Privacy Notice - Singapore

1. Purpose

   The following is the privacy notice statement (“Privacy Notice”) of NIUM Pte. Ltd. which is the holding company of NIUM and or Instarem subsidiaries globally (formerly known as Instarem Pte. Limited) (collectively, “NIUM”, “we”, “our”, “us”) and sets forth our policies & practices in connection with personal data that we collect through our website, and any mobile sites, applications, or other mobile interactive features (collectively, the “Platform”).

   
   

   Our notice is to comply and ensure that our employees comply with the requirements of the Singapore Personal Data Protection Act (2012) (“PDPA”) and any other relevant privacy laws like the General Data Protection Regulation (EU) 2016/679 (GDPR) in the locations in which we operate.

   
   

   In order to use the services provided on our Platform, you will have to share your personal data with us.

2. Scope

   This Privacy Notice explains how we handle personal data you share with NIUM Pte. Ltd. (formerly known as Instarem Pte. Limited).

3. Personal Data

   “Personal data” is personally identifiable information that identifies you as an individual, such as your name, mailing address, email address, age range, and the like. Personal data is only obtained when you voluntarily provide the information to us. We use personal data to better understand your needs and interests and to provide you with better service.

4. Data Subjects

   Individuals accessing the Platform or who are registering to use the services on the Platform and who voluntarily provide personal data to us (“you” or “your”) are covered by this Privacy Notice.

5. NIUM Privacy Principles

   Your privacy matters to us. Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we shall maintain the following privacy principles:

   1. we will first obtain your consent to collect, use, or disclose your personal data;
   2. we only collect personal data that we believe to be relevant and necessary, in order to help us conduct our services;
   3. we use your personal data to provide you with improved services and products;
   4. where your consent has been provided, your personal data may be transferred to third parties, including NIUM companies or agents, as may be advised to you, either within or outside Singapore, and as permitted by law. Any contracts with these third parties will include the necessary provisions to safeguard the personal data that is being transferred to them in accordance with the PDPA;
   5. we may be required from time to time to disclose your personal information to governmental or judicial bodies or agencies or our regulators, if required to do so by law;
   6. we shall take reasonable measures to ensure that your personal data in our possession or control is accurate and up to date;
   7. we protect the personal data in our possession or under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of such data.
   
   

   By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.

   
   

   This notice shall stipulate:

   1. our purposes of personal data collection;
   2. the important controls we employ for protecting personal data;
   3. the classes of persons we can transfer personal data to;
   4. the data access and correction right of customers;
   5. our notice for data transfer;
   6. use of personal data in direct marketing;
   7. retention of personal data; and
   8. withdrawal of your consent.
6. Purposes of Data Collection

   1. From time to time, it may be necessary for you to supply us your personal data in connection with the opening or continuation of accounts and the establishment or continuation of facilities or provision of opening or continuation of accounts and the establishment or continuation of facilities or provision of commercial services.
   2. Failure to supply such personal data may result in our inability to open or continue accounts or establish or continue facilities or provide services to you.
   3. We may also collect personal data in the ordinary course of the continuing our business relationship, for example, when you avail any of our other services through the Platform.
   4. We, or authorized third parties, may use your personal data for any one of the following purposes:
      1. conducting checks at the time of your application for our products
      2. maintaining our credit assessments;
      3. ensuring your ongoing credit worthiness;
      4. designing services or related products for your use;
      5. marketing services, promotional materials, or other services or products for which we may or may not be remunerated;
      6. determining the amount of indebtedness owed to or by you;
      7. enforcement of your obligations, including, without limitation, the collection of amounts outstanding from you;
      8. complying with the obligations, requirements or arrangements for disclosing and using data that apply to us including:
         1. any law binding or applying to us existing currently and as may be amended, from time to time;
         2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers existing currently and in the future that apply to us; or
         3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on us by reason of our financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations.
      9. and information within our intragroup companies, subsidiaries, or affiliates, and any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; or
      10. other types of uses for personal data in connection with our business.
7. What Kind of Personal Information Do We Collect and Reserve?

   The types of personal information that we collect, and share depend on the product or service you avail with us. It includes, but is not limited to:

   1. contact and personal information: title, your first name, surname, date of birth, email address, mobile phone number, personal code, residential address and/or mailing address, data of the personal identity document, photo, signature, employment status, source of funds, driving license number, gender, citizenship;
   2. other information: video and audio records of video calls for identification, telephone conversations, IP address;
   3. details of visits to website, app and use of our Platform;
   4. for the purpose of direct marketing: name, surname, telephone no., e-mail address, address, date of birth, location, IP address, country of residence, nationality, industry type, employment status, cookies;
   5. for the purpose of recruitment: name, surname, nationality, address, employment/visa status, telephone no., e-mail address, education, work experience, current and previous employers contacts with candidates’ consent;
   6. for statistical, analytical and our services improvement purposes, we can use anonymized and aggregated datasets, which can be used not limited to modeling, reporting and analytics;
   7. representatives of legal entities (members of the management bodies and other representatives (for example, employees) who are authorized to represent the client in relations with the controller or acting on their behalf, representing the client on behalf of the client, according to corporate documents): personal identification number, identity document details, workplace, e-mail address, gender, position, surname, nationality, telephone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency, the data on the beneficiary of the funds (natural person’s name, date of birth, personal identification number or other unique character sequence assigned to this person for identifying the person; the legal entity’s name, legal form, registered office, code if any).
8. Important Controls Employed by NIUM for Protection of Personal Data

   1. Personal data in our possession and under our control shall be kept confidential and private. We shall take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal data. We shall store all the personal data you provide on our secure servers.
   2. Physical copies shall be under lock and key with logged access.
   3. Unfortunately, however, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. Any losses of personal data shall be handled at the outset as per legislated requirements or guidelines. Should there be none, we shall make arrangements to notify the relevant internal & external stakeholders. Periodic updates will be arranged to notify on actions and remedies taken with the final solution to be shared, on a fair and equitable basis. The final handling decision lies with us, based on legal and regulatory priorities firstly followed by its social responsibility.
9. Classes of Persons We Can Transfer Personal Data

   NIUM may provide such personal data for the purposes set out in Section 6 to the following third parties including, but not limited to:

   1. NIUM Pte Ltd. subsidiaries globally;
   2. any agent, contractor or third-party service provider who provides administrative, telecommunications, computer, payment, debt collection or other services to it in connection with the operation of its business;
   3. any other person or entity under a duty of confidentiality within our group companies which has to be in line with their nature of function on a need to know basis;
   4. any person or entity to whom we are obliged or otherwise required to make disclosure under the requirements of any law binding on or applying to our relevant group company, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which our relevant group company is expected to comply, or any disclosure pursuant to any contractual or other commitment of our relevant group company with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be existing currently and in the future applying to itself or its subsidiaries; or
   5. any other person or entity (including its associated companies or affiliates) who had established or proposes to establish any business relationship with it or recipient of the data.
   
   

   In all instances we shall ensure that our contracts with such third parties shall stipulate that the third parties shall act in accordance with the PDPA with respect to your personal data.

10. Access To and Correction of Personal Data

    You have the right:

    1. to check whether we hold your personal data;
    2. to access and correct your personal data;
    3. to request that we correct any of your personal data that may be inaccurate; and
    4. to inquire about our policies and practices in relation to personal data and to be informed of the kind of personal data held by us.
    
    

    The above requests can be addressed as follows:

    Attention to:

    1. The Compliance Officer (Contact us).
    2. We may require you to verify your identity before we provide you access to your personal data.
    3. We may charge you a fee in accordance with our Schedule of Fees and Guidelines to access to your personal data.
11. Data Transfer

    Upon obtaining your consent and/or when we follow applicable law requirements, your personal data may be processed, kept, transferred or disclosed in and to any country by us and in accordance with the laws, rules, regulations, or governmental orders of that (your) country.

12. Use of Data in Direct Marketing

    Before we use your personal data in direct marketing, we will obtain your explicit consent (which includes an indication of no objection) to do so.

    We are allowed to offer you similar goods or services when you signed a contract with us.

    If you do not wish us to use or provide to other persons his personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying us (Contact us);

13. Retention of Personal Data

    We retain your personal data for the period necessary to carry out the purposes outlined in this Privacy Notice, unless a longer period is required or permitted by law. As per the Instarem policies, deletion may apply where information has been collected from and about the customer for the purpose of an Instarem service and where: a customer that has partially registered; has an approved Instarem account; or has an active NIUM account. The individual can submit a request pertaining to the information held/collected about them to using the contact details listed below in section 15.

    The request will be assessed and handled in line with the Instarem’s internal Global Data Retention and Purging Policy which encompasses Instarem’s obligation to maintaining, keeping, archiving, purging the data in accordance to the applicable Privacy Laws.

14. Withdrawal of Consent

    You may, at any time, withdraw your consent for our collection, use, or disclosure of your personal data for any purpose by contacting our Compliance Officer (Contact us).

15. Contact Us

    Address: NIUM Pte. Ltd. (formerly known as Instarem Pte. Limited),

    16 Raffles Quay #20-05 Hong Leong Building Singapore 048581

    Attention to: Compliance Officer

    Our Customer Service can be contacted via Help Centre available on the Platform.

    Our Privacy Officer can also be contacted in relation to privacy concerns by writing to [email protected].

    Nothing in this Privacy Notice shall limit your rights under applicable laws.

NIUM Pte Ltd. (formerly known as Instarem Pte. Limited) is the holding company of NIUM subsidiaries globally. It is regulated by the Monetary Authority of Singapore as a major payment institution under License No. PS20200276.