This Privacy Statement applies across all websites that we own and all services we provide, including our software platform that enables an entity’s employees, partners and suppliers to report concerns or misconduct to that entity in a secure and prompt manner (the IntegraCall® | Secure Messaging Platform) and any other apps or services we may offer (for example, events or training).
It applies to personal data, being identifiable information about a person such as name, email, address, telephone number, bank account details, payment information, support queries etc. This Privacy Statement does not apply to personal data that has been aggregated and anonymised.
GENERAL DATA PROTECTION REGULATION
The European Union (EU) General Data Protection Regulation (the GDPR) introduced clear, uniform data protection laws across the EU and replaced existing national data protection rules. The GDPR significantly increases the rights of individuals in relation to the protection of their personal data. It also increases the responsibilities of organisations that control and process personal data, and substantially increases the penalties for non-compliance.
Singaporean businesses covered by the Personal Data Protection Act 2012 (PDPA) may need to comply with the GDPR if they:
· have an establishment in the EU (regardless of whether they process personal data in the EU); or
· do not have an establishment in the EU, but offer goods and services or monitor the behaviour of individuals in the EU.
These privacy laws include similar requirements, including:
· promoting transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected;
· requiring businesses to implement measures that ensure compliance with a set of privacy principles;
· notification of data breaches in certain circumstances;
· undertaking privacy impact assessments in certain circumstances; and
· technology neutral applicability, preserving their relevance and applicability as technology changes and evolves.
However, the GDPR sets out a more rigorous approach to processing personal data than the PDPA, and the consequences for failing to comply correctly are significantly harsher.
We have always appreciated the importance of data privacy to both our clients and to individual data subjects. Information security and data privacy have always been a key focus of ours, and many of the obligations imposed on data processors under the GDPR reflect practices that we have followed for many years.
We are also firmly committed to offering our clients the tools and solutions they need to ensure that their use of our services satisfies their obligations under the GDPR. One solution we have developed is a Data Processing Addendum, which specifically addresses all requirements of data processors set out under the GDPR. This Data Processing Addendum also incorporates the European Commission’s Model Contract Clauses, to provide a legitimate mechanism for the transfer of personal data outside the European Economic Area. To obtain a copy of this Data Processing Addendum, please ask contact our Data Protection Officer at firstname.lastname@example.org.
OUR COMMITMENT TO PRIVACY
Speeki Pte Ltd (Speeki, we, our, us) is an independent, technology-driven professional services firm with a distinct focus on integrity & compliance risk management. As part of our business, we collect information about people, companies and organisations.
The privacy and protection of your personal data is important to us. Speeki provides this Privacy Statement to describe and explain our information practices, and the measures we take to protect your privacy and comply with applicable law and obligations. It describes how we collect, use, share and secure the personal information you provide. It also describes your choices regarding use, access and correction of your personal information.
We are responsible for this website, www.speeki.com, and this Privacy Statement.
SCOPE OF THIS STATEMENT
This statement covers all types of personal data that Speeki holds. This may be data that we hold in our capacity as a 'controller', which may include:
· individuals and companies identified via a government issued list or media reports that may be of interest to our clients;
· contact persons within our actual or potential client organisations; or
· individuals that have listened to our webinars, attended our events or subscribed to our mailing lists.
This data may also be that which we hold in our capacity as a 'processor', which may include:
· actual clients and their employees; or
· partners of clients who are involved with our clients’ compliance programmes and their employees.
NOTE: A ‘controller’ is an organisation which determines the purposes for which personal data is to be processed. This is contrasted with ‘processors’, which process personal data on behalf of ‘controllers’, and only in accordance with the controller’s instructions.
Speeki collects personal data from many geographical regions and sources. Our policy is to comply with all applicable legislation, using an overarching set of principles to guide us, which we set out in further detail below.
1. Notice: Where it is our responsibility under applicable law, we notify individuals about the purposes for which we collect and use information about them. This includes information about how individuals can contact us with any inquiries or complaints, the types of third parties to which we disclose the information and the choices and means we offer for limiting its use and disclosure.
2. Choice: Where we hold personal data as a controller, and where required by applicable law, we give individuals the opportunity to choose whether certain technologies are used (i.e. cookies) and whether their personal data will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected. Where we hold personal data as a processor on behalf of a client, we ensure that the personal data is secure and processed in accordance with the instructions of our client.
3. Onward Transfer (Transfers to Third Parties): Other than onward transfer to clients (as discussed in this statement), and other than as described in this Privacy Statement, Speeki does not share, sell, rent, or trade personal data with third parties in any way. We may share the personal data you provide to us with business partners for services such as hosting or translating. These service providers only use the personal data on behalf of us. We may also disclose personal data as required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights or to comply with a judicial proceeding, court order, law-enforcement request, or other legal process.
4. Access: Where we hold personal data as a controller and where required by applicable law, we provide the ability for individuals to correct, amend, access or delete personal data held about them where it is inaccurate. You may correct, amend or delete your information by contacting us at email@example.com. We will respond to your request within a reasonable timeframe. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information for as long as reasonably necessary for the purpose(s) for which the information was collected.
5. Security: We take reasonable organisational, technical, administrative and physical steps to protect against unauthorised access to and disclosure of personal data, which may include:
· Security policies:
o Designing and supporting our products and services according to documented security policies and international standards.
o Annually assessing our policy compliance and making necessary improvements to our policies and practices.
· Employee training and responsibilities:
o Taking certain steps to reduce the risks of human error, theft, fraud, and misuse of our facilities.
o Training our personnel on our privacy and security policies.
o Requiring our employees to sign confidentiality agreements.
o Assigning to an individual the responsibility to manage our information security program.
· Access control:
o Limiting access to information to only those individuals who have an authorized purpose for accessing that information.
o Terminating those access privileges following job change or termination.
· Data encryption:
o Ensuring that all electronic transfers of information (including sensitive information such as your login information) are done through encrypted connections via SSL encryption and storing all data is stored on encrypted servers.
· Review of vendors:
o Internal due diligence procedures to review the vendors we select and use.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
6. Data integrity: We take reasonable steps to ensure that data we collect is reliable for its intended use, accurate, complete, and current. We do not process personal data in any way that is incompatible or inconsistent with the purpose for which such information was collected.
7. Enforcement: We have in place a readily available and affordable independent recourse mechanism so that any complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide. Speeki has committed to voluntarily and periodically reviewing our privacy and security practices to verify that we are meeting our obligations.
THE TYPES OF PERSONAL DATA THAT WE MAY COLLECT
We may collect, use, store and transfer the following kinds of personal data:
· Identity Data, including first name, middle name, maiden name, last name, company name, username or similar identifier, marital status, title, date of birth, gender, nationality, educational records, job title, employment history, business activities, credit history, passport number, national identification number, vehicle registration number, driver’s licence number, information on compliance indiscretions, criminal records;
· Contact Data including billing address, delivery address, email address and telephone numbers;
· Financial Data including bank account, payment card details and other financial information;
· Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
· Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and our products and services;
· Profile Data including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
· Usage Data including information about how you use our website, products and services; and
· Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any ‘special categories’ of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or information about your health and genetic and biometric data.
HOW WE COLLECT AND USE YOUR PERSONAL DATA
A. FOR SALES AND MARKETING PURPOSES
For the purposes of communication and marketing, Speeki collects information directly from you, through automated technologies or interactions, and from third parties.
You may give us your information directly, by purchasing our products and services, creating an account on our website, registering for conferences or webinars, subscribing to our services and notifications, requesting marketing information, or providing us with feedback.
We also gather certain information automatically from our website and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. In order to send you push-notifications (for reasons described in more detail below), we will need to collect certain information about your device such as operating system and user identification information.
We may also collect information about you from time to time through our analytics partners, advertising networks, search information providers, channel partners and organisers of events that we partner with.
The personal data we collect may be used to:
· register you as a customer or as an attendee to a webinar or other event;
· accept, process and deliver an order for our products or services;
· communicate with you and provide support to you with your use of our products or services;
· issue invoices and collect fees;
· send you newsletters as part of a regular service;
· respond to your questions and concerns when you use our ‘contact us’ form;
· improve the contents of our website and marketing efforts;
· conduct research and analysis;
· display content based upon your interests; and
· allow you to subscribe to our announcements, events or magazines (including sending you push notifications).
Where we process your personal data to register you as a customer, accept your orders and deliver goods and services to you, we do so on the basis that it is necessary to perform our obligations under contract with you. It may also be necessary to comply with certain legal obligations.
Where we process your personal data for the purpose of collection of fees, we do so on the basis that it is necessary to perform our obligations under contract with you. Such processing is also necessary for our legitimate interests, in ensuring that we can recover money that is owed to us.
Where we process your personal data to send you newsletters, respond to your questions, improve the contents of our website and marketing efforts, conduct research and analysis and display content based on your interests, we do so on the basis that it is necessary for our legitimate business interests. These interests include the interests of ensuring our clients receive premium service, growing our business to best satisfy changing market needs, and ensuring continual improvements to our suite of product and services.
Where we process your personal data to allow you to subscribe to our announcements, events or magazines, we do so on the basis that you have provided an explicit and specific consent for us to do so.
You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at email@example.com. If you no longer wish to receive push-notifications, you may turn them off at the device level.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our website may not be available to you.
You may receive information about the data collected on you personally by contacting firstname.lastname@example.org. If the data is incorrect you have the right to ask that it is updated.
B. COOKIE AND OTHER TRACKING TECHNOLOGY
Speeki and our partners, affiliates, or analytics or service providers also use technologies to analyse trends, administer the site, track users’ movements around the site and gather demographic information about our user base as a whole. These technologies may include, but are not limited to, cookies, beacons, tags and scripts. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Where our site includes links to other websites the privacy practices may differ from our own. If you submit personal data to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
We make use of Google Analytics (https://www.google.com/analytics/) to track interactions with our website. This information allows us to better understand how and when users interact with our services, helping us to make improvements. [Do we?] To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
We also use the information collected to maintain and upgrade our system. Our technical staff may require periodic access to services data to monitor system performance, test systems, and develop and implement upgrades to systems. This services data will generally does not include your personal data. Any temporary copies of services data created as a necessary part of this process are only maintained for time periods relevant to those purposes.
C. INFORMATION RELATING TO OUR HOSTED SERVICE
If you either work for a client of Speeki who has purchased our proprietary software-as-a-service product - the IntegraCall® | Secure Messaging Platform - (Hosted Service) or you work as a partner of such a client, information about you may be held in the platforms underpinning the Hosted Service. In each case, the client who has purchased access is the controller of your data and Speeki is the processor. We process this personal data on the basis that it is necessary to perform our obligations under contract with our client.
It is the responsibility of the client company to request your consent to the information being stored and to inform you of their intentions to use the data and your rights.
Depending on your relationship with the client, the information collected may include:
· your name;
· your password;
· your role and title;
· descriptions of your relationship with the client, such as conflicts of interest or gifts;
· information about policies you have read or training you have taken (including the results of the training);
· the answers you have given any questions the client has asked you in a questionnaire;
· details regarding an alleged incident regarding serious misconduct, and the investigations involving such incident; and
· information you voluntarily submit to us on behalf of your company or users when interacting with the Hosted Service.
As the processor of your data, Speeki does not use the information except in the case where we have been asked by our client to provide support or advice or to maintain and upgrade a system. For support or maintenance, our technical staff may require periodic access to services data to monitor system performance, test systems, and develop and implement upgrades to systems. We may also access information in an aggregate form for statistical analysis and capacity management. Speeki may transfer personal data to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Privacy Statement regarding notice and choice and the service agreements with our clients.
Requests for access, changes or deletion to the information collected about you should be made to the client who has purchased the Hosted Service. If you are unsure of who to contact at the client, you may contact us at email@example.com. If the client requests Speeki to remove the data, we will respond to their request as soon as reasonably practicable, but no later than 30 days.
Speeki will retain information we process on behalf of our clients for as long as needed to provide the Hosted Service to our Client. Speeki will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
DISCLOSURE OF PERSONAL DATA
We will share your personal data with third parties only in the ways that are described in this Privacy Statement.
A. DISCLOSURE TO INDUSTRY BODIES FOR THE PURPOSES OF SALES AND MARKETING
In the interests of us further enhancing our services, Speeki may share personal data collected for sales and marketing purposes with industry organisations (such as those organisations dedicated to thought leadership in compliance and ethics). In those cases, Speeki may provide these organisations with your personal data to alert you to seminars or events which may be of interest to you. Speeki will not disclose any personal data to industry organisations unless those organisations exhibit privacy and data protection standards on par with those of Speeki. We will only provide your personal data to third parties for sales and marketing purposes if you have given us your explicit and specific consent to do so. If you wish to withdraw your consent, please email us at firstname.lastname@example.org.
B. DISCLOSURE TO BUSINESS PARTNERS
In the ordinary course of our business, we work closely with our affiliate companies and with a trusted network of third-party business partners. These affiliates and business partners provide a variety of services, including:
· information collection and analysis;
· hosting and data storage services;
· chatbot and translation services;
· support, maintenance and other IT services;
· analytics and measurement services;
· internet and social media services;
· recruitment services;
· business advisory and management consulting services; and
· marketing and advertising services.
Our affiliates are all governed by the terms set out in this Privacy Statement. We will only share your personal data with business partners that can provide the same degree of security and protection that we do. Our business partners will only process your personal data in accordance with our instructions, for the purposes and the legal bases identified in this Privacy Statement.
C. DISCLOSURES IN CONNECTION WITH ACQUISITIONS OR DIVESTITURES
Circumstances may arise where for strategic or other business reasons Speeki decides to sell, buy, merge or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers, or receiving it from sellers. It is Speeki’s practice to seek appropriate protection for personal data in these types of transactions. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
D. DISCLOSURE FOR OTHER REASONS
We may disclose personal data if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, to protect and defend our rights or property, or in urgent circumstances to protect the personal safety of any individual, including requests from national security agencies or law enforcement.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Speeki may need to transfer your personal data out of the country in which it was originally collected. For example, our Hosted Service is hosted on servers located in the United States, and personal data processed using our Hosted Service will be transferred to, processed and stored in facilities in the United States.
For personal data collected in the European Economic Area (EEA), this may mean transfers outside the EEA.
We will only transfer personal data out of the EEA under the following circumstances:
· where the recipient is located in a country that has been deemed to adequately safeguard the personal data by the European Commission; or
· where the recipient has entered into a contract with us, which contains clauses approved by the European Commission to offer the personal data the same degree of protection it has in the EEA; or
· for recipients located in the United States, where the recipient is registered under the Privacy Shield framework.
For more information about this section, please contact us at email@example.com.
THIRD PARY LINKS
You may find content on our website or on our Hosted Service that links to the sites of our partners, suppliers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by sites linked to or from our website or Hosted Service. In addition, these third-party sites, including their content and links, may be constantly changing. These sites may have their own privacy policies and customer service policies. Browsing and interaction on any other site, including sites which may have a link to our website, us subject to that site’s own terms and policies.
The GDPR establishes certain rights of individuals in relation to their personal data. These rights (as limited under law) include:
· the right to request access to the personal data that we hold about you;
· the right to have us correct and update your personal data where it is inaccurate or incomplete;
· the right to have us delete your personal data;
· the right to object to our processing of your personal data;
· the right to ask us to restrict the processing of your personal data;
· the right to ask that we transfer your personal data; and
· the right to withdraw consent to our processing of your personal data.
To find out more, and to exercise your rights under the GDPR, please contact us at firstname.lastname@example.org.
DATA BREACH RESPONSE PLAN
If Speeki becomes aware of any accidental, unauthorised, or unlawful destruction, loss, alteration or disclosure of or access to the personal data that is processed by Speeki, it shall without undue delay notify you and provide you (as soon as possible) with a description of the incident as well as periodic updates to information about the incident, including its impact on client information. We shall also take action to investigate the incident and reasonably prevent or mitigate the effects of the incident.
DATA PROTECTION OFFICER
Should you have comments or questions about this statement, you may contact our Data Protection Officer by email at: email@example.com.
You may also contact our Data Protection Officer via postal mail at the following address:
Attention: Data Protection Officer
Speeki Pte Ltd
519 Balestier Road
#03-01 Le Shantier
CHANGES TO THIS PRIVACY STATEMENT
If we decide to change our Privacy Statement, we will post those changes to this webpage and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this Privacy Statement at any time. When we make only minor modifications, we may do so without notifying you. When we make material modifications, we will notify you here, through a prominent notice on our site or by email (sent to the email address specified in your account) prior to the change becoming effective.
YOUR ACCEPTANCE OF THESE TERMS
By accessing and using our website and/or Hosted Service, you signify your acceptance of our Privacy Statement. If you do not agree to this Privacy Statement, please do not use our products and services. Your continued use of our products and services following our posting of changes to this Privacy Statement will be deemed your acceptance of those changes.