OneTouch Privacy Policy for Merchant Services
OneTouch (Singapore) Private Limited (“us”, “we”, “our”, or “OneTouch”) usually only collects business data, business contact data (as defined in the Personal Data Protection Act 2012) (“PDPA”), and personal data for the purposes of fulfilling our obligations under MAS Notice PSN01 (Prevention of Money Laundering and Countering the Financing of Terrorism – Holders of Payment Services Licence (Specified Payment Services) (“KYC data”).
Where we collect “personal data” as defined under the PDPA that is not KYC data, this privacy notice aims to give you data on how we collect, use, process and disclose your personal data when you use any of our services, including but not limited to account issuance services, e-money issuance services, domestic or cross-border money transfer, and merchant acquisition services (collectively, “OneTouch Services”).
Depending on the OneTouch Service selected by you, you, as the user may enter into one or more agreements (collectively, the “Agreements”) with us and/or our affiliates providing those OneTouch Services. Those agreements may contain additional terms regarding privacy and our use of data about you. By using OneTouch Services, and providing your personal data, you are deemed to have given your consent for us to collect, use, process and disclose your personal data in accordance with this Privacy Policy.
Unless otherwise indicated or the context requires otherwise, reference to “you” or “your” are intended to refer to a user of OneTouch Services (“User”), and reference to “OneTouch”, “we”, “us” or “our” in this Notice and the Agreements include relevant companies of the OneTouch group of companies (“OneTouch Group”) that are involved in providing the OneTouch Services (each an “Affiliate”).
1.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
We collect and use personal data about you, including when you interact with us, register for an OneTouch account, use the OneTouch Services to make, receive, or arrange for the receipt of payments, conduct financial transactions, or otherwise visit or use OneTouch Services. The personal data we may collect (about you and your legal representative, owner, directors, partners, committee members, your ultimately beneficial owner) includes but is not limited to:
1.1 basic personal details, including without limitation first and last name, date and place of birth, social security numbers (if applicable), and (if applicable) copies of your personal identification documents;
1.2 contact data (including address, phone number, email, or other data that permits us to contact you);
1.3 account data;
1.4 registration details;
1.5 financial data and tax identification data;
1.6 transaction details (order number, trading time, transaction amount, etc.);
1.7 technical data;
1.8 data about the device you use to interact with us, and
1.9 data from your visits to our websites or mobile applications.
2.
HOW AND WHEN DO WE OBTAIN YOUR PERSONAL DATA?
We collect personal data about you in connection with the OneTouch Services. For example, we collect your personal data when you browse our website, enquire about or register to use any of the OneTouch Services, sign a contract with us, provide your personal data during the merchant on-boarding process, log into your OneTouch account to use the OneTouch Services on our site; or when you communicate with us via e-mail, phone, SMS, or any other electronic means.
We also receive personal data about you from other sources, including without limitation:
2.1 merchants and other third parties, including those who support the ability to make payments and conduct transactions through OneTouch Services;
2,2 OneTouch’s affiliates;
2.3 suppliers providing services on our behalf;
2.4 banks and other payment institutions that we cooperate with to provide you with the OneTouch Services; and
2.5 publicly available sources.
We combine information of you from various sources, including the data you have provided to us.
Please refer to the section on “How do we use your personal data?” for more details.
3.
HOW DO WE USE YOUR PERSONAL DATA?
We use the data we collect to operate our business, and provide you with OneTouch Services. Examples of how we may use your personal data include the following:
3.1 verifying your identity, including during account creation and payment password reset processes;
3.2 verifying your eligibility as a User of OneTouch Services;
3.3 processing, maintaining and managing your registration as a User;
3.4 providing you with OneTouch Services and related User services, including operating the OneTouch Services and enabling transactions, customizing your user experience, enabling the receipt of balance top-ups, financing proceeds and third-party payments, facilitating the settlement of payment for goods and services and providing other fund settlement services, handling foreign exchange conversions, charge-backs, sending notices about transactions, and responding to your queries, feedback, claims or disputes;
3.5 contacting you in relation to our provision of OneTouch Services, contacting you in connection with any communication preferences or requests you have expressed, asking you for feedback about OneTouch Services or other related products and services, collecting feedback from you and your staff about our products and services and using such feedback to improve our business and/or customize products and services; sending you data about products and services, including for promotional purposes; and contacting you for legal purposes;
3.6 assessing, detecting, investigating, preventing or remediating fraud, data breaches or other potentially prohibited or illegal activities and otherwise protecting the integrity of our platform;
3.7 managing our risk, performing creditworthiness and solvency checks on Users, or detecting, investigating, preventing or remediating violations of your agreements with us or any of our applicable policies, industry standards, guidelines, laws and regulations, etc.;
3.8 making disclosures as may be required by any rules, law or regulation, regulatory authorities, government official or other third party, including any card association or other payment network. Such disclosures may also be made pursuant to any subpoena, court order or other legal process or requirement applicable to us or any affiliates (including “know your customer”, anti-money laundering, counter-terrorist financing reporting, tax requirements or other commercial disputes);
3.9 making disclosures to third parties including relevant regulators to prevent any harm or financial loss, to report suspected illegal activity or to establish, exercise, or defend claims or potential claims on behalf of ourselves or our affiliates;
3.10 improving and optimizing the OneTouch Services;
3.11 managing our business including to protect Users, prevent harm, fraud or theft to ourselves or others, maintain the security of our products, and protect our rights or property and those of others;
3.12 making disclosures as may be required by our contract with third parties including but not limited to financial institutions and payment service providers that we partner with in order to provide OneTouch Services to you. These third parties may use your personal data to (a) fulfil their customer/transactiondue diligence, control and risk management requirements, (b) fulfill its know-yourcustomer and like obligations, (c) enable the provision, improvement, development, and monitoring of its services and products, enhance efficiency of operational and other support functions, for statistical or analytical purposes or manage customer service queries in an efficient and timely manner, (d) conduct tax reporting, (e) comply with any law, regulation, court order or other binding obligation of a competent authority, (f) provide you with OneTouch Services, amongst others; and
3.13 for business purposes (including business transfer and assignment); and
3.14 to comply with applicable laws, or in other ways for which we will notify you at the time your personal data is collected(to the extent permissible by applicable law).
4.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We share your personal data to operate and manage our business for the purposes indicated under “How do we use your personal data?” For example, we may share your personal data with:
4.1 OneTouch’s affiliates;
4.2 third partiesthat we work with in order to facilitate the provision of OneTouch Services, including:
(a) any agent, contractor or third party service provider that we work with in providing OneTouch Services. For example, we work with third parties to help us with fraud prevention, anti-money laundering checks, credit checking, bill collection, data entry, database management, promotions, marketing, customer service, technology services, products and services alerts and payment extension services or to provide trade financing services and money services;
(b) financial institutions, card associations, payment networks or acquiring institutions, and others, including but not limited to those involved in processing payments and conducting transactions through OneTouch Services; and
(c) law enforcement agencies, insurers, government and regulatory authorities or any other organizations to which OneTouch, or any Affiliate or third party service provider, is under an obligation to make disclosure under the requirements of any applicable law, regulation or commercial arrangement; and
(d) our own and others’ professional advisors (e.g., lawyers, accountants, auditors, and trustees).
These third parties may provide your personal data to their affiliates in other jurisdictions, their agents, service providers, sub-contractors, auditors, professional advisers, financial intermediaries, trade repositories, and financial market infrastructure entities and their operators, insurers and insurance brokers, governments, regulators, investigative, supervisory or judicial authorities, courts of competent jurisdictions, amongst others.
Please refer to the section on “How do we store and protect your personal data?” for information on how we keep your personal data secure when sharing it with others.
5.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
We will keep your personal data in accordance with our policies and for as long as it is necessary to provide you with the OneTouch Services or fulfilment of the purpose(s) for which your personal data have been collected. In addition, we may retain your personal data for a longer period (including after you are no longer a User) if it is necessary to do so in order to comply with laws and regulations applicable to us.
We use a variety of security measures and technologies designed to help protect your personal data from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection and privacy laws and regulations. You are responsible for maintaining the security of your account data (username, password, etc.) for OneTouch Services in your possession or control.
Despite us taking all reasonable measures to ensure that your personal data is protected, please understand that the transmission of data via the internet is not completely secure. We cannot guarantee the security of your personal data transmitted through any online means, therefore, any transmission remains at your own risk.
6.
THIRD PARTY SERVICES AND SITES
The OneTouch Services and our website may provide links to other websites and services (including other online merchant sites) for your convenience and data. These services and websites may operate independently from us. Linked services and websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by us, we are not responsible for these websites’ or services content, any use of these services or websites by you, or the privacy practices of the operators of these services or websites.
7.
CHANGES TO THIS PRIVACY POLICY
We may change, amend or revise this Privacy Policy from time to time. We will notify you of any substantive or material change in this Privacy Policy by updating the web page where the Privacy Policy is posted, sending push notifications, e-mails or letters, by phone or by publishing announcements on www.alibaba.com.
You can review this Privacy Policy at the home page of our website www.alibaba.com.
8.
WHAT IS OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA?
Please note that we use your personal data on bases set out below:
8.1 For the performance of any contracts to which you are a party.
8.2 To comply with legal and regulatory obligations.
8.3 For legitimate business purposes. We, however, do not proceed if we think your interests or fundamental rights and freedoms relating to your personal data may be prejudiced.
8.4 To help us operate and improve our business and minimise any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalised, and to make your experience with us efficient and effective.
9.
TRANSFERS OF YOUR PERSONAL DATA
Your personal data may be transferred to another country. We will, however, comply with our legal and regulatory obligations in doing so, including but not limited to having a lawful basis for transferring your personal data and putting appropriate safeguards in place to ensure an adequate level of protection for your personal data. We will also ensure that the recipient in another country protects your personal data at a standard of protection comparable to protection under applicable laws.
If you would like further information about our practice to transfer your personal data outside Singapore, you can contact us as set out in the Contact us section below.
10.
YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA
Subject to applicable data protection and privacy laws and regulations, you may:
10.1 ask us about the processing of your personal data, including request to access, obtain a copy of, or correct your personal data;
10.2 in case of sensitive personal data and/or in certain circumstances as determined by us on a case-by-case basis, request to delete, or refuse to share or transfer such information;
10.3 request the correction and/or (on a case-by-case basis) deletion of your personal data;
10.4 in certain circumstances as determined by us on a case-by-case basis, request the restriction of the processing of your personal data or object to that processing;
10.5 withdraw your consent to the processing of your personal data (where OneTouch is processing your personal data based on your consent) by written notice to us;
10.6 request receipt or transmission to another organisation, in a machine-readable form, of the personal data that you have provided to OneTouch where we are using your personal data based on consent or performance of a contract; and
10.7 complain to the relevant supervisory authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal data.
Where you are given the option to share your personal data with us, you can always choose not to do so. If we have requested your consent to process your personal data and you later choose to withdraw it, we will respect that choice subject to our legal obligations.
However, choosing not to share your personal data with us or withdrawing your consent to our use of it could mean that you are unable to use the services and products offered by us. After you have chosen to withdraw your consent, OneTouch may be able to continue to process your personal data to the extent required or otherwise permitted by applicable data protection and privacy laws or regulations.
If you would like to exercise your rights, contact us using the details set out in the Contact Us section below.
11.
CONTACT US
If you have questions, requests about the privacy of your personal data or wish to access or correct your personal data, please contact us by email via DataProtection@service.alibaba.com.
Kindly note that OneTouch Privacy Policy for Merchant Services are executed in English. The following Chinese translation is provided for reference only. In the event of any inconsistency between the Chinese and English versions, the English version shall prevail.
温馨提示:本协议以英文书就,以下中文翻译仅作参考,中英文不一致之处以英文版为准。
适用于商家服务的 OneTouch 隐私政策
OneTouch (Singapore) Private Limited(“我们”、“我们的”或“OneTouch”)通常仅收集业务数据、业务联系数据(定义见 2012 年《个人数据保护法》)(“PDPA”)和个人数据(“KYC 数据”),目的是履行新加坡金融管理局 (MAS) 通知 PSN01(《反洗钱和反恐怖融资管理办法——支付服务(指定支付服务)许可持有人》)规定的义务。
如果我们收集的“个人数据”不属于《个人数据保护法》定义的“KYC 数据”,则本隐私声明旨在告知您,若您使用我们的任何服务,我们将如何收集、使用、处理和披露您的个人数据,包括但不限于账户开立服务、电子货币发行服务、国内或跨境汇款以及商家收购服务(统称为“OneTouch 服务”)。
根据您作为用户所选择的 OneTouch 服务,您可以与我们和/或我们提供这些 OneTouch 服务的关联公司签订一份或多份协议(统称为“协议”)。这些协议可能包含与隐私及我们使用您的数据相关的附加条款。若您使用 OneTouch 服务并提供您的个人数据,即视为您已同意我们根据本隐私政策收集、使用、处理和披露您的个人数据。
除非另有说明或上下文另有要求,本声明和协议中提及“您”或“您的”之处系指 OneTouch 服务的用户(“用户”),提及“OneTouch”、“我们”或“我们的”则包括参与提供 OneTouch 服务的 OneTouch 集团公司(“OneTouch 集团”)的相关公司(分别称“关联公司”)。
1.
我们会收集您的哪些个人数据?
比如,当您与我们互动、注册 OneTouch 账户、使用 OneTouch 服务付款、接收或安排接收款项、开展金融交易或以其他方式访问或使用 OneTouch 服务时,我们会收集和使用您相关的个人数据。我们可能收集的个人数据(有关您及您的法定代表人、所有人、董事、合伙人、委员会成员、实益拥有人)包括但不限于:
1.1.
基本个人信息,包括但不限于姓名、出生日期和地点、社会保障号码(如适用)以及(如适用)您的个人身份证明文件的复印件;
1.2.
联系数据(包括地址、电话号码、电子邮箱或其他能够让我们联系到您的数据);
1.3.
账户数据;
1.4.
注册详情;
1.5.
财务数据和税务识别数据;
1.6.
交易明细(订单号、交易时间、交易金额等);
1.7.
技术数据;
1.8.
您与我们互动时所用设备的相关数据,以及
1.9.
您访问我们的网站或移动应用程序时相关的数据。
2.
我们如何以及何时获取您的个人数据?
我们会收集与 OneTouch 服务有关的您的个人数据。例如,您在浏览我们的网站、查询或注册使用任何 OneTouch 服务、与我们签订合同、在商家注册过程中提供个人数据、登录您的 OneTouch 账户并使用我们网站上的 OneTouch 服务时;或者当您通过电子邮件、电话、短信或任何其他电子方式与我们联系时,我们会收集您的个人数据。
我们还从其他来源接收关于您的个人数据,包括但不限于:
2.1.
商家和其他第三方,包括支持通过 OneTouch 服务支付和交易的第三方;
2.2 OneTouch 的关联公司;
11.1.
代替我们提供服务的供应商;
11.2.
我们为了向您提供 OneTouch 服务而合作的银行和其他支付机构;以及
11.3.
公开来源。
我们会整合从各种来源获得的关于您的信息,包括您向我们提供的数据。
如需详细信息,请参阅“我们如何使用您的个人数据?”部分。
3.
我们如何使用您的个人数据?
我们将收集的数据用以运营自身业务,并为您提供 OneTouch 服务。有关我们如何使用您的个人数据的示例,包括以下各项:
3.1.
验证您的身份,包括在账户创建和支付密码重置过程中;
3.2.
验证您注册成为 OneTouch 服务用户的资格;
3.3.
处理、维护和管理您注册为用户的过程;
3.4.
为您提供 OneTouch 服务和相关用户服务,包括操作 OneTouch 服务和开启交易功能、定制您的用户体验、开启余额充值、理财收益和第三方款项接收功能、推进商品和服务款项结算以及提供其他资金结算服务、处理外汇兑换、退款、发送交易相关通知以及回应您的查询、反馈、索赔或争议;
3.5.
就我们提供的 OneTouch 服务与您联系,就您提出的任何沟通偏好或请求与您联系,询问您对 OneTouch 服务或其他相关产品和服务的反馈,收集您和您的员工/代表对我们产品和服务的反馈并将之用以改进我们的业务和/或定制产品和服务,向您发送产品和服务相关信息(包括推广所需),以及出于法律目的与您联系;
3.6.
评估、检测、调查、防止或纠正欺诈、数据泄露或其他可能遭到禁止或非法的活动,并以其他方式保护我们平台的正规性;
3.7.
管理我们的风险,核验用户的信誉和偿付能力,或检测、调查、防止或纠正违反我们与用户之间的协议或任何适用政策、行业标准、指南、法律和法规等的行为;
3.8.
根据任何规则、法律或法规、监管机构、政府官员或其他第三方(包括任何信用卡协会或其他支付网络)的要求进行披露,亦或根据适用于我们或任何关联公司的任何传票、法院命令或其他法律程序或要求(包括“了解您的客户”、反洗钱、反恐怖主义融资报告、税务要求或其他商业纠纷)进行此类披露;
3.9.
向包括相关监管机构在内的第三方进行披露,以防止任何损害或财务损失、报告可疑的非法活动,或以我们自身的名义或代表我们的关联公司设立或行使索赔/潜在索赔或对索赔/潜在索赔进行辩护;
3.10.
改进和优化 OneTouch 服务;
3.11.
管理我们的业务,包括保护用户,防止我们自身或他人受到伤害、欺诈或盗窃,维护我们产品的安全以及保护我们和他人的权利或财产;
3.12.
根据我们与第三方(包括但不限于我们为了向您提供 OneTouch 服务而与之合作的金融机构和支付服务提供商)签订的合同要求进行披露。此类第三方可能会将您的个人数据用于:(a) 履行其客户/交易尽职调查、控制及风险管理要求;(b) 履行其“了解您的客户”等义务;(c) 出于统计或分析目的,或为了及时有效地管理客户服务查询,提供、改进、开发以及监控其服务和产品,提高运营和其他支持功能的效率;(d) 税务申报;(e) 遵守任何法律、法规、法院命令或主管当局其他有约束力的义务;(f) 为您提供 OneTouch 服务等;
3.13.
用于业务目的(包括业务转让和让与);以及
3.14.
遵守适用法律,或用于我们在收集您的个人数据时通知您的其他方式(在适用法律允许的范围内)。
4.
我们与谁共享您的个人数据?
我们按照“我们如何使用您的个人数据?”中所述目的分享您的个人数据,以便经营和管理我们的业务。例如,我们可能会与以下各方共享您的个人数据:
4.1.
OneTouch 的关联公司;
4.2.
我们为促成 OneTouch 服务的提供而与之合作的第三方,包括:
(1)
我们为提供 OneTouch 服务而与之合作的任何代理人、承包商或第三方服务提供商。例如,我们与第三方合作,以帮助我们开展欺诈预防、反洗钱检查、信用核验、票据收集、数据输入、数据库管理、促销、营销、客户服务、技术服务、产品和服务警报以及支付扩展服务,或提供贸易融资服务和货币服务;
(2)
金融机构、信用卡协会、支付网络或收单机构等,包括但不限于通过 OneTouch 服务处理支付和开展交易的机构;
(3)
根据任何适用法律、法规或商业安排的要求,OneTouch 或任何关联公司或第三方服务提供商有义务向其进行披露的执法机构、保险公司、政府和监管机构或任何其他组织;以及
(4)
我们自身和他方的专业顾问(如律师、会计师、审计师和受托人)。
此类第三方可能会将您的个人数据提供给其在其他司法管辖区的关联公司,以及提供给其代理人、服务提供商、分包商、审计师、专业顾问、金融中介机构、交易储存系统和金融市场基础设施实体及其运营商、保险公司和保险经纪人,或政府、监管机构、调查机构、监督机构或司法机构、有管辖权的法院等。
如需了解我们如何在与他人共享时确保您的个人数据安全,请参阅“我们如何存储和保护您的个人数据?”部分。
5.
我们如何存储和保护您的个人数据?
我们将根据我们的政策保留您的个人数据,并在为您提供 OneTouch 服务或实现收集您的个人数据之目的所必需的时限内保留。此外,如果为遵守适用的法律法规而有必要,我们可能会将您的个人数据保留更长时间(包括您不再是用户之后的时段)。
我们使用多种安全措施和技术来帮助保护您的个人数据免受未经授权的访问、使用、披露、更改或破坏,满足适用的数据保护和隐私法律法规要求。您有责任维护自身持有或控制的 OneTouch 服务账户数据(用户名、密码等)的安全。
尽管我们采取了一切合理措施来确保您的个人数据得到保护,但通过互联网传输数据并非完全安全,敬请理解。我们无法保证通过任何在线方式传输您的个人数据是安全牢靠的。因此,任何传输的风险由您自行承担。
6.
第三方服务和网站
为了您的方便及提供信息,OneTouch 服务和我们的网站可能会提供连接至其他网站和服务(包括其他在线商家网站)的链接。此类服务和网站可能会由除我们以外的其他方独立运营。所链接的服务和网站可能有其自身的隐私声明或政策。如果您访问任何链接的网站,我们强烈建议您查看这些声明或政策。如果您访问的任何链接网站并非由我们拥有或控制,我们对此类网站或服务的内容、您对此类服务或网站的任何使用或此类服务或网站运营商的隐私措施概不负责。
7.
本隐私政策的更改
我们可能会不时更改、修改或修订本隐私政策。若本隐私政策发生任何实质性或重大变更,我们将通过以下方式通知您:更新发布本隐私政策的网页、发送推送通知、电子邮件或信件、通过电话或在我们的网站 www.alibaba.com上发布公告。
8.
我们根据哪些法律依据使用您的个人数据?
请注意,我们按照以下依据使用您的个人数据:
8.1.
为了履行您作为协议一方的任何合同。
8.2.
为了遵守法律和监管义务。
8.3.
为了合法商业目的。但是,如果我们认为您的利益或与您个人数据有关的基本权利和自由可能受到损害,我们将不会继续使用您的个人数据。
8.4.
帮助我们运营和改善我们的业务,并尽量减少对我们可能向您提供的服务的任何干扰。个人数据的使用还使得我们与您沟通时更加切题和个性化,也让您在使用我们的服务时有更加高效和有效的体验。
9.
您个人数据的传输
您的个人数据可能会被传输至另一国家/地区。但是,我们在传输您的个人数据时将遵守我们的法律和监管义务,包括但不限于遵照传输您个人数据的合法依据,并采取适当的保护措施,以确保您的个人数据得到充分保护。我们还将确保其他国家/地区的接收方,将按照与适用法律保护标准相当的保护程度保护您的个人数据。
如果您想进一步了解我们将您的个人数据传输至新加坡以外地区的具体做法,您可以按照后文“联系我们”部分所述的方式联系我们。
10.
您对您的个人数据享有的权利
根据适用的数据保护和隐私法律法规,您可以:
10.1.
询问我们对您个人数据的处理方式,包括请求访问、获取副本或更正您的个人数据;
10.2.
针对敏感的个人数据和/或在我们根据具体情况确定的特定情况下,要求删除或拒绝共享或传输此类信息;
10.3.
要求更正和/或(根据具体情况)删除您的个人数据;
10.4.
在我们根据具体情况确定的特定情况下,请求限制您个人数据的处理或反对此类处理;
10.5.
向我们发出书面通知,撤销您就处理您的个人数据提供的许可(OneTouch 根据您的许可处理您的个人数据);
10.6.
我们基于您的许可或履行合同而使用您个人数据之时,要求以机器可读的形式接收或向其他组织传输您向 OneTouch 提供的个人数据;以及
10.7.
在您的隐私权受到侵犯或者您因您的个人数据受到非法处理而遭受损失时,请向相关监管机构投诉。
您可以选择向我们分享您的个人数据,但您也可以随时选择不分享。如果我们已取得您的许可处理您的个人数据,而您后来选择撤回该许可,我们将履行我们的法律义务并尊重您的选择。
但是,选择不与我们共享您的个人数据或撤回您对我们使用这些个人数据的许可,则意味着您无法使用我们提供的服务和产品。您选择撤回许可后,OneTouch 能够在适用的数据保护和隐私法律或法规要求或允许的范围内,继续处理您的个人数据。
如需行使您的权利,请通过后文“联系我们”部分中列出的详细信息与我们联系。
11.
联系我们
