cnrst Pte Ltd (cnrst) is bound by the Personal Data Protection Act 2012 (PDPA) and is committed to protecting the personal data we receive. This privacy policy is designed to help you understand why and how we collect, use and disclose your personal data and to whom data access or “opt-out” requests can be addressed. By using our Service, you consent to your personal data being collected, stored, used and disclosed as set out in this privacy policy. cnrst reserves the right to amend this Policy without notice at any time.
This Policy also applies to all our employees.
1. What personal data we collect
"Personal data" refers to data, whether true or not, about an individual who can be identified from that data, or from the data and other information to which the Company has or is likely to have access to.
The type of personal data we may collect from you include, but not limited to:
- Name
- Mobile phone number
- Residential phone number
- Residential address or Postal Address
- Email Address
- Age / Date of birth
- Gender
- Occupation
- NRIC or FIN number or Passport number as applicable
- Bank account details and other financial information
- Medical/health report
2. The purpose for collecting your personal data and how we use it
We collect and use your personal data for the purpose of providing the Service to you and directly related purposes. We also collect and use your personal data for other purposes including:
- helping to develop and identify products and services that may interest your clients/persons seeking or offering insurance;
- providing ongoing information or opportunities to insurers that we believe may be relevant (if you have requested to receive this); and
- audit and compliance review purposes;
- complying with applicable laws and regulatory obligations, such as anti-money laundering, counter financing of terrorism and legal processes.
3. How we collect your personal data
We collect your personal data through the proposals submitted for insurance directly from you or on your behalf via email, telephone or hard copy forms or indirectly from the insured who is your employer or from a third party or publicly available source where:
- You have consented for this collection; or
- You would reasonably expect us to collect your personal data for a specific purpose (such as investigation of a complaint or relating to handling claims).
In certain circumstances, we may be required or permitted by law or Court or Tribunal Order to collect certain personal information about you.
4. Opting out
When we collect your personal data, you may elect to receive information about our other services or products. If you no longer wish to receive such information, or you do not want us to disclose your personal data to any other external organisation, you can opt out by contacting us using our contact details given at the end of this policy.
5. Your obligations when you provide personal data of others
You must not provide us with personal data of any other individual unless you have the express consent of that individual to do so. If you do provide us with such data about another individual, before doing so you:
- must tell that individual that you will be providing their personal data to us and that we will handle their personal data in accordance with this privacy policy;
- must provide that individual with a copy of (or refer them to) this privacy policy; and
- warrant that you have that individual's consent to provide their personal data to us
6. Disclosure of your personal data
Where appropriate, we will disclose your personal data for:
- The purpose to which it was provided to us.
- Purposes which are directly related to the purpose it was provided for; and
- Any other purposes to which you may have consented, including to
- our related companies or third parties who help manage our business and provide our services, including our third-party service providers, such as payment system operators, IT suppliers, lawyers, accountants, other advisers and financial institutions.
- courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules; or
- requests of courts, law enforcement, regulators and other governmental agencies
We may transfer personal data held about you outside Singapore if permitted by law to countries including Australia, or Asia. We will take reasonable steps in the circumstances to ensure that the overseas recipient does not breach the PDPA.We will not otherwise disclose your personal information other than as set out in the privacy policy or when required or permitted by law.
Nothing in this privacy policy prevents us from using and disclosing to others de-personalised aggregated data
7. Security of your personal information
We take reasonable steps to protect any personal information that we hold from misuse, interference and loss and from unauthorised access, alteration and disclosure. For example, we maintain physical security over our paper and electronic data stored in premises such as locks and security systems. We also maintain computer and network security; for example, by using firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems
However, data protection measures are never completely secure and, despite the measure we have put in place, we cannot guarantee the security of your personal information. You must take care to ensure you protect your personal data (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.
8. Retention of personal data
We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable laws. We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected and are no longer necessary for legal or business purposes.
9. Accuracy, access and correction of your personal data
We take reasonable steps to ensure that your personal data is accurate, complete and up to date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal data. Please let us know as soon as possible if there are any changes to your information or if you believe your personal data, we hold about you is not accurate, complete or up-to-date. If you make a request by contacting us at the contact details below, we will provide you with access to the personal data we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal data. There are exemptions under the PDPA which may apply to personal data access and correction requests. We may require that you provide identification to verify the correct person is requesting the information or the change to the information. We will not charge you for making a request, however if reasonable, we may charge you for the costs associated with complying with a data request.
10. Complaints and queries
If you have a complaint or require further information about how cnrst manages your personal data, please contact Data Protection Officer at:
11. Data Protection Officer
cnrst Pte Ltd
10 Anson Road, #21-15 International Plaza,
Singapore 079903
Telephone: +65 6538 1855
OR Email: [email protected]
Complaints will be dealt with as soon as practicable.
12. Changes to privacy policy and notice
We may amend this Privacy Policy at any time. A current version will be available by following the ‘privacy policy’
link located at the bottom of our website homepage at https://cnrst.sg/
For more information on personal data, please visit the Personal Data Protection Commission website at www.pdpc.gov.sg