Hashstacs Pte Limited (“Hashstacs”, “we” “the company”), incorporated in Singapore with registration number 201904974E and registered office at 1 Gateway Drive, 10-06 Westgate Tower, Singapore 608531, and whose parent company is Hashstacs Inc., incorporated in the British Virgin Islands with registration number 2004929 and registered office c/o Vistra Corporate Services Centre, Tortola, BVI, forming part of the GSX Group, is committed to the highest standards of privacy and data protection compliance. We are bound by the Personal Data Protection Act 2012 of Singapore (“PDPA”) and the regulations enacted under it.
However, if you are a European Union (‘EU’) resident, you are protected by and enjoy additional rights under the European General Data Protection Regulation 2016/679 (“GDPR”). We act in accordance with the PDPA and this Privacy Notice. If you are an EU resident, you will be able to know ore and exercise your rights under the GDPR, please contact us on [email protected] if you have any doubt about the additional rights you are granted.
This Privacy Notice sets out how, why and for how long we collect, store, use, transfer, disclose or otherwise process your personal information provided in our website www.hashstacs.io, how you can exercise your rights in relation to the data we hold (including how you can access your personal information) and correct it.
For the purposes of the PDPA and the GPDR the relevant legal entity and controller of your personal data is Hashstacs and our Data Protection Officer, Jay Ng, can be reached at [email protected]. As a data controller, Hashstacs is responsible for ensuring that it uses your personal data in compliance with data protection laws to respect your privacy and be committed to keeping your data secure. By using the website and our services, you consent to the data practices described in this statement.DEFINITIONS
As used in this Notice:
“Customer” means an individual who has contacted us through any means to find out more about any goods or services we provide, or may, or has, entered into a contract with us for the supply of any goods or services by us; and
“Personal data” or “personal information” means data, whether true or not, about a customer who can be identified: from that data; or from that data and other information to which we have or are likely to have access.
“Data Protection officer” or “DPO” means the individual designated by the organization to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.
“Service Providers” means any organization, business or individual which offers service to Hashstacs.
“Service Providers” means any organization, business or individual which offers service to Hashstacs.
“Data Subjects” means a natural person, whether living or deceased.
Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include first name, last name, email address, IP address, cookies, or any other personal information voluntarily given by you in the course of your interaction with us through our website.
Other terms used in this notice shall have the meanings given to them in the PDPA (where the context so permits).INFORMATION WE COLLECT ABOUT IT
We collect information, both general and personal, in a number of ways, as detailed in this Privacy Notice. In the case of personal or personally-identifiable information, we collect information only insofar as it is and remains necessary to fulfil the purpose of your interaction with us. We collect and store information using a number of technologies such as cookies, caches, databases, and logs. We do not use or disclose personal information other than as described in this Privacy Notice.
You may refuse to provide us with personal information, and you may object to our collection of information, however this may impact your ability to use or benefit from our site, platforms, apps, products, and/or services, and our ability to provide you with support or assistance.
You must not provide us with the personal information about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal information will be handled in accordance with this Privacy Notice.
When you send us a message through the contact form you provide us with personal information that includes your fist name, last name, email address and any other voluntarily given information.
For instance, you may also provide us with an email address to receive marketing material or updates about our services, a phone number so that we may call you back about a customer inquiry, or your name and payment information when you purchase a product or service.
We may also obtain information about you from other sources. This may include:
Information from publicly available sources, including third party agencies such as fraud prevention agencies; law enforcement agencies; public databases, registers and records such as Companies; and other publicly accessible sources;
Information obtained from professional advisers, other agents and/or representatives, industry databases and other business intelligence tools Hashtacs subscribes to; and information obtained from sanctions checking and background screening providers.
While you use our site and other platforms, we collect general information of the sort that web browsers, servers and network operators typically make available, such as unique identifiers (e.g. persistent cookies, MAC addresses, device IDs, IMEI numbers), browser type and settings, location data, device type and settings, operating system, IP address, mobile network information including operator name and phone number and application version number, language preferences, crash reports, system activity, and the date, time and referral URL of each visitor request. This information helps us troubleshoot problems, understand how visitors use our site, allocate and balance resources, and improve our products and services.
Some of this information could be personally-identifiable (that is they could be used to directly or indirectly identify you as an individual and natural person)—information like IP addresses, phone numbers, and unique identifiers. We treat such information in the same way that we treat all other personal information (such as your name), and will only use and disclose such personal information as described in this Privacy Notice.Information We Collect About How You Use Our Site and Services
As you use our site and services, we collect information about how you interact with our platform and how you use our services (your activity), such as the links that you click, content that you view, terms, products, and services that you search for, products that you buy, people you communicate or share information with, and how you interact with advertisements.
We collect information about your activity to understand how you use and interact with our site and other platforms, and our products and services. This helps us to understand customer preferences, optimise our site and other platforms, allocate and balance resources, and improve our products and services.PURPOSE WE USE YOUR PERSONAL INFORMATION
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
Subject to this Privacy Notice and your data preferences, we may use the information we collect for some or all of the following purposes:
a) to operate the Website;
b) carry out our obligations and to provide you with agreed products and services;
c) verifying your identity;
d) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
e) establish, maintain and administer your account;
f) maintain, troubleshoot, and improve our site, platforms, apps, products, and services;
g) develop new products and services;
h) if your preferences permit, to provide you with recommendations and personalised products and services;
i) measure performance of our site, platforms, products, and services;
j) secure and protect you, us, our site, platforms, apps, products, and services, and the public;
k) meeting our legal, regulatory, and tax reporting obligations;
l) communicate with you about our site, platforms, apps, products, and services—such as to notify of changes and updates, alert you to data or security breaches, and to provide you with customer support;
m) with your explicit consent, to create or distribute promotional and marketing material that is relevant to you;
n) for quality assurance and training purposes; and
o) any other uses identified to you at the time of collecting your personal information or as reasonably contemplated by this Privacy Notice and our Website Terms of Service.
Personal information we collect stays within Hashstacs Inc., however, we may disclose your personal data:
a) between GSX Group companies;
b) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you;
c) to third party service providers, agents and other organisations we have engaged to perform any of the purposes listed above;
d) when you give us explicit consent to share your data;
e) when we share it with our affiliates, partners, and other trusted organisations we work with to provide products and services to you;
f) when we share it with trusted external service providers and data processors such as data centres, web hosts, cloud storage and cloud software providers, customer support providers, payment processors, debt collectors, accountants, and insurers;
g) when we share it with prospective sellers or buyers of our business or assets; or
h) when we share it with regulators and other relevant parties for the purpose of legal or contractual compliance, reporting purposes, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or the rights of third parties or the public at large.
The purposes for processing listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).YOUR DATA RIGHTS
You may access and review any personal information we hold about you. On your specific request we will be able to, as soon as reasonably possible, provide you with some or all of (as requested) the following information, where available:
a) personal data about you that is in our possession or under our control and the source of such data;
b) the ways in which your personal data has been or may have been used or processed by us, including the logic behind any automated decisions (if applicable), during the two years preceding the date of the request;
c) the ways in which your personal data has been or may have been disclosed by us, and information on to whom or to which categories of recipients such data has been disclosed, during the two years preceding the date of the request;
d) how long we expect to hold on to your data, or if specific information is not available, the criteria we use to determine such a time period; and
e) the purpose of any use, processing, or disclosure.
However, we reserve the right not to provide you with your personal data or other related information if providing it could reasonably be expected to:
a) threaten the safety or physical or mental health of another individual;
b) cause immediate or grave harm to your safety, physical or mental health;
c) reveal personal data about another individual;
d) reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity;
e) affect the prevention, investigation, detection, and prosecution of criminal offences, or of breaches of ethics for regulated professions; or
f) be contrary to national and public security, defence needs, or the national interest (including important economic, financial, monetary, budgetary and taxation matters).
If you wish to exercise your right of access, you should contact us at [email protected] and we will respond to your request within a reasonable period after the request is made. We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.Right to Rectification and Erasure
Please contact us at [email protected] as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete, up-to-date, no longer necessary for the purpose for which it was collected or processed, or lacks a valid legal ground for processing so that we can update your file accordingly. Depending on the circumstance we may change, erase, or block from use any inaccurate, incomplete, or outdated information. We may require documentary proof or evidence for certain requests. We will process any legitimate requests to correct inaccurate data as soon as practicable, and incomplete data within a reasonable time frame, and send the update personal data to other organisations to which the data was disclosed during the year preceding the date of the correction, unless it is impossible, involves disproportionate effort, the other organisations no longer require the corrected personal data for any legal or business purpose, or you otherwise agree that we do not need to resend the corrected information to any other organisation.Right to Object to the Collection Of Personal Data Due to Your Personal Situation
You may object to collection of specific personal data on limited grounds due to your personal situation. Please contact us if you wish to make such a request, along with details of your personal situation and your reasons for objection. We will respond to all requests within a reasonable time frame. If we disallow your objection, we will inform you of our reasons for doing so.
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at [email protected].
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within twenty (20) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Whether you decide to cancel your withdrawal of consent, please inform us in writing.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.ACCURACY
We take all reasonable steps within our control to ensure that the personal information we hold about you is accurate. We also take reasonable steps to ensure that the information is complete and up-to-date. However, we also rely on you to advise us of any changes to your personal information.PROTECTION OF PERSONAL DATA
We take reasonable steps to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Although we aim to create a safe, secure environment by trying to limit access to the site to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.
We will make every feasible effort to inform the Singapore Personal Data Protection Commission or other relevant authority within 72 hours of the occurrence of any significant personal data breach which poses a risk to your rights and freedoms as a natural person. We will also inform you without undue delay unless the risk to your individual rights and freedoms is low—such as if the compromised data was well encrypted.
Please contact us at [email protected] immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.RETENTION OF PERSONAL DATA
We will cease to retain its documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the Purpose for which that personal data was collected or further processed is no longer being served by retention of the personal data.DATA TRANSFERS
Your information may be processed outside of the country where you live. Regardless of where we use, process, or store your data, we will comply with the protections set out in this Privacy Notice. We will not transfer any personal data to a country or territory outside Singapore or the EU except in accordance with the requirements prescribed under the PDPA and GDPR to ensure that organisations provide a standard of protection to the personal data transferred that is comparable to the protection under the PDPA, GDPR and this Privacy Notice.
Hashstacs is part of the GSX Group and may transfer your personal data within the companies of the Group.COOKIES
Our website provides you with social plug-ins from social networks. If you choose to interact with a social network, your activity on our website or via our mobile or web-based applications will also be made available to social networks such as LinkedIn and YouTube.
If you are logged in on one of the social networks during the visit of one of our websites or mobile or web-based applications, the social network might add this information to your profile. If you are interacting with one of the social plug-ins, this information will be transferred to the social network. In case you do not wish such a data transfer, please log off on your social network before you enter one of our websites or mobile or web-based applications.
We cannot influence this data collection and data transfer via the social plug-ins. Please read the privacy policies of those social networks for detailed information about the collection and transfer of personal data, what rights you have and how you can achieve satisfactory privacy settings.SECURITY
We endeavour to take precautions to ensure that the information you have provided is protected against unauthorised or unintended use, access or disclosure. However, we cannot be held responsible for unauthorised or unintended use, access or disclosure that is beyond our control.BUSINESS TRANSFER
If we, or our assets (partially or totally), were acquired, or in the event that we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge and agree that if such transfers occur, that any acquirer of our business may continue to use your personal information as set forth in this Privacy Notice.USE OF PERSONAL INFORMATION FOR DIRECT MARKETING
From time to time we may use the personal information we collect from you to identify particular products and services that we believe may be of interest to you. We may then contact you to let you know about these products and services, new features and how they may benefit you, solicit your feedback, or just keep you up to date with what’s going on with us and our products and services and/or products.
Direct marketing from us generally takes the form of an electronic marketing email. Where we use your personal information to send you marketing information by email we may do so with your express or deemed consent. Every directly addressed marketing contact sent or made by us will include a means by which you may unsubscribe (or opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us.LINKS TO THIRD PARTY WEBSITES
Our site may contain links to and from third party websites. If you click on such links, you do so at your own risk and subject to whatever Privacy Notice and/or website terms may govern the use of such websites. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any information you provide to them. You should read the Privacy Notice of these third parties to find out how they handle your personal information when you visit their websites.EU REPRESENTATIVE
As we do not have an establishment in the EU, we have appointed a representative based in Gibraltar, who you may address if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data and/or this Privacy Notice more generally. Our EU representative is: GSX Group Limited, located at Suite 741A, Europort, GSX11 1AA, Gibraltar, GX111AA. Our EU representative can be contacted directly by emailing them at the following address:[email protected].PRIVACY COMPLAINTS
All such enquiries or complaints will be taken seriously and will be handled as soon as reasonably practicable, and where appropriate, we will work together with the Singapore Personal Data Protection Commission or other relevant authority to address your complaint, and/or make improvements to our systems and processes.PRIVACY NOTICE CHANGES
We may change our Privacy Notice from time to time, and in our sole discretion. We encourage you to frequently check our site for any changes to our Privacy Notice. We will not reduce or diminish your rights under this Privacy Notice without your explicit consent. If any changes do not reduce or diminish your rights, your continued use of our site, services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after any change in this Privacy Notice will constitute your acceptance of such change. If we make significant changes to this Privacy Notice, we will provide a more prominent notice of the changes, such as by emailing you.
This Privacy Notice was lasted updated on 14 May 2019