Privacy Policy | SBF CEFA

Welcome to the Centre for Enterprise Financing Advisory (CEFA) website (including its mobile accessible version and all of its subdomains and future subdomains) (the "Website") which is operated by the Singapore Business Federation (hereinafter referred to as "SBF", "we", "our" or "us"). We refer to the Website and the services provided on the Website collectively as the "Services".

This Privacy Policy ("Privacy Policy") sets out how we collect, use, disclose and/or process the Personal Data you have provided to us and/or we possess about you via the use of the Website and Services, whether now or in the future, and is meant to assist you in making an informed decision before providing us with any of your Personal Data.

"Personal Data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include name, identification number and contact information. This Privacy Policy applies to all Personal Data collected by us, operating in the capacity of a data principal or a data intermediary, from all (a) visitors to the Website; or (b) persons who register for an account for use of the Services (collectively, "Users", "you" or "your").

IF YOU DO NOT CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY, PLEASE DO NOT CONTINUE TO ACCESS THE WEBSITE OR USE THE SERVICES. YOUR CONTINUED USE OF THE WEBSITE AND/OR SERVICES SHALL BE DEEMED TO BE YOUR UNCONDITIONAL ACCEPTANCE AND ACKNOWLEDGMENT OF, AND CONSENT TO BE BOUND BY, THIS PRIVACY POLICY.

1. DEFINITIONS AND INTERPRETATION

1.1 In this Privacy Policy, the following definitions shall apply:

(a) "process", "processes" or "processing" means any operation or set of operations which is performed on Personal Data, whether by automated means, such as collection, recording, holding, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(b) "Terms & Conditions" means the terms and conditions for the use of the Website which can be accessed via a link on the Website, as from time to time amended, varied and/or supplemented.

2. PERSONAL DATA

2.1 In the course of operating the Website and providing the Services to you, we may obtain your Personal Data. This Privacy Policy informs you of how we process, manage and safeguard such Personal Data. For avoidance of doubt, this Privacy Policy does not apply to anonymised data, or information which cannot be used to identify any individual person.

2.2 This Privacy Policy supplements but does not supersede nor replace any consent that you may have otherwise provided to us in respect of your Personal Data.

2.3 In case of conflict between any terms in this Privacy Policy and the Terms & Conditions, the Terms & Conditions shall prevail.

2.4 We collect Personal Data that you voluntarily submit to us, or which is obtained directly from you, including via the Website, through telephone calls, face-to-face meetings, or other forms of correspondence. You may be asked at any time during the engagement of the Services and/or use of the Website to provide Personal Data for the stated purposes. By providing the same, you consent to for us to process such Personal Data. If you do not consent for us to collect or process your Personal Data, you may opt out at any time by notifying us in writing. Further information on opting out can be found in Section 5 (Rights in relation to Personal Data). Note, however, that opting out or withdrawing your consent for us to collect, use or process your Personal Data may affect your use of the Services and the Website.

2.5 You warrant that all information submitted to us, whether via the Website or otherwise, is true, accurate, reliable, valid, complete and is not misleading nor violate any applicable law, by omission or otherwise. In the event there is any change to the information provided to us, you must inform us immediately.

2.6 Our collection of Personal Data is made pursuant to legitimate interests and for the purposes of complying with applicable law. As such, if need be, we may request other documents to verify any information provided by you.

3. OTHER DATA COLLECTED

3.1 "Cookies" are small text files that are placed on your device that record data about how and when the Services or Website are used or visited. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to website owners. We or our authorized service providers and advertising partners may from time-to-time use "cookies" or other features to allow us or third-parties to collect or share information in connection with your use of our Services or Website. These features help us improve our Website and the Services we offer, enable us to deliver more relevant content to you and to conduct data analysis and monitor usage of the Services. Where cookies are essential for the operation of the Website or provision of the Services, we can store these cookies on your device without your consent. For all other types of cookies, we need your permission. This site uses different types of cookies, some of which are placed by third parties. You can, at any time, change or withdraw your consent to our use of non-essential cookies using the Cookie Declaration.

4. PROCESSING AND DISCLOSURE OF PERSONAL DATA

4.1 Your Personal Data is processed only for specific purposes, and the processing is limited to what is necessary in relation to these purposes. We may process or disclose your Personal Data for the following purposes, whether within or outside Singapore:

(a) to on-board you as a User, including the verification of your Personal Data, and to assess and process your application for setting up an Account;

(b) to manage and maintain your Account and to provide the Services to you, including facilitating any transactions on the Website;

(c) to carry out SBF's obligations and duties under the Terms & Conditions, including to prevent or investigate any actual or suspected violations of our Terms & Conditions or any applicable end-user license agreements, or any fraudulent or unlawful activity, omission or misconduct, whether relating to your use of the Services or any other matter arising from your relationship with us;

(d) to communicate with you including responding to your requests, enquiries and/or complaints, and resolving disputes;

(e) for identification, verification, due diligence, or know your customer purposes;

(f) to perform assessments and analysis for purposes of improving our Services and the customer experience;

(g) for marketing and advertising;

(h) for sharing with SBF's partners, for the purposes of assessment of its performance in relation to funding programmes entered into with such partners;

(i) to meet SBF's legal, regulatory and contractual obligations under any applicable law, such as anti-money laundering, counter-terrorist financing, anti-tax evasion and prevention of fraud regulations, automatic exchange of information, or to assist in law enforcement and investigations conducted by any governmental, tax, judicial and/or regulatory authority;

(j) for SBF's prudential and operational management (including risk management, audit, compliance, outsourcing of services, business and financial decision-making etc);

(k) to collect any debt due or owing and to enforce your obligations to SBF;

(l) to ensure or enhance network and information security;

(m) to respond to any threatened or actual claims asserted against SBF or other claim that any content violates the rights of third-parties;

(n) to store, host, back up (whether for disaster recovery or otherwise) your Personal Data, whether within or outside of your jurisdiction; and/or

(o) for any other purpose which we may notify you of from time to time.

4.2 Where you have provided us with unsolicited Personal Data, in information or materials sent to us whether via the Website or other communication channels, you will be regarded as having given SBF consent to use the unsolicited Personal Data as we see fit, on a non-confidential basis, and SBF shall be free to use, disclose, distribute and exploit such unsolicited Personal Data without limitation or attribution. SBF will strive to take reasonable steps to destroy or de-identify unsolicited Personal Data that SBF has no purpose for, but it cannot guarantee that all unsolicited Personal Data will be disposed of given system and operational limitations. You bear responsibility for not providing SBF with Personal Data beyond what we have requested from you, should you not consent to how we intend to treat unsolicited Personal Data provided by yourself.

4.3 In conducting our business, we may need to use, process, disclose and/or transfer your Personal Data to our third-party service providers, agents and/or our affiliates or related corporations, and/or other third-parties, which may be located in Singapore or outside of Singapore, for one or more of the above-stated purposes stated in the section above. Such third-party service providers, agents and/or affiliates or related corporations and/or other third-parties may be processing your Personal Data either on our behalf or otherwise, for one or more of the above-stated purposes. We endeavour to ensure that the third-parties and our affiliates keep your Personal Data secure from unauthorised access, collection, use, disclosure, processing or similar risks and retain your Personal Data only for as long as your Personal Data is needed for the above-mentioned purposes.

5. RIGHTS IN RELATION TO PERSONAL DATA

5.1 Rights of access, correction and deletion

(a) You are entitled to review, correct, amend or delete any part of your Personal Data provided to us which is inaccurate, incomplete, misleading or not up-to-date. You may do this at any time by logging into your Account on the Website or contacting us via the email provided in Section 11 for data that is not available for change on the Website, and we will correct or update the data as soon as practicable.

(b) You have a right to request for a copy of your Personal Data provided to us. This information will be provided without undue delay subject to a reasonable fee (as permitted by applicable law).

(c) When handling data access, correction, restriction, deletion, or portability requests, we are entitled to check the identity of the requesting party to ensure that he is the person entitled to make such request. We may also refuse such request in accordance with applicable laws.

5.2 Right to restrict, object, or withdraw consent

(a) You have the right to restrict, object to, or withdraw your consent for, the processing of your Personal Data by us at any time by writing to us.

(b) Any such restrictions, objections or withdrawal will not affect the lawfulness of the processing of your Personal Data based on consent obtained before the restriction, objection or withdrawal. This shall also not affect the lawfulness of the continued processing of your Personal Data if it is necessary and/or permitted under applicable law.

(c) Upon receipt of such a request, we shall take reasonable steps to ensure that your Personal Data is only held with regard to the purposes for which it is to be used and for our own requirements under applicable law. Depending on the nature of your request, we reserve the right to cease or limit the provision of Services and/or access to the Website to you.

5.3 Right to erasure

(a) You have the right to request erasure of your Personal Data subject to limitations by applicable law.

(b) For the avoidance of doubt, you shall not have such right to request erasure if the deletion of such data may result in loss of data integrity and auditable records, and therefore be necessary for us to comply with applicable law or for the establishment, exercise or defence of legal claims. You expressly acknowledge and agree to the non-erasure of your Personal Data in such circumstances.

(c) Upon receipt and approval of such a request, we shall insofar as the data is stored in electronic form, take steps to ensure that it is securely deleted, erased or destroyed. We shall require a reasonable amount of time to process and effect any erasure of data. Depending on the nature of your request, we reserve the right to cease or limit the provision of Services and/or access to the Website to you.

5.4 Right to data portability

You may elect to receive copies of your Personal Data in a structured, commonly used and machine-readable format, and for us to transfer your Personal Data directly to another party, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others (e.g. where providing the Personal Data we hold about you would reveal information about another person). We are not responsible for the security of the Personal Data or the processing of the same once received by a third-party.

5.5 Right to lodge a complaint

(a) If you believe that your rights have been infringed in any way, we encourage you to first contact us via the email in Section 11 to resolve the issue or dispute amicably.

(b) Subject to Sections 6.2 and 6.3 below, you may also lodge a complaint about the processing of your Personal Data to the relevant governmental agency.

5.6 Closure of Account

(a) Upon termination or suspension of your Account, we will keep your Personal Data in our database as long as necessary in order to comply with applicable law, to protect the integrity of our system and records in the event a dispute arises and for other legitimate business purposes as notified in Section 5 above.

(b) Subject to the above, we will destroy or anonymize your Personal Data when we have reasonably determined that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; or (ii) retention is no longer necessary for any legal or business purposes; or (iii) no other legitimate interests warrant further retention of such Personal Data.

6. COMPLAINTS UNDER THE EUROPEAN GENERAL DATA PROTECTION REGULATIONS AS APPLICABLE TO PERSONAL DATA OF EU PERSONS

6.1 Where Personal Data is collected from individuals and institutions located within the European Economic Area ("EEA"), such Personal Data shall be used in accordance with the General Data Protection Regulation ("GDPR").

6.2 Where the GDPR applies to you, by accessing the Website and/or the Services, or sending us any Personal Data, you hereby acknowledge and agree not to make any complaint to any governmental agency unless you have first brought the complaint to our attention and followed the process in Section 6.3 below.

6.3 For any issues which you may have in relation to your Personal Data:

(a) You shall inform us of your issue or complaint in writing via the email in Section 11 below, setting out with sufficient clarity and detail your issue or complaint.

(b) We shall use reasonable endeavours to work with you to resolve the issues or complaints raised in your email within ninety (90) days. You agree to co-operate fully with us, which shall include providing us with any requested information or documents in a timely manner.

(c) If parties fail to resolve the said issues or complaints within ninety (90) days, you shall then have the right to settle any disputes in accordance with the Terms & Conditions.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

7.1 Your Personal Data may be transferred to, stored or processed outside Singapore for one or more of the purposes stated herein. We will only transfer your Personal Data overseas in accordance with applicable laws.

8. SECURITY

8.1 We have implemented technical and organisational security measures to ensure the confidentiality, integrity and accountability of all Personal Data collected and to protect it from unauthorised access and disclosure, loss, misuse, alteration or destruction. However, while we strive to protect your Personal Data, we cannot completely guarantee the security of any Personal Data, or that no harmful code will enter the Website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the risks associated with disclosing any information or transacting over the Internet or when using online websites, and we urge you to take every precaution when using the Internet to disclose your Personal Data to us, including using strong passwords, changing your password regularly and using a secure browser.

8.2 Where your consent has been obtained, or where we are obliged to pass on Personal Data to third-parties to provide you with a requested service or in the carrying out of our obligations under applicable law, we will request that the same levels of technical and organisational security measures be applied, where possible. However, we shall not be responsible for any security breach on the part of such third-party service providers.

8.3 In the event of a security breach or the failure of the measures of protection of such Personal Data in our systems or that of any engaged third-party service providers, we shall notify you in accordance with this Privacy Policy and/or the Personal Data Protection Act 2012.

8.4 You acknowledge that you play a vital role in protecting your own Personal Data, including choosing appropriate passwords and keeping them confidential. We cannot guarantee or warrant the security or confidentiality of information you transmit to us or received from us via the Internet. If you have reason to believe that your Personal Data is no longer secure or that there is unauthorised access or use of your Account, you should notify us immediately.

8.5 If you discover any fraud, phishing, or scam which impersonates SBF, you should email us immediately.

9. MARKETING

9.1 We shall ask for your consent for the use of your Personal Data to be processed for direct marketing.

9.2 With such consent, we may send information to you including but not limited to promotions for our products or Services, events that we are hosting or participating in, or product updates and features. This may include contacting you via telephone, regardless of whether you are on the Do Not Call registry.

9.3 You have the right at any time to revoke and object to such use of your Personal Data for the use of direct marketing by contacting us.

10. CHANGES TO THIS PRIVACY POLICY

10.1 This Privacy Policy may be supplemented, varied or amended from time to time at our discretion by publishing the revised Privacy Policy on the Website. Such revised Privacy Policy shall be effective immediately and shall apply and bind parties from the date of its publication on the Website. You should therefore carefully read the Privacy Policy each time you visit the Website so that you are apprised of such changes.

10.2 If you do not agree to any terms of the revised Privacy Policy, you should not continue to visit, access, or use the Website, or any Services. For the avoidance of doubt, your continued use of the Website and/or Services shall be deemed to be your unconditional acceptance and acknowledgment of, and consent to be bound by, the prevailing terms of this Privacy Policy.

11. CONTACT US

11.1 If you have any questions or complaints about or relating to the Personal Data collected by us or wish to contact us on any terms of this Privacy Policy, you may contact us using the "Contact Us" details on the Website or at the following email address: cefa@sbf.org.sg

12. CONSENT AND ACKNOWLEDGEMENT

12.1 By visiting, accessing or using the Website or any Services, you warrant and represent that you have the legal capacity to consent to, and agree to be bound by, this Privacy Policy in its entirety, and that any information or documents provided by you shall be true and accurate to the best of your knowledge.

12.2 By providing us with your Personal Data, you hereby consent to the processing of your Personal Data in accordance with this Privacy Policy. You warrant and represent that you have the right or have otherwise obtained the necessary authorisation to provide the information provided to us. You acknowledge that it is an offence under Singapore law to request access to or change another person's information without being authorised by that person.