Personal Data Protection Policy

Personal Data Protection is important to us

Protection of your Personal Data is important to us. This Personal Data Protection Policy (“Policy”) outlines how we manage the Personal Data we hold. The Policy applies to all departments and business units across Vena Foundation Ltd and/or its related corporations and affiliates (“Vena Group”, “we”, “us” or “our”) collectively or singularly as the context requires.

We respect the confidentiality of Personal Data and privacy of individuals and are committed to complying with the Singapore Personal Data Protection Act (Act 26 of 2012) (“PDPA”) and other applicable data protection laws, including the European Union (“EU”) General Data Protection Regulation (“GDPR”) where applicable. Please read this Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which any member of the Vena Group may have at law to collect, use or disclose your Personal Data. This Policy does not affect any rights which we may have at law in connection with the collection, use or disclosure of your Personal Data.

For the avoidance of doubt, to the maximum extent permitted under applicable law, nothing in this Policy establishes any joint and several liabilities on the part of the Vena Group members.

1. Your Personal Data

1.1. “Personal Data” refers to any data or information about you from which you can be identified either (a) from that data alone; or (b) from that data combined with other information. Examples of such Personal Data which you may provide us include (depending on the nature of your interaction with us): 
1.2. In respect of our activities in the EU, Personal Data shall also include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, criminal convictions and offences, and other information defined as personal data under GDPR such as internet protocol addresses and cookie identifiers (insofar as such information is capable of identifying individuals either directly or indirectly).

2. Collection of Personal Data

2.1. Generally, we collect your Personal Data in the following ways:
2.2. If you provide Personal Data of a third party to us, you represent and warrant that the collection, use and disclosure of that Personal Data to us, as well as the further processing of that Personal Data by us for the purposes set out below, is lawful. 
2.3. In respect of our activities in the EU, Vena Foundation Ltd (Reg. No. [201821234R]), is the ultimate primary data controller for processing of the Personal Data.

3. Use and Disclosure of Personal Data

3.1. In general, we will, subject to applicable law, use and disclose your Personal Data for the following purposes: 
3.2. Generally, we process your Personal Data for one or more of the specific purposes identified in this Policy based on your consent obtained. Where GDPR applies, the legal basis for our processing of your Personal Data could also be that it is necessary for the legitimate interests pursued by us, or a third party which is described in paragraph 3.4 of this Policy. These legitimate interests include providing services to you where you are our client, managing the relationship between us and you and facilitating internal business purposes and administrative purposes. In some cases, the provision and processing of your Personal Data may be a statutory and/or contractual requirement, or may be necessary in order to perform any contract you have agreed with us or perform services that you have requested.
3.3. In addition, we may use and disclose your Personal Data for the following purposes: 
3.4. Your Personal Data will be protected and kept confidential, but subject to the provisions of any applicable law, your Personal Data may, depending on the products or services concerned, be disclosed to third parties set out below. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to third parties. Your Personal Data will, in each case, only be disclosed to the extent necessary and proportionate.
3.5. We require that organizations outside the Vena Group which handle or obtain Personal Data as service providers to us acknowledge the confidentiality of this data, undertake to respect any individual's right to privacy and comply with the PDPA, the GDPR and any other applicable data protection laws. As a requirement under these laws, we may be required to have specific agreements in place with such third parties to regulate and safeguard your data protection rights. We also require that these organizations use this information only for our purposes and follow our directions with respect to this information. 

4. Transfer of Personal Data

4.1. Your Personal Data may be stored in external servers located overseas. In addition, as described above, in carrying out our business, it may be necessary to share information about you with and between our related corporations and third party service providers, some of which may be located in countries outside your country of residence. Such countries may not afford a standard of protection similar to those in your country of residence. However, we will take reasonable steps to ensure that your Personal Data transmitted outside of your country of residence is adequately protected. In addition, we will ensure that such transfers comply with the requirements of the applicable data protection laws.
4.2. If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include user information among our assets transferred to or acquired by a third party. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal data according to this policy.

5. Retention of Personal Data

5.1. We may retain your Personal Data for as long as it is necessary for the purposes it has been collected, and (i) in most cases, up to 7 years; or (ii) in respect of our activities in the EU, up to 10 years, unless otherwise required by applicable law or in order to defend legal claims. Where we no longer require your Personal Data for those purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.

6. Your Rights

6.1. You have the following rights, under applicable data protection laws (except where the exercise of these are restricted under applicable laws – for example, due to judicial proceedings or the carrying out of investigations), which can be exercised by contacting the relevant Data Protection Officer at the contact details provided in paragraph 11.1 below: 
6.2. Where we rely on your consent to use your Personal Data, you have the right to withdraw that consent at any time. If you withdraw your consent to any or all purposes and depending on the nature of your request, we may not be in a position to continue to provide our products or services to you. Please note, however, that if you have provided us consent in respect of the use of your Singapore telephone number(s) for receiving marketing or promotional information, any such consent provided will not be affected by your withdrawal of your other consent in accordance with the terms set out in this Policy.  If you do not wish for your Singapore telephone number(s) to be used for receiving marketing or promotional information, please contact the relevant Data Protection Officer and specify that you wish to withdraw your consent for such purpose.
6.3. Where mandated under the applicable data protection laws, your exercise of the rights described or referred to above shall be free of charge. In all other situations, we may charge a fee to cover the cost of verifying the request and locating, retrieving and copying any material requested.
6.4. If you want to exercise any of your rights or if you wish to raise a complaint on how the Vena Group has handled your Personal Data, you may contact the relevant Data Protection Officer at the contact details provided in paragraph 11.1 below.

7. Management and Security

7.1. We have appointed Data Protection Officers to oversee our management of your Personal Data in accordance with this Policy and the applicable data protections law. We train our employees who handle your Personal Data to respect the confidentiality of your Personal Data, and we regard breaches of all applicable data protection laws very seriously.

8. Cookie Policy

8.1. We use “cookies” to collect information about you and your activity across our Website. A cookie is a small piece of data that our Website stores on your computer, and accesses each time you visit so we can understand how you use our Website and serve you content based on preferences you have specified. If you do not wish to accept cookies from us, you should instruct your browser to refuse cookies from our Website, with the understanding that we may be unable to provide you with some of your desired services without them. This policy covers only the use of cookies between your computer and our Website; it does not cover the use of cookies by any advertisers.

9. Third-Party Sites

9.1. Our website may contain links to other websites operated by third parties, such as our business partners. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website, unless that is a mandatory requirement by applicable data protection laws and regulations. We encourage you to learn about the privacy policies of such third parties. Once you have left our website, you should check the applicable privacy policy of such third parties at their respective websites to determine how they will handle any information they collect from you. 

10. Telemarketing Policy 

10.1. Our Telemarketing Policy relates only to individual users of Singapore telephone numbers and was developed to comply with the Do Not Call (“DNC”) provisions under the PDPA. Our Telemarketing Policy applies to the Vena Group unless we have notified you otherwise in writing.
10.2. We aim to comply with the DNC provisions and your choices to receive promotional and marketing messages:

11. How to contact us

11.1. If you have any questions about this Policy or any queries relating to your Personal Data, or you would like to obtain access and/or make corrections to your Personal Data records, please contact the relevant Data Protection Officers:

12. Governing Law

12.1. This Policy and your use of this website shall be governed in all respects by the laws of Singapore. For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.

13. Review of this Policy

13.1. This Policy will be reviewed from time to time by us. We may also from time to time update this Policy to take account of new laws and technology, changes to our operations and practices and the changing business environment. If you are unsure whether you are reading the most current version, please contact us. 
13.2. In the event of any inconsistencies between the English version and other translations of this Policy, the English version shall prevail.

Posted as of [8th, October]