Effective Date: November 2023
This notice is issued in compliance with applicable law, including the General Data Protection Regulation or GDPR ((EU) 2016/679) (GDPR), the UK Data Protection Act 2018, the retained UK version of the GDPR (UK GDPR) and the Singapore Personal Data Protection Act 2012 (PDPA). We are issuing this notice as "controllers" of your personal data under the GDPR and UK GDPR and “organisations” under the PDPA. This notice explains how the companies in Conneto group named below use the personal data of visitors to our website (www.conneto.com), our clients or their representatives, our clients' customers or business partners /counterparts, and our suppliers or their representatives (you or your) that use our website, products, services, apps, or features, either online or offline (collectively, our Services). By "personal data", we mean any information about an identified or identifiable natural person.
By using our Services, you acknowledge the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not use our Services. If you do not understand, or if you have questions about, this Privacy Notice, please contact us before using, or continuing to use, our Services.
Please note that we may change this notice from time to time. Please therefore check the date at the top to see if it has been updated since you last read it. You may obtain previous versions from us through the channels stated in Section 2. If we choose to amend this Privacy Notice, we will revise the Last Updated date at the top of this Privacy Notice when we post the updated version. We may also provide you with notice by prominently posting on our website, via email or both, if we make any significant changes to this Privacy Notice. We may also highlight those changes at the top of this Privacy Notice and provide a prominent link to it for a reasonable length of time following the change. Your use of our Services after we have informed you in one of these ways that we made changes to our Privacy Notice will mean that you have accepted those changes.
We are
(1) Conneto Hub Pte. Ltd., established in Singapore with company number 202337146Z (Conneto)
(together or separately, we, us or our).
We may be contacted at: conneto@conneto.com.
We collect the personal data (including special categories of personal data) set out in the table below from the sources also set out in the table below.
• Click here [Hyperlink to the chart at the end of the document] to see all of the categories of personal data we collect under California privacy law.
Non-personal data includes information that does not personally identify you or information that has been anonymized (collectively, non-personal data). When we combine non-personal data with personal data, we treat the combined information as personal data.
You can always refuse to provide your personal data, but please note that some personal data is necessary to provide our Services.
We also use various types of online analytics, including Google Analytics, a web analytics service provided by Google, Inc. (Google), on our website under the terms specified in the Cookies Policy. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the website, compile reports on the related activities, and provide other services related to website and app activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google click here. When we combine non-personal data with personal data, we treat the combined information as personal data. You can always refuse to provide your personal data, but please note that some personal data is necessary to provide our Services. When we combine non-personal data with personal data, we treat the combined information as personal data. You can always refuse to provide your personal data, but please note that some personal data is necessary to provide our Services.
Offline Interactions and Other Sources
We also may collect personal data from other sources, such as our partners or third-party service providers, or from our offline interactions with you for the purposes listed in the How we use your personal data section below, including to enable us to verify or update the information contained in our records and to better customize the Services for you.
Social Media Integration
Our Services may, from time to time, contain links to and from social media platforms. You may choose to connect to us through a social media platform, such as Facebook, LinkedIn or X Social Media, and when you do, we may collect additional information from you, including the information listed in the the type of personal data we collect and the source of that information section above. Please be advised that social media platforms may also collect information from you. When you click on a social plug-in, such as Facebook’s “Like” button, that particular social network’s plugin will be activated and your browser will directly connect to that provider’s servers. We encourage you to review the social media platforms’ usage and disclosure policies and practices, including the data security practices, before using them.
We use your personal data for the purposes of:
• Entering into and performing our contract with our clients, and conducting our business relationship with them. This may include monitoring and recording telephone calls with our clients' representatives or their customers.
• "Know Your Client" checks when deciding whether to enter a contract with you or the business you represent.
• Assessing the business and financial risks carried by our clients, to determine whether or not to enter into a contract with them and to decide the commercial terms of the contract.
• Collecting payments from our clients' customers or business partners /counterparts.
• Operating and improving our websites, including through conducting or obtaining analyses of website usage. Where possible, we will anonymise or pseudonymise your information used for this purpose.
• Developing and improving the technology, systems and processes used in the operation of our business. Where possible, we will anonymise or pseudonymise your information used for this purpose.
• Communicating with regulators and law enforcement agencies in order to comply with reporting obligations, deal with their enquiries and cooperate with regulatory and law enforcement.
• Defending or bringing legal proceedings.
• Taking professional advice such as legal, auditors' or management consultancy advice. Marketing our services to you. Where legally required, we will obtain your consent specifically for such marketing.
When we make checks with credit reference agencies, they will keep a record of this, which they may share with their third-party customers and other credit checking or fraud prevention agencies. They or we may also link that record with your spouse or financial associate whose onboarding information you supply to us or the credit reference agency holds. The credit checking agencies are separate controllers of your data. If we make checks with them, we will tell at the time where to read their information about their use of your personal data.
We may also combine your personal data collected through various sources, including information collected through our Services, and develop a profile that will be used for the purposes above.
We may use personal data to create non-personal data. We may use non-personal data for any legitimate business purpose.
Where our legal basis for using your personal data is consent, you may withdraw that consent at any time by writing to us or emailing us at the address given in Section 2 above. This will not affect the lawfulness of the processing that has been carried out based on your consent prior to the withdrawal.
When making the request, please provide your full name and address and/or email address in exactly the form in which they were originally provided to us to avoid any possible confusion with a different individual. We may ask you for further information to verify your identity.
We may share your personal data with:
• Our lawyers, accountants and other professional advisers.
• Agents and suppliers who assist us with "Know Your Client" checks, such as Lexis Nexis, and with credit checking and fraud prevention agencies.
• Our service providers including banks, financial firms, and providers of IT systems.
• Our clients, where you are their customer or representative or business partner /counterpart.
• Our suppliers, where you are their customer or representative.
• Our group companies.
• In accordance with applicable law, we may also transfer or assign personal data to third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation.
• Regulators and government and law enforcement agencies.
We do not sell or rent your personal data.
Click here [Hyperlink to chart at the end of the document] to see all of the categories of personal data we share under California privacy law.
Your information is securely stored in:
• The United Kingdom, the European Union and countries that have been determined to provide adequate protection under the GDPR and/or PDPA.
• Other countries if we or our processors have entered into standard contractual clauses, approved under the GDPR or contractual clauses in accordance with the requirements of the PDPA, with the recipient and we have assessed that the protections of those clauses are effective in light of the legal regime in the recipient’s jurisdiction and, if necessary, adopted supplementary technical, organisational, or contractual measures. For more information please contact us through a channel mentioned in Section 2.
We are dedicated to ensuring the security of your personal data. We use physical, electronic, and administrative security measures appropriate to the risks and sensitivity of the personal data we collect. We aim to provide secure transmission of your personal data from your devices to our servers. We have processes to store personal data that we have collected in secure operating environments. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal data to you. We try our best to safeguard personal data once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your personal data, please contact us immediately.
We will keep your personal data for as long as necessary for the purposes of processing.
In general, this will be the period of time for which we perform our contract with you or the business that you represent, plus a further eight years, in case of any claims. In the case of our clients' customers or business partners /counterparts, or the business they represent, this will be the period of the contract between your or that business and our client, plus a further eight years, in case of any claims
If we collect your information with a view to entering into a contract, but do not enter into the contract, we retain your information for a reasonable period, in case you make a repeat application.
We will keep information about visitors to our websites for a reasonable length of time which lets us understand how people use our website and any technical issues they have. Usually, this will not exceed 12 months.
Under applicable law, subject to certain exceptions, you may exercise the following rights in relation to the personal data we hold about you:
Access - You have the right to obtain confirmation as to whether or not we are processing your personal data and, where this is the case, to ask us for copies of the data and information about the processing.
Rectification - You have the right to ask us to correct your personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Erasure - You have the right to ask us to erase your personal data where we have no compelling reason to keep using it. This is not a general right; there are exceptions, e.g., if we have a legal obligation to keep the data.
Restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances. However, please note that if we restrict the processing of your personal data per your request, we may not be able to provide you with certain Services.
Objection to processing – Where we process your data for purposes of pursuing our legitimate interests, you have the right to object to the processing of your personal data unless we have strong and legitimate reasons to continue using the data.
Portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, where we have used your information based on your consent or the need to perform a contract.
You are not required to pay any charge for exercising your rights, save in exceptional circumstances. If you make a request, we have one month to respond to you. Please note that you also have the right to not receive discriminatory treatment for exercising your rights.
Please contact us, or have your authorized agent contact us, through a channel mentioned in Section 2 if you wish to make a request. When making the request, please provide your full name and address and/or email address in exactly the form in which they were originally provided to us to avoid any possible confusion with a different individual. We may ask you for further information to verify your identity.
We do not share personal data with third parties for their own direct marketing purposes without your consent. California residents under 18 years old, in certain circumstances, may request and obtain the removal of personal data or content that you have posted on our Services. Please be mindful that this would not ensure complete removal of the content posted by you on our Services. To make any request pursuant to California privacy law, please contact us.
Our Services are not for children or those under the age of 21. We do not knowingly collect personal data from children or other persons who are under 21 years of age. Individuals who are children or those under the age of 21 should not attempt to provide us with any personal data. If you think we have received personal data from children or those under the age of 21, please contact us immediately.
Our website and Services may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third-party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.
If you have any concerns about our use of your personal data, you can make a complaint to us through a channel mentioned in Section 2.
You can also complain to the regulator in your location or:
For Singapore
Conneto Hub Pte. Ltd.
Contact to: Data Protection Officer
E-mail address: conneto@conneto.com
Address: 160 ROBINSON ROAD, #14-04, Singapore
This appendix seeks to provide additional information to residents of California and supplements the information provided in the Privacy Notice above.
To learn more about the categories of personal data we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it, please see the chart below.