Privacy Policy

Updated as of 01 July 2023

This Privacy Policy (the “Policy”) applies to the collection, use, disclosure and processing of an individual customer’s Personal Data (hereinafter defined) arising from goods and/or services offered by Red Kite and/or any of its affiliated companies in Singapore (collectively referred to as “Red Kite”), as well as the websites operated by Red Kite, which include the website at www.RedKite.sg

  1. General

1.1     This Policy statement provides information on the obligations and policies of Red Kite in respect of an individual customer’s Personal Data to ensure compliance with its obligations under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (the “Act”). Red Kite undertakes to use reasonable efforts in applying, where practicable, those principles and the processes set out herein to its operations.

1.2     Red Kite officers, management, and members of staff shall use reasonable endeavours to respect the confidentiality of and keep safe any and all Personal Data collected and/or stored and/or disclosed and/or used for, or on behalf of, Red Kite. Red Kite shall use reasonable endeavours to ensure that all collection and/or storage and/or disclosure and/or usage of Personal Data by Red Kite shall be done in an appropriate manner and in accordance with the Act and this Policy.

1.3     By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Red Kite as well as to its respective representatives and/or agents (“Representatives”) (collectively referred to herein as “Red Kite”, “us”, “we” or “our”) collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to Red Kite’s authorised service providers and relevant third parties in the manner set forth in this Privacy Statement.

1.4     This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use, disclose or process your Personal Data.

1.5     For the purposes of this Policy, in line with the provisions under the Act, “Personal Data” shall mean data, whether true or not, about an individual customer who can be identified — from that data; or from that data and other information which an organisation has or is likely to have access. Such Personal Data shall also refer to that which is already in the possession of Red Kite or that which shall be collected by Red Kite in future.

  1. Statement of Practices

Types of Personal Data Collected:

2.1 As part of its day-to-day activity, Red Kite may collect from you, through various means, including via our websites, marketing events such as road shows and any forms used by Red Kite from time to time, some or all of the following Personal Data:
– Name (first and surname);
– Postal Address;
– Phone number (including mobile);
– Office number;
– Email address;
– Bank account/credit card details;
– Gender;
– Personal Data of your emergency contacts;
– Username and password;
– IP addresses;
– Date of birth
– Photographs and images; and
– Any other Personal Data furnished by you.

Cookies

We use cookies on our websites to track visitorship and experience. Most web browsers are designed to accept cookies. If you do not wish to receive any cookies, you may set your browser to refuse it.

Purpose of Collection and Use of Personal Data

2.2 We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

The above Personal Data mentioned in Clause 2.1 is collected and used for the purposes of performing obligations in the course of or in connection with our provision of the goods and/or services requested by you; processing your application and registration of your membership and to ascertain if you are eligible for discounts, privileges or benefits or other related purposes; to conduct market research and analysis; for quality control, appraisal, as well as staff management, training and development; for payment and/or credit control purposes; to notify you of any changes to our policies or services which may affect you; to respond to queries and feedback; maintaining and updating your membership details; to provide you with personalised services; verifying your identity; to notify you of special events, promotions and offers and marketing and advertising materials in relation to our goods and services and those of third party organisations which we are associated with (including through direct marketing via voice calls, text messages, email, direct mail and facsimile messages); complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority; to enable us to develop, deliver and improve our products, services, content and advertising; to administer our websites; to improve your experience with us; and any other incidental business purposes related to or in connection with the above.

Telephone calls made to any of Red Kite companies to order and/or service hotlines and/or inquiry telephone numbers may be recorded for the purposes of quality control, appraisal, as well as staff management, training and development as well as for evidentiary purposes, particularly in the case of conduct which may be reasonably considered to be insulting, intimidating, humiliating, malicious, degrading or offensive. In such an event, by agreeing to this Policy, you hereby give your consent for the collection, use, disclosure and/or processing of such Personal Data for the purposes of our records, following up with your enquiry and/or transaction, and for quality control and training purposes.

Optional Provision of Personal Data

In some instances, you may also be requested to provide certain Personal Data that may be used to further improve Red Kite products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalised service, or provision of a product or dependent on your providing all requested data, failure to provide the requested data may prevent Red Kite from providing the service to you. This type of data includes, but is not limited to:

– Your age;
– Gender;
– Salary range and employment details;
– Education and Profession;
– Medical history;
– Hobbies and leisure activities;
– Other related products and services subscribed to; and
– Family and household demographics.

Disclosure of Personal Data

2.3 In order to carry out the functions described above, Red Kite may, from time to time, disclose your Personal Data between Red Kite companies. We may also disclose your Personal Data: (a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or (b) to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned purposes in Clause 2.2 above.

2.4 Without derogating from any of the above, Red Kite may also disclose your Personal Data to the following third parties:

– Regulators and law enforcement officials;
– Lawyers;
– Auditors;
– Third party service providers and consultants;
– Credit, debit and charge card companies, banks and other entities processing payment;
– Potential buyers or investors of Red Kite or any of Red Kite companies;
– Any agent or subcontractor acting on Red Kite behalf for the provision of Red Kite services.

2.5 Red Kite may disclose your Personal Data to the abovementioned parties also in the occurrence of any of the following events:

– When and to the extent that Red Kite is required to do so by the law;
– In connection with any legal proceedings or prospective legal proceedings;
– When establishing, exercising, or defending Red Kite legal rights;
– When any person and/or entity processes such information on Red Kite behalf;
– When third parties provide services to Red Kite or on its behalf;
– With your consent; and
– For the purposes of disaster recovery.

2A. Reliance on the Legitimate Interests Exception

2A.1 In compliance with the PDPA, Red Kite may collect, use or disclose your personal data without your consent for the legitimate interests of Red Kite or another person. In relying on the legitimate interests exception of the PDPA, Red Kite will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.

2A.2 In line with the legitimate interests’ exception, Red Kite will collect, use or disclose your personal data for the following purposes:

(a) Fraud detection and prevention;
(b) Detection and prevention of misuse of services;
(c) Network analysis to prevent fraud and financial crime, and perform credit analysis; and
(d) Collection and use of personal data on company-issued devices to prevent data loss.

The purposes listed in the above clause may continue to apply even in situations where your relationship with Red Kite (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.

  1. Transfer of Personal Data Overseas

Your Personal Data may be transferred and/or processed by Red Kite, its affiliates, agents and third parties providing services to Red Kite, in jurisdictions outside of Singapore with standards of data protection that is at least comparable to the protection under the Act, or where we have taken steps to ensure that your personal data continues to receive a comparable standard of protection. In this event Red Kite will comply with the terms of the Act.

  1. Accuracy of Personal Data

Red Kite will make a reasonable effort to ensure that personal data collected by it or on its behalf is accurate and complete if the personal data is likely to be used by Red Kite to make a decision that affects the individual concerned, or is likely to be disclosed by Red Kite to another organisation. Where possible, Red Kite will validate data provided using generally accepted practices and guidelines. This includes the use of checksum verification on some numeric fields such as account numbers or credit card numbers. In some instances, Red Kite is able to validate the data provided against pre-existing data held by Red Kite. In some cases, Red Kite is required to see original documentation before we may use the Personal Data such as with Personal Identifiers and/or proof of address. To assist in ensuring that your Personal Data in the possession of Red Kite is current, complete and accurate, please inform us of any updates of any parts of your Personal Data by sending a clearly worded email to the DPO at the email address provided at Clause 13.1 below.

  1. Protection of Personal Data

Red Kite will protect personal data in its possession or under its control (whether in physical or electronic form) by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks and the loss of any storage medium or device on which personal data is stored. Red Kite uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your Personal Data and will not knowingly allow access to this data to anyone outside Red Kite, other than to you or as described in this Policy. However, Red Kite cannot ensure or warrant the security of any information you transmit to Red Kite and you do so entirely at your own risk. In particular, Red Kite does not warrant that such information may not be accessed, altered, collected, copied, destroyed, disposed of, disclosed or modified by breach of any of Red Kite’s physical, technical, or managerial safeguards.

  1. Access To and Correction of Personal Data

6.1 Where you request access to and/or correction of Personal Data relating to you, which is in the possession and control of Red Kite, Red Kite will respond as soon as reasonably possible from the time the request is received. If Red Kite is unable to respond within thirty (30) days of receiving your request, Red Kite will inform you in writing within thirty (30) days of the time by which it will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required or permitted to do so under applicable laws).

6.2 In accordance with Clause 6.1 of this Policy, you have the right to:
(a) Check whether Red Kite holds any Personal Data relating to you and, if so, request for copies of such data;
(b) Request information on how Red Kite has used or disclosed, or may have used or disclosed such personal data, in the one (1) year before the date of your request; and
(c) Request for Red Kite to correct or update any Personal Data relating to you which is inaccurate for the purpose for which it is being used.

You may submit your request in writing or via email to our DPO at the contact details provided at Clause 13.1 below.

6.3 Red Kite reserves the right to charge a reasonable administrative fee in order to meet your requests under Clause 6.2. Upon payment of the requisite fee and/or receipt of your request under Clause 6.1, your request shall be processed as soon as reasonably possible from the time the request is received.

6.4 If you wish to verify the details you have submitted to Red Kite or if you wish to check on the manner in which Red Kite uses and processes your personal data, Red Kite security procedures mean that Red Kite may request proof of identity before we reveal information. This proof of identity may take the form of full details of name, membership number and NRIC or Passport or FIN number. You must therefore keep this information safe as you will be responsible for any action which Red Kite takes in response to a request from someone using your membership details. We would strongly recommend when you login to your online account in our websites that you do not use the browser’s password memory function as that would permit other people using your terminal to access your personal information.

6.5 Please note that your right to access or correct your personal data is subject to legal prohibitions and permitted exceptions under the Act.

  1. Withdrawing your Consent

7.1 The consent that you provide for the collection, use disclosure and/or processing of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using, disclosing and/or otherwise processing your personal data for any or all of the purposes listed above by submitting your request via email to our DPO at the contact details provided at Clause 13.1 below.

7.2 Upon receipt of your written request to withdraw your consent, Red Kite may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

7.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in Clause 13.3 below.

7.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

  1. Storage and Retention of Personal Data

We may retain your Personal Data for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by applicable laws. Red Kite will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for any reasonable business or legal purposes of Red Kite and where the Personal Data is deleted from Red Kite electronic, manual, and other filing systems in accordance with Red Kite internal procedures and/or other agreements.

  1. Contacting you

To the extent that any of the communication means which you have provided Red Kite with (which may include, your telephone number and fax number) is/will be listed on the Do Not Call Registry (the “DNC”), by checking the box on the application form, data collection and consent form, or by any other means of indication, you hereby grant Red Kite your clear and unambiguous consent to contact you using all of your communication means you have provided to Red Kite including using via voice calls, SMS, Whatsapp, MMS, fax or other similar communications applications or methods, for the purposes as stated above in Clause 2.2. This will ensure your continued enjoyment of Red Kite promotional rates and services.

  1. Your Choices Regarding Your Personal Information

You can exercise the following choices with respect to your personal information either through your online account or by sending us an email at sales@RedKitesg.com.

– You can request access to your personal information we maintain;
– You can correct your personal information, which includes the right to have incomplete personal information completed;
– You can request that we stop sending you electronic marketing communications, including by following the procedures described in the Opt-Out section below;
– You can request that we delete your personal information, subject to our obligation or ability to retain your personal information under applicable law;
– If our use of your personal information is based on consent, you can withdraw your consent at any time.

  1. Opting Out

If you would like to opt out of receiving promotional emails from us, please follow the unsubscribe instructions located at the bottom of each email. If you would like to opt out of receiving direct email, mail, mobile marketing or telephone marketing calls from us, please send your request, including your name, email address, street address via email to sales@Red Kitesg.com (please use the subject line: Privacy Opt-Out Request). We are not responsible for notices that are labelled or sent improperly or do not have complete information. We will process your request within 30 calendar days of the date we receive your request, but you may, in the meantime, receive previously scheduled emails, mail, or calls from us. Once you have opted out, you do not need to do so again.

  1. Changing, Updating or Deleting Personal Information

You can update, change, or delete certain personal information (such as your email address, mailing address, and payment method) on Red Kite Websites by clicking “My Account” in the menu at the top of each page. If the information you wish to update, change, or delete is not included in the “My Account” page, you can request an update, change, or deletion by emailing sales@Red Kitesg.com

  1. Change Policy

Red Kite reserves the right to alter any of the clauses contained herein in compliance with local legislation, and for any other purpose deemed reasonably necessary by Red Kite. You should look at these terms regularly. If you do not agree to the modified terms, you should inform us as soon as possible of the terms to which you do not consent. Pending such notice, if there is any inconsistency between these terms and the additional terms, the additional terms will prevail to the extent of the inconsistency.

  1. Governing Law

This Policy is governed by and shall be construed in accordance with the laws of Singapore. You hereby submit to the non-exclusive jurisdiction of the Singapore courts.

  1. Miscellaneous

12.1 This Policy only applies to the collection and use of Personal Data by Red Kite. It does not cover third party sites to which we provide links, even if such sites are co-branded with our logo. Red Kite does not share your Personal Data with third party websites. Red Kite is not responsible for the privacy and conduct practices of these third party websites, so you should read their own privacy policies before disclosure of any Personal Data to these websites.

12.2 Red Kite will not sell your personal information to any third party without your permission, but we cannot be responsible or held liable for the actions of third party sites which may have linked or been directed to a Red Kite website.

12.3 Red Kite websites do not target and are not intended to attract children under the age of 18 years old. Red Kite does not knowingly solicit personal information from children under the age of 18 years old or send them requests for personal data.

12.4 Red Kite may revise this Privacy Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Privacy Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

  1. Contacting the Data Protection Officer

13.1 In accordance with the Act, Red Kite has established a process for receiving and responding to any query or complaint that may arise with respect to the application of this Act. To ensure that Red Kite receives your complaints and enquiries, please send the same via email to the Data Protection Officer (the “DPO”) of Red Kite at the following email address: sales@Red Kitesg.com

13.2 Please note that if your personal data has been provided to us by a third party (e.g. a member via a referral process), you should contact that individual to make such queries, complaints, and access and correction requests to Red Kite on your behalf.

13.3 Should you not wish Red Kite to use your Personal Data for any of the purposes listed in Clause 2, or not to receive promotional materials from Red Kite, you may opt out by sending a clearly worded email to the DPO via the email address provided in Clause 13.1 above.

  1. Limitation of Liability

In no event shall Red Kite, its parent, subsidiaries or affiliates or their respective officers, directors, employees, agents, successors, subsidiaries, divisions, distributors, suppliers, consultants, service providers, affiliates or third parties providing information on its websites have any liability for any damages or losses arising out of or otherwise incurred in connection with the loss of any data or information contained in your account or otherwise stored by or on behalf of Red Kite or in connection with the collection, use, disclosure and/or processing in relation to your personal data.

Because some countries do not allow limitations on implied warranties or the exclusion or limitation of certain damages, in such countries some or all of the above disclaimers or exclusions may not apply and liability will be limited to the fullest extent permitted by applicable law.