We are sharing this introduction to help you to understand our data protection and privacy practice.
Lawful Basis and Transparency: We only collect what is needed
We adopt a pragmatic “Data-light, Data-tight” approach in our business conduct. We conduct an information audit to determine what information we process and who has access to it. There is a legal justification for the data processing activities. Our company has presented clear information about our data processing in different businesses and legal justification in the CapitaLand Group Personal Data Protection Policy (See enclosed).
How we practice Data Security
Data protection is taken into account at all times, from the moment we collect your personal data in business activities. We encrypt, pseudonymize or anonymize the data wherever possible. This is something that our staff are always aware of. We have internal data protection policies and IT security policy for our staff, and build awareness about data protection. Our business leaders know when to conduct a data protection impact assessment and we have a process in place to carry it out. For data breach matter, we have a process to notify authorities and other stakeholders that is guided by an internal data breach reporting policy and business continuity management programme.
Accountability and Governance are our Priorities
We have Data Protection by Design and by Default. Our company has designated business leaders and data protection champions across the company to ensure compliance with EU GDPR, Singapore PDPA and other data protection/privacy laws and regulations in the countries we operate in. We signed data processing agreement with third parties that process personal data in the business activities. We have a global network of internal Data Protection Officers in the countries / regions we operate in, who are familiar with our business activities and data processing, to ensure that your personal data is protected according to our policies and applicable legislations. As our company is headquartered outside EU, we have also appointed representative in EU.
We respect your Data and Privacy Right
We have proper security procedure to handle our customers who make request about their personal data that is with us. It is easy for our customers to correct or update inaccurate or incomplete information. We do not use automated processes to make decision about our customers. If there is use of Artificial Intelligence/Machine Learning or use of website cookies to make decision, this is notified to our customers on the relevant company websites where such activities are taking place.
CapitaLand Group's Personal Data Protection Policy
Personal Data Protection is important to us
Protection of your Personal Data is important to us. This CapitaLand Personal Data Protection Policy (“ Policy”) outlines how we manage the Personal Data we hold in One CapitaLand Ecosystem. The Policy applies to:
a) CapitaLand Development Private Limited (CLD) (Registration Number 201109018N) that holds the developing assets and builds new properties;
b) CapitaLand Investment Limited (CLI) (Registration Number 200308451M) that holds the REITs, the private funds, the property managers and the hospitality business; and/or
c) related corporations and affiliates;
referred to hereunder as “CapitaLand”, the “CapitaLand Group”, “we”, “us” or “our”) collectively or singularly as the context requires, recognise the importance of protecting Personal Data.
We respect the confidentiality of Personal Data and privacy of individuals and are committed to complying with the Singapore Personal Data Protection Act (Act 26 of 2012) (“ PDPA”) and other applicable data protection laws, including the European Union (“ EU”) General Data Protection Regulation (“ GDPR”), where applicable. Please read this Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
We adopt a pragmatic “Data- light, Data- tight” approach in our business conduct.
“Data- light” means that we collect Personal Data only for what is required in business or in activities conducted by our organisation and will properly destroy the Personal Data once there is no business or legal purpose. We do not collect Personal Data randomly or indiscriminately without purpose.
“Data- tight” means that we do not disclose your Personal Data unless prior consent has been obtained and we have administrative, physical and Information Technology (IT) security measures to protect your Personal Data.
This Policy supplements and does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data. , use or disclosure of your Personal Data.This Policty also does not affect any of our rights regulated by law in relation to the collection, use and disclosure of your Personal Data.
For the avoidance of doubt, to the maximum extent permitted under applicable law, nothing in this Policy establishes any joint and several liability on the part of the CapitaLand Group members.
Generally, we process your Personal Data for one or more of the specific purposes identified in this Policy based on your consent obtained. Where GDPR applies, the legal basis for our processing of your Personal Data could also be that it is necessary for the legitimate interests pursued by us, or a third party which is described in paragraph 3.8 of this Policy. These legitimate interests include providing services to you where you are our client, managing the relationship between CapitaLand and you and facilitating internal business purposes and administrative purposes. In some cases, the provision and processing of your Personal Data may be a statutory and/or contractual requirement, or may be necessary in order to perform any contract you have agreed with us or perform services that you have requested.
In addition, if your Personal Data has been collected, used or disclosed by us in a particular jurisdiction which has specific requirements or exceptions to the definition of Personal Data, including sensitive Personal Data, we will comply with those requirements under the applicable data protection regulations in that jurisdiction.
1. Your Personal Data
1.1. “ Personal Data” refers to any data or information about you from which you can be identified either (a) from that data alone; or (b) from that data combined with other information. Examples of such Personal Data which you may provide us include (depending on the nature of your interaction with us):
a) your name, national registration identification number, passport number or other identification number, telephone number(s), mailing address, email address, facial image in a photograph or video recording, fingerprint and any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with you;
b) information about your use of our websites and services, including cookies, IP addresses, subscription account details and membership details;
c) your employment history, education background, and income levels; and
d) your payment related information, such as your bank account or credit card information, and your credit history.
2. Collection of Personal Data
2.1. Generally , we collect your Personal Data in the following ways:
a) when you submit forms relating to any of our products or services, or submit any online queries;
b) when you register for or use any of our services on websites owned or operated by us or when you register as a member on any of our websites owned and/or operated by us;
c) when you register for or use any of our services, including accessing our properties or registering for your stay at our serviced apartments or hotels, through self-service check-in booths or kiosks located at the properties;
d) when you interact with our customer service officers or any of our staff, for example, via face-to-face meetings, business interactions in events and exhibitions, telephone calls, letters, online forms (such as any “Contact Us” forms on our websites), online reservation chat, social media platforms and emails;
e) when you use or purchase our services or products;
f) when you establish any online accounts with us (such as Ascott Star Rewards accounts);
g) when you request that we contact you;
h) when you respond to our request for additional Personal Data;
i) when you ask to be included in an email or other mailing list;
j) when you respond to our promotions or other initiatives;
k) when you respond to our market surveys;
l) when you submit a job application or a scholarship application;
m) when we receive references from business partners and third parties, for example, where you have been referred by them;
n) when you submit your Personal Data to us for any other reason; and
We may monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation, and identity verification purposes, and while receiving feedback, responding to your queries, requests and complaints and other related purposes. Such monitoring or recording will be done in accordance with applicable law.
2.2. If you provide Personal Data of a third party (e.g. information of your dependent, spouse, children and/or parents) to us, you represent and warrant that the collection, use and disclosure of that Personal Data to us, as well as the further processing of that Personal Data by us for the purposes set out in this Policy, is lawful.
3. Use and Disclosure of Personal Data
3.1. Our business is to understand and meet your needs and provide you with the products and services that you require. To do this effectively, we need to collect a range of Personal Data about you.
3.2. In general, we will, subject to applicable law, use and disclose your Personal Data for the following purposes:
a) provide you with the products or services that you have requested;
b) help us review, develop, improve, manage the delivery of and – to the extent this requires the use of Personal Data – enhance our products and services, including analysing future customer needs, conducting market research and data analytics (which does not involve automated profiling or result in automated decision-making activity which is regulated under the GDPR);
c) communicate with you and respond to your queries, requests and complaints;
d) provide ongoing information about our products and services which may be of interest to you;
e) handle disputes and conduct and facilitate investigations and proceedings;
f) protect and enforce our contractual and legal rights and obligations;
g) prevent, detect and investigate crime, including fraud and money-laundering, and analyse and manage other commercial risks;
h) manage our infrastructure and business operations and comply with internal policies and procedures;
i) facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any CapitaLand Group entity; and
j) comply with any applicable rules, laws and regulations, codes of practice or guidelines or assist in law enforcement and investigations by relevant authorities.
3.3. In addition, we may use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
a) If you have a membership account with us (for example as a member of CapitaStar or Ascott Star Rewards):
b) If you download or use any of our mobile applications (apps):
c) If you are a prospective tenant or a tenant of any of our properties:
d) If you are a prospective user or a user of co-working space (e.g. Bridge+):
e) If you are a prospective user or a user of our data centres and for any reasonable purpose for the servicing of your agreement, occupation or in good management of our data centres by us or any of our authorised service providers:
f) If you are purchasing property from us or have indicated an interest in purchasing property from us:
g) If you are a resident at one of our serviced apartments or hotels, or an employee or an organisation which is a customer of our serviced apartments or hotels:
h) If you are a shareholder, unitholder or Stapled Securityholder of our shares:
i) If you are a vendor, a prospective vendor or a contractor:
j) If you submit an application to us as a candidate for employment:
k) If you are an existing employee, CapitaLand Group’s Employee Personal Data Protection Policy would also apply to you.
3.4. The above purposes are not exhaustive, and depending on the nature of your relationship with us (for example, if you are a member of CapitaStar or Ascott Star Rewards), we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with applicable terms and conditions.
3.5. When you apply for or hold a co-brand product which is offered jointly by us and our co-brand partner(s), we may also collect, use and disclose your Personal Data for the purpose of sharing your Personal Data with the co-brand partners for offering, marketing and promoting to you any products, services, offers or events which the co-brand partner thinks may be of interest to you. We will only share your Personal Data with the co-brand partners where permitted by applicable law. For avoidance of doubt, Personal Data collected by third party operators of our properties is not covered by this Policy. Third party operators refer to operators who are not members of the CapitaLand Group. These third party operators operate their business on these properties independently of the CapitaLand Group and the Personal Data of individuals such as guests and vendors are collected by the third party operators for themselves. CapitaLand Group does not have access to such Personal Data. Individuals should check directly with the third party operators on their data rights.
a) provide services and extend benefits to you, including promotions, loyalty and reward programmes, send you industry market updates (e.g. in real estate), newsletters (e.g. on property) and other information on our products, services, offers or promotions which may be of interest to you and conduct market research to develop special offers, promotional and/or marketing programmes; and
b) administer contests, competitions and conducting lucky draws, including, where necessary, announcing the results of these contests, competitions and lucky draws and identifying and contacting the winners.
3.7. In relation to particular products or services or in your interactions with us, we may also notify or have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes.
3.8. Your Personal Data will be protected and kept confidential, but subject to the provisions of any applicable law, your Personal Data may, depending on the products or services concerned, be disclosed to third parties set out below. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to third parties. Your Personal Data will, in each case, only be disclosed to the extent necessary and proportionate.
The third parties are:
a) other divisions or entities within the CapitaLand Group;
b) our joint venture/ alliance partners;
c) our agents, contractors, third party service providers and specialist advisers who have been contracted to provide us with administrative, financial, research, operational or other services such as telecommunications, information technology, payment, payroll, training, market research, storage and archival;
d) any third party business partners who offer goods and services or sponsor contests or other promotional programmes, whether in conjunction with us or not, and where permitted by applicable laws;
e) insurers or insurance investigators and credit providers;
f) the Credit Bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
g) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving the CapitaLand Group;
h) our professional advisors such as our auditors and lawyers;
i) relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority;
j) anyone to whom we transfer or may transfer our rights and obligations, including, for example, where we obtain the services of a third party organisation to handle any aspect of the processing of your Personal Data for the purposes notified to you in accordance with this Policy;
k) banks, credit card companies and their respective service providers; and
l) any other party as may be consented to by you, as specified by you or as may be notified to you by us in subsequent notices.
m) In the event that your Personal Data is shared with a third party that acts with a member of the CapitaLand Group as joint controllers under GDPR, we will, to the extent required by law, provide you with additional information on the responsibilities of each joint controller, any particular means by which you can enforce your rights and the primary contact person for such requests in relation to your rights.
3.9 We require that organisations outside the CapitaLand Group which handle or obtain Personal Data as service providers to us acknowledge the confidentiality of this data, undertake to respect any individual's right to privacy and comply with the PDPA, the GDPR and any other applicable data protection laws. As a requirement under these laws, we may be required to have specific agreements in place with such third parties to regulate and safeguard your data protection rights. We also require that these organisations use this information only for our purposes and follow our directions with respect to this information.
4. Transfer of Personal Data
4.1 Your Personal Data may be stored in external servers located overseas or in countries outside of your country of residence. In addition, as described above, in carrying out our business, it may be necessary to share information about you with and between our related corporations and affiliates, and third party service providers, some of which may be located in countries outside your country of residence. We will take reasonable steps to ensure that your Personal Data transferred outside of your country of residence is adequately protected. In addition, we will ensure that such transfers comply with the requirements of the applicable data protection laws.
4.2 In respect of our activities in the EU, CapitaLand Investment Limited (the parent entity of The Ascott Limited), CL International Management (UK) Limited, The Ascott Limited and Citadines SA (a wholly owned subsidiary of The Ascott Limited) are the ultimate primary data controllers for processing of the Personal Data, and the respective contact details are as follows:
CapitaLand Investment Limited (CLI)
Address: 168 Robinson Road #30-01 Capital Tower Singapore 068912
Contact Email Address: firstname.lastname@example.org
Contact Phone Number: +33141057879
CL International Management (UK) Ltd
Address: 6th Floor 2 London Wall Place, London, England, EC2Y 5AU
The Ascott Limited
Address: 168 Robinson Road #30-01 Capital Tower Singapore 068912
Contact Email Address: email@example.com
Contact Phone Number: +33141057879
Address: 120 rue jean jaurès F-92532 Levallois-Perret cedex France
Contact Email Address: firstname.lastname@example.org
Contact Phone Number: +33 (0)1 41 05 78 00
CapitaLand Investment Limited and its related corporations and affiliates are referred to hereunder as the “ CapitaLand Group”.
Representative in EU: Mr Stephane Mayere
5. Retention of Personal Data
5.1 We may retain your Personal Data for as long as it is necessary for the purposes it has been collected, and (i) in most cases, up to 7 years; or (ii) in respect of our activities in the EU, up to 10 years, unless otherwise permitted by applicable law or in order to defend legal claims. Where we no longer require your Personal Data for those purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.
6.1 You have the following rights, under applicable data protection laws (except where the exercise of these are restricted under applicable laws – for example, due to judicial proceedings or the carrying out of investigations), which can be exercised by contacting the relevant Data Protection Officer at the contact details provided in paragraph 10.1 below:
a. to obtain from us confirmation as to whether or not your Personal Data is being processed and request a copy of your information. Where legally required, we will provide your information in an easily accessible format and assist in transferring some of this information to third parties;
b. rectification of your Personal Data. We endeavour to ensure that all Personal Data we have about you is accurate and up-to-date. We understand that this information changes frequently with changes of address and other personal circumstances. We encourage you to contact us as soon as possible to enable us to update any Personal Data we have about you. Incomplete or outdated Personal Data may result in our inability to provide you with products and services you have requested;
c. where the processing of your Personal Data is carried out by automated means, you have the right to receive your Personal Data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
d. in certain circumstances, you can request to have your Personal Data deleted or restrict the processing of it;
e. if we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is necessary for legal reasons. Where we use your data for direct marketing purposes, you can always object using the unsubscribe link in such communications or by contacting us at the details provided in paragraph 10.1 below;
f. prevent any processing of Personal Data that is causing or is likely to cause unwarranted and substantial damage or distress to you or another individual;
g. be informed about any use of your Personal Data to make automated decisions about you where such decisions produce legal effects or have similarly significant effects on you, and to obtain meaningful information about the logic involved, as well as the significance and the envisaged consequences of this processing; and
h. to lodge a complaint about the way in which your Personal Data is being used to a supervisory authority. If you are located in the EU, you can contact the supervisory authority in the EU member state of your habitual residence or place of work or where the relevant member of the CapitaLand Group which has used your Personal Data is located.
6.2 Where we rely on your consent to use your Personal Data, you have the right to withdraw that consent at any time. This withdrawal will however not affect the lawfulness of processing based on your consent before your withdrawal.
If you withdraw your consent to any or all purposes and depending on the nature of your request, we may not be in a position to continue to provide our products or services to you. Please note, however, that if you have provided us consent in respect of the use of your Singapore telephone number(s) for receiving marketing or promotional information, any such consent provided will not be affected by your withdrawal of your other consent in accordance with the terms set out in this Policy. If you do not wish for your Singapore telephone number(s) to be used for receiving marketing or promotional information, please contact the relevant Data Protection Officer and specify that you wish to withdraw your consent for such purpose.
6.3 Where we process your Personal Data based on the legitimate interests referred to in paragraph 3.3 above, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is necessary for legal reasons.
6.4 Where mandated under the applicable data protection laws, your exercise of the rights described or referred to above shall be free of charge. In all other situations, we may charge a fee to cover the cost of verifying the request and locating, retrieving and copying any material requested.
6.5 If you want to exercise any of your rights or if you wish to raise a complaint on how CapitaLand Group has handled your Personal Data, you may contact the relevant Data Protection Officer at the contact details provided in paragraph 10.1 below.
7. Management and Security
7.1 We have appointed Data Protection Officers to oversee our management of your Personal Data in accordance with this Policy and the applicable data protections law. We train our employees who handle your Personal Data to respect the confidentiality of your Personal Data, and we regard breaches of all applicable data protection laws very seriously.
8. Telemarketing Policy
8 .1 This section outlines our telemarketing policy which relates only to individual users of Singapore telephone numbers and was developed to comply with the Do Not Call (“DNC”) provisions under the PDPA. Our telemarketing policy applies to the CapitaLand Group unless we have notified you otherwise in writing.
8.2 We aim to comply with the DNC provisions and your choices to receive promotional and marketing messages:
a) If you have registered your Singapore telephone number with the relevant Singapore DNC registers, we will not send you promotional and marketing messages via SMS, fax, calls and other means (as applicable)..
b) However, if you have previously consented to our sending you such messages to your Singapore telephone number(s), we will continue to do so until you withdraw such consent, regardless of your DNC nominations.
c) Also, if you currently have an existing, ongoing relationship with us, depending on the nature of that relationship, we may continue to send you promotional or marketing messages via SMS, fax, calls or any means, about products and services which are related to that ongoing relationship notwithstanding your registration with the DNC Registry, unless you opt-out of receiving such messages.
9.1 If you have any questions about this Policy or any queries relating to your Personal Data, or you would like to obtain access and/or make corrections to your Personal Data records, please contact the relevant Data Protection Officers:
All countries (except EU, UK and Georgia)
Name: Dr Freddie Tan, Group Data Protection Officer, CapitaLand Investment Limited
Number: +65 6713 2705
UK, EU and Georgia (Serviced Apartments/Hotels)
For individuals residing in the EU (except Germany), UK and Georgia, please contact the Data Protection Officer below:
Name: Stephane Mayere (Representing the CapitaLand Group – CapitaLand Investment Limited, CL International Management (UK) Ltd, The Ascott Limited, Citadines SA)
Number: +33 1 4105 7879
For residents residing in Germany, please contact the Data Protection Officer below:
Name: Daniela Hartjes
Number: + 33 1 4105 7881
For individuals residing in Malaysia, please contact the Data Protection Officer below:
Name: Low Sue Fung
Number: +60 3 2279 9888
11.1 This Policy and your use of this website shall be governed in all respects by the laws of Singapore. For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.
11. Review of this Policy
11 .1 This Policy will be reviewed from time to time by us. We may also from time to time update this Policy to take account of new laws and technology, changes to our operations and practices and the changing business environment. If you are unsure whether you are reading the most current version, please contact us.
1 1 .2 In the event of any inconsistencies between the English version and other translations of this Policy, the English version shall prevail.
(As at 20 Sep 2021)