Effective date: 1st December 2023
1. Introduction and Overview
1.2 Scope and Applicability: This policy applies to all individuals who use our services or interact with us online. It is designed to ensure compliance with global data protection standards, including the Personal Data Protection Act (PDPA) of Singapore, the General Data Protection Regulation (GDPR) of the European Union, and relevant United States privacy provisions.
2.1 “Personal Data” means any information relating to an identified or identifiable natural person.
2.2 “Processing” refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
2.3 “Data Subject” is any living individual who is the subject of Personal Data.
3. Information Collection
3.1 Types of Personal Data Collected: We collect various types of personal data including, but not limited to, names, email addresses, date of birth, phone numbers, billing details, and user-generated content.
3.2 Methods of Data Collection: Personal data is collected via user interactions with our Services, including account registration, transactional activities, and voluntary submissions.
4. Use of Information
4.1 Purposes for Processing Personal Data: The personal data we collect is used for providing and improving our services, communicating with users, processing transactions, and complying with legal obligations.
4.2 Legal Basis for Processing: Under GDPR, our processing of personal data is based on the necessity of the performance of a contract, compliance with legal obligations, the legitimate interests of SimFly, and consent provided by the user.
5. Data Retention
5.1 Duration of Data Storage: Personal data is retained for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, regulatory, accounting, or reporting requirements.
5.2 Criteria for Determining Retention Period: The retention period for personal data depends on the nature of the data and our legal obligations. Once the retention period expires, personal data is securely deleted or anonymized.
6. Information Sharing and Disclosure
6.1 Conditions under which Data may be Shared: We may share personal data with third-party service providers to perform tasks on our behalf and to assist us in providing our services.
6.2 Third-party Service Providers and Partners: These third parties include, but are not limited to, payment processors, hosting services, and analytics providers. They are bound by confidentiality agreements and are not permitted to use personal data for any other purpose.
7. International Data Transfers
7.1 Transfer of Data Across Borders: Personal data collected by SimFly may be stored and processed in any country where we operate or where our service providers are located.
7.2 Safeguards and Compliance Measures: In cases of international transfer of data, we ensure that adequate measures, such as standard contractual clauses approved by the European Commission, are in place to protect your data according to the level of protection required under applicable law.
8. Cookies and Tracking Technologies
9. User Rights and Choices
9.1 Rights of Data Subjects: Users have the right to access, rectify, erase, restrict processing, object to processing, and, where applicable, the right to data portability.
9.2 Mechanisms for Exercising Rights: Requests to exercise these rights can be directed to SimFly’s Data Protection Officer via the contact details provided on our website.
10. Consent and Withdrawal of Consent
10.1 Process for Giving and Withdrawing Consent: Where we rely on consent to process personal data, users will be provided with clear and straightforward methods to give and withdraw their consent.
10.2 Impact of Withdrawal on Service Use: Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Users should be aware that withdrawing consent may affect their ability to access certain services.
11. Data Security Measures
11.1 Security Practices and Protocols: We implement a variety of security measures to maintain the safety of your personal data. This includes using secure servers, firewalls, encryption, and secure socket layer technology.
11.2 Commitment to Data Protection: SimFly is committed to protecting the security of your personal data and takes reasonable precautions to protect it. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
12. Children’s Privacy
12.1 Special Considerations for Minors: We do not knowingly collect personal information from children under the age of 13 without parental consent. If we learn that we have collected the personal information of a child under 13, we will take steps to delete the information as soon as possible.
12.2 Age Thresholds and Parental Consent: In jurisdictions where consent of a parent or guardian is required for a child to use the internet, we comply with applicable legal requirements and will not knowingly collect, use, or disclose personal information from minors without the necessary consent.
13. Data Breach Notification
13.1 Procedures in the Event of a Data Breach: In the event of a data breach, we will promptly notify affected individuals if there is a risk of serious harm to the rights and freedoms of those individuals.
13.2 Notification to Authorities and Data Subjects: If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify the relevant data protection authorities in accordance with applicable data protection laws.
14. Compliance with PDPA (Singapore)
14.1 Specific Provisions and Requirements: Our processing of personal data in Singapore is governed by the Personal Data Protection Act (PDPA). We adhere to the PDPA’s requirements in relation to the collection, use, and disclosure of personal data.
14.2 Rights and Obligations under PDPA: Users in Singapore have the right to access and correct their personal data held by us, and we ensure that personal data is protected and maintained securely in accordance with the PDPA.
15. Compliance with GDPR (EU)
15.1 GDPR-specific Provisions: In accordance with the General Data Protection Regulation (GDPR), we adhere to principles around the lawful, fair, and transparent processing of personal data for individuals within the European Union.
15.2 Representation within the EU: SimFly appoints a representative within the European Union to manage compliance with GDPR requirements, including handling data subject requests and liaising with EU data protection authorities.
16. Compliance with US Privacy Laws
16.1 Applicability of State and Federal Laws: In the United States, we comply with applicable state and federal privacy laws, including but not limited to the California Consumer Privacy Act (CCPA).
16.2 Specific Rights and Disclosures for US Residents: US residents have specific rights regarding their personal data, including the right to know, the right to delete, and the right to opt-out of the sale of personal data, as applicable under relevant US laws.
17. Third-Party Links and Services
17.1 Interaction with External Websites and Services: Our Services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
19. Role of Data Controller and Processor
19.1 Responsibilities of SimFly: As the data controller, SimFly determines the purposes and means of processing personal data. As a processor, we process data on behalf of the data controller when third-party services are involved.
19.2 Contact Information for Data Protection Officer: Queries related to data processing should be directed to our Data Protection Officer, whose contact details are provided on our website.
20. Jurisdiction and Governing Law
21. Contact and Complaints
21.1 Contact Information for Privacy-Related Inquiries: For any questions or concerns regarding our privacy practices or this policy, please contact us at the details provided on our websites.
21.2 Process for Lodging Complaints: Individuals have the right to make a complaint at any time to the relevant data protection authority about our collection and use of personal data. We would, however, appreciate the chance to deal with your concerns before you approach the authority.