The China Navigation Company Pte Ltd and its subsidiaries ("CNCo Group", "we", or "us") value the privacy of the personal data we collect from our business customers, suppliers and partners (and each of their employees, officers, agents, contractors or any other individuals they engage with) ("you", or "your") and are committed to protecting the privacy and security of your personal data in accordance with Data Protection Legislation (defined below).
For the purposes of this policy, "Data Protection Legislation" means all applicable legislation relating to privacy or data protection in force from time to time including any statute or statutory provision which amends, extends, implements, consolidates or replaces the same, including without limitation, the EU General Data Protection Regulation 2016/679 ("GDPR") the GDPR as it forms part of the domestic law of the United Kingdom by virtue of the European Union (Withdrawal) Act 2018, the UK Data Protection Act 2018 and the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore.
Our contact details are set out at the end of this policy. We are the controller (which shall have the same or equivalent meaning as given to it under Data Protection Legislation) of your personal data processed in accordance with this policy.
||The China Navigation Company Pte Ltd and its subsidiaries
||General Data Protection Regulation
||Uniform Resource Locators (webpage address)
||An identifier for Advertisers (a temporary device identifier used by Apple that provides device identification while giving end-users the ability to limit the device/consumer information accessed by advertisers or apps
||A packet of data sent by a web server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server.
A. Information we collect about you
We may process your personal data in order to provide our products or services to you, or in order to receive products or services from you.
How we collect your information
We may process personal data that we have either obtained from you or obtained from somewhere else. Personal data which is not collected directly from you may be collected:
- From your employer in connection with your job and how it relates to us.
- If you use any website operated by us.
- From third parties we work closely with (including, for example, business partners, sub-contractors or service providers in technical, payment and delivery services, advertising networks, analytics providers, and search information providers).
Personal data that we process
We may process the following types and categories of information about you:
- Your name.
- Who you work for, and your job function or department.
- Your address, phone number, email address or other contact details (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company that you work for). Please note that, in some jurisdictions, your business contact information is not treated as personal data in accordance with applicable Data Protection Legislation (unless such information is provided by you solely for your personal purposes), and therefore your rights in relation to such information may be different to those set out in this policy.
- Financial information.
- Information that you give to us by communicating with us by phone, by e-mail, via our website, via social media or otherwise. It includes information you give to us or that we obtain when you use our website, obtain or subscribe to our goods or services, supply us with goods or services, enquire about a product, place an order, enter a competition, promotion or survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for.
- Information relating to transactions with us involving you or the company you work for (for example, details of goods or services that we have supplied to, or obtained from, you or the person you work for).
- Other information relating to you which is necessary for us to process in order to enter into or perform a contract with you or the company you work for (for example, right to work information, information obtained from credit references agencies, and national identity or passport numbers where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to, or to accurately establish or verify your identity to a high degree of fidelity).
- Information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
- Information relating to you that you give to us or we otherwise obtain when you visit us (for example, if you sign in or are recorded on CCTV while visiting us, or you give us the registration details of your vehicle).
Where the provision of your personal data is generally a contractual or legal requirement or is a requirement in order for us to enter into a contract, the consequences of any failure to provide such data will be that we may need to review any engagement or business relationship that we may have with you.
Information that we automatically obtain when you use our website and/or business systems/applications
When you use any of our websites or business systems/applications, we may process the following types and categories of personal data which we collect automatically from your device:
- Technical information, including the Internet protocol ("IP") address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators ("URL"), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
- Location data - we collect information through our website as to your real time location to provide location services, where requested or agreed to by you in order to allow check-in, or to deliver content or advertising that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to our website.
Delivery of location services will involve reference to one or more of the following:
- The coordinates (latitude/longitude) of your location.
- Look-up of your country of location by reference to your IP address against public sources; and/or your Identifier for Advertisers ("IFA") code for your Apple device, or the Android ID for your Android device, or a similar device identifier.
B. Information collected for Research & Development
We may conduct survey(s) to allow us to provide better services through customer research. You will be informed of the specific purpose(s) of each survey when we invite you to participate in the said survey. Each of our surveys shall be conducted in accordance with Data Protection Legislation. For more information, please email DataProtection@swirecnco.com.
C. Cookies and other technologies
D. How we use your information
Information you give to us:
We will use this information:
- To take steps in order to enter into any contract with, or carry out our obligations arising from any contract entered into between, you (or the company you work for) and us including:
- Conducting credit checks.
- Supplying goods and services to you or the company you work for or receiving them from you or the company you work for, as the case may be.
- Administering your/your company's account with us.
- Verifying and carrying out financial transactions in relation to payments you make in your own capacity or on behalf of your company.
- Notifying you about changes to our service.
- Accurately establishing or verifying your identity to a high degree of fidelity, in accordance with Data Protection Legislation, as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes.
- To provide you with information about our products or services we feel may interest you or the company you work for if you have given your consent to receiving marketing material or otherwise for the purposes of our legitimate interests, in both cases, in accordance with Data Protection Legislation. See "Our promotional updates and communications" set out in Section E below for more information about our marketing activities.
- For the purpose of our legitimate interests to the extent permitted under Data Protection Legislation, including for the purpose of assisting us with our quality control, administration and to ensure that our services are well-managed.
Information we collect about you from your use of our website and/or business systems/applications:
We will use this information for the purpose of our legitimate interests, where we have considered that these are not overridden by your rights and in accordance with Data Protection Legislation. Such legitimate interests include:
- To administer our website and/or business systems/applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To keep our website and/or business systems/applications safe and secure.
- For measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To improve our website and/or business systems/applications to ensure that content is presented in the most effective manner for you and for your device.
- To allow you to participate in interactive features of our service when you choose to do so.
Information we receive from other sources:
We may combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Legal bases for processing your personal data in summary
In summary, your personal data is processed:
- in order to take steps at your request prior to entering into a contract with you;
- where necessary to perform an agreement we already have with you;
- where it is necessary to comply with a legal or regulatory obligation to which we are subject;
- where it is necessary for the purposes of the legitimate interests pursued by us (as detailed above), except where such interests are overridden by your interests or fundamental rights and freedoms, and in accordance with Data Protection Legislation; or
- with your explicit consent (when legally required).
E. Our promotional updates and communications
To the extent permitted by Data Protection Legislation, we will use your personal information for marketing analysis and to provide you with promotional update communications about our services by e-mail as well as via social media platforms (such as LinkedIn).
You can object to further marketing at any time by contacting us using the details below to unsubscribe from all of our marketing and promotional update communications.
F. Automated processing
We do not carry out automated decision-making or profiling in relation to you.
G. Who we give your information to
We may share your personal data with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent (to the extent that such consent is required under Data Protection Legislation).
- Certain third parties who support or provide services to us including:
- Our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for.
- Our auditors, legal advisors and other professional advisors or service providers.
- Credit reference agencies for the purpose of assessing your credit score where this is in the context of us entering into a contract with you or the person that you work for.
- Payment processing providers who provide secure payment processing services.
- In relation to information obtained via our website and/or business systems/applications:
Other disclosures we may make
We may also disclose your personal information in the following circumstances:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this policy.
- If our company is acquired by a third party, in which case personal data held by us will be shared with the potential buyer.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Where your personal data is disclosed to, or accessed by, any of our group companies, service providers or other third parties, it shall be in in accordance with Data Protection Legislation.
Where we engage, or require a data processor to act on our behalf (such as suppliers, service providers or other third-party vendors), we will ensure that proper procedures are followed when appointing such third parties, including to incorporate adequate contractual provisions under Data Protection Legislation into services or supply agreements.
H. Where do we store your information?
Your personal data may be transferred to, and processed in, a country outside of your local jurisdiction or region for any of the purposes described in this policy.
These countries may have differing (and potentially less stringent) laws relating to the degree of protection afforded to personal data.
We may process your personal information in countries outside your local jurisdiction or region:
- In order to store it.
- In order to enable us to provide goods or services to and fulfil our contract with you or the company your work for. This includes order fulfilment, processing of payment details, and the provision of support services.
- Where we are legally required to do so.
- In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and as permitted by Data Protection Legislation.
Where your information is processed outside of your local jurisdiction or region, we (or our permitted third parties) will take steps to ensure that your personal information is protected in accordance with Data Protection Legislation.
For example, we may implement organisational, contractual and legal measures (e.g. through the implementation of an intra-group data transfer agreement) to ensure that your personal data is protected to the standard required in your local jurisdiction/region. You may request a copy of these measures by contacting us directly.
I. How we protect your information
We value the privacy of your personal data and have put in place appropriate technical and organisational security measures and procedures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
All third-party service providers and other entities within our group are required to take appropriate security measures to protect personal data in line with our policies. They are only permitted to process personal data for specified purposes and where appropriate, in accordance with our instructions.
We have put in place procedures to deal with any suspected data security incidents and will notify you and any applicable regulatory authority of a suspected breach where legally required under the Data Protection Legislation, or if it is appropriate to do so.
All personal data you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website and/or any business systems/applications, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and/or business systems/applications, and any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access.
Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
J. How long we keep your information
We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.
K. Your rights
Under certain circumstances and to the extent such rights are granted under Data Protection Legislation, you may have the right to:
- Request access to your own personal data (commonly known as a "data subject access request"). This allows you to receive a copy of your personal data held by us as well as the right to receive information about how your personal data is processed.
- Request correction of your personal data. This allows you to correct any incomplete or inaccurate information that we hold about you.
- Request erasure of your personal data. For example, this allows you to ask us to delete or remove your personal data where there is no good reason for it to continue to be processed.
- Object to the processing of your personal data where such personal data is processed on the grounds of legitimate interests.
- Not be subject to a decision based solely on automated processing.
- Request the restriction of processing of your personal data. This allows you to ask for the processing of your personal data to be suspended if, for example, you wish to establish its accuracy or the reason for processing it.
- Request the withdrawal of any consent you may have given to us for processing your personal data, including the right to object to marketing (as mentioned in Section E – "Our promotional updates and communications" above).
- Request the transfer of your personal data provided to us to another party where technically feasible.
To the extent applicable under the relevant Data Protection Legislation:
- Once we confirm that consent has been withdrawn, the processing of information for the purpose or purposes originally agreed to will not continue, unless there is another legitimate basis for doing so in accordance with Data Protection Legislation. If there is another legitimate basis for processing information in accordance with Data Protection Legislation, the same data may be processed without your consent.
- Do note that you may be allowed to withdraw consent for any optional purposes that your personal data is collected, processed and transferred without concurrently withdrawing consent for the necessary purposes that your personal data is collected, processed and transferred (e.g. for the provision of products/services that we offer).
Should you wish to exercise any of your rights, please contact us directly (see "How to exercise your rights" below) and we will be happy to assist.
Note: You should be aware that not all of these rights are absolute and there may be circumstances in which we will not fully comply with your request because of a specified legal ground or exemption. In certain situations, your personal data may be exempt from access, correction and deletion requests pursuant to Data Protection Legislation or other laws and regulations. We will always inform you if this is the case.
How to exercise your rights
You can also exercise the rights listed above at any time by contacting us directly at DataProtection@swirecnco.com or the contact details set out in Section M below. Some jurisdictions may require such requests to be made in writing whilst others permit requests to be made orally or in writing. Please contact us if you are unsure as to how you may make a request. We will respond to your request in accordance with Data Protection Legislation.
Please note that we may ask for proof of your identity and address (such as a copy of your driving licence or passport - please do not send any original documents). We also reserve the right, in accordance with Data Protection Legislation, to request additional information reasonably required to identify the specific information being requested or referred to, or any additional information reasonably required to confirm your identity.
To the extent permitted by Data Protection Legislation, we further reserve the right to charge you a reasonable fee for you to access your personal data, and for any additional copies of the materials provided, or to refuse to comply with the request.
L. Lodging a complaint with the local data protection authority
If you have any concerns about our use of your information, you may also have the right to make a complaint to the relevant data protection authority. We can, on request, tell you which data protection authority is relevant to the processing of your personal data.
M. Contact details
Our full contact details are:
Data Protection Officer (DPO): Mike Gerasymov
Tel: +65 6603 9452
N: Changes to Policy
CNCo reserves the right to amend this policy at its sole discretion. In case of amendments, the policy owner will inform staff appropriately and the policy will be re-published on the company website.