The Personal Data Protection Act (“PDPA”) is the principal data protection law in Singapore governing the collection, use, disclosure and care of personal data.
We respect and are fully committed to complying with the provisions of the PDPA and other applicable data protection laws in Singapore in our collection, use and disclosure of personal data.
In compliance with the PDPA, we seek your cooperation in helping us to safeguard your personal contact information that is currently in our database.
Please see below for our Data Protection Policy / Privacy Statement. This policy describes the information we collect from you, how we might use that information, and forms part of the terms and conditions of our engagement with you. This policy may be amended if necessary.
Data Protection Policy / Privacy Statement
Purposes for Collection, Use, Disclosure and Processing of Personal Data
The personal data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances/transactions for which we may/will need to process your personal data, which include but are not limited to:
- Name, address, passport number, flight and other travel details, credit/debit card number and expiry date, billing address, telephone numbers, Frequent Flyer or other loyalty programme membership details, dietary requirements (if any) and health issues relevant to your travel arrangements;
- Any other purposes that we notify you of at the time of obtaining your consent.
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
Collection of Information
In the course of booking with us, we would have obtained your personal data either via phone, email, and website or in person; there may be occasions when we collect your personal data from a third party. This happens when another person makes travel bookings on your behalf.
We will not disclose, share, transfer, sell or rent any of your personal data to any third party. We do not send unsolicited marketing emails to our customers. We ensure all information is accurate and up-to-date, and only authorised staff have access to our systems.
Specific Issues for the Disclosure of Personal Data to Third Parties
We respect the confidentiality of the personal data you have provided to us. As such, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so.
However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
- cases in which the disclosure is required or authorised based on the applicable laws and/or regulations;
- cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
- cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- cases in which the disclosure is necessary for any investigation or proceedings;
- cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
- where such disclosure without your consent is permitted by the PDPA or by law.
The instances listed above are not intended to be exhaustive. Should you require more information, kindly refer to the Second, Third and Fourth Schedules of the PDPA which is publicly available at http://statutes.agc.gov.sg.
Request to Withdraw Consent
You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by submitting your request to firstname.lastname@example.org or by opting out of our mailing lists via our electronic direct mailers.
We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request.
Updates on Data Protection Policy
As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes periodically.
We reserve the right to amend the terms of this Data Protection Policy at our discretion. Any amended Data Protection Policy will be posted on our website and can be viewed at http://www.cango.sg/privacy/.