1. Introduction

This is the Personal Data Protection Policy of the affiliated companies listed below (collectively “Cantley”, “us”, “we” or “our”) which comply with the provisions of the Personal Data Protection Act of Singapore (“PDPA”).

Cantley Lifecare Pte Ltd (201703024G)

This policy provides:

Our policies on managing your Personal Data.

Types of Personal Data we collect, use, disclose, and/or retain.

How we collect, use, disclose, and/or retain your Personal Data.

Purpose(s) for which we collect, use, disclose, and/or retain your Personal Data.

You agree and consent to us, the Organisation, and our authorised service providers and third parties to collect, use and disclose and/ or retain your Personal Data in the manner set forth in this Personal Data Protection Policy.

Each department at Cantley follows this Policy to ensure accountability and uniformity in collecting, using, and disclosing personal data. While this Policy is universally applied, each department is individually responsible for its actions regarding your personal data.

By using our services, you agree to our collection, use, disclosure, and/or retention of your Personal Data as outlined in this Policy. This Policy does not replace prior consents, nor does it impact our legal rights regarding your Personal Data.

We may update this Policy without notice to align with regulatory changes. The updated Policy supersedes earlier versions and applies to previously provided personal data.

Revisions will be published on our website (www.cantleylifecare.com).

This Policy is part of the terms and conditions governing your relationship with us and should be read with such terms and conditions. In case of inconsistency, the Terms and Conditions prevail.

2. Your Personal Data

In this Personal Data Protection Policy, “Personal Data” refers to any data and/or information about you from which you can be identified by, either (a) from that data; or (b) from that data and other information to which we may have legitimate access to. Examples of such Personal Data include but are not limited to:

your name, NRIC, passport or other identification numbers, telephone number(s), mailing address, email address and any other information relating to you which you have provided in any forms you may have submitted to use, or in other forms of interaction with you;

Employment history, education, income.

Personal data of family members.

Payment information.

Website interaction details.

3. Collection of Your Personal Data

We collect Personal Data directly or indirectly through various channels:

Website access or online transactions.

Interaction with employees.

Service applications.

Response to requests for additional Personal Data.

Inclusion in email or mailing lists.

Contact through communication channels.

Capture of images during events.

Submission by family or friends.

Response to initiatives or promotions.

We seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a customer, investor or shareholder when you submit your Personal Data to us for any other reason.

When you browse our website, you generally do so anonymously, but please see the section below on cookies.

4. Purposes for Collection, Use, and Disclosure of Your Personal Data

We collect, use, disclose, and/or retain your Personal Data for various purposes, including:

Providing services/training/funding.

Assisting with inquiries, requests, and feedback.

Processing payments.

Improving customer services and ensuring security.

Conducting research, surveys, and interviews.

Keeping you updated on events.

Compliance with laws and regulations.

Job applications, training matters, promotions, and legitimate business interests.

Consent is deemed under the PDPA for specific circumstances outlined in the Policy.

5. Marketing/Optional Purposes

From time to time, we may contact you via mail, electronic mail, telephone (call or SMS-Text), or social media platforms, to inform you about our courses / services and events that we think may be of interest to you.

Analyzing and/or profiling your purchases, transactions and/or likes or dislikes so as to be better able to send you relevant or targeted news (including events and product launches), promotion and marketing information from us (and/or our affiliates or related entities) and on our group products.

Videos and photos will be taken during the classes and events to be used for marketing and related purposes.

You can let us know at any time if you no longer wish to receive marketing materials (by informing us through our email to academy@cantleylifecare.com) and we will remove your details from our direct marketing database. Please note that we may still send you non-marketing messages such as surveys, customer-service notices and other service-related notices.

For further details or to address concerns, please contact our Data Protection Officer at admin@cantleylifecare.com.

6. Disclosure of Your Personal Data

We may share your Personal Data with external organizations for the purposes outlined earlier, in compliance with applicable laws. These may include:

Our professional advisers, such as auditors.

Government regulators, statutory boards, law enforcement agencies to adhere to laws and regulations.

Third parties providing services, like IT vendors, marketing firms, and event organizers.

Business partners offering membership services and benefits.

Any other individuals related to the stated purposes.

7. Use of Cookies

We may collect or analyse anonymised information from which individuals cannot be identified (“Aggregate Information”), such as number of users and their frequency of use, the number of page views (or page impressions) that occur on our websites and common entry and exit points into our websites.

We make use of “cookies” to store and track Aggregate Information about you when you enter our website(s). Such cookies are used to track information such as the number of users and their frequency of use, profiles of users and their online preferences.

Such aggregate Information collected may be used to assist us in analysing the usage of our website(s) so as to improve your online experience with us.

Should you wish to disable the cookies associated with these technologies you may do so by changing the setting on your browser. However, please note that this may affect the functionality of the website(s).

8. Third-Party Sites

Our website(s) may link to third-party-operated sites. We are not responsible for their privacy practices.

We encourage you to learn about the privacy policies of such third party website(s) by checking the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

9. Protection of Your Personal Data

We maintain appropriate security safeguards and practices to protect your Personal Data unauthorised access, collection, use, disclosure, copying, modification disposal or similar risks, in accordance with applicable laws.

Period of retention. We keep your personal data only for so long as we need the data to fulfil the purposes we collected it for, and to satisfy our business and legal purposes, including audit, accounting or reporting requirements. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Certain information may also be retained for longer, e.g. where we are required to do so by law or to maintain a record of the certification you have obtained with us. Typically, our data retention period is from 5 years upwards, depending on the limitation period.

Anonymised data. In some circumstances, we may anonymise your personal data so that it no longer identifies you, in which case we are entitled to retain and use such anonymised data without restriction, including for data analytics.

Unauthorised access and vulnerabilities. While we take reasonable precautions to safeguard your personal data in our possession or under our control, we cannot be held responsible for unauthorised or unintended access that is beyond our control, including hacking or cybercrimes. We also do not guarantee that our websites and applications are invulnerable to security breaches, or that your use of our websites and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities.

10. Accuracy of Your Personal Data

Ensure the accuracy and completeness of provided personal data.

We strive to maintain accurate, complete, and up-to-date Personal Data.

Notify us of updates to your Personal Data for ongoing accuracy. Incorrect data absolves us of related consequences.

11. Withdrawal of Consent

To withdraw consent, contact us at admin@cantleylifecare.com. We will cease collecting, using, or disclosing personal data within 30 days, unless required by law.

Withdrawal may affect our ability to provide services, depending on the nature of the request.

12. Access and Correction of Your Personal Data

Request access or corrections to Personal Data, with a reasonable fee possible. Submit forms or information for processing.

Contact our Data Protection Officer at admin@cantleylifecare.com for requests. Processing time is subject to request complexity but generally aims for completion within 30 days.

Rights Refusal: We may refuse requests under applicable laws, for example, when data is needed for claims or based on compelling legitimate grounds.

13. Retention Limitation

Cease retention or remove means of association when personal data is no longer necessary for business or legal purposes.

14. Notification of Breach

We commit to notifying the PDPC and affected individuals in case of a detected data breach causing significant harm. An assessment is conducted promptly, and notifications are made when criteria are met.

15. Portability Obligation

Upon request, we will transmit an individual’s personal data, in a machine-readable format, to another organization. This applies to data provided by the individual or created during the use of our products or services. The individual must have a direct relationship with us, and the receiving organization must have a presence in Singapore. Data derived from other personal data in the course of our business is not covered.