The purpose of this policy (“Data Protection Policy”) is to inform you of how The American Club manages Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) (“the Act”). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
By interacting with us, submitting information to us, or signing up for any products and services offered by us, you agree and consent to The American Club as well as its representatives and/or agents (collectively referred to herein as “TAC”, “us”, “we” or “our”) collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies’ authorized service providers and relevant third parties in the manner set forth in this Data Protection Policy.
This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to The American Club in respect of your Personal Data, and your consents herein are additional to any rights which to any of the Companies may have at law to collect, use or disclose your Personal Data.
The American Club may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website www.amclub.org.sg. Please check back regularly for updated information on the handling of your Personal Data.
1. PERSONAL DATA
1.1 In this Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
1.2 Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data, network data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
2. COLLECTION OF PERSONAL DATA
2.1 Generally, we collect Personal Data in the following ways:
a) when you submit any form, including but not limited to application, registration, declaration or other forms;
b) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our products and services;
c) when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;
d) when you use our electronic services, or interact with us via our websites or use services on our websites;
e) when you request that we contact you or request that you be included in an email or other mailing list;
f) when you respond to our promotions, initiatives or to any request for additional Personal Data;
g) when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events at our premises;
h) when you are contacted by, and respond to, our sales representatives or our marketing representatives and customer service officers;
i) when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
j) when you submit your Personal Data to us for any other reason.
2.2 When you browse our website, you generally do so anonymously but please see the section below on cookies. We do not, on our website, automatically collect Personal Data unless you provide such information or login with your account credentials.
2.3 If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
2.4 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.
3. CONSENT OBLIGATION
3.1 We may use or disclose your personal data under the “Exceptions to Consent” according to the Amendment Act 2020 for the following:
a) Legitimate interest for the purposes of detecting or preventing illegal activities (e.g. fraud or money laundering) or threats to physical safety and security, ensuring IT and network security, or preventing the misuse of services.
b) Business improvement where there is a need to: i. Carry out operational efficiency and service improvements; ii. Develop or enhance products/services; or iii. Know more about the organization’s customers.
c) Research – it applies to institutes carrying out scientific research and development, or arts and social science research, or to market research aimed at understanding potential customer segments.
4. PURPOSES FOR THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA
4.1 Generally, THE AMERICAN CLUB collects, uses and discloses your Personal Data for the following purposes:
a) responding to your queries, feedback, complaints and requests;
b) verifying your identity;
c) managing the administrative and business operations of The American Club and complying with internal policies and procedures;
d) requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behavior, preferences and market trends, and to review, develop and improve the quality of our products and services;
e) matching any Personal Data held which relates to you for any of the purposes listed herein;
f) preventing, detecting and investigating crime and analysing and managing commercial risks;
g) managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
h) monitoring or recording phone calls and customer-facing interactions for quality assurance and identity verification purposes;
i) in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
j) conducting investigations relating to disputes, billing or fraud;
k) meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on The American Club (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and/or
l) purposes which are reasonably related to the aforesaid.
4.2 In addition, The American Club collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:
a) If you are an officer or owner of an external service provider or vendor outsourced or prospected by The American Club:
i. assessing your suitability as an external service provider or vendor for The American Club;
ii. managing project tenders and quotations, processing orders or managing the supply of goods and services;
iii. processing and payment of vendor invoices and bills;
iv. managing business operations and product development;
v. facilities management (including but not limited to maintaining the security of our premises); and/or
vi. purposes which are reasonably related to the aforesaid.
b) If you submit an application to us as a candidate for employment:
i. conducting interviews;
ii. processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
iii. obtaining employee references and for background screening;
iv. assessing your suitability for the position applied for;
v. facilities management (including but not limited to maintaining the security of our premises and recording entries and exists); and/or
vi. purposes which are reasonably related to the aforesaid.
c) If you sit on General Committee of The American Club or any standing or subcommittee:
i. facilitating your appointment as a committee member;
ii. maintaining statutory registers and to manage the publication of directors’ statistics on annual reports and circulars;
iii. facilitating the execution of duties and administrative matters; and/or
iv. purposes which are reasonably related to the aforesaid.
4.3 Furthermore, where permitted under the Act, The American Club may also collect, use and disclose your Personal Data for the following “THE AMERICAN CLUB Additional Purposes”:
a) providing or marketing additional products, services and benefits to you, including but not limited to special events, promotions, loyalty and reward programs from The American Club;
b) matching Personal Data with other data collected for other purposes and from other sources (including but not limited to third parties) in connection with the provision, marketing or offering of products and services by The American Club;
c) leads generation and management for marketing The American Club products and services;
d) administering and organizing contests, lucky draws, promotional events, competitions and marketing campaigns, and personalizing your experience at The American Club touchpoints;
e) communicating to you advertisements involving details of our products and services, special offers and rewards, either to our merchants and users of our products and services generally, or which we have identified may be of interest to you;
f) conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics for us to offer you products and services as well as special offers and marketing programs which may be relevant to your preferences and profile; and/or
g) purposes which are reasonably related to the aforesaid.
4.4 If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, The American Club may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services.
4.5 In relation to particular products and services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
4.6 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by completing the Withdrawal of Consent Form and submitting your request in writing to our Data Protection Officer at firstname.lastname@example.org.
4.7 Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 10 working days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the products and services that you have requested from The American Club.
4.8 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 4.6 above.
4.9 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
5. ACCESS TO AND CORRECTION OF PERSONAL DATA
5.1 If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold, you may submit your request in writing by completing the Access and Correction Form to our Data Protection Officer at email@example.com.
5.2 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
5.3 We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
5.4 Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organization has on record, if the record of your personal data forms a negligible part of the document.
6. ACCURACY OF PERSONAL DATA
We generally rely on personal data provided by you (or your authorized representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
7. RETENTION OF PERSONAL DATA
7.1 We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
7.2 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
8. PROTECTION OF PERSONAL DATA
8.1 To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorized third party service providers and agents only on a need-to-know basis.
8.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
9. DISCLOSURE OF PERSONAL DATA
The American Club will take reasonable steps to protect your Personal Data against unauthorized disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
a) companies providing services related to insurance to The American Club as well as agents, contractors or third party service providers who provide operational services to The American Club, such as courier services, telecommunications, information technology, payment, printing, billing, technical services, training, market research, call center, security or other services to The American Club;
b) vendors or third party service providers in connection with marketing promotions and services offered by The American Club;
c) our merchant partners including other banks;
d) external banks, credit card companies, secretarial agents, billing organizations and their respective service providers;
e) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
f) our professional advisers such as consultants, auditors and lawyers;
g) relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or
h) any other party to whom you authorize us to disclose your Personal Data to.
i) The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
10. TRANSFERS OF PERSONAL DATA OUTSIDE SINGAPORE
We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made to Clouds, overseas social media platforms and other overseas related clubs, and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
11. DATA BREACH NOTIFICATION OBLIGATION
Under the PDPA Amendment Act 2020 which came into effect on February 1, 2021, it is mandatory to notify PDPC within three calendar days, upon confirmation that the data breach is notifiable: if the data breach is assessed to be likely to result in significant harm to an affected individual or significant scale of more than 500 individuals.
12.1 When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognize a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
12.2 Cookies are small text files stored in your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on you.
12.3 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.
13. CONTACTING US – FEEDBACK, WITHDRAWAL OF CONSENT, ACCESS AND CORRECTION OF YOUR PERSONAL DATA
13.1 If you:
a) have any questions or feedback relating to your Personal Data or our Data Protection Policy, please submit a DP Complaint form to our DPO;
b) would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
c) would like to obtain access and make corrections to your Personal Data records, you can approach us via the following channels:
Telephone number: 6737-3411
Write to our Data Protection Officer at:
Data Protection Officer
10 Claymore Hill, Singapore 229573
13.2 Please note that if your Personal Data has been provided to us by a third party (e.g. a referrer, or your company), you should contact such party directly to make any queries, feedback, complaints, and access and correction requests to The American Club on your behalf.
13.3 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, The American Club may not be in a position to continue to provide its products and services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with The American Club, and your being in breach of your contractual obligations or undertakings. The American Club’s legal rights and remedies in such event are expressly reserved.
14. DATA PORTABILITY OBLIGATION
Under Data Portability Obligation, our organization must, at the request of an individual, transmit his/her personal data that is in our possession or under our control, to another organization in a commonly used machine-readable format.
15. EFFECT OF NOTICE AND CHANGES TO NOTICE
15.1 This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
15.2 We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
16. Governing Law
This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.