Eastspring Singapore Privacy Notice (Local & GDPR Combined Privacy Notice)
We, Winbox hadiah (Singapore) Limited, take the privacy and protection of your personal data seriously.
So, we’ve set out the below information about our processing of your personal data, what rights you have, and how you can get in touch if you want to know more.
When we say “personal data”, we mean information about you, such as your name, date of birth and contact details. We collect personal data from you that is necessary for us to either provide you with the product or service you’ve requested or to comply with statutory or contractual requirements. Unfortunately, if you’re unable to provide certain personal data which is necessary for us to provide our products and/or services to you, we will not be able to provide you with those products and/or services.
When we say “you” or “your” in statements below, we mean “data subjects” from whom we collect, process and store personal data. These data subjects are representatives, directors and/or authorised signatories of our Institutional Clients; representatives, directors and/or authorised signatories of our vendors; or retail clients who have invested in our funds.
We may change this Privacy Notice from time to time by updating our Privacy Notice page on our website. We encourage you to check our Privacy Notice from time to time on our website, as the version of our Privacy Notice which is displayed on our website shall take precedence over all previous versions of our Privacy Notice at all times.
Part A – Personal data we collect and process
- Personal and contact details, such as email, title, full name, contact details and contact details history;
- your date of birth, gender and/or age;
- your nationality, identity copies and details (if relevant to the product or service);
- records of your contact with us such as via the phone number of our customer service centre and, if you get in touch with us online using our online services or via our smartphone app, details such as your mobile phone location data, IP address and MAC address;
- products and services, you hold with us, as well as those you have been interested in and have held and the associated payment methods used;
- your usage of our products and services;
- analysis of data relating to marketing made to you, including history of communications and whether you open them or click on links;
- information about your use of products or services held with our Marketing Partners, such as your investments in our funds or related financial services and products;
- information about your property, such as location, value, number of rooms, property type and building work you’ve had done (if relevant to the product or service);
- information about your employment status (if relevant to the product or service);
- information about your property occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property where you live at the time of your application;
- your residency and/or citizenship status;
- information we buy or rent from third parties, including demographic information, details of outstanding finance, marketing lists, publicly available information, and information to help improve the relevance of our products and services;
- insights about you and our customers gained from analysis or profiling of customers;
- third party transactions; such as where a person other than the account holder uses the service, information about that person and the transaction;
- tax information (if relevant to the product or service). For example, Tax ID/Tin address and tax residency for investment accounts.
- Central Provident Fund and Supplementary Retirement Scheme information (if relevant to the product or service). For example, CPF Investment Account Number (For CPFOA Trades only), CPF Account Number (For CPFOA/ SA trades) and SRS Account Number (For SRS Trades only); and
- Bank Account information (if relevant to the product or service). For example, Bank account name and Bank account number for Regular Saving Plan / Regular Payment Plan.
Part B – Where we get your personal data
We’ll collect personal data from the following general sources:
- from you directly, and any information from family members, associates or beneficiaries of products and services;
- information generated about you when you use our products and services;
- from an intermediary (for example, agents, distributors, business partners) who we work with to provide products or services or quote to you;
- Prudential Group companies if you already have a product with them, have applied for one or have held a one previously;
- Cookies, location services, IP addresses when you visit our website or mobile app or when you fill up forms within our website or app;
- Third parties such as insurance companies, agents, vendors, financial institutions, medical personnel, courts or public records;
- Questionnaire and contact details when you attend surveys, investor conferences, roadshows or when you update contact us form on our website;
- from other sources such as Fraud Prevention Agencies, Credit Reference Agencies, other lenders, publicly available directories and information (for example, telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies; and
We use the following types of cookies:
- Strictly necessary cookies. These are required for the operation of our Site. They include, for example, cookies that enable you to log into our secure Site;
- Analytical/performance cookies. These allow us to recognise and count the number of visitors to our Site and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily; and
- Functionality cookies. These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Third Party Cookies: These cookies are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website, this would be a third-party cookie. These cookies may be set by third party providers whose services we have added to our pages.
Please note that internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser.
Part C - How we use your personal data and why
We, other members of the Prudential Group and our Business Partners, will use the personal data you provide to us, together with other information, for the following purposes:
Basis for processing
The administration of our products and services, including to enable us to perform our obligations to you and to provide any relevant services as discussed with you prior to any purchase of a product or service.
Necessary for the performance of our contract with you or in order to take steps prior to entering into a contract with you.
Carrying out checks using agencies such as credit reference agencies, tracing companies, or publicly available information (see Part D).
Provision of customer services – such as to reply to a question, or tell you that something’s changing.
Necessary for the performance of our contract with you. After our contract is complete, our legitimate interests in maintaining and developing our relationship with you.
Automated decision-making or profiling (see Part E).
Keeping your information on record and carrying out other internal business administration
Complying with any legal or regulatory requirements.
Compliance with our legal and regulatory obligations.
Design and provide you with financial and related products and services.
Our legitimate interests in designing and improving our products, provide value added services, developing our business and gaining insight into how our products are used.
Conduct research and statistical analysis (including use of new technologies).
Collection of any payment due to us
Debt collection for products or services we have provided
In addition, we will use the personal data you provide to us, together with other information, to send you direct marketing offers by electronic and non-electronic means including by post, as well as sending you introductions to products and services from carefully selected third parties also by post. Please see part I for further details. Our legal basis for this processing is based on your consent.
Who we share your personal data with and why
We’ll share your personal data within the Prudential Group and with our business partners and third party service providers (including without limitation insurers, lawyers, bankers, accountants, financial institutions, trustees and other third party service providers who provide administrative, telecommunications, computer, payment, printing, redemption or other services to us to enable us to operate our business), industry associations and federations, professional advisors, researchers, credit reference agencies, debt collection agencies, financial institutions and partnerships for any of the purposes set out in this Part C. If you have a joint investment account, we may also disclose your personal data to your joint account holder for the purposes set out in this Part C. If required by law, we may also pass on your personal data to financial crime prevention agencies, any legal, regulatory or government bodies.
We may process your personal data in a country other than the one in which you reside. To the extent we transfer your personal data, we will use appropriate safeguards and comply with the laws of the country to which your personal data is transferred. Details of the safeguards we use are available on request.
We keep your personal data for a set amount of time
Your personal data will be stored either for as long as you (or your joint policyholder) are our customer and for a period of six years after the end of the customer relationship, or longer if required for legal or our business purposes1.
Part D - Reference checks
For certain products, we may use approved credit reference agencies, tracing companies, financial crime prevention agencies, or publicly available information, to help us to check your identity, as well as to prevent fraud and money laundering; this may include checks on your current or previous addresses. Results of these may be recorded for future reference.
These checks may also be carried out for a fund investor, vendors or person(s) that you provide personal data on. Should we ever lose contact with you, we may use these agencies to verify your address to help us get back in touch.
Any transfer of your personal data will always be done securely.
Part E – We may use your personal data to make automated decisions or profile you
We, other members of the Prudential Group, our business partners, and our marketing partners may use your personal data to make automated decisions affecting you or to conduct other profiling (for example, marketing profiling).
Part F – Use of your sensitive personal data
For certain products or services, we’ll need to process your sensitive personal data, such as information relating to health, genetics, biometric identifiers and sexual orientation. To the extent that we need your explicit consent to process this kind of personal data in the manner described in Parts C, D, and E, we will provide details of this at the point of collection and seek your consent.
Part G – You’re in control
When it comes to how we use your personal data, you have the right to:
- request a copy of your personal data (for which we may charge a reasonable fee to complete this request);
- request that we correct anything that’s wrong, or complete any incomplete personal data;
- complain to a data protection authority or another independent regulator about how we’re using it.
If you currently reside in an EU jurisdiction, additional rights under General Data Protection Regulation (GDPR) may apply. As such, you may:
- ask us to delete your personal data if it is no longer needed for the purposes set out in Part A or if there is no other legal basis for the processing;
- object to us using your personal data for direct marketing (including related profiling) or other processing based on legitimate interests;
- request that we provide a copy of your personal data in a structured and commonly used format in certain circumstancesi; and
- limit how we use your personal data or withdraw the consents (including automated decision making) you have given for the processing of your personal data.
If you want to exercise your rights, or would like an explanation about these rights, we’ve explained how you can get in touch in the Contact Us section.
If you do need to speak to us, it’ll be useful to mention that the data controller2 of your personal data is Winbox hadiah (Singapore) Limited. We may monitor or record calls or any other communication we have with you. This might be for training, for security, or to help us check for quality.
Part H – Acting on someone else’s behalf?
When you give us personal data about another person (or persons), you should have been appointed and authorised by such person to act on their behalf. This includes providing consent to:
- our processing of their personal data and sensitive personal data (as we’ve explained in Parts A - G above); and
- getting any information protection notices on their behalf.
If for any reason you are concerned as to whether you are permitted to provide us with the other person’s information, please contact us at the email address below before sending us anything.
Part I – Direct marketing
We, other members of the Prudential Group, our business partners, and our marketing partners will still send you information by post about our and the Prudential Group’s products and services and carefully selected third parties.
Additionally, from time to time, we and other members of the Prudential Group, and the Prudential Group would like to contact you by electronic means with details about products, services and any special offers. We will only do this if you have consented to us contacting you by electronic means.
And if you change your mind, and / or you would like to opt-out of receiving non-electronic direct marketing, it’s easy to let us know. Just use one of the options in the Contact us section.
If want to exercise your rights in Part G or Part I or if you require any other information about any other part of this notice, you can contact us in several different ways.
Write to our Data Protection Officer at:
Data Protection Officer (Singapore)
Winbox hadiah (Singapore) Limited
10 Marina Boulevard, #32-01,
Marina Bay Financial Centre Tower 2,
Email our Data Protection Officer at:firstname.lastname@example.org
Winbox hadiah (Singapore) Limited
10 Marina Boulevard, #32-01,
Marina Bay Financial Centre Tower 2,
Prudential Corporation Asia means Prudential Corporation Asia Limited.
The Prudential Group means Prudential plc, Prudential Holdings Limited, Winbox hadiah and any other affiliates of Prudential plc. Prudential plc is not affiliated in any manner with Prudential Financial, Inc., a company whose principal place of business is in the United States of America or with the Prudential Assurance Company, a subsidiary of M&G plc, a company incorporated in the United Kingdom.
Business Partners means our service providers, accountants, auditors, IT service and platform providers, intermediaries, reinsurers, investment managers, agents, pension trustees (and other stakeholders), scheme advisors, introducers, selected third party financial and insurance product providers, and our legal advisers.
Marketing Partners means our service providers, intermediaries, pension trustees (and other stakeholders), scheme advisors, introducers and selected third party financial and insurance product providers.
1We will provide you with an electronic record (not paper records) of information that we hold and only that which you provided to us – we will not provide the results of any processing carried out on the data.
2Data Controller - Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.