ESR Funds Management (S) Limited, the manager of ESR-REIT, is committed to safeguard your privacy through the appropriate processing and management of your personal data in accordance with the Personal Data Protection Act (“PDPA”) and other related laws, regulations and guidelines etc. We treat all personal data provided by you in strict confidence and will only use your personal data in the manner as set out in this policy.
- Acquisition or Collection of Personal Data
- How the acquired Personal Data is used
- Management of Personal Data
- Disclosure and Provision of Personal Data to Third Parties
- Supervision of Third Party Service Providers
- Deemed Consent
- Other Bases for Handling or Processing Your Personal Data
- Third Party Sites
- Your Rights
- Governing Law
(a) Acquisition or Collection of Personal Data
Where personal data is to be acquired or collected, the Manager will do so through appropriate means.
Generally, we may collect personal data from you in the following ways:
- when you submit any form or provide us with other documentation or information in respect of your interactions and transactions with us, or when you use our services;
- when you use our electronic services, or interact with us via our websites and platforms or use services and/or features on our websites and platforms;
- when you interact with our staff and representatives, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings and email;
- when you use our services provided through online and other technology platforms, such as websites and apps, including when you establish any online accounts with us;
- when you request that we contact you, be included in an email or other mailing list, or when you respond to our request for additional personal data, our promotions and other initiatives;
- when you are contacted by, and respond to, our marketing representatives and agents and other service providers; and/or
- when you submit your personal data to us for any other reason.
Where personal data is to be acquired directly from the person in writing or via a website page or during a telephone conversation, the Manager will clearly indicate the purposes of use in advance. However, where the purposes of use are clear given the circumstances of the acquisition of personal data or where omission of clear indication of the purposes of use is permitted under laws and regulations, etc., a clear indication of the purposes of use may be omitted.
(b) How the acquired Personal Data is Processed
Generally, the Manager Processes your personal data for the following purposes:
- providing you with services that you have requested or purchased e.g. signing up for the email alerts;
- verifying your identity and personal particulars;
- managing the administrative and business operations of the Companies (e.g. accounting, risk management, recording keeping and/or staff training) and complying with internal policies and procedures;
- responding to, processing and handling your queries, requests, feedback, complaints, comments and/or suggestions, or otherwise providing customer support;
- facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
- contacting you for feedback after the provision of our services or requesting participation in surveys, as well as conducting market research, planning and/or analysis for statistical, profiling or other purposes for us to design our services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our services;
- communicating with you and informing you of changes and development to the Companies' policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to the services offered to you;
- preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks;
- providing media announcements and responses;
- organising promotional events;
- in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
- managing and preparing reports on incidents and accidents;
- complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities; and/or
- any other purpose relating to or reasonably necessary for any of the above.
When using your personal data to contact you for the above purposes, we may contact you via regular mail, fax, e-mail, SMS, telephone or via any other means.
If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, we may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our services (including any discounts and promotions).
In relation to particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we may Process your personal data. If so, we will Process your personal data for these purposes as well.
(c) Management of Personal Data
The Manager strives to maintain personal data accurate and up-to-date within the scope necessary to achieve the purposes of use, and to cease to retain personal data, or remove the means by which personal data can be associated with particular individuals, as soon as it is reasonable to assume that:
- the purpose for which the personal data was collected is no longer served by its retention; and
- retention of the personal data is no longer necessary for any legal or business purposes.
The Manager has made reasonable security arrangements to prevent:
- unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks; and
- the loss of any storage medium or device on which personal data is stored.
The Manager establishes the internal regulations necessary for the securing of personal data, provides its employees with relevant education and training, and carries out necessary and appropriate supervision. Moreover, it conducts necessary and appropriate supervision of contracted third-party service providers (including subcontractors, etc.) who handle personal data.
(d) Disclosure and Provision of Personal Data to Third Parties
Subject to applicable law, your personal data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
- our co-brand and other business partners;
- the Manager's related corporations;
- agents, vendors, contractors or other third-party service providers (including software providers) who provide services to the Manager, including in connection with any promotion or services offered by the Manager;
- analytics, search engine providers or other third-party service providers that assist us in delivering our services and/or websites as well as improving and optimising the same;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
- banks, credit card companies and their respective service providers;
- our professional advisers such as our board of directors, auditors and lawyers;
- relevant government regulators, government ministries, statutory boards or authorities and/or law enforcement agencies, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them;
- external business and charity partners in relation to corporate promotional events; and/or
- any other party to whom you authorise us to disclose your personal data to.
The Manager shall not disclose or provide personal data of individuals to any third parties except in the following cases:
- Consent has been given;
- Disclosure or provision of personal data is based on laws and regulations;
- Disclosure or provision of personal data is required to protect life, health or assets of a person and it is difficult to obtain consent;
- (Provision of personal data is particularly necessary in order to enhance public health;
- Cooperation is requested by government agencies, or service providers contracted by those agencies to conduct matters prescribed by laws and regulations, and obtaining consent may hinder the conduct of such matters; and/or
- The Manager provides personal data to third-party service providers under appropriate supervision within the scope necessary to carry out the applicable purpose of use of the personal data.
(e) Supervision of Third Party Service Providers
The Manager outsources certain services such as share registry services, webhosting, website maintenance and facilities management etc to contracted third-party service providers. The Manager conducts necessary and appropriate supervision of such contracted service providers to prevent loss, misuse, modification, etc. of the personal data handled and in their possession.
(f) Deemed Consent
In addition to the matters set forth above, subject to and in accordance with applicable law, you shall be deemed to have consented to the Manager Processing your personal data, and disclosing such personal data to the Companies' authorised service providers and relevant third parties:
- where in response to a request for your personal data in connection with identified purposes, you voluntarily provide such personal data to the Manager for such purpose(s) and it is reasonable that you would voluntarily provide such personal data; and
(g) Other Bases for Handling or Processing Your Personal Data
for our legitimate interests or the legitimate interests of another person (but not for sending you direct marketing messages unless you have otherwise provided your consent), including without limitation for the following purposes:
- any investigations or proceedings;
- fraud detection and prevention;
- entering into, managing or terminating an employment relationship or appointment; and
- detection and prevention of misuse of services by users; and
- we may collect your personal data from any of the Companies, we may use your personal data, and any of the Companies may disclose your personal data to us, for improving our services, processes or business, understanding customer preferences and personalizing experiences and recommendations (regardless whether you are an existing or prospective customer of any of the Companies).
Third Party Sites
- email us at email@example.com; or
- write to us at 8 Changi Business Park Avenue 1, #05-05, ESR BizPark @ Changi (South Tower).
All requests for correction or for access to your personal data must be in writing to firstname.lastname@example.org
or the address stated above. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.
We may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so. In many circumstances, we need to Process your personal data in order for us to provide you with services which you require. If you do not provide us with the required personal data, or if you withdraw your consent to our Processing of your personal data for these purposes, it may not be possible for us to continue to serve you or provide you with the services that you require. We may charge you a fee for responding to your request for access to the personal data which we hold about you, or for information about the ways in which we have (or may have) used your personal data. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received. Further rights may arise in future under amendments to the PDPA and in such a case, we will accord you such rights as provided for by the PDPA.