NS BlueScope Pte Ltd
Data Protection Policy
NS BlueScope Pte Ltd and its related corporations as well as its representatives and/or agents (collectively, “NSB“, “us“, “we” or “our“) are committed to protecting your privacy.
Purpose of this policy
The purpose of this Data Protection Policy (“DPP“) is to inform you of how NS BlueScope Pte Ltd and its related corporations manage Personal Data which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) or equivalent local data protection laws (“PDPA“). Please take a moment to read this DPP so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
How this Policy applies
By interacting with us, submitting information to us, purchasing or procuring any products or services offered by us, you agree and consent to our collecting, using, disclosing and sharing amongst ourselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth in this DPP.
Updates – Date of last update: 9th May 2020
We may from time to time update this DPP to ensure that the DPP is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this DPP as updated from time to time on our website [insert]. Please check back regularly for updated information on the handling of your Personal Data.
1. Personal Data
- In this document, Personal Data includes ‘personal data’ as defined by Singapore, Malaysia, Indonesia, Thai, Brunei and Myanmar privacy laws and ‘personal information’ as defined by Vietnamese privacy law.
- Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
2. Collection of Personal Data
2.1. How do we collect your Personal Data?
Depending on the specific capacity which you might interact with us, and the method that you do so, we collect Personal Data in the following ways: Generally
(a) when you submit any forms to us;
(b) when you enter into any agreement or provide other documentation or information in respect of your interactions and transactions with us, or when you procure goods or services from us;
(c) when you respond to surveys and research initiatives conducted by us or on our behalf;
(d) when you complete and submit any forms to us;
(e) when you interact with our staff, for e.g. via telephone calls (which may be recorded), letters, fax, face-to-face meetings and email;
(f) when you interact with us via our websites;
(g) when you respond to our request for additional Personal Data;
(h) when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;Marketing, customer outreach, and benefits
(i) when you request that we contact you, be included in an email or other mailing list;
(j) when you enrol with a customer or marketing programme or participate in a marketing or customer relationship management programme;
(k)when you participate in or take up customer benefits; and
(l) when you submit your Personal Data to us for any other reason.
2.3. What about other person’s Personal Data that you give us?
Where practicable, we will collect Personal Data directly from you. If we receive information about you from someone else, we may (where appropriate) take reasonable steps to ensure you have consented to the collection of Personal Data about you and the circumstances of the collection. That said, please note that if you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents), you should have first obtained the consent of that third party before providing their Personal Data to us. If you are unsure, please let us know otherwise. By submitting such information to us, you represent to us that you have obtained their consent to you providing us with their Personal Data for the respective purposes.
2.4. What Personal Data do we collect?
The nature of Personal Data we collect from you will depend on the circumstances in which that information is collected. It may include: your name, contact details, transaction-related information (such as may be necessary to process or administer your transactions or dealings with us).
2.5. Please ensure the Personal Data you give is complete, accurate & true
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. If there is a change to your Personal Data, please promptly update us. Failure on your part to do so may result in our inability to provide you with products and services you have requested or to process your applications or requests.
2.6. What if you refuse to provide us with your Personal Data?
For the Personal Data we collect, we do so where we are either entitled to do so under applicable law or where we must do so in order to facilitate and support our interactions with you and/or the transactions which you engage us in. Where so, we are entitled to and need your Personal Data to perform our roles or fulfil the purposes stated further in this DPP.
If you refuse to provide us with such Personal Data or withdraw your consent to our use of such Personal Data, we may not be able to perform our role or fulfil the applicable purposes and functions for which we use your Personal Data, and we may be entitled to cancel or cease proceeding further in our interactions and transactions. We would be entitled to apply the legal consequences of this, and would reserve our rights in such situations.
3. Purposes for the Collection, Use and Disclosure of your Personal Data
3.1. Generally, we collect, use and disclose your Personal Data for the following purposes:
Communicating and handling your requests
(a) responding to, processing and handling your queries, complaints, feedback, suggestions and requests;
(b) verifying your identity by carrying out security / due-diligence checks;
(c) matching any Personal Data held which relates to you for any of the purposes listed in the DPP;
Complying with the law and managing incidents / investigations
(d) preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks;
(e) managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(f) in connection with any claims, investigations, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(g)monitoring or recording phone calls and customer-facing interactions for quality assurance, fulfilment of requests, administering legal rights, and identity verification purposes;
(h)managing and preparing reports on incidents;
(i) complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks, surveillance and investigation or conducting customer due diligence);
Carrying out our business operations
(j) managing the administrative and business operations of NSB and complying with our internal policies and procedures;
(k)facilitating business asset transactions (which may extend to any merger, acquisition or asset sale) involving NSB;
(l) requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design and improve our goods and services, understand preferences and market trends, and to review, develop and improve the quality of our goods and services;
(m)promote our products and/or services, or promote products and/or services of third parties which we think may be of interest to you;
(n) administering, managing and facilitating your participation in the customer engagement programmes (e.g. loyalty and reward programmes, customer relationship management programmes) (collectively, “Customer Engagement Programmes”) such as, but not limited to the GROOVE retail loyalty programme, retail business platform, TrueBlue Program, the TRUE BLUE benefits cards, customer membership programmes and so on;
and any purposes which are reasonably related to any of the above.
3.2. In addition, NSB collects, uses and discloses your Personal Data for the following purposes:
If you are our customer or an employee, officer or director of our customers
(a) verifying and processing your personal particulars to maintain accurate records;
(b) communicating with you to inform you of changes and developments to NSB’s policies, terms and conditions and other administrative information;
(c) creating and maintaining profiles of our customers in our system database;
(d) administering, managing and facilitating customer engagement (e.g. loyalty and reward programmes, customer relationship management programmes) (collectively, “Customer Engagement Programmes”) such as, but not limited to the GROOVE retail loyalty programme, retail business platform, TrueBlue Program, the TRUE BLUE benefits cards, customer membership programmes and so on;
(e) fulfilling your requests or transactions relating to customer outreach and communications (e.g. direct mailing or advertisement programmes, etc);
(f) analysing your profile, transactions or history of dealings with us to determine ways in which we can improve our support or interactions with you, including enhancing our relationship with you as our customer;
(g) organising and facilitating customer meetings;
(h) conducting internal analysis for segmentations in potential rollout of training events, customer gatherings, invitation for store launches, marketing communications, and related activities;
(i)dealing with service requests and following up on any arrangements or engagement with us;
and any purposes which are reasonably related to any of the above.
Do note further that any Customer Engagement Programmes may be subject to terms & conditions and may include privacy policies or data protection policies of their own. If so, such policies will apply in conjunction with, and in addition to the DPP here though any conflict between the two will be resolved in favour of the Customer Engagement Programme policy.
If you are an employee, officer or owner of an external service provider or vendor providing services to us
(a) assessing your organisation’s suitability as an external service provider or vendor;
(b) managing project tenders and quotations, processing orders or managing the supply of goods and services;
(c) creating and maintaining profiles of our service providers and vendors in our system database;
(d) communicating with you to inform you of changes and developments to our policies, terms and conditions and other administrative information;
(e) processing and payment of vendor invoices and bills;
(f) facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);
and any purposes which are reasonably related to any of the above.
If you are attending any events, conferences, seminars, retreats or customer trips (“Events”)
(a) organising and facilitating Events which you have chosen to attend, enrol or join;
(b) arranging for travel and accommodation in connection with the Events;
(c) taking or filming photographs and videos for corporate publicity or marketing purposes, and including photographs and videos featuring you in our publications and videos in such Events (subject to appropriate notifications at the Events);
(d) executing, administering and facilitating any Event-specific programme agenda and activities;
(e) handling your queries or arranging for communications in connection with the Event;
and any purposes which are reasonably related to any of the above.
Do note further that any Events may be subject to terms & conditions and may include privacy policies or data protection policies of their own. If so, such policies will apply in conjunction with, and in addition to the DPP here though any conflict between the two will be resolved in favour of the Event policy. In such Events, the Personal Data of any travelling companions or persons who attend with you may also be collected, used or disclosed and handled under this DPP.
3.3. In relation to the procurement of particular products or services, or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
4. Disclosure of Personal Data
We will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located in your country or overseas:
(a) our related corporations, subsidiaries and affiliates;
(b) companies providing services relating to insurance;
(c) agents, contractors, sub-contractors or third party service providers who provide operational services to us, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, travel, market research, call centre, security, or other services to us;
(d) vendors or third party service providers in connection with products and services offered by us;
(e) vendors or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;
(f) our business partners including but not limited to BlueScope authorized dealers, roll formers, distribution centres and hardware stores;
(g) credit reporting agencies;
(h) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving us;
(i) our business partners;
(j) external banks, credit card companies, other financial institutions and their respective service providers;
(k)external business and charity partners in relation to corporate promotional events;
(l) our professional advisers such as our auditors and lawyers;
(m)relevant government regulators or authority or law enforcement agency to comply with any laws, rules and regulations or schemes imposed by any governmental authority; and
(n) any other party to whom you authorise us to disclose your Personal Data to.
Overseas transfers of your Personal Data
Where you consent to us doing so, Personal Data collected in one country may be disclosed or transferred to another. In the conduct of our business, we transfer to, hold or access Personal Data from various countries including but not limited to ASEAN countries (Brunei, Indonesia, Malaysia, Philippines, Singapore, Thailand, Myanmar, Cambodia, Laos, and Vietnam), Japan, China, Australia, Ireland, South Korea, and the Netherlands.
The data protection laws in these countries may not be comparable to those in your home country. However, when we transfer your Personal Data to another country, we will take appropriate steps to protect that Personal Data, for example by imposing appropriate contractual obligations of security and confidentiality on the recipient of your Personal Data. That said, we are entitled under the PDPA to make transfers of your Personal Data without your consent where we have certain legal and operational safeguards in place.
For Personal Data collected in Indonesia, we report any disclosure of Personal Data overseas to the Ministry of Communication and Information Technologies before and after such transfer occurs in accordance with the legal requirements. By agreeing to this DPP, you consent to any overseas transfer of your Personal Data in accordance with this DPP.
5. IT Matters:
5.1. When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
5.2. Cookies are small text files placed in the ‘Cookies’ folder on your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device.
5.3. Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options. Should you wish to disable the cookies associated with these technologies, you may do so by changing the settings on your browser. However, you may not be able to enter certain part(s) of our website.
5.4. Our website may contain links to other websites operated by third parties, including for example, our business partners. We are not responsible for the data protection practices of websites operated by third parties that are linked to our website. We encourage you to learn about the data protection practices of such third party websites. Some of these third party websites may be co-branded with our logo or trade mark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable data protection policy of the third party website to determine how they will handle any information they collect from you.
6. Retention of Personal Data
Personal Data that we collect will be retained for 7 years or for as long as it is necessary for the purpose for which it was collected or processed (whichever is later), subject to applicable legal and/or regulatory requirements.
Personal data that we collect in Indonesia shall be retained (and encrypted) for at least 5 years, unless regulated otherwise by applicable sectoral regulations in Indonesia.
When the information is no longer required, it will be destroyed or permanently deleted (unless otherwise required by law) within a reasonable time period.
7. Your Rights in the Collected Personal Data
You are entitled to (i) withdraw your consent to any use or disclosure of any Personal Data, (ii) object to any collection, use, processing or disclosure of any Personal Data, (iii) request a suspension of the use of any Personal Data, (iv) request an access to, or a provision, correction, updating or deletion of any Personal Data, and (v) make a complaint regarding any violation or non-compliance of the DPP by NSB. If at any time you would like to do so, please contact us at address provided in section 8 below. In certain circumstances, including when required by applicable law, we will comply with your request. Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and/or provide other details to help us respond to your request.
8. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data
(a) have any questions or feedback relating to your Personal Data or our DPP;
(b) would like to withdraw your consent to any use of your Personal Data as set out in this DPP;
(c) would like to obtain access and make corrections to your Personal Data records; or
(d) would like to exercise any other rights under section 7 above,
please contact us at [email protected].
Please note that if your Personal Data has been provided to us by a third party, you should contact that organisation or individual to make such queries, complaints, and access and correction requests to NSB on your behalf.
9. Language of this DPP
In the event of any inconsistencies or discrepancies between the English version and the local language version (if any), the English version shall prevail.