Emotify Pte Ltd Privacy & Data Protection Policy

Data Protection Notice

This Data Protection Notice (“Notice”) sets out the basis which Emotify Pte Ltd (the “Data Controller”) may collect, use, disclose or otherwise process personal data of Emotify Pte Ltd’s customers in accordance with Singapore’s Personal Data Protection Act (“PDPA”). This Notice applies to personal data in the possession or under the control of Emotify Pte Ltd.

Personal Data

1.     As used in this Notice:

 “customer” means an individual who:

a)     has contacted us through any means to find out more about any goods or services we provide, or

b)     may, or has, entered into a contract with us for the supply of any goods or services by Emotify Pte Ltd; and

personal data” means data, whether true or not, about a customer who can be identified:

c)     from that data; or

d)     from that data and other information to which we have or are likely to have access.

 

2.   Depending on the nature of customer interaction with Emotify Pte Ltd, some examples of personal data which we may collect from you include your name and your contact information such as your residential address, email address or telephone number, photographs and other audio-visual information, and employment information.

 

3.    Emotify Pte Ltd does not process any personal data classified as ‘special’ (i.e. racial, ethnic origin, sexual orientation, philosophical beliefs).

  

Consent to Collection, Use and Disclosure of Personal Data

4.     We only collect customers’ personal data if:

a)     it is provided to us voluntarily by a customer directly or via a third party who has been duly authorised by a customer to disclose their personal data to us (their “authorised representative”) after

i.     the customer (or their authorised representative) have been notified of the purposes for which the data is collected, and

ii.     the customer (or their authorised representative) has provided written consent to the collection and usage of their personal data for those purposes, or

b)     collection and use of personal data without consent is permitted or required by the PDPA or other laws.

c)     We shall seek your consent before collecting any additional personal data and before using your data for a purpose which has not been notified to you (except where permitted or authorised by law).

 

5.     We may collect and use customers’ personal data for any or all of the following purposes:

a)    operating our websites;

b)    communicating with customers and potential customers;

c)    updating your personal and contact information;

d)  performing obligations in the course of or in connection with Emotify Pte Ltd’s provision of the goods and/or services requested by customers;

e)   responding to, handling, and processing queries, requests, applications, complaints, and feedback from customers;

f)     managing customers’ relationship with us;

g)    sending customers newsletters where they have opted to receive them;

h)    complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

i)      any other purposes for which customers have provided information;

j)      transmitting to any unaffiliated third parties including Emotify Pte Ltd’s third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and

k)    any other incidental business purposes related to or in connection with the above.

 

6.     We may disclose customers’ personal data:

a)     where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by customers; or

b)    to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned  purposes;

c)     where your consent has been obtained for disclosure;

d)    if required by the law or in the good faith belief:

i)     that such action is necessary to conform to the edicts of the law or comply with legal processes served on us;

ii)    to protect and defend our rights or property.

 

7.     Where your use of our Websites are concerned, you acknowledge and accept that certain functions, when activated or used by you, will operate to send or display information about yourself, including but not limited to, your personal data to certain third parties, and you agree to the sharing of such information with these third parties. You acknowledge and agree that we shall not be held responsible or accountable for any loss, injury or damage sustained by you for sharing the aforesaid information arising out of your activation or use of such features on the Websites.

 

8.     The purposes listed in the above clauses may continue to apply even in situations where the customer’s relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce its rights under any contract with the customer).

 

Withdrawing Consent

9.     The consent that customers provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by the customer in writing. Customers may withdraw consent and request us to stop using and/or disclosing their personal data for any or all of the purposes listed above by submitting their request via email to the Data Controller at sarah@sarahwhyte.com.sg.

 

10.  Upon receipt of a customer’s written request to withdraw their consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect their rights and liabilities to us. In general, we shall seek to process customers’ requests within ten (10) business days of receiving it.

 

11.  Whilst we respect customers’ right to withdraw their consent, please note that depending on the nature and the scope of your request, we may not be able to continue providing goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 9 above.

 

12.   Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws. 

Access to & Correction of Personal Data

13.  If customers wish to make:

a)     an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or

b)     a correction request to correct or update any personal data which the Data Controller holds, customers may submit their request via email to the Data Controller at sarah@sarahwhyte.com.sg

 

14.  We will respond to customers’ requests as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

 

Protection of Personal Data

15.  To safeguard customers personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, the Data Controller has introduced appropriate administrative, physical and technical measures to secure all storage and transmission of personal data by Emotify Pte Ltd, and disclosing personal data internally and to Emotify Pte Ltd’s authorised third party service providers

 

16.  Customers should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of customers’ information and are constantly reviewing and enhancing our information security measures.

 

Reporting of Personal Data Breaches

17.  In the event of a security leak and/or the leaking of data, we shall, to the best of our ability, inform customers and/or the relevant regulatory authority(ies) within 72 hours of the leak. This duty to report applies irrespective of the impact of the leak. We will endeavour that the furnished information is complete, correct and accurate. 


 18.  If required by law and/or regulation, we shall cooperate in notifying the relevant authorities and/or customers.

 19.  The duty to report includes in any event the duty to report the fact that a leak has occurred, including details regarding: 


a)     the (suspected) cause of the leak;


b)    the (currently known and/or anticipated) consequences thereof;

c)     the (proposed) solution;


d)    the measures that have already been taken. 


Accuracy of Personal Data

20.  We generally rely on personal data provided by customers (or their authorised representative). In order to ensure that customers’ personal data is current, complete and accurate, please update the Data Controller with changes to personal data by informing the Data Controller via email at sarah@sarahwhyte.com.sg

Retention of Personal Data

21.  We may retain customers’ personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

22.  We will cease to retain customers’ personal data, or remove the means by which the data can be associated with customers, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

 

Transfer of Personal Data Outside of Singapore

23.  Emotify Pte Ltd acknowledges that in the course of providing our products and services, we may transfer customers’ personal data to third-party service providers or affiliates located outside of Singapore. This includes, but is not limited to, the use of third-party software such as Dropbox and Google for data storage and workspace provision, Calendly for calendar scheduling, Microsoft for email and calendar services and Wave for accounting.

24.  The transfer of personal data outside of Singapore may be necessary for the following purposes:

a)     Utilizing third-party services for data storage and processing

b)     Facilitating communication and collaboration with international partners or clients

25.  We will take steps to ensure that customers’ personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. We engage service providers that implement reasonable security measures to safeguard your personal information.

26.  By engaging with our products and services, customers consent to the transfer of their personal data outside of Singapore as outlined in this Privacy Policy.

Use of Cookies

27.  The Websites (www.sarahwhyte.com.sg and www.drsarahwhyte.com) may place and access certain cookies on your computer and/or any other electronic device used to access the Website. We use cookies to improve your experience using the Website and to improve the efficacy of our Services.

28.  Cookies are small files of letters and numbers which is stored on your browser or hard drive. They help a website to run effectively and provide the best experience for visitors, allowing visitors to navigate and use key features on a website.

29.  Users of the Website are advised that if they wish to deny the use and saving of cookies from this Website onto their computers and/or other electronic devices, they should take the necessary steps within their internet browsers’ security settings to block all cookies from this Website.

30.  You can block or deactivate cookies in your browser settings and you can choose to delete the cookies at any time. However, you may lose any information that enables you to access the Website more quickly and efficiently.

 

External Websites

31.  Our Websites contain links to external websites. We make no representations as to the quality, suitability, functionality or legality of the material on external websites that are linked to, or to any goods and services available from, such websites. The material is only provided for your interest and convenience. We do not monitor or investigate such external websites and we accept no responsibility or liability for any loss arising from the content or accuracy of the material and any opinion expressed in the material should not be taken as our endorsement, recommendation or opinion. This Policy does not extend to your use of such external websites. You are advised to read the privacy policy or statement of such external websites before using them.

 

Data Controller

32.  Customers may contact the Data Controller Dr Sarah Whyte if they have any enquiries or feedback on Emotify Pte Ltd’s personal data protection policies and procedures, or if they wish to make any request, in the following manner:

 Email: sarah@sarahwhyte.com.sg

 Address: 60 Paya Lebar Road, #07-54 Paya Lebar Square, Singapore, 409051

 

Effect of Notice and Changes to Notice

33.  This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of customers personal data by Emotify Pte Ltd

 34.  We may revise this Notice from time to time without any prior notice. Customers may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Customers continued use of our services constitutes their acknowledgement and acceptance of such changes.

 

Miscellaneous

35.  The Data Protection Notice and the implementation thereof will be governed by Singapore law. 


36.  Any dispute arising in connection with and/or arising from this Data Protection Notice will be referred to the competent Singapore court in the district where the Data Controller has its registered office. 


Last updated: Wednesday 24 January 2024