Data Protection Notice

Data Protection Notice

Effective Date: 18 September 2023

Your Privacy is Important to Us

The purpose of this Data Protection Notice (“Notice”) is to inform you of how Accredify Pte. Ltd. and its related corporations and affiliates (“the Firm”) handles Personal Data which is subject to the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA“).

This Notice applies to Personal Data in our possession or under our control, including Personal Data in the possession of service providers and third parties which we have engaged to collect, use, disclose, or process Personal Data for our purposes. By interacting with us, using our websites and applications (any page on the accredify.io domain and other related websites and applications of the Firm, where such websites and applications may change from time to time), including https://www.accredify.io/ and https://dashboard.accredify.io/, and https://app.accredify.io/ (collectively, “Sites”), submitting information to us, or engaging our services, you agree and consent to the Firm, as well as our service providers and third parties appointed by us on your behalf (collectively, “us“, “we” or “our“) collecting, using and disclosing your Personal Data in the manner set forth in this Notice.

This Notice supplements but does not supersede nor replace any other consents you may have previously provided to the Firm in respect of your Personal Data, and your consents herein are additional to any rights which to the Firm may have at law to collect, use or disclose your Personal Data.

We may from time to time update this Notice. If we do make changes, the Firm will inform you by updating the last revised date at the bottom of the Notice and such updates will be posted on the Firm’s Sites. By continuing to interact with us, subject to applicable law, you agree to be bound by the prevailing terms of the Notice as so updated from time to time.

In this Notice, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time, but excludes “business contact information” as defined in the PDPA.

Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

1. Personal Data.
  • We may collect Personal Data from you in the course of our business, including through your use of our Sites, when you contact or request information from us, when you engage our services or as a result of your relationship with one or more of our staff and customers.
  • Depending on the nature of your interaction with us, the Personal Data that we may collect includes:
  • Unique identifiers (e.g. full name, National Registration Identification Card (“NRIC”) number, Foreign Identification Number (“FIN”), passport number, personal mobile telephone number, voice of an individual and/or facial image of an individual);
  • Personal particulars (e.g. nationality, gender, date of birth, marital status, and/or education details);
  • Employment details (e.g. occupation, directorships and other positions held, employment history, salary, and/or benefits);
  • Contact information (e.g. residential address, email address and/or telephone number);
  • Financial information (e.g. account numbers and/or banking transactions);
  • Technical information (e.g. information from your visits to our website or applications or in relation to materials and communications we send to you electronically);
  • Personal opinions made known to us (e.g. feedback or responses to surveys);
  • Other information (e.g. photographs and other audio-visual information, website Uniform Resource Locator (URL), free-form text, and/or personal description); and/or
  • Any other information relating to you or any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
  • With regards to Accredify Dashboard for the creation and issuance of health certificates by healthcare providers like clinics and hospitals, generally, we do not collect Personal Data. However, such healthcare providers and clinical laboratories may collect and transfer to us your Personal Data. Personal Data that such third parties transfer to us include your full name, NRIC number, passport number, date of birth, email address and Covid-19 test result details. The Covid-19 results details include, the type of Covid-19 test conducted (e.g. Serology, Polymerase chain reaction (PCR), etc), the date and time the Covid-19 test was conducted, and the date and time that the health certificate comes into effect. Health certificates may be in the form of HealthCerts, Covid-19 Test Credentials that will be accepted for IATA Travel Pass or other similar health certificates schemas that Accredify may support at any time and from time to time. Additional information regarding the HealthCerts may be found here: https://www.healthcerts.gov.sg. Additional information regarding IATA Travel Pass can be found here: https://www.iata.org/en/programs/passenger/travel-pass/. Healthcare providers like clinics and hospitals may also transfer to us the Personal Data of their healthcare professionals like doctors. The Personal Data that they transfer to us include the doctor’s registration number and signature.
  • With regards to Accredify’s Dashboard for organisations that require or requested individuals to conduct self-administration of Covid-19 tests, generally, we do not collect Personal Data. However, such organisations may collect and transfer to us your Personal Data. Personal Data that such third parties transfer to us include your identification number, ID type, country of issue, full name, date of birth, gender, nationality, mobile number, residential address, and barcode reference. With regards to individuals that conduct their self-administration of Covid-19 tests, the Personal Data that we collect include your full name, gender, date of birth, mobile number, NRIC/FIN/Passport Number, nationality, company that the self-test is disclosed to, type of self-administered Covid-19 conducted including the device manufacturer of the test kit, the results of the Covid-19 test including a photograph of the result, and the date the test was self-administered.
2. Collection of Personal Data.
  • Generally, the Firm may collect Personal Data in various ways including:
  • when you submit any for, including but not limited to customer inquiry forms or other forms relating to any of our services
  • when you enter into any agreement, or provide other documentation or information in respect of your interactions with us, or when you use our services;
  • when you subscribe to any of our online services or communication platforms (including electronic publications, updates, alerts, announcements);
  • when you communicate or interact with us via telephone, letters, fax, face-to-face meetings, our Sites, email or other modes of contact or use services on our Sites;
  • when you request that we contact you or request that you be included in an email or other mailing list;
  • when you respond to our promotions, initiatives or to any request for additional Personal Data;
  • when you are contacted by, and respond to, our marketing representatives and customer service officers;
  • as part of our business acceptance processes and about you and others as necessary in the course of providing our services;
  • when you provide information to us, or interact with us directly, for instance engaging with our staff or registering on one of our digital platforms or applications;
  • while monitoring our technology tools and services, including our Sites and email communications sent to and from us;
  • from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources;
  • when you submit an employment application or provide documents or information such as your resume and/or CV, from recruitment agencies and employment references;
  • when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities;
  • it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”) after
  • you (or your authorised representative) have been notified of the purposes for which the data is collected, and
  • you (or your authorised representative) have provided written consent to the collection and usage of your Personal Data for those purposes;
  • collection and use of Personal Data without consent is permitted or required by the PDPA or other written laws;
  • when your images are captured by us via CCTV cameras while you are within or in the vicinity of our premises, or via photographs or videos taken by us or our representatives when you attend our events;
  • from public information sources, search services and other third parties; and/or
  • when you submit your Personal Data to us for any other reason.
  • If you provide us with any Personal Data relating to a third party, by submitting such Personal Data to us, you also represent to us and must ensure that you have notified the third party of the terms of this Policy and obtained his consent thereto.
3. Purposes for the Collection, Use and Disclosure of Your Personal Data.
  • Generally, the purposes for which the Firm collects uses and discloses Personal Data include:
    • If you are a prospective, current, or former customer or user of the Firm, in order to perform our obligations under our Master User Agreement with you and on the basis of our legitimate interest including to:
      • provide, operate, maintain, improve, and promote the Sites and the services and manage your relationship with us;
      • enable you to access and use the Sites and the services;
      • process and complete transactions, and send you related information, including purchase confirmations and invoices;
      • send transactional messages, including responses to your comments, questions, feedback, suggestions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
      • performing obligations in the course of or in connection with our provision of services requested by you;
      • verifying your identity, processing payments, and managing our administrative and business operations (including the processing, storage, monitoring, and backup of data);
      • providing updates and other communications on developments relating to the Firm;
      • to send administrative email notifications (including security, support, and/or maintenance notices);
      • to improve our services and communications to you and the quality of your interaction with our Sites, including auditing and monitoring its use;
      • complying with applicable laws and regulations, codes or practice or guidelines, policies, procedures, regulatory requirements and directions issued by relevant authorities;
      • to fulfil our legal, regulatory and risk management obligations, including establishing, exercising, or defending legal claims;
      • investigate and prevent fraudulent transactions, unauthorized access to the Sites and the services, and other illegal activities;
      • send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners;
      • process and deliver contest or sweepstakes entries and rewards;
      • monitor and analyze trends, usage, and activities in connection with the Sites and services and for marketing or advertising purposes;
      • personalize the Sites and services, including by providing features or advertisements that match your interests and preferences;
      • transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes;
      • for the purpose of recruitment; and/or
      • for other purposes for which we obtain your consent.
  • With regards to Accredify Dashboard for the creation and issuance of HealthCerts by healthcare providers like clinics and hospitals, generally, the purposes for which the Firm collects, uses and discloses Personal Data include:
    • allowing users of clinics and hospitals to create health certificates like Covid-19 test results in the HealthCerts format, Covid-19 Test Credentials that will be accepted for IATA Travel Pass or other similar health certificates schemas that Accredify may support at any time and from time to time, and other medical records;
    • deliver such health certificates and medical records to their patients, travellers or persons to whom the health certificate and medical record relates;
    • revoke, and if required, to edit, recreate and redeliver such health certificates and medical records to their patients; and
    • to store and download such health certificates and medical records of their patients.
  • With regards to Accredify’s Dashboard for self-administering of Covid-19 test by individuals like employees of an organisation, generally, the purposes for which the Firm collects, uses and discloses Personal Data include:
    • For individuals:
      • allowing individuals to upload, store, and download their self-administered Covid-19 test results;
      • allowing individuals to classify their self-administered test results as a company record (e.g. their employer) and state the organisation that required or requested them to conduct the test and disclose it with them or to classify as a personal record.
    • For organisations (e.g. employers):
      • allow organisations to create accounts (whether by uploading a nominal roll or otherwise) for individuals that they require to conduct self-administered Covid-19 test (e.g. employees) so that such individuals can upload and disclose their test results to such organisations;
      • allow organisations to generate, download, and issue self-administered Covid-19 health certificates in the form of the HealthCerts format, Covid-19 Test Credentials that will be accepted for IATA Travel Pass or other similar health certificates schemas that Accredify may support at any time and from time to time, to the individuals that disclosed the test results with it;
      • allow organisations to prepare reports regarding self-administered Covid-19 test results submitted to them, where such reports include the reports required to be submitted to governmental authorities like the Health Promotion Board.
    • If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by the Firm:
      • assessing your organisation’s suitability as an external service provider or vendor for the Firm;
      • managing project tenders and quotations, processing orders or managing the supply of goods and services;
      • creating and maintaining profiles of our service providers and vendors in our system database;
      • processing and payment of vendor invoices and bills;
      • facilities management (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
      • purposes which are reasonably related to the aforesaid.
    • If you submit an application to us as a candidate for employment, internships or traineeships:
      • conducting interviews;
      • processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
      • obtaining references and for background screening;
      • assessing your suitability for the position applied for;
      • enrolling successful candidates as our employees and facilitating human resource planning and management (including but not limited to preparing letters of employment, name cards and building access passes); and/or
      • purposes which are reasonably related to the aforesaid.
    • If you are an existing employee of the Firm:
      • providing remuneration, reviewing salaries and bonuses, conducting salary benchmarking reviews, staff appraisals and evaluation, as well as recognising individuals for their services and conferring awards;
      • staff orientation and entry processing;
      • administrative and support processes relating to your employment, including its management and termination, as well as staff benefits, including travel, manpower, business continuity and logistics management or support, processing expense claims, medical insurance applications, medical screenings and immunisations, leave administration, long-term incentive plans, training, learning and talent development, and planning and organising corporate events;
      • providing you with tools and/or facilities to enable or facilitate the performance of your duties;
      • facilitating professional accreditation and complying with compliance audits;
      • compiling and publishing internal directories and emergency contact lists for business continuity;
      • managing corporate social responsibility projects;
      • conducting analytics and research for human resource planning and management, and for us to review, develop, optimise and improve work-related practices, environment and productivity;
      • ensuring that the administrative and business operations of the Firm function in a secure, efficient and effective manner (including but not limited to examining or monitoring any computer software and/or hardware installed within the Firm, your work emails and personal digital and storage devices);
      • compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation);
      • administering cessation processes; and/or
      • any other purposes relating to any of the above.
    • If you are an independent contractor of the Firm:
      • Training and orientation;
      • Administrative and support processes relating to the engagement, including its management and termination;
      • facilitating professional accreditation and complying with compliance audits;
      • compiling and publishing internal directories and emergency contact lists for business continuity;
      • ensuring that the administrative and business operations of the Firm function in a secure, efficient and effective manner (including but not limited to examining or monitoring any computer software and/or hardware installed within the Firm, your work emails and personal digital and storage devices);
      • compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation);
      • administering cessation processes; and/or
      • any other purposes relating to any of the above.
    • Furthermore, where permitted under the Act, the Firm may also collect, use and disclose your Personal Data for the following “Additional Purposes”:
      • taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles and publicity materials;
      • providing or marketing services and benefits to you, including promotions, service upgrades, loyalty, reward and/or membership programmes;
      • organising roadshows, tours, campaigns and promotional or events and administering contests and competitions;
      • matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services;
      • sending you details and information of services and rewards, either to our customers and users generally, or which we have identified may be of interest to you;
      • conducting market research, aggregating and analysing customer profiles and data to determine patterns and trends, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you other products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile; and/or
      • purposes which are reasonably related to the aforesaid.
    • In relation to particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
    • The Firm may disclose your Personal Data in various ways including:
      • where such disclosure is required for performing obligations in the course of or in connection with our provision of the services requested by you;
      • if we believe that your actions are not consistent with our user policies and agreements, or to protect the property, safety, and rights of us or any third party;
      • to technical consultants, vendors, experts or other service providers whether located in Singapore or elsewhere who require access to such information to do work on our behalf;
      • to agents, contractors or third party service providers who provide technology solutions, support, operational or administrative services, such as for our online services, courier services, telecommunications, information technology, payment, payroll processing, training, market research, storage, archival, client support services;
      • in connection with professional indemnity policies, and to our professional advisers including auditors;
      • to any relevant authorities, including professional regulatory bodies and/or law enforcement agencies, whether local or overseas;
      • to the extent necessary to comply with any laws, regulations, rules, directions, guidelines and other similar requirements;
      • in connection with, or during negotiations of, any sale, merger of company assets, acquisition or financing of a portion or all of our business to another company or individual;
      • disclose de-identified or aggregated information, which cannot reasonably be used to identify you;
      • at your direction or with your consent; and/or
      • any other party to whom you authorise us to disclose your Personal Data.
    • Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
      • among the Firm and affiliates (including their staff);
      • companies providing services relating to insurance to the Firm;
      • agents, contractors, sub-contractors or third party service providers who provide operational services to the Firm, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, call centre, security, or other services to the Firm;
      • vendors or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;
      • our corporate clients;
      • any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
      • external banks, credit card companies, other financial institutions and their respective service providers;
      • our professional advisers such as consultants, auditors and lawyers;
      • relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or
      • any other party to whom you authorise us to disclose your Personal Data to.
    • The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
    • You further understand, acknowledge and agree that where you have engaged us to carry out any work in any jurisdictions outside Singapore, the transfer of your Personal Data records to these jurisdictions may be necessary to give effect to your instructions and that you request and consent to our so transmitting your, Personal Data outside Singapore. Personal Data may therefore be exported to, processed and accessed in countries whose laws provide a different level of protection, which may not necessarily be comparable to that provided in Singapore.
4. Use of Cookies, Web Beacons, and Similar Technologies on the Sites.
  • When you visit or interact with our Sites and services, we or our authorised service providers may use cookies, web beacons, and other similar technologies for collecting and storing information to help provide you with a better, faster, and safer web experience.
  • The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our Sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
  • The use of cookies, web beacons and similar technologies by us on our Sites has different functions. They are either necessary for the functioning of our services, help us improve our performance, or serve to provide you with extra functionalities. They may also be used to deliver content that is more relevant to you and your interests, or to target advertising to you on or off our Sites.

    Cookies – Small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognise a particular device or browser. There are several types of cookies:

  • Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
  • Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple Sites.
  • First-party cookies are set by the Site you are visiting.
  • Third-party cookies are set by a third party site separate from the Site you are visiting.

    Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options.

    Web beacons – Small graphic images (also known as “pixel tags” or “clear GIFs”) may be included on our Sites and services. Web beacons typically work in conjunction with cookies to profile each unique user and user behaviour.

    Similar technologies– Technologies that store information in your browser or device utilising local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers.

  • We offer certain Site features and services that are available only through the use of these technologies. You are always free to block, delete, or disable these technologies if your browser so permits. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain Site features or services tools. For more information on how you can block, delete, or disable these technologies, please review your browser settings.
5. Third-Party Sites.
  • Our Sites may contain links to other websites and resources operated or provided by third parties, including for example our business partners, with different privacy practices. We are not responsible for the data protection practices of websites operated by third parties that are linked to our Sites. We encourage you to learn about the data protection practices of such third party websites. Some of these third party websites may be co-branded with our logo or trade mark, even though they are not operated or maintained by us. Once you have left our Sites, you should check the applicable Data Privacy Policy of the third party website to determine how they will handle any information they collect from you.
  • We use third party service providers, like Freshworks Inc (Freshworks) to enable interaction with you on our website and/or our product. As a data processor acting on our behalf, Freshworks automatically receives and records certain information of yours like device model, IP address, the type of browser being used and usage pattern through cookies and browser settings. Freshworks performs analytics on such data on our behalf which helps us improve our service to you. You can read about the cookies Freshworks sets in their cookie policy here https://www.freshworks.com/list-of-cookies/. 
6. Retention of Personal Data.
  • We retain such Personal Data as may be required for business or legal purposes, and such purposes do vary according to the circumstances.
  • We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.
7. Protection of Personal Data.
  • The Firm will take reasonable steps to protect your Personal Data against unauthorised disclosure. To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
  • You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
8. Data Breach Notification.
  • data breach”, in relation to personal data, means —
    • the unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data; or
    • the loss of any storage medium or device on which personal data is stored in circumstances where the unauthorised access, collection, use, disclosure, copying, modification or disposal of the personal data is likely to occur.
  • affected individual” means any individual to whom any personal data affected by a data breach relates.
  • Where required by PDPA, we will notify the Personal Data Protection Commission (“PDPC”) of a data breach as soon as practicable but in any case no later than 3 calendar days after the day we makes the assessment of whether the data breach is a notifiable data breach.
  • Where required by PDPA, we will notify the affected individuals as soon as soon as practicable, at the same time or after notifying the PDPC, in any manner reasonable in the circumstances.
  • The notification by us to the PDPC of a notifiable data breach will include all of the information as required by Personal Data Protection (Notification of Data Breaches) Regulations 2021.
  • The notification by us to affected individuals affected by a notifiable data breach will include all of the following information as required by Personal Data Protection (Notification of Data Breaches) Regulations 2021 and also notify you and advise on the possible steps to protect yourself from further potential harm.
  • Notification(s) of notifiable data breaches by us to affected individuals, if any, will be delivered to affected individuals by any means we select, including via email. It is the affected individual’s sole responsibility to ensure the accurate contact information is maintained on our applications and secure transmission at all times.
  • Notwithstanding the foregoing, where required by PDPA and where we are a data intermediary and have reason to believe that a data breach has occurred in relation to personal data that we (as a data intermediary) are processing on behalf of another organisation (“Customer”), we will, without undue delay, notify Customer of the occurrence of the data breach. Customer is solely responsible for determining whether to notify affected individuals and for providing such notice, and for determining whether relevant supervisory authorities like PDPC need to be notified of a data breach as may be required for Customer’s own business and activities. Notwithstanding the foregoing, Customer agrees to reasonably coordinate with us on the content of Customer’s intended public statements or required notices for affected individuals and/or notices to relevant supervisory authorities like PDPC regarding the data breach.
  • Notification(s) of data breaches by us to Customer, if any, will be delivered to one or more of Customer’s administrators by any means we select, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on our applications and secure transmission at all times.
  • Our obligation to report a data breach under this Notice is not and will not be construed as an acknowledgement by us of any fault or liability of us with respect to such data breach.
  • The foregoing notification obligations of ours do not extend to data breaches caused by the Customers or personally identifiable information (PII) principals / data subjects or within system components for which such Customers or PII principals / data subjects are responsible.
9. Accuracy of Personal Data.
  • We generally rely on Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by informing our Data Protection Officer in writing or via email at the contact details provided below.
10. Transfers of Personal Data Outside of Singapore.
  • Your Personal Data may be transferred from country, state and city (“Home Country”) in which you are present while using our services to another country, state and city (“Alternate Country”).

    When we transfer your Personal Data from your Home Country to the Alternate Country, we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will also ensure that the recipient in Alternate Country is obliged to protect your Personal Data at a standard of protection comparable to the protection under applicable laws.

    Our lawful basis will be either consent (i.e. we may ask for your consent to transfer your Personal Data from your Home Country to the Alternate Country at the time you provide your Personal Data) or one of the safeguards permissible by laws
11. Withdrawing Your Consent.
  • The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
  • If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with the Firm, and your being in breach of your contractual obligations or undertakings. The Firm’s legal rights and remedies in such event are expressly reserved.
  • Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws.
12. Consequences of not consenting and/or providing personal data necessary for transaction, service, or application.
  • Please be noted that should you not consent and provide us with the relevant Personal Data to fulfil the purposes of collection, use and disclosure of your Personal Data by Accredify,it may hinder the Firm’s ability to continue to interact with you.
  • For Job Applicants: The Firm may not be able to make a decision on your suitability for recruitment and employment or comply with the law and therefore, the Firm may not be able to make you an offer of employment.
  • For Employees: The Firm may not be able to process your Personal Data to fulfil the necessary Human Resource / Administrative requirements for employment or comply with the law and therefore, the Firm may not be able to continue the employment relationship with you.
  • For Customers (including Healthcare Providers, Education Institutes, and Corporations): The Firm may not be able to provide, operate and administer Accredify’s products/services and provide ongoing products/services support.
13. Contact Us – Withdrawal of Consent, Access to and Correction of Personal Data.
  • If you: have any questions or feedback relating to your Personal Data or our Notice;
  • would like to withdraw your consent to any use of your Personal Data as set out in this Notice;
  • wish to make an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data; or
  • wish to make a correction request to correct or update any of your Personal Data which we hold about you,

    Please contact us as follows:

  • Email: dpo@accredify.io
  • Write to our Data Protection Officer at:

    Data Protection Officer
    Accredify Pte. Ltd.
    30A Kallang Place
    #11-06/07 Singapore 339213

  • Please note that if your Personal Data has been provided to us by a third party, you should contact that organisation or individual to make such queries, complaints, and access and correction requests to the Firm on your behalf.
14. Effect of Notice and Changes to Notice.
  • Without prejudice to the foregoing, by accessing and using our Sites in any way, you represent and warrant that you have read, understand and consent to the collection, use and disclosure of your Personal Data as set out above.
  • This Notice applies in conjunction with any other policies, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us.
  • We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
15. Governing Law.
  • This Data Protection Notice shall be governed in all respects by the laws of Singapore. 

Effective as of 18 September 2023 Accredify Pte. Ltd. have updated our Data Protection Notice.

16. Previous Versions.