SCash Privacy policy
Protecting Your Privacy at SCash
This Privacy Policy sets out the manner in which SCASH Global Pte Ltd (a company incorporated in Singapore, whose registered office is at 152 Ubi Avenue 4 #04-05, Singapore 408826), its subsidiaries, affiliates, associated companies and jointly controlled entities (collectively, “SCASH”, “we”, “us” or “our”) collect, use, manage and protect your Personal Data.
This Privacy Policy applies to all users (collectively “you” or “your”) of our websites and applications (including mobile and web-based applications) (collectively, “Platform”).
This Privacy Policy supplements but does not supersede or replace any other consents you may have provided to us, or any other agreements or arrangements that you may have with us, in respect of your Personal Data unless we state expressly otherwise.
1. What is Personal Data?
“Personal data” refers to data, whether true or not, about an individual that can be used to identify that individual from that data or from that data and other information which we have or is likely to have access, as defined under the PDPA.
Examples of Personal Data we collect from you include name, address, email address, telephone number, payment details, IP address, device identifiers, transaction information and history, based on your activities on our Platform, images, and any other information of a personal nature.
2. How we collect your Personal Data
2.1. Personal Data You Provide Voluntarily
We collect and process Personal Data about you when you voluntarily provide it via our Platform. For example, when you:
2.1.1. create an account or complete a user profile or registration form (such as your name, contact information and other identification information where needed);
2.1.2. use our services or Platform;
2.1.3. participate in contests or events organized by us, complete surveys or provide demographic information (such as your age, gender, and other information you may volunteer such as your marital status and occupation);
2.1.4. act as a Merchant and you list products and services (Goods) for sale on the Platform and conduct transactions with customers in respect of the sale and purchase of those Goods through the Platform;
2 .1.5. communicate with us through in-app messaging or other channels; or
2.1.6. submit Personal Data to us for any other reason.
Where you provide us with Personal Data belonging to third parties, you represent and warrant that you have informed such third party of the purpose for which their Personal Data is collected, and that you have obtained their consent for disclosure to us.
2.2. Personal Data Collected Automatically
We may collect Personal Data automatically through your use of the Platform, including
2.2.1. when you use and interact with our Platform and services;
2.2.2. feedback, ratings and compliments;
2.2.3. transaction and payment information;
2.2.4. information about how you interacted with our Platform (such as features used and content viewed);
2.2.5. push notification subscription;
2.2.6. device information (such as hardware model and serial number, device platform, network information, location information, IP address, file names and versions, and advertising identifiers or any information that may provide indication of device or app modification); and
2.2.7. Personal Data contained in messages sent through in-app communication features. In-app messages may be processed for safety, support and compliance.
2.3. Personal Data from Third Parties
We may receive Personal Data from third party sources, which may for example include:
2.3.1. your family members or friends who provide your Personal Data to us on your behalf;
2.3.2. technical data from analytics providers such as Google, advertising networks and social media providers such as Facebook; and
2.3.3. contact and transaction data from providers of technical, payment and delivery services.
3. How we use your Personal Data and Legal Basis
3.1. We may collect, use and disclose your Personal Data for the following purposes:
3.1.1. To register you as a user or new customer or Merchant and manage your account;
3.1.2. To facilitate your access to and use of our services on the Platform;
3.1.3. To process orders, payments, refunds and deliveries of your order(s);
3.1.4. To manage your account, including managing payments, fees and charges and collecting and recovering money owed to us;
3.1.5. To manage and maintain our relationship with you;
3.1.6. To display your name, username or profile on the Platform.
3.1.7. To operate, maintain, secure and improve our business and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, as well as ensuring that fraud prevention;
3.1.8. To deliver personalized content, advertisements and recommendations to you;
3.1.9. To conduct marketing campaigns, promotions, surveys and events;
3.1.10. To contact and communicate with you in relation to the above purposes; and
3.1.11. To comply with applicable laws, regulations and lawful requests by authorities.
3.2 Legal Basis
We collect, use and disclose Personal Data based on one or more of the following legal bases under the PDPA:
3.2.1. your consent (including express and deemed consent by conduct or contractual necessity;
3.2.2. deemed consent by notification, where permitted by the PDPA, after providing you with clear notice and a reasonable opt-out period and assessing no likely adverse effect;
3.2.3. legitimate interests, where the benefits to SCash or another person outweigh any likely adverse effect on you. We identify the legitimate interest, assess and mitigate adverse effects, and document our assessment;
3.2.4. business improvement purposes permitted under the PDPA; and
3.2.5. where required or authorised by applicable law.
3.3 Legitimate Interests
In certain circumstances, we may collect, use or disclose your Personal Data without your consent where such collection, use or disclosure is permitted under the Personal Data Protection Act 2012 of Singapore (“PDPA”), including where it is necessary for our legitimate interests or those of another person, and such legitimate interests outweigh any adverse effect on the individual.
Before relying on legitimate interests as a legal basis, we will:
· identify the legitimate interests being pursued;
· assess the likely adverse effects on the individual; and
· implement reasonable measures to eliminate, mitigate or reduce such adverse effects.
Examples of legitimate interests that we may rely on include:
· detecting, preventing or investigating fraud, security breaches or other potentially illegal activities;
· ensuring network and information security of our Platform and systems;
· preventing misuse or abuse of our services;
· business operations such as internal audits, risk management and data analytics; and
· enforcing our contractual rights, policies and terms of use.
Where required under the PDPA, we will provide appropriate notification to individuals of the purposes and legitimate interests relied upon prior to, or as soon as reasonably practicable after, the collection, use or disclosure of Personal Data.
4. Marketing and Promotion Communication
We may send you marketing and promotional communications relating to our products, services, events or offers. You may opt out of receiving marketing communications at any time by following the unsubscribe instructions or contacting us via email at support@scashglobal.com
Service-related or transactional communications (such as order confirmations or account notices) are necessary for the provision of our services and cannot be opted out of.
For Singapore telephone numbers, we comply with the Do Not Call (DNC) provisions under the PDPA and will not send marketing messages to numbers registered with the DNC Registry, unless otherwise permitted by law.
5. Cookies
We use cookies and similar technologies to enhance your experience on the Platform, analyse usage and customise content. We use cookies to allow you to access the Platform without re-entering your User ID. We also use this information to verify if you meet the criteria required to process your requests.
You may control cookies through your browser settings, although disabling cookies may affect certain functionalities of the Platform.
6. Disclosure of Personal Data
We may disclose your Personal Data to our affiliates and third parties in limited circumstances as set out below:
6.1 We may share your Personal Data with third party service providers who provide us with business, support, operational and/ or administrative functions such as auditing, legal, IT services, marketing, including our delivery service provider, our digital payment service provider;
6.2 If you allow push notification, due to the implications of push notification technology, we rely on third party services such as Daily Interactive Co. Ltd to provide and deliver push technical services. We may provide your equipment platform, equipment manufacturer and brand, equipment model and system version, equipment identification code, equipment serial number and other equipment information, application list information, network information and location-related information to Daily Interactive Co., Ltd. to provide you with message push technical services. When we push messages to you, we may authorize Daily Interactive Co., Ltd. to adjust the link, promote the closed SDK push process, and ensure that you can receive the messages we push you in time. If, at any time, you wish to stop receiving push notifications, simply adjust your phone settings or remove the App. Please consult the privacy policies of the third party (https://docs.getui.com/privacy) for further information;
6.3 For customers, Personal data will also be shared with Merchants and our delivery partner when an order is made. This can include your name, email address, phone number, delivery address, profile, dining preferences, special requests and other comments that you chose to submit to us;
6.4 For customers, we may also share with Merchant any feedback that we receive from you or any comments that you might submit through the Platform. Any feedback or comments may be shared with or may be accessible by that Merchant so as to enable that Merchant to respond directly to you;
6.5 We may share your Personal Data with third parties to comply with a legal obligation, when we believe in good faith that an applicable law requires it, at the request of government authorities conducting an investigation, to verify or enforce our contractual rights or other applicable policies, to detect and protect against fraud or any technical or security vulnerabilities, to respond to an emergency, or otherwise to protect the rights, property, safety or security of third parties and visitors to our Platform or the public;
6.6 In the event of a merger, acquisition, restructuring or insolvency, your Personal Data may be transferred as part of the business assets; and
6.7 We do not disclose your Personal Data to unaffiliated third parties for their independent use unless we have obtained your express consent to do so and pursuant to executing confidentiality agreements with such unaffiliated third parties.
We also require all third parties to respect the security of your Personal Data and to treat it in accordance with the applicable law.
7. Withdrawal of Consent
7.1 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your written request via email to support@scashglobal.com;
7.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) business days of receiving it.
7.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 7.1 above.
7.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
8. Retention of Personal Data
8.1 We only retain your Personal Data for as long as it is necessary for us to use your Personal Data as described above. However, please be advised that we may retain some of your Personal Data after you cease to use our services, for instance if the data is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
8.2 In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Transfer of Personal Data outside Singapore
Where our partners who help us in the administration or operation of our organization are based in other locations, your Personal Data may be transferred outside of Singapore. When we send your Personal Data outside Singapore, we will make sure that your Personal Data is afforded a standard of protection comparable to that under the PDPA, including through contractual safeguards or other legally recognised transfer mechanisms.
10. Security and Data Breach Notification
10.1 To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimized collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, usage of one time password(OTP)/ 2 factor authentication (2FA)/ multi-factor authentication (MFA) to secure access, and security review and testing performed regularly.
10.2 While precautions will be taken to ensure that the Personal Data you provide is protected against unauthorized or unintended access, we cannot be held responsible for unauthorized or unintended access that risk beyond our control.
10.3 We do not guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
10.4 In the event of a data breach involving Personal Data under our control, we will take immediate steps to investigate and contain the incident, and to mitigate any potential harm. Where required under the Personal Data Protection Act 2012 of Singapore (“PDPA”), we will notify the Personal Data Protection Commission (“PDPC”) and affected individuals of a data breach that:
- results in, or is likely to result in, significant harm to affected individuals; or
- is of a significant scale, within the timelines prescribed under the PDPA.
Our notification to affected individuals, where required, will include information such as:
- the nature of the data breach;
- the types of personal data affected;
- the steps we are taking or have taken to address the data breach; and
- steps affected individuals may take to protect themselves against potential
We will maintain records of all data breaches in accordance with applicable laws and regulatory requirements.
11. Collection of Personal Data from Individuals Who Lack Legal Capacity
11.1 We do not knowingly collect Personal Data from individuals who lack legal capacity to give consent under the PDPA. If you are an individual who lacks legal capacity, you should not submit any Personal Data to us unless consent has been obtained from a parent or legal guardian on your behalf.
11.2 Where Personal Data of an individual who lacks legal capacity has been provided to us without the consent of a parent or legal guardian, the parent or legal guardian may contact us @ support@scashglobal.com to request correction or deletion of such Personal Data, and we will take reasonable steps to comply with such request in accordance with applicable laws.
12. Making changes to your Personal Data
12.1 If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to support@scashglobal.com
12.2 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request. We do not charge fees for correcting personal data.
12.3 We will respond to your request as soon as reasonably possible. In general, our response will be within fourteen (14) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
13. Maintain accuracy of Personal Data
You are responsible for ensuring that the Personal Data you provide is accurate and up to date. We generally rely on personal data provided by you (or your authorized representative). Please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at support@scashglobal.com
14. Links to Third-Party Sites
Our Platform may contain links to other sites and resources provided by third parties. These websites and resources are not covered by this Privacy Policy, and we are not responsible or liable for the privacy practices or the content of those other websites and resources, and for any loss or damage which you may suffer from your use and/or access of such websites and resources.
15. Changes to the Privacy Policy
We reserve the right to amend, supplement or otherwise modify this Privacy Policy from time to time. It is your responsibility to check this page periodically for updates.
Where such changes are material or affect the purposes for which we collect, use or disclose your personal data, we will provide you with reasonable notice through appropriate means, including by posting the updated Privacy Policy on our Platform or notifying you directly where applicable.
The updated Privacy Policy will take effect from the date it is published. Your continued use of and/or access to our Platform after the effective date constitutes your acknowledgement of the updated Privacy Policy, subject always to applicable data protection laws and consent requirements.
16. Contact Us
You may contact our Data Protection Officer at admin@scashglobal.com if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request via email at support@scashglobal.com