Privacy Policy
ESR-REIT Management (S) Limited, the manager of ESR-REIT, is committed to safeguard your privacy through the appropriate processing and management of your personal data in accordance with the Personal Data Protection Act (“PDPA”) and other related laws, regulations and guidelines etc. We treat all personal data provided by you in strict confidence and will only use your personal data in the manner as set out in this policy.
This privacy policy applies to all personal data that you provide to us and the personal data we hold about you. This privacy policy describes how we may collect, use, disclose, share, process and manage (collectively, “Process” or "Processing") your personal data. Please DO NOT provide any personal data to us if you do not accept this privacy policy.
By interacting with us, submitting information to us, or signing up for any services offered by us, you agree and consent to ESR-REIT Management (S) Limited, the manager of ESR-REIT, and its related corporations (collectively, the “Companies”), as well as our respective representatives and/or agents (“Representatives”) (the Companies and Representatives collectively referred to herein as “the Manager”, “us”, “we” or “our”) Processing your personal data, and disclosing such personal data to the Companies' authorised service providers and relevant third parties in the manner and for any of the purposes set forth in this privacy policy. In addition, this privacy policy will also provide you with more information on the basis upon which we may lawfully Process your Personal Data without your consent, where permitted by applicable law.
- Overview
- Acquisition or Collection of Personal Data
- How the acquired Personal Data is used
- Management of Personal Data
- Disclosure and Provision of Personal Data to Third Parties
- Supervision of Third Party Service Providers
- Deemed Consent
- Other Bases for Handling or Processing Your Personal Data
- Third Party Sites
- Your Rights
- Governing Law
Overview
(a) Acquisition or Collection of Personal Data
Where personal data is to be acquired or collected, the Manager will do so through appropriate means.
Generally, we may collect personal data from you in the following ways:
- when you submit any form or provide us with other documentation or information in respect of your interactions and transactions with us, or when you use our services;
- when you use our electronic services, or interact with us via our websites and platforms or use services and/or features on our websites and platforms;
- when you interact with our staff and representatives, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings and email;
- when you use our services provided through online and other technology platforms, such as websites and apps, including when you establish any online accounts with us;
- when you request that we contact you, be included in an email or other mailing list, or when you respond to our request for additional personal data, our promotions and other initiatives;
- when you are contacted by, and respond to, our marketing representatives and agents and other service providers; and/or
- when you submit your personal data to us for any other reason.
Where personal data is to be acquired directly from the person in writing or via a website page or during a telephone conversation, the Manager will clearly indicate the purposes of use in advance. However, where the purposes of use are clear given the circumstances of the acquisition of personal data or where omission of clear indication of the purposes of use is permitted under laws and regulations, etc., a clear indication of the purposes of use may be omitted.
If you provide us with any personal data relating to a third party, by submitting such information to us, you represent to us that you have obtained the consent of the third party at the time of disclosure, for the disclosure of third party’s personal data to us, for our Processing of the personal data for the purposes contemplated under this privacy policy.
(b) How the acquired Personal Data is Processed
Generally, the Manager Processes your personal data for the following purposes:
- providing you with services that you have requested or purchased e.g. signing up for the email alerts;
- verifying your identity and personal particulars;
- managing the administrative and business operations of the Companies (e.g. accounting, risk management, recording keeping and/or staff training) and complying with internal policies and procedures;
- responding to, processing and handling your queries, requests, feedback, complaints, comments and/or suggestions, or otherwise providing customer support;
- facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
- contacting you for feedback after the provision of our services or requesting participation in surveys, as well as conducting market research, planning and/or analysis for statistical, profiling or other purposes for us to design our services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our services;
- communicating with you and informing you of changes and development to the Companies' policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to the services offered to you;
- preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks;
- providing media announcements and responses;
- organising promotional events;
- in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
- managing and preparing reports on incidents and accidents;
- complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities; and/or
- any other purpose relating to or reasonably necessary for any of the above.
When using your personal data to contact you for the above purposes, we may contact you via regular mail, fax, e-mail, SMS, telephone or via any other means.
If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, we may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our services (including any discounts and promotions).
In relation to particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we may Process your personal data. If so, we will Process your personal data for these purposes as well.
(c) Management of Personal Data
The Manager strives to maintain personal data accurate and up-to-date within the scope necessary to achieve the purposes of use, and to cease to retain personal data, or remove the means by which personal data can be associated with particular individuals, as soon as it is reasonable to assume that:
- the purpose for which the personal data was collected is no longer served by its retention; and
- retention of the personal data is no longer necessary for any legal or business purposes.
The Manager has made reasonable security arrangements to prevent:
- unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks; and
- the loss of any storage medium or device on which personal data is stored.
The Manager establishes the internal regulations necessary for the securing of personal data, provides its employees with relevant education and training, and carries out necessary and appropriate supervision. Moreover, it conducts necessary and appropriate supervision of contracted third-party service providers (including subcontractors, etc.) who handle personal data.
(d) Disclosure and Provision of Personal Data to Third Parties
Subject to applicable law, your personal data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
- our co-brand and other business partners;
- the Manager's related corporations;
- agents, vendors, contractors or other third-party service providers (including software providers) who provide services to the Manager, including in connection with any promotion or services offered by the Manager;
- analytics, search engine providers or other third-party service providers that assist us in delivering our services and/or websites as well as improving and optimising the same;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
- banks, credit card companies and their respective service providers;
- our professional advisers such as our board of directors, auditors and lawyers;
- relevant government regulators, government ministries, statutory boards or authorities and/or law enforcement agencies, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them;
- external business and charity partners in relation to corporate promotional events; and/or
- any other party to whom you authorise us to disclose your personal data to.
The Manager shall not disclose or provide personal data of individuals to any third parties except in the following cases:
- Consent has been given;
- Disclosure or provision of personal data is based on laws and regulations;
- Disclosure or provision of personal data is required to protect life, health or assets of a person and it is difficult to obtain consent;
- (Provision of personal data is particularly necessary in order to enhance public health;
- Cooperation is requested by government agencies, or service providers contracted by those agencies to conduct matters prescribed by laws and regulations, and obtaining consent may hinder the conduct of such matters; and/or
- The Manager provides personal data to third-party service providers under appropriate supervision within the scope necessary to carry out the applicable purpose of use of the personal data.
(e) Supervision of Third Party Service Providers
The Manager outsources certain services such as share registry services, webhosting, website maintenance and facilities management etc to contracted third-party service providers. The Manager conducts necessary and appropriate supervision of such contracted service providers to prevent loss, misuse, modification, etc. of the personal data handled and in their possession.
(f) Deemed Consent
In addition to the matters set forth above, subject to and in accordance with applicable law, you shall be deemed to have consented to the Manager Processing your personal data, and disclosing such personal data to the Companies' authorised service providers and relevant third parties:
- where in response to a request for your personal data in connection with identified purposes, you voluntarily provide such personal data to the Manager for such purpose(s) and it is reasonable that you would voluntarily provide such personal data; and
- where the Processing of your personal data is reasonably necessary for the conclusion and/or performance of a contract, between you and us or any other organisation entered into at your request, which may include recipients of your personal data not indicated in this privacy policy.
(g) Other Bases for Handling or Processing Your Personal Data
In addition to and without limiting the consents you have provided to our Processing of your personal data for the purposes set out elsewhere in this privacy policy, where permitted by applicable law, the Manager may also in accordance the requirements thereof also Process your personal data as further detailed below including without consent, where we meet the requirements of applicable law:
-
for our legitimate interests or the legitimate interests of another person (but not for sending you direct marketing messages unless you have otherwise provided your consent), including without limitation for the following purposes:
- any investigations or proceedings;
- fraud detection and prevention;
- entering into, managing or terminating an employment relationship or appointment; and
- detection and prevention of misuse of services by users; and
- we may collect your personal data from any of the Companies, we may use your personal data, and any of the Companies may disclose your personal data to us, for improving our services, processes or business, understanding customer preferences and personalizing experiences and recommendations (regardless whether you are an existing or prospective customer of any of the Companies).
Third Party Sites
Our website may contain links to other websites operated by third parties. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.
Your Rights
If you do not accept the privacy policy or if you wish to withdraw any consent you have given us at any time, or if you wish to update or obtain access to your personal data, you may contact us at via the following channels:
- email us at enquiry@esr-reit.com.sg; or
- write to us at 8 Changi Business Park Avenue 1, #05-05, ESR BizPark @ Changi (South Tower).
All requests for correction or for access to your personal data must be in writing to
enquiry@esr-reit.com.sg or the address stated above. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.
We may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so. In many circumstances, we need to Process your personal data in order for us to provide you with services which you require. If you do not provide us with the required personal data, or if you withdraw your consent to our Processing of your personal data for these purposes, it may not be possible for us to continue to serve you or provide you with the services that you require. We may charge you a fee for responding to your request for access to the personal data which we hold about you, or for information about the ways in which we have (or may have) used your personal data. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received. Further rights may arise in future under amendments to the PDPA and in such a case, we will accord you such rights as provided for by the PDPA.
Governing Law
This privacy policy is governed by the laws of Singapore. You agree and consent to submit to the exclusive jurisdiction of the Courts of Singapore in any dispute relating to this privacy policy.
This privacy policy was adopted in March 2022.