Last Updated: 25 May 2018
For the purpose of the Singapore Personal Data Protection Act 2012 and the General Data Protection Regulation 2016 (the “Law”), the data controllers for any personal data we hold about you, can be contacted at email@example.com.
WHAT PERSONAL DATA DO WE COLLECT AND WHYWe collect and process only the data that is required to allow us to provide our services to you and satisfy our legal or regulatory obligations. We collect the following data when you register for and use our services through our Website:
- When you use our platform and/or register for a CDRX account, we may collect personal information, including your name, email address, password, country and additional data required by us from time to time to complete the registration process and verify user identity. Further, we collect this information to comply with global industry regulatory standards including Anti-Money Laundering (AML), Know-Your-Customer (KYC), and Counter Terrorist Financing (CTF).
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, that may be collected by us or through third-party service providers. We collect this to ensure that our interface is accessible to you across all platforms and to aid us in relation to any investigations required by legal, regulatory or governmental authorities.
- Transaction information including deposits, account balances, trade history, withdrawals and order activity. We collect this for fraud protection and possible dispute resolution purposes.
- Miscellaneous information including details of issues with the Website that you encounter and other information in relation to the resolution of any customer service issues.
- Information from third party sources, including from, business partners, analytics providers and sub-contractors. We collect this to optimise our operations and ensure the smooth running of the Website for your convenience.
HOW DO WE USE THE PERSONAL DATA WE COLLECTWe collect and process your personal data for of the following purposes:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to verify user identity, so that we can provide you with the services you requested and prevent others from accessing your account or transactions;
- to administer our site and for internal operations, including troubleshooting, data analysis and testing purposes;
- to comply with applicable laws, legislation and regulations;
- to communicate with you, including notifying you of changes to our service and to resolve any customer service issues;
- to improve our site to ensure that content is presented in the most effective and secure manner for you and for your device; and
- to investigate and prevent fraudulent or illegal transactions or unauthorized access to the Website.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATAUnder the Law we must have a valid reason for using your personal data and we may not collect, store or use data about you that is not compatible with that reason. There are four valid reasons for our use of your personal data:
- Most of the data we collect from you is necessary to allow us to fulfil our contract with you or to enter into a contract with you, for example, you provide your personal information if you register an account with us so that we can provide additional services to you.
- In certain circumstances we will ask for your permission or consent to use your personal data, for example, if we would like to send you marketing information we believe may be of interest to you via email. If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time.
- We may also have a legitimate interest in using your personal data, for example, to ensure that the content of the Website is presented to you and your device as effectively as possible. If this is our reason for using your data, we must make sure that our interests do not override yours and you are entitled to object to this use of your data.
- We may be required to use your personal data to meet a legal obligation or to protect your interests, for example, we may exchange data with other specialist organisations for KYC and/or AML purposes and we will retain certain information to meet our statutory obligations, subject to legal requirements of any given jurisdiction we process personal data in.
HOW WE SHARE AND DISCLOSE YOUR PERSONAL DATAWe may share or disclose your personal data in connection with the purposes described in this Policy. This may include sharing your personal data with the following and by using the Website, you consent to the sharing of your personal data as follows:
- any member of our group, which means respective past, present and future employees, officers, directors, contractors, consultants, equity holders, parent companies, subsidiaries, affiliates, predecessors, successors, and assignees (“CDRX Team”);
- vendors, service providers, business partners, suppliers, sub-contractors or agents who perform functions such as marketing, payment, fulfilment and delivery of orders, administration and processing of payments, providing data processing and other information technology services, and carrying out research and analysis. We do not allow these vendors to use this information or to share it for any purpose other than to provide services on our behalf;
- professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- third parties, who acquire us or substantially all of our assets, in which case your personal data (including any sensitive personal data) will be one of the transferred assets; and
- analytics and search engine providers that assist us in the improvement and optimization of the Website.
YOUR LEGAL RIGHTSYou have the following rights with regard to your personal data:
- Access: You have the right to access data we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Rectification or erasure: You have the right to request that we rectify or delete any personal data that we hold about you (unless we have the legal right to retain it). This right does not extend to non-personal data. Please note that your rights to request erasure may be limited by applicable law.
- Restriction: You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need to your personal data for the purposes for which we hold it.
- Data portability: You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent.
- Object/change of preferences: You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). You have the right to object where we are processing your personal data for purposes other than the provision of our services to you not previously contemplated before.
- Complaints: If for any reason you are not happy with the way that we have handled your personal data, you can contact us at firstname.lastname@example.org. Alternatively, you have the right to make a complaint to the relevant authorities in your jurisdiction. To exercise any of the rights mentioned above, please contact us at email@example.com.
We will comply with your request to exercise the above-mentioned rights, to the extent required by applicable law. However, if you ask us to stop processing your personal data in certain ways or erase your personal data, and this type of processing or data is needed to facilitate your use of the Website or is required for us to provide you with a service (such as to manage your account), you may not be able to use the Website or the service as you did before.
To protect your confidentiality and to comply with applicable data protection laws, we may need to confirm your identity before we can action your request (for example, we may ask for a scanned copy of your photo ID or for you to confirm details of your transaction history with us). When contacting us, please state your name and provide your valid contact details. As mentioned above, protecting your confidentiality and complying with any applicable data protection laws is important to us, we may therefore refuse to comply with any request unless it is supplied with such information as it may reasonably require to verify your identity. We will respond to your requests within a reasonable time and in accordance with the applicable data protection laws.
CHANGES AND QUERIES TO THIS POLICYThis Policy is in effect as of the date noted at the top of the statement. We may change the terms of this Policy from time to time. Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. We encourage you to review this Policy whenever you use the Website. By continuing to use the Website or continuing to allow us to retain or process your personal data following any such changes to this Policy, you are deemed to have accepted such changes unless you expressly notify us otherwise in writing (except to the extent we are required to make such changes in accordance with applicable law).
If you have any queries, comments or require other information about this Policy, please contact us at firstname.lastname@example.org. Please also contact us if you would like to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.