This Data Protection Policy outlines how the Personal Data collected will be managed by IFS Capital Limited in accordance with the Personal Data Protection Act 2012 (“PDPA”) including the purposes for which such Personal Data may be collected, used or disclosed by IFS Capital Limited and its related corporations (together, “IFS”).

This Data Protection Policy will form a part of the terms and conditions governing the relationship of IFS’ clients (“Clients”) with IFS and should be read in conjunction with such terms and conditions in all other agreements between the Clients and IFS (“Terms and Conditions”). In the event of any conflict or inconsistency between the provisions of this Data Protection Policy and the Terms and Conditions, the provisions of the Terms and Conditions shall prevail to the fullest extent permissible by law.

This Data Protection Policy supplements but does not supersede nor replace any other consents which may have been previously provided to IFS or any other rights of collection, use or disclosure under the Terms and Conditions nor does it affect any rights that IFS may have at law in connection with the collection, use and/or disclosure of the Personal Data. Nothing herein is to be construed as limiting any of these other rights.

IFS may amend and vary this Data Protection Policy from time to time and that upon notification of such amendment, the contents thereof shall take effect from the date specified in such notice.

1. Personal Data

In this Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data or (b) from that data and other information to which IFS has or is likely to have access.

2. Collection of Personal Data

2.1 From time to time, IFS may collect from (a) the Clients, (b) any person authorised by Clients, (c) third parties including Relevant Individuals (defined below) and/or (d) publicly available sources, the following data and information:

  1. Personal Data about the Client’s beneficial owners, partners, directors, officers or authorized signatories, representatives, employees, customers, guarantors, other security providers and other natural persons related to the Client or connected to the Facilities (as defined below) (collectively all of the foregoing who are natural persons, “Relevant Individuals”). Such Personal Data may include names, identification particulars, date of birth, contact details, transaction patterns, background (which may possibly include financial, career, education and family background);
  2. information and data generated in the ordinary course of the business relationship with IFS, for example, when a Relevant Individual arranges credit facilities and other products and related services (collectively, “Facilities”) on behalf of the Client or offers to provide guarantee or securities for the Facilities, or when the Client applies for the Facilities; and
  3. information from cookies, or other technologies deployed for analysis of visits to websites or the use of any information technology application or platform of IFS.

2.2 Personal Data of a Relevant Individual may be processed, kept, transferred or disclosed in and to any country as IFS considers appropriate, in accordance with the PDPA.

2.3 Where the Personal Data of the Relevant Individual is submitted by the Client (or any person on the Client’s behalf), the Client must obtain the consent of such Relevant Individual to IFS collecting, using and disclosing his or her Personal Data for the Purposes set out below. By providing the Personal Data to IFS, the Client undertakes, represents and warrants that:

  1. it has notified and obtained the consent of the Relevant Individual for IFS to collect, use, disclose and process the Personal Data for the Purposes set out below and it has retained the proof of such notification and consent which will be provided to IFS upon IFS’ request;
  2. it has validly acted for and on behalf of such Relevant Individual in disclosing such Personal Data to IFS and for IFS to collect, use, disclose and process the Personal Data for the Purposes set out below; and
  3. it will inform such Related Individual who wish to access, correct, or withdraw consent in relation to his/her Personal Data provided to IFS of this Personal Data Protection Policy.

3. Purposes for the Collection and Use of Personal Data

IFS may collect, use and/or process the Personal Data for, one or more of the following purposes:

  1. to process the application for the Facilities;
  2. to consider and make decisions whether to establish, provide or continue the Facilities for the Client;
  3. to provide, administer and maintain the Client’s Facilities;
  4. to prepare the relevant documentation in relation to the Client’s Facilities;
  5. to carry out or respond to any enquiries or instructions from the Client or the Relevant Individuals;
  6. to conduct credit checks or credit assessment on the Clients and/or the Relevant Individuals;
  7. to review and assess ongoing credit worthiness and standing of the Clients and/or the Relevant Individuals;
  8. for internal operational requirements (including credit and risk management, system or product development and planning, insurance, audit and administrative purposes) and to comply or meet IFS internal policies and procedures;
  9. to carry out due diligence or other screening activities and background checks (including but not limited to those designed to combat financial crime, “know-your customer”, anti-money laundering, counter-terrorist financing or anti-bribery) in accordance with legal or regulatory obligations or as required by IFS;
  10. to prevent, detect and investigate fraud, misconduct, any unlawful action or omission and analyzing and managing other commercial risks;
  11. to manage IFS’ relationship with the Client and/or the Relevant Individuals;
  12. archival of documents and records for record keeping purposes;
  13. to comply with any applicable domestic and foreign laws, regulations, rules (including stock exchange rules), directives, orders, instructions and requirements from any local or foreign authorities including regulatory, governmental, tax and law enforcement authorities or other authorities;
  14. the recovery of any and all amounts owed or owing to IFS;
  15. to enforce or defend the rights of IFS, contractual or otherwise;
  16. to facilitate proposed or actual assignment or transfer of any part of business and/or asset of IFS, or assignment, transfer, participation or sub-participation in any of IFS’ rights or obligations in respect of the Facilities; and
  17. any other purposes reasonably related to any of the above.

(collectively, the “Purposes”)

4. Disclosure of Personal Data

In carrying out one or more of the above Purposes, the Personal Data may be disclosed to the following parties (whether located within or outside Singapore) for the above Purposes or for processing in accordance to the above Purposes on a need to know basis:

  1. related corporations and affiliates of IFS (“IFS Group Companies”);
  2. any director, officer, staff and relevant personnel of IFS Group Companies;
  3. any process agent to receive, accept and acknowledge the service of process in any legal proceedings;
  4. any agent, contractor or third party service provider who provides operational services such as administrative, information technology, telecommunication or other services to IFS for its business operations;
  5. any credit reference agency, credit information bureau, rating agency, business partner, insurer provider or insurance broker, bank or financial institution, and, in the event of default, to debt collection agencies;
  6. IFS’s auditors and professional advisors including its solicitors;
  7. auditors of the Client or any entity in relation to the Facilities for the purpose of audit confirmation;
  8. any person or entity to whom IFS is under an obligation or otherwise required to make disclosure pursuant to legal process or pursuant to any domestic or foreign legal and/or regulatory obligation or rules issued by stock exchange;
  9. regulators, law enforcement and government agencies;
  10. dispute resolution parties;
  11. any actual or proposed assignee or transferee of all or any part of the business and/or asset of IFS or participant or sub-participant or transferee of IFS’ rights or obligations in respect of the Facilities;
  12. any party giving or proposing to give a guarantee or third party security or guarantee or secure the Facilities or any party connected to the Facilities; and
  13. any person in connection with any of the Purposes.

5. Withdrawal of Consent

The consent to use or disclose the Personal Data for any of the above Purposes can be withdrawn by the Relevant Individual at any time by reasonable notice in writing to IFS pursuant to PDPA. However, depending on the circumstances and the nature or extent of the withdrawal of consent, such withdrawal of consent may result in IFS’ inability to provide or continue to provide the Facilities to the Client and hence may result in the termination of the Facilities granted to the Client whereupon all monies including charges and expenses owing to IFS shall be fully repaid or other consequences of a legal nature which may arise by virtue of the legal relationship with IFS. IFS’ legal rights and remedies are expressly reserved in such event.

6. Access and Correction of Personal Data

To the extent that the applicable law allows, the Relevant Individuals may request access to, and correction of, the Personal Data in relation to themselves. However, some Personal Data may be exempt from such access and correction rights in accordance with the PDPA. All requests for access to, and/or correction of, the Personal Data can be submitted to IFS’ Data Protection Officer via email address at dpo@ifscapital.com.sg. Please note that IFS has the right to charge a reasonable fee for the handling and processing of such requests.

7. Retention of Personal Data

The Personal Data will be kept by IFS only for as long as it is needed for the purposes for which it was collected and as required for business or to comply with legal, regulatory and internal requirements.

8. Administration and Management of Personal Data

8.1 IFS will take reasonable efforts to ensure that the Personal Data is accurate and complete, if the Personal Data is likely to be used by IFS to make a decision that affects a Relevant Individual, or disclosed to another organisation. However, this means that IFS must be updated of any changes in the Personal Data that was initially provided to IFS. IFS will not be responsible for relying on inaccurate or incomplete personal data arising from IFS not being updated of any changes in the Personal Data that was initially provided to IFS.

8.2 IFS will also put in place reasonable security arrangements to ensure that the Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of the Personal Data. However, IFS cannot assume responsibility for any unauthorised use of the Personal Data by third parties which are wholly attributable to factors beyond IFS’ control.

8.3 Where the Personal Data is to be transferred out of Singapore, IFS will comply with the PDPA in doing so. In this regard, this includes IFS obtaining the relevant consent unless an exception under the PDPA or law applies, and taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the PDPA. This may include IFS entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits IFS to.

9. Contacting Us

For any queries or complaints relating to the collection, use or disclosure of the Personal Data or for more information about this Data Protection Policy, please contact IFS’ Data Protection Officer at dpo@ifscapital.com.sg.

For the avoidance of doubt, where the Singapore personal data protection law permits an organization such as IFS to collect, use, disclose or process Personal Data without consent, such permission granted by the law shall continue to apply and nothing herein is to be construed as limiting any of these rights.

Where written permission is required by law or otherwise for any such disclosure by IFS, the signing of the relevant documents, Personal Data consent form and/or other methods of consent notification, as well as in any other manner permitted by law shall constitute and be deemed to be sufficient written permission for such disclosure.

IFS Data Protection Policy.Legal.R&T(2020.06.12)