DATA PROTECTION POLICY

DATA PROTECTION POLICY

Red Dot Payment Pte Ltd together with its affiliates (collectively, “RDP”) is a rapidly expanding international FinTech business headquartered in Singapore. We provide customized payment solutions and process personally identifiable information (PII) on behalf of merchants which act as data controllers.

 

Beyond meeting our clients’ and business partners’ security expectations, we take a proactive approach to information security and ensure that all privacy risks are identified and necessary steps are taken to protect adequately personally identifiable information. RDP is implementing and maintaining appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject.

 

While emerging as a leading premium payment service provider, we are committed to a sustainable growth based on sound security and privacy principles adherent to all applicable personal data regulations, especially the Singapore PDPA and EU GDPR.

 

Security activities include but are not limited to:

  • Regular conducting penetration and vulnerability tests of its payment solutions in line with PCI DSS requirements as well as conducting periodic onsite audits and addressing all significant vulnerabilities;
  • Monitoring payment systems and receiving audits by an accredited body against PCI DSS requirements;
  • Regular review and monitoring of systems RDP has deployed.
  • Adherence to privacy by design principles as guiding principles for all development of systems processing personal identifiable information takes
  • Requirement for all vendors and subcontractors processing PII on our behalf or accessing our payment solutions to comply with applicable PCI DSS requirements.

 

 

Further we are committed to follow the basic principles for processing PII as defined by the EU GDPR:

  • Lawfulness, fairness and transparency – All PII are processed lawfully, fairly and in a transparent manner in relation to the data subject as agreed with the controller.
  • Purpose limitation – RDP collects PII only for specified, explicit and legitimate purposes and not further processes in a manner that is incompatible with those purposes; At no time PII is used for other purposes other than that agreed with the controller.
  • Data minimisation – RDP ensures that collection and storage of PII is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy – RDP ensures that data are accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  • Storage limitation – PII is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed or as legally required.
  • Integrity and confidentiality – PII is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • Accountability – While RDP is acting as processor of PII, RDP is supporting the controller of PII in its responsibility to demonstrate compliance.

 

In case of any concern or question, please contact our Data Protection Officer at dpo@reddotpay.com.