Data Privacy Policy

1. WHO IS RED DOT PAYMENT PTE. LTD. AND HOW DOES THIS PRIVACY STATEMENT WORK?

The purpose of this Privacy Statement is to give you information on how Red Dot Payment
Pte. Ltd (“RDP”) collects, uses, processes and discloses your Personal Information when you
use website (“Website”), software applications (“Apps”), payment processing platform (“Platform”), or our financial technology products or services we may offer you.

RDP is part of the PayU Group of companies. PayU is part of a group made up of several local businesses in a number of markets across the world. PayU belongs to Prosus Group https://www.prosus.com/companies of companies i.e., Prosus N.V, a company registered with the Trade Registry for Amsterdam under 34099856 and its affiliates.

“RDP”, “us” or “our” in this Privacy Statement refers to RDP, which is responsible for processing your personal information. While this Privacy Statement applies to RDP in Singapore, you can also view the PayU Global Privacy Statement here.

In case of any differences between this Statement and the Global Privacy Statement, this Statement will prevail.

By accessing our Website, submitting your Personal Data, or by engaging or using our Apps, tools, and services or Platforms, you accept and consent to the practices describes described within this Privacy Statement, including the purposes for which your Personal Data will be collected, used, and disclosed as set out in this Privacy Statement. We have taken steps to ensure that we do not collect more information from you than is necessary for us to provide you with our services as well as the purposes listed in Part 5 of this Privacy Statement.

 

2. WHAT IS PERSONAL INFORMATION AND WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?

“Personal Data” as defined in the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”), means data from which any individual can be identified, whether through the data alone or in conjunction with other information that we have or are likely to have access to. This would include Personal Information as defined in this Privacy Statement.

Depending on who you are (e.g., a merchant, customer, cardholder, consumer, supplier or business partner) and how you interact with us (e.g., telephone, online or offline), we may collect, use, receive, store, analyze, combine, transfer or otherwise process different categories of personal information.

Below is a table reflecting the categories of personal information we may collect about you:

Categories of Personal Information Which includes such information as
Identity and account log- in information Full name(s), title, identity number, and your date of birth.
Contact information Telephone number(s), physical address, country, email, and chosen billing address.
Financial information Bank account data, credit or debit card information.
Payments information (transactional information) Personal account numbers, name on credit card, a merchant’s name and identifiers, the date and amount of the transaction and other information provided by you directly or by banks or merchants.
Usage and technical information IP addresses, browser type and versions, operating systems, time zone setting, geolocation information, content and pages that you access on our Website(s), Apps or Platform, and the dates and times that you visit the Website, App or Platform, paths taken.
Credit and lending information Financial information (e.g., credit score) and income information (e.g., employment contract).
Marketing and communications information Communication with customer service support, behavioral data (for example, collected using cookies), information about promotions, surveys, promotional campaigns and records of your decision to subscribe or to withdraw from receiving marketing materials.

We may also collect, use and/or share non-personal information or anonymized data such as statistical or demographic data.

As a principle, we do not collect any special categories of personal information about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric information).

To the extent our Website or Apps include links to third-party websites, plug-ins and applications
(including cookies, tracking technologies and widgets by third party advertisers), it is important
that you understand that by clicking on those links or enabling those connections, you may allow third parties to collect or share data about you. RDP does not have oversight of these third-party websites and we are not responsible for their processing of personal information.

 

3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

How we collect personal information will depend on the following broader situations:

I. If we receive or collect it directly from you

We may collect personal information directly from you in different ways on our Websites, Apps, Platforms or product or service offerings. For example, you may give us your personal information when you:

 

II. If we collect personal information from third parties, or from publicly available sources

We obtain personal information through third parties or, if publicly available, where permitted under applicable law, including:

 

4. WHAT ARE THE LAWFUL GROUNDS THAT WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

We process personal information only when we have a valid legal ground to do so. Most commonly, we use your personal information where:

There can be additional legal grounds for processing personal information in some countries. This depends on applicable law and the products and services offered to you.

 

5. PURPOSES FOR WHICH RDP MAY PROCESS YOUR PERSONAL INFORMATION

I. To verify, authenticate and authorize your use of our products or services

To conduct ‘Know your Customer’ and risk assessments in order to authenticate and authorize your use of our products or services depending on if you are a merchant, consumer or customer, and your choice of service or product. The type of personal information typically required is Identity, Contact and Financial information. This is necessary in order for RDP to assess your application under contract and necessary for our legal obligations under certain laws.

 

II. To process payment transactions made through our Platforms

The types of personal information we require to provide a product or service and the legal ground depends on the specific payment methods made available by us.

RDP offers multiple types of international and local payment methods, which are subject to product specific service terms (contracts) and legal obligations. For example, when RDP offers card payment processing as a payment’s aggregator on our Platform, RDP processes personal information received from merchants such as transaction details, and if payment is by card
(cardholder details such as name on card) in order complete the payment by you to the merchant to purchase a product or service. RDP is often of personal information on behalf of the merchant who is acting as responsible party. In other cases, certain payment transactions require you to provide personal information directly to us onto our Platform in order for us to process a transaction – in that instance the purpose is to process the payment for you.

Please click here and search for Singapore to find out the specific details of the payment methods available.

 

III. To protect our business and to ensure compliance with the law

We process personal information to meet the requirements of applicable laws, regulations, standards, rules, codes and the requirements of financial institutions with which RDP must comply. This includes:

 

IV. To manage our relationship with you

If you contact us or otherwise give us your Contact information (for example by registering, by completing an enquiry form on our Website/s, or by subscribing to receive support, and service status communications from us or security or fraud monitoring alerts), we may process your personal information:

 

V. To market our products and services and related services to you

We may use personal information to market our products and services and to notify you about events, offers, sponsorships, marketing programmes and similar marketing campaigns. For more information please see Part 7 of this Statement entitled Marketing.

 

VI. To conduct research and to develop and improve our products and services

We may use personal information that we collect:

 

6. WHOM DO WE DISCLOSE YOUR PERSONAL INFORMATION TO OR SHARE IT WITH?

We may share personal information with internal third parties, being third parties from the group of companies to which RDP belongs, i.e., the Prosus Group https://www.prosus.com/companies. We may disclose your personal information to those companies, to:

We may share your personal information with external third parties such as:

RDP takes all reasonable measures to ensure that every third party involved in the processing of your personal information has the required organizational and technical protections in place, including the required data processing and transfer agreements where this is necessary. When required under applicable law, we may provide you with a list of our sub-processors or suppliers upon request, by contacting us at dpo@reddotpay.com.

 

7. MARKETING

You may receive marketing communications from RDP, for example, if you have:

The provision of such marketing activities is subject to the applicable laws of the country that the marketing and communication activity occurs. We keep a register of Marketing and Communications personal information that is used by us. You are entitled to opt out from receiving such marketing by clicking on the opt out or unsubscribe link(s) provided in such RDP marketing communications.

You may also be required to opt- in before receiving any marketing communications from RDP and you have the right to opt-out at any time.
RDP may also use Marketing and communications personal information in order to improve and customize the content of our ads, promotions and advertising that may be of interest to you.

 

8. COOKIES AND SIMILAR TECHNIQUES

RDP uses cookies, web beacons and similar techniques when you access our Website, App or Platform. We explain how we use cookies and the choices you have when it comes to our use of cookies below.

 

What is a cookie? A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by RDP and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.

More specifically, we use cookies and other tracking technologies for the following purposes:

 

Targeting Cookies
These cookies may be set through our Website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly Personal Data, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

 

Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us to know which pages are the most and least popular and see how visitors move around the Website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our Website, and will not be able to monitor its performance.

 

Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

If you want to learn even more about how to disable and delete cookies on your browser, click on any of the links below depending on your choice of browser.

Should your browser not be listed below, or if you want to learn more about cookies in general, please visit www.allaboutcookies.org.

Mozilla Firefox®
Microsoft® Internet Explorer
Google Chrome™
Safari®
Opera(R) [https://help.opera.com/en/latest/web-preferences/]
LinkedIn (https://www.linkedin.com/legal/cookie-policy)

 

9. INTERNATIONAL DATA TRANSFERS

We are part of a global company with a global footprint.

Your personal information may be processed either locally Singapore where you work or reside, or in any other country where we or our approved third-party service providers operate, worldwide, as permitted by law.

Should your personal information move outside the European Economic Area or another country that restricts transfers of personal information, we use the EU Commission’s standard contractual clauses or other locally-compliant transfer mechanisms, such as consent, to ensure that an adequate or same level of protection is applied to your personal information as that afforded in the country of origin.

 

10. DATA RETENTION

RDP may store your personal information for as long as required for the fulfillment of the purposes for which we collected it. The retention of personal information by RDP is determined by considering compliance with legal (contractual or statutory requirements), accounting and compliance reporting requirements. For this example, preventing fraud and to prevent anti-money
laundering and combat anti-corruption and financing of terrorism.

RDP also takes into consideration the temporary limits established in the commercial or data privacy laws, as well as in other relevant laws.

 

11. WHAT ARE YOUR INDIVIDUAL RIGHTS?

We ensure that you may exercise your individual privacy rights under the PDPA. We are not ordinarily required to provide any customer (or any other individual appointed to act on behalf of the customer, individual connected party of the customer or individual beneficial owner of the customer) (“Requesting Individual”) with (i) access to Personal Data that is in our possession or control; (ii) information about the ways in which the Personal Data has been or may have been used or disclosed by us; and (iii) the right to correct an error or omission of the Personal Data in our possession or control.

Where we are satisfied of the reasonable grounds, we may provide such Requesting Individual with the right to:
a) access the following types of Personal Data in our possession or control:
i. full name, including any alias;
ii. unique identification number;
iii. residential address;
iv. date of birth;
v. nationality; and
vi. subject to sections 21(2) and (3) read with the Fifth Schedule to the
PDPA, any other Personal Data provided by that Requesting Individual to
us; and

b) correct an error or omission in relation to your Personal Data listed in
a(i) to (iv) above but it is subject to section 22(7) read with the Sixth Schedule to the PDPA which specifies five activities which are exceptions from correction requirements under the PDPA – such as – opinion data kept solely for evaluative purposes, examinations conducted by an education institution, examination scripts and before the release of examination results or Personal Data related to arbitration or documents related to prosecution proceedings.

(c) withdraw any consent given or deemed to have been given under the PDPA in respect of the collection, use, or disclosure of their Personal Data for any purpose if there is no other legal ground to process your Personal Data.

(d) raise a compliant by contacting the Personal Data Protection Commission (PDPC).

If you would like to make a request regarding any of your individual rights, please feel free to contact us at dpo@reddotpay.com

 

12. SECURITY: HOW WE PROTECT & STORE PERSONAL INFORMATION

The security of your personal information is important to RDP. RDP takes legal, technical and organizational measures that it considers necessary in order to maintain the confidentiality and security of your personal information, with due regard to the applicable obligations and exceptionsunder the legislation in force.

In addition, RDP follows the payments industry standards regarding the protection of payment card information. RDP is regularly audited to maintain the highest level of security certification with the Payments Card information Security Standard Council (PCI) in respect of protecting card data.

RDP regularly reviews its policies regarding the collection, storage and processing of your personal information, including physical security measures, to prevent alteration, loss, query, use or fraudulent or unauthorized access of your personal information.

RDP has put in place procedures to deal with personal information breach and will notify you and any applicable regulator or authority of a breach where we are legally required to do so.

 

13. MINORS1

RDP does not voluntarily or actively collect, use or disclose personal information of minors without the prior consent of the parents or guardians of the minor. The services of RDP are not intended or designed to attract minors.

If we learn that we collected the personal information of a minor, without first receiving a verifiable parental consent, we will take steps to delete the information as soon as possible.

 

14. CHANGES TO THE PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES

This Privacy Statement may change over time. The recent version of this Privacy Statement is published on this Website.


1 Individuals less than 21 years of age

This version was issued on 26 August 2020.

We will notify you of any changes to this Privacy Statement by publishing this on our Website. You can print or store this Privacy Statement by downloading a copy from your browser. It is very important that any personal information we hold about you is up to date and correct. Please inform us of any changes to your personal information.

 

15. HOW TO CONTACT US

The Controller of this Website is RDP and if you have any additional questions or concerns about the content of this Privacy Statement or would like to make a request, please feel free to contact us at dpo@reddotpay.com.