Data Protection

The purpose of this Data Protection Policy (“Policy”) is to inform you of how Network for Electronic Transfers (Singapore) Pte Ltd and its subsidiaries and related corporations including e-NETS Pte Ltd, Banking Computer Services Pte Ltd and Nets Solutions Pte Ltd (collectively, “NETS Group”) collects, uses, uses, discloses, processes or otherwise handles (“Handles”) your Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) (“PDPA”). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any products and services offered by us, you agree and consent to NETS Group, as well as its representatives and/or agents (collectively referred to herein as “NETS”, “us”, “we” or “our”) collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the NETS’ authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.

The portion of the Policy that applies to your personal data will depend on the nature of your transactions, agreements or interactions with us.

Please note that though we make an effort, as per legal requirements, to provide reasonably adequate information concerning our policies as it pertains to personal data, this Policy is not an exhaustive list of all the situations or scenarios concerning personal data. Please feel free to approach NETS Data Protection Officer (see Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data below) if you need clarification about any specific situation.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to NETS in respect of your Personal Data, and your consents herein are additional to any rights which to any of the entities under NETS Group may have at law to collect, use or disclose your Personal Data.

NETS may from time to time update this Policy to ensure that this Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Policy as updated from time to time on our website www.nets.com.sg. Please check back regularly for updated information on the handling of your Personal Data.

1. Personal Data

1.1 In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

1.2 Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data, network data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.

1.3 NRIC, passport and other state issued numbers (national identification numbers, or “NIN”) are requested for and Handled in accordance with applicable PDPA guidelines. Handling of NIN is necessary where the establishment of identity to a high degree of fidelity is needed – this is particularly so for healthcare related purposes given the need for safety, security, prevent of risk of fraud, and accuracy.

1.4 Personal data does not include data about a data subject which has been anonymised. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual. Techniques can include pseudonymisation3, aggregation, replacement, data reduction4, data suppression5, data shuffling6, or masking7.

1.5 NETS practices and undertakes reasonable safeguards to anonymise personal data in appropriate situations, balancing both the need to rely on and use sufficiently accurate and complete personal data to protect life and health, and avoid mistakes, injury or accidents.

2. Collection of Personal Data

2.1. Generally, we collect Personal Data in the following ways:

(a) when you submit any form, including but not limited to application, registration, declaration or other forms;
(b) when you attend at our premises for visits;
(c) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our products and services;
(d) when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;
(e) when you use our electronic services, or interact with us via our websites or use services on our websites;
(f) when you request that we contact you or request that you be included in an email or other mailing list;
(g) when you respond to our promotions, initiatives or to any request for additional Personal Data;
(h) when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;
(i) when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events at our premises;
(j) when you are contacted by, and respond to, our sales representatives or our marketing representatives and customer service officers;
(k) when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
(l) when you submit your Personal Data to us for any other reason.

2.2. When you browse our websites, you generally do so anonymously but please see the section below on cookies. We do not, at our website, automatically collect Personal Data unless you provide such information or login with your account credentials.

Collection of Personal Data About You From Third Parties & Collection of Data About Third Parties From You

2.3. NETS may also collect personal data about you from third parties such as:

(a) your representatives / intermediaries / agents or your next-of-kin who may either be doing so on your behalf, or in connection with their own transactions, agreements or interactions with us (in which event we will endeavour to collect only such personal data as may be relevant);
(b) your employers; and
(c) your service providers (e.g. your insurers, bank, etc).

2.4. If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

Accuracy of Personal Data We Collect From You

2.5. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

Risk of relying on data we collect from you that is without consent or which is inaccurate

2.6. If consents are not procured or if you fail to provide us with complete and accurate information, we may, in some situations, be prevented from providing you with NETS’ services or may be impaired in doing so and have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.

3. Purposes for the Collection, Use and Disclosure of Your Personal Data

3.1. Generally, NETS collects, uses and discloses your Personal Data for the following purposes:

(a) responding to your queries, feedback, complaints and requests;
(b) verifying your identity;
(c) managing the administrative and business operations of NETS and complying with internal policies and procedures;
(d) facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
(e) requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;
(f) matching any Personal Data held which relates to you for any of the purposes listed herein;
(g) preventing, detecting and investigating crime and analysing and managing commercial risks;
(h) managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(i) monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
(j) in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(k) conducting investigations relating to audit, disputes, billing or fraud;
(l) meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on NETS (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations, conducting contact tracing during the Covid-19 pandemic); and/or
(m) purposes which are reasonably related to the aforesaid.

3.2. In the sub-sections that follow, we set out some of the purposes which apply to collection or use of personal data in certain scenarios or depending on the nature of our relationship and also identify some of the relevant recipients in the disclosure of personal data. We would also highlight that while a party may be listed as a recipient or source of personal data in these sections, that same party may also be a recipient or source (albeit not listed or mentioned expressly) in other scenarios.

3.3. If you are a NETS cardholder or a consumer who is making payment via our electronic payments services (including payments through NETS Self-Service Station or eNETS):

3.3.1. The purposes for which such personal data is Handled includes:

(a) processing your application for NETS’ products and services;
(b) providing customer service and support (including but not limited to processing your payments, verifications, transactions and refunds, resolving any technical difficulties, disputes or problems that you may encounter in connection with the use of our products and services, assisting you in claiming cards that have been retained at automated teller machines and attending to your requests for any other products and services);
(c) facilitating card personalisation and embossment;
(d) transaction reconciliation and invoicing;
(e) creating and maintaining our cardholders’ profiles in our system database;
(f) administering debt recovery and debt management;
(g) administering rewards and benefits; and/or
(h) purposes which are reasonably related to the aforesaid.

3.4. If you are an employee, business partner, sole proprietor, director, agent, representative or authorised signatory of an organisation that is a merchant partner of NETS

3.4.1. The purposes for which such personal data is Handled includes:

(a) processing your application for NETS’ products and services;
(b) facilitating the daily operation of our products and services and providing customer service and support (including but not limited to processing payments, transactions and refunds, resolving any technical difficulties, disputes or problems that you may encounter in connection with the use of our products and services, suspected fraudulent transactions and attending to your requests for any other products and services);
(c) facilitating your appointment as an authorised signatory;
(d) facilitating user access to merchant portal;
(e) creating and maintaining our merchants’ profiles in our system database;
(f) facilitating operations with regards to NETS terminals (including but not limited to arranging for terminal deployment and installation, return of terminals and self-collection of terminals by the merchant);
(g) facilitating back-end operations (including but not limited to disclosing to banks certain information relating to administration, service requests based on authorised signatory list, issuance, revocation, suspension, lifting of certificates, unblocking Smart Card Pin);
(h) administering debt recovery and debt management;
(i) administering rewards and benefits;
(j) performing data analytics;
(k) processing any interactions which is linked to establishment and facilitation of merchant services;
(l) conducting audit checks (including but not limited to reviewing and evaluating the adequacy and effectiveness of company’s risk management, control and governance process, reliability and integrity of financial and operating information, and ensuring compliance with policies, plans, procedures, laws and regulations)
(m) resolving merchant disputes; and/or
(n) purposes which are reasonably related to the aforesaid.

3.5. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by NETS:

3.5.1. The purposes for which such personal data is Handled includes:

(a) assessing your suitability as an external service provider or vendor for NETS;
(b) managing project tenders and quotations, processing orders or managing the supply of goods and services;
(c) processing and payment of vendor invoices and bills;
(d) Conduct vendor onboarding and performance evaluations;
(e) managing business operations and product development;
(f) facilities management (including but not limited to maintaining the security of our premises); and/or
(g) purposes which are reasonably related to the aforesaid.

3.6. If you are on NETS premises for any specific transaction, event or other interaction with us:

3.6.1. The purposes for which such personal data is Handled includes:

(a) visitor screening and temperature taking;
(b) creating a data log of your information for security monitoring and fire safety;
(c) for contact tracing;
(d) issuing you access cards and visitor pass;
(e) arranging and planning logistics for corporate visits;
(f) verifying your identity and recording attendance; and
(g) all other purposes reasonably related to the aforesaid.

3.7. If you submit an application to us as a candidate for employment:

3.7.1. The purposes for which such personal data is Handled includes:

(a) conducting interviews;
(b) processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
(c) obtaining employee references and for background screening (including but not limited to reviewing your details for security purposes);
(d) assessing your suitability for the position applied for;
(e) facilities management (including but not limited to maintaining the security of our premises and recording entries and exists); and/or
(f) purposes which are reasonably related to the aforesaid.

3.8. If you sit on the Board of Directors of NETS:

3.8.1. The purposes for which such personal data is Handled includes:

(a) facilitating your appointment as a board member;
(b) maintaining statutory registers and to manage the publication of directors’ statistics on annual reports and circulars;
(c) facilitating the execution of duties and administrative matters; and/or
(d) purposes which are reasonably related to the aforesaid.

3.9. If you are an employee of NETS:

3.9.1. The purposes for which such personal data is Handled includes:

(a) onboarding and facilitating your appointment as an employee;
(b) payroll processing;
(c) facilitate enrolment of any employee benefits (e.g. medical or insurance benefits) and other benefits that may be entitled;
(d) facilitating the execution of duties and administrative matters;
(e) organising training and development programs;
(f) registering you for courses;
(g) assessing your performance;
(h) communicating with you as required by NETS to comply with its policies and processes, including for business continuity purposes; and
(i) any other purposes relating to the aforesaid.

3.10. Furthermore, where permitted under the Act, NETS may also collect, use and disclose your Personal Data for the following “NETS Additional Purposes”:

(a) providing or marketing additional products, services and benefits to you, including but not limited to special events, promotions, loyalty and reward programmes from NETS;
(b) matching Personal Data with other data collected for other purposes and from other sources (including but not limited to third parties) in connection with the provision, marketing or offering of products and services by NETS;
(c) leads generation and management for marketing NETS’ products and services;
(d) administering and organising contests, lucky draws, promotional events, competitions and marketing campaigns (including using such Personal Data to inform winning participants), and personalising your experience at NETS’ touchpoints;
(e) communicating to you advertisements involving details of our products and services, special offers and rewards, either to our merchants and users of our products and services generally, or which we have identified may be of interest to you;
(f) conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics for us to offer you products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile; and/or
(g) purposes which are reasonably related to the aforesaid.

4. Use of Singapore telephone numbers for Marketing

4.1. If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, NETS may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services.

4.2. In relation to particular products and services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

4.3. You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details (see Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data) below.

4.4. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 30 working days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the products and services that you have requested from NETS.

5. Disclosure of Personal Data

5.1. NETS will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:

(a) NETS’ related corporations;
(b) companies providing services related to insurance to NETS as well as agents, contractors or third party service providers who provide operational services to NETS, such as courier services, telecommunications, information technology, payment, printing, billing, technical services, training, market research, call centre, security or other services to NETS;
(c) vendors or third party service providers in connection with marketing promotions and services offered by NETS;
(d) our merchant partners including other banks;
(e) external banks, credit card companies, secretarial agents, billing organisations and their respective service providers;
(f) credit bureaus, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
(g) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
(h) our professional advisers such as consultants, auditors and lawyers;
(i) relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority;
(j) anyone to whom we transfer or may transfer our rights and obligations and/or
(k) any other party to whom you authorise us to disclose your Personal Data to.

5.2. NETS require that organisations outside NETS Group which handle or obtain Personal Data as service providers, vendors, or other entities which NETS work with, acknowledge the confidentiality of this data, undertake to respect any individual’s right to privacy and comply with the pdpa. NETS also require that these organisations use this information only for our purposes and follow our reasonable directions with respect to this information.

5.3. In carrying out our business, it may be necessary to share information about you with and between our related corporations and third party service providers. Some of these related corporations and third party service providers may be located in countries outside Singapore that may not afford an adequate protection to Personal Data or have protections in place which are similar to those in your country of residence. However, NETS will take reasonable steps to ensure that your Personal Data transmitted outside of your country of residence is adequately protected.

5.4. While we will not disclose Personal Data provided to us to third parties without first obtaining the relevant consent(s) permitting us to do so, please note that we may disclose the Personal Data you provided to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

(a) cases in which the disclosure is required or authorised based on the applicable laws and/or regulations;
(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(d) cases in which the disclosure is necessary for any investigation or proceedings;
(e) cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer;
(f) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
(g) where such disclosure without your consent is permitted by the PDPA or by law.

5.5. However, depending on the nature of your request and the Personal Data concerned we may not be able to process your registration or request, or continue providing you with the products or services requested or administer any contractual relationship which may be in place.

6. Security and Retention

6.1. We will safeguard the confidentiality of your Personal Data, whether you interact with us personally, by telephone or mail, over the Internet or other electronic media. We hold Personal Data in a combination of secure computer storage facilities and paper based files and other records and take steps to protect the Personal Data we hold from misuse, loss, unauthorised access, modification or disclosure.

6.2. We do not keep Personal Data longer than is necessary and will destroy or anonymise Personal Data which we no longer require.

6.3. NETS will take reasonable steps using administrative, technical and physical safeguards to protect your Personal Data. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of the Personal Data provided. However, we cannot assume responsibility for any unauthorised use of such Personal Data by third parties which are wholly attributable to factors beyond our control.

6.4. We will retain your information for a term which shall not exceed the time strictly necessary for the purposes set out in this Policy, or for our legal or business purposes. In any case, such retention will not exceed seven (7) years after the last contract between you and us, unless you continue to have a subsisting relationship with us.

7. Use of Cookies

7.1. When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

7.2. Cookies are small text files stored in your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on you.

7.3. Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.

8. Managing Consents

8.1. The purpose of this Policy is to not only inform you of the purposes and business contact information of the Data Protection Officer (see clause 10 below), but to also provide with you further information which is relevant to the way in which we may also manage your consent arrangements in respect of your Personal Data where such consents are required or not subject to an exception.

Deemed Consent by Conduct

8.2. Without prejudice to other consents or rights we may have under the PDPA or at law, and in the daily course of our dealings with you both in the past, now and in the future, you may have provided us with your Personal Data in connection with the purposes which have already been notified to you either in this current or earlier version of this Policy. Where so, your consent to the collection, use or disclosure of your Personal Data for such purposes would have been deemed by your provision of your Personal Data except where we have explicitly indicated a separate consent is required.

Deemed Consent for contractual necessity

8.3. Where we have entered into a contract with you under which we are to execute contractual obligations owed to you, and without prejudice to other consents or rights we may have under the PDPA or at law, your Personal Data will be collected, used or disclosed by other organisations with whom we collaborate in accordance with the Policy to the extent it is reasonably necessary for us to fulfil our contractual obligations or to exercise our contractual rights, in relation to you.

8.4. These other organisations may in turn collect, use or disclose your Personal Data in order to carry out these necessary purposes and that may in turn include further disclosures to third party organisations. In each case the collections, uses and disclosures of such Personal Data are limited to the necessary purposes.

8.5. In the event that your contract with us is terminated or expires for any reason whatsoever, such reasonably necessary purposes will continue to apply to allow us to discharge our obligations and exercise our rights in accordance with the termination or expiry of the contract employment but also to manage our rights and obligations which survive such termination or expiry, including our duties at law that apply beyond your contract of employment with us.

Deemed Consent by Notification

8.6. Without prejudice to other consents or rights we may have under the PDPA or at law, we may, having first taken measures (including conducting relevant assessments, identify reasonable measures to eliminate, mitigate or avoid any identified adverse effects, and apply or other requirements as prescribed by law) choose to manage additional or future further consents required of you under this Policy, by issuing a notice to you (“Notice”), providing you with information on:

(a) Our intention to collect, use or disclose your Personal Data; and
(b) The purposes for which the Personal Data will be collected, used or disclosed.

8.7. Where so, this Notice will be issued to you via email against your last known and updated email address (or, alternatively, any other mode which we reasonably consider is most likely to result in your receiving the Notice), and you will be given thirty (30) days (or such longer period as we may reasonably deem appropriate) within which to let us know if you do NOT consent. In the event that we do not receive a response to that effect, we will proceed on the basis that such consent is deemed pursuant to the PDPA.

8.8. Kindly note that your response should be unambiguous so we are able to apply your instructions and that we may seek verification of such instructions and your identity to confirm the instructions are duly authorised.

8.9. In the event that you act through representatives, including your office, agents, or other intermediary, we will send the Notice using the particulars last updated with us.

8.10. You agree that you will let us know if you would prefer another mode by which such a Notice or communications in connection with this would be preferred failing which we will proceed on the basis as outlined above.

9. Withdrawal of Consent

9.1. You are entitled under applicable law to withhold / withdraw consent to the collection, use or disclosure of personal data, and NETS will respect your choices in this regard.

9.2. However, if you withdraw your consent to any or all purposes and depending on the nature of your request, NETS may not be in a position to continue to provide our products or services to you. Without prejudice to the foregoing, you agree and acknowledge any withdrawal of your consents in accordance with the terms set out in this Policy will not affect any consent which you may have provided to NETS in respect of the use of your Singapore telephone number(s) for the receiving of marketing or promotional information.

10. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data

10.1. Contact Us

If you would like to withdraw consent and access to your personal data or make corrections to your personal data, you may:

For enquiries on personal data related matters, you may write to:

NETS Data Protection Officer
351 Braddell Road
#01-03 Singapore 579713
Email: dpo@nets.com.sg

10.2. Please note that if your Personal Data has been provided to us by a third party (e.g. a referrer, or your company), you should contact such party directly to make any queries, feedback, complaints, and access and correction requests to NETS on your behalf.

10.3. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, NETS may not be in a position to continue to provide its products and services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with NETS, and your being in breach of your contractual obligations or undertakings. NETS’ legal rights and remedies in such event are expressly reserved.

11. Governing Law

This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.

Back to Policies