any of the above purpose(s) does not supersede any previous consent you may have given to any organisation or entity in the Mercatus Group and is in addition to any rights which the Mercatus Group may have at law to collect, use, disclose and/or process your personal data.
3.5 Legitimate business interests. Our legitimate business interests include:
3.6 Purposes involving NTUC Social Enterprise Group. For administrative efficiencies and to allow Mercatus to better serve your needs, your personal data will also be collected, used and disclosed to an organisation within the NTUC Social Enterprise Group for the following purposes:
3.7 Use permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.
3.8 Contacting you. When using your personal data to contact you for the above purposes, we may contact you via email, WhatsApp, SMS, pop-up notifications (when you are using our applications), or any other means.
We will not contact you for marketing purposes unless with your consent, or we are exempted by applicable law from having to obtain consent. When contacting you for marketing purposes, we will not contact you through your telephone number, unless you have specifically consented to such a mode of communication. If you do not wish to receive any communication or information from us or wish to restrict the manner by which we may contact or send you information, you may contact us to do so.
4. Disclosure of Personal Data
4.1 Disclosure to NTUC Social Enterprise Group. We may disclose or share your personal data with the NTUC Social Enterprise Group for the purposes described in paragraph 3.2, 3.3, 3.4 and 3.6.
4.2 Other Disclosures. We may also disclose or share your personal data in connection with the purposes described in paragraphs 3.2, 3.3 and 3.5 above, including to the following parties:
When disclosing personal data to third parties, we will (where appropriate and required by applicable law) enter into contracts with these third parties to protect your personal data in a manner that is consistent with applicable laws and/or ensure that they only process your personal data in accordance with our instructions.
5. Cross-Jurisdiction Transfers of Personal Data
5.1 Safeguards. We may transfer your personal data out of Singapore for the purposes set out in paragraph 3 above. When transferring personal data outside Singapore, we will require recipients of the personal data to protect personal data at a standard comparable to that under the laws of Singapore. For example, we may enter into legally enforceable agreements with the recipients to ensure that they protect your personal data. You may obtain details of these safeguards by contacting us.
6. Protection of Personal Data
6.1 Period of retention. We keep your personal data only for so long as we need the data to fulfill the purposes we collected it for and to satisfy our business and legal purposes, including audit, accounting or reporting requirements. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Certain information may also be retained for longer, e.g. where we are required to do so by law. Typically, our data retention period is from 6 years upwards, depending on the limitation period.
6.2 Anonymised data. In some circumstances, we may anonymise your personal data so that it no longer identifies you, in which case we are entitled to retain and use such anonymised data without restriction, including for data analytics.
6.3 Unauthorised access and vulnerabilities. While we take reasonable precautions to safeguard your personal data in our possession or under our control, we cannot be held responsible for unauthorized or unintended access that is beyond our control, including hacking or cybercrimes. We also do not guarantee that our websites and applications are invulnerable to security breaches, or that your use of our websites and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities.
7. Your Rights
7.1 You enjoy certain rights at law in relation to your personal data that we hold or control. These rights include:
7.2 Exercising your rights. If you wish to exercise your rights, you may contact us to do so (see paragraph 1.4 above for contact details). We may require that you submit certain forms or provide certain information to process your request. Where permitted by law, we may charge you a fee to process your request. We may also be permitted under applicable laws to refuse a request.
7.3 Limitations. We may be permitted under applicable laws to refuse your request to exercise your rights, for example, we may refuse (a) a request for erasure where the personal data is required for in connection with claims; or (b) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.