OctiFi respects your privacy and has adopted policies, procedures, and processes designed to protect your personal information from misuse, theft, or other loss in accordance with the Singapore Personal Data Protection Act (“PDPA”).
What type of information does OctiFi collect?
OctiFi collects two basic types of information from you in conjunction with your use of the OctiFi Services (collectively, your “personal information”): (1) personally identifiable information; and (2) non-personally identifiable information.
Personally identifiable information is any information that can identify you.
- Examples include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, employment information and financial information such as credit card numbers, debit card numbers or bank account information.
- We may also collect personally identifiable information about you from third parties such as data vendors.
- Aggregate and/or de-identified information is not considered personally identifiable information.
Non-personally identifiable information is information that does not identify you directly, but may be linkable to you. Examples include demographic information and general location information.
How does OctiFi collect personal information?
We collect personal information about you through your interactions with or use of the OctiFi Services. Example includes, but is not limited to, the following:
- Emails, contact forms, questionnaires, and other forms you submit to us;
- Account created and connected to the OctiFi Services;
- Your applications, orders and transactions through the use of the OctiFi Services;
- Your contact with our customer support team.
We may also receive personal information about you from third parties in the following circumstances:
- Account created and connected to the OctiFi Services using the credentials of a third party site such as Google or Facebook;
- Third parties engaged to investigate and/or collect debt from you as a result of a debt that you owe to us; and such third parties have collected personal information about you as part of their due diligence process.
Additionally, each time you use the OctiFi Services, our server may automatically collect certain types of non-personally identifiable information. Example includes, but is not limited to, the following:
- Information about your Internet service provider, browser, operating system, and device;
- Cookie information to recognise when you are visiting the website;
- Data related to your location at the time of accessing the OctiFi Services;
- Beacons to know if a certain page was visited, your activity on particular pages, how long you spend on a particular page or portion of a page, or whether an email was opened.
How does OctiFi use the personal information we collect?
We may use your personal information to:
- Provide the OctiFi Services requested by you;
- Verify your identity and authenticate the information you provide to us;
- Process payments and credit transactions;
- Collect payments and/or fees;
- Manage your relationship with us, including but not limited to: responding to, handling and processing queries, requests, applications, complaints, and feedback from you;
- Send offers or promotions for the OctiFi Services;
- Provide advertising, including advertising based on your use of the OctiFi Services or third-party websites;
- Prevent and/or investigate potentially prohibited or illegal activities, such as fraud;
- Conduct reasonable business activities not otherwise prohibited by laws such as audits, risk management, business reporting, service, quality control, statistical and trend analysis and other related or similar activities.
How does OctiFi share personal information?
We may share your personally identifiable information with:
- Service providers and affiliates who help with our business operations, including but not limited to, credit scoring, card processing, payment services, fraud prevention, administrative, marketing and technology services;
- Credit bureaus and collection agencies, as permitted by law;
- Merchants you order your goods or services from using the OctiFi Services;
- Companies that we plan to merge with or be acquired by;
- Third parties, including governmental authorities and law enforcement, to (i) protect or defend the legal rights, interests or property of OctiFi and any related entity of OctiFi; (ii) protect the safety and security of our customers or members of the public; (iii) protect against fraud; or (iv) comply with applicable law, subpoena or legal process;
- Other third parties with your consent or at your direction to do so.
We will not share or sell any personally identifiable information about you to our affiliates or non-affiliated third parties for their marketing purposes unless you have provided consent.
We generally do not transfer your personal information to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal information continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
Can I opt out, restrict or withdraw my consent on personal information sharing?
Personally identifiable information: You may choose not to provide your personally identifiable information to us; however, you will not be able to participate in our instalment program in connection to the OctiFi Services. You can still make payments to our merchants through the use of the OctiFi Services.
Opting out from our solicitations: You may unsubscribe from our marketing emails, but we will still be permitted to contact you for servicing and account-related purposes by clicking the “Unsubscribe” link in the email footer.
Withdrawing your consent: The consent that you provide for the collection, use and disclosure of your personal information will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal information by submitting your request to our data protection officer at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the same manner.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal information where such collection, use and disclose without consent is permitted or required under applicable laws.
How can I access and correct my personal information?
If you would like to request access to and/or correction of personal information that you provided to us, please contact us at email@example.com.
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal information or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
How does OctiFi protect your personal information?
We use reasonable technical, administrative, and physical safeguards to secure your personal information in accordance with the PDPA.
We take steps to protect the confidentiality of personally identifiable information, and prohibit the unlawful disclosure of such information. We limit access to such personally identifiable information to authorised persons on a confidential and need-to-know basis.
In respect of your payment card data, we do not store your card details in our systems. We authorise and process your future charges using card processors that comply with strict industry standards.
Please be aware that despite our efforts, no data security measures can guarantee 100% security, that there is always some risk involved in transferring data over the internet, particularly if you send personal information to us through an unsecured means, such as email.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Accuracy of Personal Information
We generally rely on personal information provided by you. In order to ensure that your personal information is current, complete and accurate, please update us with any changes by informing our data protection officer at the contact details provided below.
Retention of Personal Information
We may retain your personal information for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
We will cease to retain your personal information, or remove the means by which the data can be associated with you as soon as is no longer necessary for legal or business purposes.
Children under 18
We do not knowingly solicit or collect personally identifiable information about children under the age of 18. The OctiFi Services are not designed for or directed to children under the age of 18. If we become aware that a child under the age of 18 has provided personally identifiable information to us, we will delete the information from our records. If you become aware of any personally identifiable information we collected from children under 18, please contact our data protection officer at the contact details provided below.
Governing Law and Notice to Non-Singapore Users
Last Updated: 11/02/2020