Privacy Policy

OFX Singapore PTE. Limited

Introduction
The OFX service is provided by OFX Singapore PTE. Limited (OFX) (“OFX” or “we” or “our” or “us”). OFX treats your privacy rights very seriously and will deal with any Personal Data you provide to us strictly in accordance with the following privacy principles. This Privacy Policy should be read in conjunction with the customer agreement (“Customer Agreement”) that you enter into with OFX. The term Personal Data as used in this Privacy Policy refers to data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Personal Data may include an individual’s name, address, phone number, email address or information about activities directly linked to that person which when taken together would be able to identify that person. This is not an exhaustive list and we may collect other types of Personal Data from you.
By interacting with us, submitting information to us, or signing up for any services offered by us (including the OFX service), you are deemed to agree and consent to us (as well as our representatives and/or agents) collecting, using or disclosing and sharing amongst ourselves your Personal Data in the manner set forth in this Privacy Policy.

Privacy Principles Purpose

1. These Privacy Principles describe how we collect, use and disclose your Personal Data.

2. We will collect, use or disclose your Personal Data for the purpose of providing our services to you and any purpose that is directly incidental or reasonably related to the provision of those services, generally as described below and elsewhere in this Privacy Policy:
(a) to undertake associated business processes and functions;
(b) for administration, planning and account management;
(c) to identify you as our Customer;
(d) to monitor, develop and improve the quality of our services;
(e) to send you information that is relevant to the provision of our services;
(f) to answer or process your enquiries or complaints, and provide information or advice;
(g) to comply with any law, rule or regulation (for example, in Singapore the Anti-Money Laundering and
Counter Financing of Terrorism Regulations (“AML/CFT Regulations”)) or binding determination, or to cooperate with any governmental authority; and
(h) any other purpose disclosed to you at the time we collect your Personal Data.

In the event that we wish to use, collect or disclose your Personal Data for any other purpose not described in this Privacy Policy, we will identify such purpose and obtain your prior consent, unless we are required or exempted from doing so by law.

3. We are always willing to explain to you more specifically the purposes for which your Personal Data is being collected.
Consent

4. We will seek your consent to the collection, use or disclosure of your Personal Data either expressly or impliedly, depending on the circumstances and the type of information collected. For example, we will rely on your implied or deemed consent when you enter into the Customer Agreement or give us your name, address, telephone number and other details necessary for us to verify your identity in accordance with the provisions of the Customer Agreement.

5. Your consent may also be given by an authorised representative or a person having Power of Attorney.

6. You acknowledge that, in order to provide you with services, we must collect certain information about you including Personal Data. You also acknowledge that we must collect certain information, including Personal Data about your Authorised Representatives and your Recipients. For all Business Customers, we may also collect Personal Data of individuals who ultimately own or control (whether directly or indirectly) the Business Customer (“Beneficial Owners”). You agree to provide us with any such Personal Data that we request, and you agree that, in relation to any information you give us, you have obtained the consent to the collection, use and disclosure of the information from the individual/s concerned. When you give us Personal Data of your Recipients and of Beneficial Owners, you represent that you are authorised to do so and agree to inform any Recipients and Beneficial Owners of the contents of this Privacy Policy as it relates to them.

7. You may withdraw your consent at any time, subject to any legal restrictions and subject to any contractual restrictions you have already entered into with us, and provided that you give us reasonable notice in writing. We will explain to you the implications of such withdrawal. You acknowledge that we may be unable to initiate or continue to provide services to you, or administer any contractual relationship(s) in place upon the withdrawal of your consent. Such withdrawal may therefore result in the termination of any accounts, agreements and/or contractual relationship(s) you may have with us. All our legal rights and remedies are expressly reserved in such termination and any subsequent event.

8. We may from time to time send you information that is relevant to the provision of our services. If, at any time, you do not wish to receive that information, you may send us an email, telephone and/or postal opt-out and request that you are not included in any future mail-outs.

9. There may be circumstances in which we are obliged to collect, use, or disclose certain Personal Data without your consent. Such circumstances could include the following:
(a) the collection, use or disclosure is necessary to respond to an emergency that threatens your life, health or safety or that of another individual;
(b) the collection, use or disclosure is necessary for
any investigation or proceedings, and it is reasonable to expect that seeking your consent for collection would compromise the availability or the accuracy of the Personal Data;
(c) the Personal Data is collected, used or disclosed by us
to recover a debt owed to us by you or for us to pay to you a debt owed by us; or
(d) the Personal Data is disclosed to any officer of a prescribed law enforcement agency.
Limiting Collection and Retention of Personal Data

10. The amount and type of Personal Data collected by us will be limited to that which is necessary to provide our services (or fulfill the purpose for which it was collected). The Personal Data shall be retained only for as long as may be necessary for the fulfilment of the purpose for which the Personal Data is collected, or as required or permitted by applicable laws, rules and regulations.

11. You acknowledge that we are obliged under relevant AML/CFT Regulations to retain information relating to personal identity for at least 5 years.
5 years.

12. Subject to any legislative requirements, we will destroy, erase, or make anonymous your Personal Data as soon as it is reasonable to assume that it is no longer required to fulfil the purpose for which it has been collected, and retention is no longer necessary for legal or business purposes.
Accuracy and Completeness of Personal Data

13. We will make reasonable efforts to ensure that your Personal Data is sufficiently accurate, complete and up-to-date to minimise the possibility that inappropriate information maybe used to make a decision about you, or is likely to be disclosed by us to another organisation.

14. We will not routinely update your Personal Data unless such a process is necessary to fulfil the purposes for which the Personal Data was collected or otherwise as required by law. In accordance with the Customer Agreement, you must notify us as soon as possible if any of the Personal Data you have provided to us has changed.
Internet technology

15. When registering or creating an account at our website, we collect your password and login name and other information we may request in order to identify you, maintain security of our website and verify and control access to your account or online profile. Such information will also constitute Personal Data for the purposes of this policy. If you make inquiries through the e-mail links, forms or other contact methods provided on our websites, these inquiries are forwarded to the relevant office or department and are used to respond to your inquiry and maintain a record of correspondence.

16. We use Internet technologies like cookies and web beacons to facilitate the services we provide on our websites and your use of our websites, including for the following reasons:
(a) To assist us in providing services to you.
(b) To allow you to change web pages during your visit without having to re-enter your password.
(c) To store your preferences and other information and to track activity on our website.
(d) To better understand the effectiveness of our promotional campaigns.
(e) To determine whether you came to our site from a banner ad or an affiliate website.
(f) To deliver information specific to your interests on additional web sites.(g) To determine whether you’ve acted on our promotional messages.NOTE: A “cookie” is a text file placed on your computer’s hard drive by a web server, which allows for personalisation of certain aspects of your visit to that website. “Web beacons” are transparent electronic images placed in the web code that collect non-personal data while visiting a website. Cookies and web beacons can usually be disabled by changing your browser preferences. Your browser usually has documentation on how to disable cookies and web beacons. Note that disabling cookies may limit the performance of OFX’s websites. If cookies are disabled, certain features of our websites may not function properly, and you may not be able to register or use your online account.

Disclosure to Affiliates and Third Parties

17. We may disclose your Personal Data to any member of the OFX Group for the purposes as stated in this Privacy Policy.

18. Without prejudice to the generality of the other purposes stated elsewhere in this Privacy Policy, we may disclose your Personal Data to third parties for the following purposes:

(a) in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business assets;

(b) if OFX, or substantially all of its assets, are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets;

(c) to OFX’s contractors or service providers for the purposes of conducting its business and providing its services or products to you, including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;

(d) to OFX’s intermediary banks in order to process certain transactions on your behalf, for example, by disclosing your name and address;

(e) to any partners, agents or intermediaries who are a necessary part of the provision of OFX’s products and services;

(f) to credit reporting bodies if you are a Customer of OFX for the purpose of identifying you, in which case the information will be limited to your identity particulars, including your name, sex, address (and the previous two addresses), date of birth, name of employer, and drivers licence number;

(g) to any government regulatory bodies that normally require it or may request it;

(h) in order for OFX to satisfy its regulatory obligations under relevant AML/CFT Regulations, for example in order to satisfy the obligation that OFX take reasonable steps to verify the identity of its customers, OFX may disclose your Personal Data to its external credit providers; and

(i) as may be required under any other law.

19. The Personal Data that we collect from you may be transferred to, and stored at, a destination outside Singapore. It may also be processed by staff operating outside Singapore who work for us or for one of our service providers. Such staff may be engaged in, among other things, the processing of your transaction, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all reasonable steps to ensure that such Personal Data is treated securely and in accordance with this Privacy Policy.

Children’s Privacy

20. Our website is not directed at children under the age of 18. We will not knowingly collect or maintain Personal Data on our website from those we actually know are under the age of 18.
External Websites

21. Our website may be linked to or from third party websites. These links are provided as a convenience only. We are not responsible for the content or privacy principles of websites that are linked to or from our website. You are advised to review the privacy policies of any third-party websites you visit.
Safeguards for Personal Data

22. We have in place a range of security safeguards to protect your Personal Data against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification, regardless of the format in which it is held.

23. The methods of protection we employ may depend on the sensitivity of the Personal Data and the format in which it is contained. Security measures include: technological measures including SSL 128-bit encryption for all data transfers over the Internet, physical measures such as locked filing cabinets and restricted access to offices and strategic measures such as security clearances and limiting access to a “need-to-know” basis.

24. We make every effort to ensure that our staff are aware of the importance of maintaining the confidentiality of Personal Data, however you acknowledge that authorised employees, agents, representatives and third parties may require access to your Personal Data in order to enable us to provide our service and we cannot accept responsibility for any unauthorised activities on their part.

25. You acknowledge that no data transmission over the internet or the telephone can be guaranteed to be perfectly secure. Any Personal Data you submit to us or access electronically or over the telephone is done at your own risk. We do not guarantee or warrant the security of Personal Data transmitted in these ways. You acknowledge that third parties could unlawfully intercept your transmissions or may wrongly instruct you to disclose Personal Data while posing as OFX representatives.
Access and Correction of Personal Data

26. We will upon request and within 10 days of any such request allow you access to your Personal Data. The requested information shall be provided or made available in a form that is generally understandable. Please note that the law allows us to charge a reasonable administrative fee for providing you access to your Personal Data.

27. If you point out to us that any Personal Data held by us is inaccurate or incomplete, we will take appropriate action to amend the Personal Data as required and, if necessary, notify any third party of the correction.

28. You acknowledge that there may be circumstances in which we may refuse access to some or all of your Personal Data, including where the information may contain references to other individuals or where it is trivial or frivolous and vexatious.
Complaints

29. We have procedures in place to receive and respond to complaints or inquiries about our policies and practices relating to the handling of Personal Data. For more information, see our

Complaints Policy.

30. We take all complaints seriously and will investigate all complaints.

Contact

31. If you have any queries about this Privacy Policy or any complaints about our privacy practices, please contact our Data Protection Officer at privacy@ofx.com or at:

Level 30
Singapore Land Tower 50 Raffles Place
Singapore 048623
+65 66323535


Changes to this Privacy Policy

32. Please note that we may update this Privacy Policy from time to time to ensure that this Privacy Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Please periodically review this Privacy Policy to stay informed on how we are protecting and managing your Personal Data.

This Privacy Policy was last updated in March 2018.

This Privacy Policy is governed by the laws of Singapore.