Privacy Policy
Updated on: June 2024
1. PURPOSE
The following is the privacy notice statement (“Privacy Policy”) of FIDTECH INNOVATIONS PTE. LTD. (UEN 202439716E), and its subsidiaries, affiliates and related corporations (“rootPe”, “ROOTPE”, “RootPE”, https://rootpe.com , “we”, “us”, or “our”).
We recognise the importance of safeguarding your personal data and take our responsibility to properly manage, protect and process your personal data under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”).
2. SCOPE
This Privacy Policy explains how we collect, use, disclose or process your personal data through interactions with our services, websites, applications, programmes, servers, software including the following properties which are owned or operated by us: (i) any websites owned and operated by us, including https://rootpe.com, and the associated applications and services (the “Sites”); (ii) any official social media channels created by us on any social media platforms (including but not limited to Facebook, Instagram, LinkedIn, YouTube and Twitter (the “Channels”); (iii) all associated service offerings, and (iv) all other properties which reference this Privacy Policy in a link or otherwise (collectively, the “Services”). This Privacy Policy applies to all our interactions with you as well as other of the Services that has a reference or link to this Privacy Policy.
Please read this Privacy Policy carefully and should you have any queries about how we may manage, protect or process your personal data, please do not hesitate to contact us through our contact us page. This Privacy Policy is governed by the laws of Singapore. By accessing or using our Services, you are deemed to have consented to the terms of this Privacy Policy and our Terms of Use and this agreement supersedes any other agreement that we might have with you concerning the use of your personal data. Certain features of the Sites and Channels may require the provision of your personal data, and where you do not provide such requested information, we may not be able to provide you with the Services.
While we do not intend to collect any personal data about individuals under the age of 18, we cannot stop such individuals from accessing and visiting the Sites and Channels. Where you are below 18 years of age (or the applicable age required for you to legally access or use the Services), the rights to consent, access and correction can only be granted by your parents or guardians. Where you are a parent or guardian of such individual, by providing us with personal data of the individual under the age of 18, you hereby consent to the processing of his/her personal data in accordance with applicable laws and agree to be personally bound by the terms of this Privacy Policy and take full responsibility for his/her actions in relation to the Sites and Channels.
rootPe is a controller of the personal data collected from you through the Sites and/or during the process of the registration as a User of the Services.
Please notify us and stop using our Services immediately if you do not consent to this Privacy Policy.
- DATA SUBJECTS
Individuals accessing the Sites or who are registering to use the services on the Sites and who voluntarily provide personal data to us (“you” or “your”) are covered by this Privacy Policy.
- ROOTPE PRIVACY PRINCIPLES
Your privacy matters to us. Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we shall maintain the following privacy principles:
- we will first obtain your consent to collect, use, or disclose your personal data;
- we only collect personal data that we believe to be relevant and necessary, in order to help us conduct our business;
- we use your personal data to provide you with better customer services and products;
- where your consent has been provided, your personal data may be transferred to third parties, or other authorised third parties, as may be advised to you, either within or outside Singapore, and as permitted by law. Any contracts with these third parties will include the necessary provisions to safeguard the personal data that is being transferred to them in accordance with the PDPA;
- we may be required from time to time to disclose your personal data to governmental or judicial bodies or agencies or our regulators, if required to do so by law;
- we shall take reasonable measures to ensure that your personal data in our possession or control is accurate and up to date;
- we protect the personal data in our possession or under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of such data.
By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.
- PURPOSE FOR COLLECTION, USE, DISCLOSURE & PROCESSING OF PERSONAL DATA
From time to time, it may be necessary for you to supply us your personal data in connection with the opening of, or continuation of, accounts and the establishment or continuation of facilities or provision or continuation of any of our services. Failure to supply such personal data may result in our inability to open or continue accounts or establish or continue facilities or provide services to you.
We may also collect personal data in the ordinary course of continuing our business relationship, for example, when you avail any of our Services.
We, or authorized third parties, may use your personal data for any one of the following purposes:
- facilitating our provision of the Services;
- communicating with you about changes in our Services and administrative information;
- monitoring and analysing how you and other users use our Services;
- improving and building features and services you or other users may want;
- minimizing fraud and abuse of our Services;
- conducting checks at the time of your application for our products;
- marketing services, promotional materials, or other services or products for which we may or may not be remunerated;
- complying with the obligations, requirements or arrangements for disclosing and using data that apply to us including:
- any law binding or applying to us existing currently and as may be amended, from time to time;
- any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers existing currently and in the future that apply to us; or
- any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on us by reason of our financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations.
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within our intragroup companies, subsidiaries, or affiliates, and any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; or
- other reasonable uses related to providing, maintaining, and improving our Services.
We may further rely on the “legitimate interests” exception under the PDPA (and similar exceptions under other applicable laws) to collect, use and disclose personal data without your consent for the following purposes:
- detecting and preventing fraud and misuse of our Services,
- improving, enhancing or developing new services,
- improving, enhancing or developing new methods or processes for operations,
- learning or understanding your behaviour and preferences in relation to our provision of services,
- conducting analyses of customer preferences, profile of customers and implementing customer segmentation strategy.
- WHAT KIND OF PERSONAL DATA DO WE COLLECT AND RESERVE?
The types of personal data that we collect, and share depend on the nature of the Services you seek from us. It includes, but is not limited to:
- contact and personal data: your first name, surname, email address and mobile phone number;
- other information: IP address;
- details of visits to website, app and use of our Sites;
- for the purpose of direct marketing: name, surname, telephone no., e-mail address, location, IP address;
- for statistical, analytical and our services improvement purposes, we can use anonymized and aggregated datasets, which can be used not limited to modelling, reporting and analytics;
- IMPORTANT CONTROLS EMPLOYED BY ROOTPE FOR PROTECTION OF PERSONAL DATA
Personal data in our possession and under our control shall be kept confidential and private. We shall take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal data.
We have designed policies and procedures to protect both your confidentiality and the security of your information, including your non-public personal data. We store and process your personal data using internal/third party servers such as Google Cloud Platform, Amazon Web Service and Mailchimp. Additionally, rootPe uses firewalls and data encryption.
Despite rootPe’s efforts to keep your information secure, we cannot guarantee the security of your information. As a result, we strongly encourage you to take action to protect your personal data and any device you use to access our Services. In the unlikely event that we come to learn that either our system or your account specifically has suffered a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps, by email, text message, phone call, a notice on our website, or any other way, depending on the requirements of applicable law.
- SHARING YOUR PERSONAL DATA WITH THIRD PARTIES AND INTERNATIONAL TRANSFERS
- rootPe may provide such personal data for the purposes set out in paragraph 6 to the following third parties including, but not limited to:
- our subsidiaries, affiliates, related corporations, service providers, or regulatory authorities or other authorised third parties;
- any agent, contractor or third-party service provider who provides administrative, telecommunications, computer or other services to it in connection with the operation of its business;
- any other person or entity under a duty of confidentiality which has to be in line with their nature of function on a need to know basis;
- any person or entity to whom we are obliged or otherwise required to make disclosure under the requirements of any law binding on or applying to our relevant group company, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which our relevant group company is expected to comply, or any disclosure pursuant to any contractual or other commitment of our relevant group company with local or foreign legal, regulatory, govern- mental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be existing currently and in the future applying to itself or its subsidiaries; or
- any other person or entity who had established or proposes to establish any business relationship with it or recipient of the data.
- Such third parties processing your personal data either on our behalf or otherwise may be located in a different country from the point of collection of your personal data (e.g., transfer to servers located outside of the country you are accessing the Services from), or may have multiple physical locations and backups (e.g., cloud based services). We have carefully selected these third parties and taken steps to ensure that when we share your personal data with them, it is adequately protected. All of our service providers are bound by written contract to process personal data provided to them only for the purpose of providing the specific service to us and to maintain appropriate security measures to protect your personal data.
- Where your personal data must be shared with third parties in circumstances that are not reasonably contemplated within the normal course of our dealings with you, we would usually first seek your consent unless the disclosure:
- is required or authorised based on the applicable laws and/or regulations;
- is clearly in your interests, and if consent cannot be obtained in a timely way;
- is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- is necessary for any investigation or proceedings;
- is required by a law enforcement agency;
- is to a public agency and necessary in the public interest; and/or
- where such disclosure without your consent is permitted by law.
- Where we disclose your personal data to third parties, we will employ our best efforts to require such third parties to protect your personal data.
- By using our Services, you agree that the transfer of your personal data to various countries is reasonably necessary for us to provide you with these Services.
- RIGHTS IN RELATION TO YOUR PERSONAL DATA
- Under the PDPA, you may, by a written request to us, ascertain whether the information we hold about you is accurate and current, and you may also access and correct your personal data. Details of such rights are set out as follows.
- Right to access and/or to correction of personal data. You may request access to or correct the personal data held by us by submitting a written request at any time.
- We may require further information from you to verify your identity as well as the nature of your request, to deal with your request. Handling and processing fees may be payable before we can proceed with your request.
- Once we have sufficient information to deal with your request, we will seek to provide you with the relevant personal data or information within thirty (30) days of your request, unless otherwise stated.
- There are certain circumstances in which we will decline to comply with your request under paragraph 9.2 these include (to the extent allowable under applicable law) situations where:
- a government agency in Singapore or regulator with jurisdiction over us direct us not to comply with a customer’s request;
- the information may, in our discretion, affect the safety of any person or persons; and
- the data may be relevant to a regulator or official investigators as part of an investigation into criminal conduct or breach of applicable laws.
- Withdrawal of consent to use your personal data. Should you wish to withdraw your consent to our use of your personal data, please stop using the Services immediately and notify us in writing through our contact us page to inform us that you wish for us to stop collecting, using or sharing your personal data and we will process your request within a reasonable time from such a request. You may also elect to withdraw your consent to the use of your personal data for a specific purpose, so please ensure that your notification contains sufficient and specific information to enable us to comply with your request.
- However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us.
- RETENTION, ADMINISTRATION & MANAGEMENT OF PERSONAL DATA
- We will take reasonable efforts to ensure that your personal data is accurate and complete, based on the information that you have provided us with. Please ensure that all information provided to us is up to date and keep us informed of any relevant changes.
- We value your privacy and have security arrangements to ensure that your personal data is adequately protected and secured. We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that: (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes. Otherwise, personal data collected by us is generally only retained for as long as it is reasonably necessary for the purpose for which the data provided and we may destroy or delete any information or personal data provided by you thereafter, unless required by law, regulation or other business or audit requirements.
- COMPLAINTS PROCESS
If you do not consent to any of the terms of this Privacy Policy, our use of your personal data or have any complaint or grievance regarding about how we handle your personal data, we welcome you to contact us with further details through our contact us page of the website.
- UPDATES ON DATA PROTECTION NOTICE
As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes and may update, at our absolute discretion, update the terms of this Privacy Policy from time to time.
You are encouraged to visit the above Sites from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
If you do not consent to any of the terms of this Privacy Policy, our use of your personal data or have any complaint or grievance regarding about how we handle your personal data, we welcome you to contact us with further details through our contact us page.