TORUS ENERGY PTE. LTD.
Effective Date: 01.10.2020
1. ABOUT THIS POLICY
1.1. This Policy has been adopted by Torus Energy Pte. Ltd. (“TEPL”), and other organisations related to TEPL (including its subsidiary(ies)) (hereinafter collectively the “TEPL Group”).
1.2. In this Policy, “we”, “us” or “our” refers to TEPL, or any organisation within the TEPL Group, as appropriate. Although this Policy is in common use by the TEPL Group, except where applicable laws provide otherwise, each organisation is only responsible to you in relation to its own collection and use of your personal data, and its own actions.
1.4. Please contact our Data Protection Officer with questions, comments, or concerns regarding our Policy and/or practices, or if you wish to make a complaint to us, at:
Email address: firstname.lastname@example.org
When you contact us, we may require that you submit certain forms or provide certain information, including verification of your identity, before we are able to respond.
1.5. We reserve the right to amend and modify this Policy at any time without notice to you, in compliance with applicable laws or as we update our data usage and handling processes. Any updated Policy will supersede earlier versions and will apply to personal data provided to us previously. Any updated Policy will take effect when made available on [https://torus.net/privacy-policy]. Accordingly, please do check this Policy periodically for any changes and/or updates.
2.1. The purpose of this Policy is to describe:
2.1.1. The personal data we collect and how we may use such data;
2.1.2. How and why we may disclose your personal data to third parties;
2.1.3. The transfer of your personal data outside your country of residence;
2.1.4. Your rights concerning your personal data;
2.1.5. The security measures we use to protect and prevent the loss, misuse, or alteration of personal data; and
2.1.6. Our retention of your personal data.
2.2. In cases where we require your consent to process your personal data, we will ask for your consent to the collection, use, and disclosure of your personal data as described further below. We may provide additional disclosures or additional information about the data collection, use and sharing practices of specific services. These notices may supplement or clarify TEPL Group’s privacy practices or may provide you with additional choices about how TEPL Group processes your personal data.
3. COLLECTING PERSONAL DATA
3.1. What is personal data. “Personal data” is data that can be used, as determined by applicable laws, to identify a natural person. Examples of personal data may include name, address, contact details, identification numbers, financial information, transactional information based on your activities on our websites, applications and platforms, telephone numbers, email address, images, and any other information of a personal nature.
3.2. Voluntary provision of personal data. Your provision of personal data to us is voluntary, and you are free to choose whether to provide us with the types of personal data requested. You also have the right to withdraw your consent for us to use your personal data at any time by contacting us. However, if you do so, we may not be able to fulfil the purposes for which we require the personal data, including offering you some or all of the services that you require from us.
3.3. Collecting your personal data. We collect personal data that is relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, such as when:
3.3.1. you authorise us to obtain your personal data from a third party;
3.3.2. you visit our website, download or use our applications and/or services;
3.3.3. you use or request information about our business and/or services;
3.3.4. you subscribe to marketing communications, or communicate with us or request that we contact you through various communication channels;
3.3.5. you attend one of our events or programs;
3.3.6. your images are captured via photographs or videos taken by us or our representatives when you are within our premises or attend events organised by us;
3.3.7. we seek information about you and receive your personal data in connection with your relationship with us (e.g. if you are an investor or shareholder); or
3.3.8. when you submit your personal data to us for any other reason.
3.4. Information we collect from other sources. Depending on your relationship with us, we may also collect your personal data from third parties and public sources as required or permitted by applicable law, for example:
3.4.1. public authorities, public websites, social media and other sources, which may include information related to your identification, location, reputation, business activities, and other personal details;
3.4.2. our business partners such as third parties providing advertising, marketing and promotional services to us; or
3.4.3. your referees, educational institutions or previous employers (if you have applied to us for a job).
3.5. Automated Data Collection Technologies. Our websites, applications and services may contain or involve certain technologies (including those described below) that collect data from you.
3.5.2. Website Log Files. We collect data in the form of server log files that tell us generally about the activity of users on our websites and applications, including length of visits, the webpages requested, IP address, cookies, the type of web browser and operating system you are using, click-stream data and so forth. We use this data to analyse overall trends, administer our websites, applications and services, track usage, optimise and improve your user experience, as well as evaluate and improve our websites, applications and services.
3.5.3. Analytical Tools. We use analytical tools, which allow us to, among other things, identify potential performance or security issues with our websites, applications and services, improve their stability and function, understand how you use them, so that we can optimise and improve your user experience, as well as evaluate and improve our websites, applications and services.
3.5.4. Third Party Analytical Tools. Our analytical tools include third party tools. We do not control these third parties, their technologies or how they may collect and use information through their tools.
If you have any queries about these third party tools and how they collect and use information, please contact us and we can put you in touch with the relevant third party that is responsible for them.
3.5.5. Web Tracking Beacons and Tracking Links. Web beacons (also known as pixel tags and clean GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our website or our (mobile) applications. In conjunction with cookies, these are primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
Please do not use our websites, applications and services if you do not wish to have your data collected through such means. Alternatively, you may also disable the operation of these technologies on your devices where it is possible to do so. Our websites, applications and services do not support Do Not Track (“DNT“). However, you may enable or disable DNT, if supported by your web browser, by enabling or disabling this feature in the preferences or settings page of your web browser.
3.6. What personal data we collect from you. The personal data we may collect from you depends on the purposes for which we will be using the personal data and what you have chosen to provide. Where appropriate, personal data that we collect may include (but is not limited to) the following:
3.6.1. Personal identification information, such as your full name, username or similar identifier, marital status, home address, date of birth, age, nationality, gender, signature, photographs, job title, tax identification number, passport number and details, driver’s license details, national identity card details, photograph identification cards, and/or immigration visa information.
3.6.2. Contact information, such as email address and telephone numbers.
3.6.3. Financial information, such as bank account numbers, bank statement, virtual currency wallet addresses, trading data, and tax identification information.
3.6.4. Profile information, such as your username and password, interests, preferences and any feedback.
3.6.5. Marketing and Communications information, such as your preferences in receiving marketing from us and third parties and your communication preferences.
3.6.6. Residence verification information, such as utility bill details, bank statements, or similar information.
3.6.7. Device information, such as the hardware, operating system, and browser used by you, and any other information that is automatically collected about your device.
3.6.8. Location information, such as your IP address and/or domain name, any external page that referred you to us, and any other information that is automatically collected via analytics systems providers to determine your location.
3.6.9. Log information, such as device-specific information (including for example, login information, photos, videos or other digital content and check-ins), location information, system activity, any internal and external information related to the pages on our websites and applications that you visit, and any other that is generated by your use of our websites, applications and services that is automatically collected and stored in our server logs.
3.7. Aggregated Data. We also collect, use and share aggregated data such as statistical or demographic data (“Aggregated Data”) for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your log information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
3.8. Providing personal data belonging to others. In certain circumstances, you may also provide us with personal data of persons other than yourself (such as your family members). If you do so, you are responsible for informing him/her of the specific purposes for which we are collecting his/her personal data and to ensure that he/she has provided valid consent for your provision of his/her personal data to us.
3.9. Accuracy and completeness of personal data. You are responsible for ensuring that all personal data that you provide is true, accurate and complete, and to inform us of any changes to your personal data.
3.10. Minors. Our website, applications and services are not intended for children, and we do not knowingly request to collect personal data from any children under the age of 18.
4. WHAT WE DO WITH YOUR PERSONAL DATA
4.1. We only collect, use, disclose and process your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
4.1.1. where you have consented before the processing;
4.1.2. where we need to perform the contract we are about to enter into or have entered into with you;
4.1.3. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
4.1.4. where we need to comply with a legal obligation.
We have set out below, in table format, a description of the ways we plan on using your personal data, and on what basis we do so. We have also, where appropriate, identified what our legitimate interests are. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/activity||Type of data||Lawful basis for processing|
|To enable you to participate in any fundraising exercise undertaken by TEPL.||Personal identification information|
Residence verification information
Performance of a contract with you
Necessary to comply with legal obligations (to ensure your eligibility to partake in any fundraising exercise undertaken by TEPL and fulfil our obligations under applicable anti-money laundering and countering the financing of terrorism laws and regulations)
|To deliver services to you.||Personal identification information |
Marketing and Communications information
Performance of a contract with you
Necessary for our legitimate interests
|To manage our relationship with you, including notifying you of changes to our websites, applications or services.||Personal identification information Contact information |
Marketing and Communications information
Performance of a contract with you
Necessary for our legitimate interests (to keep records updated and to analyse how users use our websites, applications or services)
Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)
|To administer and protect our business, our websites, applications and services (including troubleshooting, data analysis and system testing, maintenance, support, reporting and hosting of data).||Personal identification information |
Performance of a contract with you
Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security)
|To deliver relevant content, to you, and measure or understand the effectiveness of such content.||Personal identification information |
Marketing and Communications information
Necessary for our legitimate interests (to develop our website, applications and services, and grow our business)
|To use data analytics to improve our website, applications and services, marketing and customer relationships.||Log information |
|Necessary for our legitimate interests (to develop our websites, applications and services, and grow our business)|
4.2. Lawful Basis. The following are the types of lawful basis that we rely on to process your personal data:
4.2.1. Consent: processing your personal data where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
4.2.2. Legitimate Interest: the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
4.2.3. Performance of Contract: processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
4.2.4. Complying with a legal obligation: processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
4.3. Marketing purposes. If you have provided us with your consent, we may send you marketing communications to inform you about our events or our partner events, to deliver targeted marketing, and to provide you with promotional offers based on your communication preferences. We use information about your usage of our services and your contact information to provide marketing communications. We may also share personal data with third parties to help us with our marketing or sending marketing communications.
4.4. Automated decision making. We may make automated decisions on certain matters, such as to fulfill our obligations imposed by law (for example, to verify your identity), to detect fraudulent or prohibited activities, or to determine whether you are eligible for certain of our services. If you disagree with the decision you are entitled to contest this by contacting our Data Protection Officer however, if we are unable to make automated decisions, we may not be able to offer some or all of our services to you.
4.5. Purposes permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.
4.6. Change of purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
4.7. Contacting you. When using your personal data to contact you for the above purposes, we may contact you via e-mail, telephone or any other means. We will not contact you for marketing purposes unless we have your consent, or unless we are exempted by applicable law from having to obtain consent. If you do not wish to receive any communication or information from us, or wish to restrict the manner by which we may contact or send you information, you may contact us.
5. DISCLOSURE OF PERSONAL DATA
5.1. Disclosure to related parties. From time to time, we may disclose or share your personal data with our related organisations or business partners in connection with the purposes described in Clause 4.
5.2. Other disclosures. We take care to allow your personal data to be accessed only by those who need to perform their tasks and duties, and to share your personal data only with third parties for purposes described in Clause 4, including the following circumstances:
5.2.2. We may share your personal data with third party identity verification and transaction monitoring services to assist in the prevention of fraud and other illegal activities and to fulfill our obligations under anti-money laundering and countering the financing of terrorism laws and regulations. This allows us to confirm your identity by comparing the personal data you provide us to public records and other third-party databases and to monitor transactions to fulfil our legal and regulatory obligations to report suspicious activities.
5.2.3. We may share your personal data with service providers under contract who provide professional services (such as legal and accounting advisors) or help with parts of our business operations (such as marketing, payment and technology services). Our contracts will require these service providers to use your personal data only in connection with the services they perform for us and prohibit them from selling your personal data to anyone else.
5.2.4. We may share your personal data with financial institutions and payment services providers with which we partner to process payments you have authorised.
5.2.5. We may share your personal data with third parties which use our website, applications and services to provide various services to you.
5.2.6. We may share your personal data with organisations that we plan to merge with or be acquired by.
5.2.7. We may share your information with companies or other entities that purchase TEPL Group’s assets pursuant to a court-approved sale under applicable bankruptcy laws or where we are required to share your information pursuant to applicable insolvency laws.
5.2.8. We may share your information with law enforcement, government officials or regulators, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal data is necessary to prevent physical harm or financial loss, to comply with applicable laws and regulations, to report suspected illegal activity, or to investigate violations of any applicable terms and/or policies.
5.2.9. In addition, from time to time, we may request your consent to share your information with third parties in certain other circumstances. Such requests may be presented to you in our terms and/or agreements with you, an email from us to you, or otherwise through the website, applications and services.
We will take care to require all third parties to respect the security of your personal data and to treat it in accordance with the Policy and applicable laws.
6. CROSS-JURISDICTIONAL TRANSFERS
6.1. We may store, process and transfer your personal data:
6.1.1. from the jurisdiction where it is collected (or where you are located) to any other jurisdiction that we operate in; and
6.1.2. to third parties in other jurisdictions.
Where we transfer your personal data across jurisdictions, we will ensure that your personal data is treated securely in accordance with this Policy and applicable laws regardless of the jurisdictions that they are transferred to. For example, we may enter into contracts with recipients to protect your personal data. You may obtain details of these safeguards by contacting us.
6.2. EU Data Subjects Only. Please note that when you provide personal data to us (or a third party on our behalf) it may accordingly be accessed and used in countries outside of the European Economic Area (“EEA”). In relation to such transfers, you acknowledge that you have been made aware that (i) such countries may not be deemed to have an adequate level of protection for personal data as determined by the European Commission; (ii) some countries outside the EEA provide levels of protection of personal data which are substantially poorer than those of countries within the EEA; and (iii) in respect of such countries it is possible that this personal data might be intercepted and accessed by governmental and other authorities / agencies in those countries.
Where we transfer your personal data outside of the EEA, this is done either on the basis that it is necessary for the performance of the contract between you and TEPL, or that the transfer is subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate or, in the event that the transfer is to a US entity, we may transfer personal data if the transferee is part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
7. YOUR RIGHTS
7.1. You have certain rights at law in relation to our collection, use, disclosure and processing of your personal data. These rights include:
7.1.1. Access: You may request that we provide you a copy of your personal data held by us. In accordance with applicable laws, we may request that you specify the information or processing activities to which your request relates before we provide you with a copy of your personal data.
7.1.2. Correction: You may request that any incomplete or inaccurate personal data we hold about you is corrected.
7.1.3. Withdrawal of consent: you may withdraw consent for our use of your personal data.
7.2. Other Rights. Depending on the laws applicable to you, you may also enjoy additional rights. For example, if you are resident in the European Union, you may also enjoy certain additional rights, including:
7.2.1. Erasure: You may ask us to delete or remove personal data that we hold about you in certain circumstances. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
7.2.2. Restriction: You may withdraw consent for our use of your personal data, or ask us to suspend the processing of certain of your personal data about you, for example, if you want us to establish its accuracy.
7.2.3. Data Portability: You may obtain or request the transfer of certain of your personal data to you or another party under certain conditions.
7.2.4. Objection: If we are processing your personal data on the basis of our legitimate interests (or those of a third party), you may object to processing on this ground.
7.2.5. Automated Decisions: You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
7.3. Limitations: We may be permitted under applicable laws to refuse a request, for example, we may refuse (a) a request for erasure where the personal data is required in connection with claims; or (b) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.
7.4. Complaint: If you believe that we have infringed your rights, we encourage you to contact our Data Protection Officer (see Clause 4 above for details) so that we can try to resolve the issue or dispute informally.
8. PROTECTION OF PERSONAL DATA
8.1. Security arrangements. We use a variety of security measures to ensure the confidentiality of your personal data and to protect your personal data from loss, theft, unauthorised access, misuse, alteration or destruction. For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to personal data only for those employees who require it to fulfill their job responsibilities.
8.2. Unauthorised access. While we take reasonable precautions to safeguard your personal data in our possession or under our control, we cannot guarantee that loss, theft, unauthorised access, misuse, alteration or destruction of your personal data will not occur. Achieving complete security (whether in transmission or storage of data) is impossible and/or impractical. We cannot be held responsible for unauthorised or unintended access that is beyond our control, such as hacking or cybercrimes.
8.3. Disclaimer. We cannot provide any guarantee regarding the security or confidentiality of personal data that you transmit to us or receive from us via the internet or wireless connection, including email, phone, or SMS. We do not make any warranty, guarantee, or representation that your use of our websites and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. If you have reason to believe that your personal data is no longer secure, please contact our Data Protection Officer.
8.4. Retention of personal data. We retain personal data for as long as necessary to fulfill the purposes described in this Policy, and to satisfy our own legal, regulatory and business purposes, including data analytics, audit, accounting or reporting purposes. The criteria we may use to determine the retention period for certain categories of data includes:
8.4.1. whether there are contractual or legal obligations that require us to retain the personal data for a certain period of time;
8.4.2. whether there is any ongoing legal or financial claim that relates to your relationship with us; and
8.4.3. whether any applicable law, statute, or regulation allows for a specific retention period.
8.5. Period of retention. How long we keep your personal data depends on the nature of the data. Some information may also be retained for longer, e.g. where we are required to do so by law.
8.6. Anonymised data. When personal data is no longer needed we have procedures either to destroy, delete, erase or convert it to an anonymous form. When we anonymise your personal data such that it can no longer be associated with you, we shall be entitled to retain and use such data without restrictions.
9. COOKIES POLICY
9.1. Description of cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to allow websites to work properly or more efficiently, as well as to provide information to the owners of the website.
9.2. There are two general categories of cookies. “First-party cookies” cookies are set directly by us. “Third-party cookies” are set by a third party, and that third party can recognise your computer both when it visits our websites and applications, and when it visits certain other websites and/or mobile apps.
9.3. Cookies can remain on your computer or mobile device for different periods of time. Some cookies are “session cookies”, which exist only while your browser is open and expire once you close your browser. Other cookies are “persistent cookies”, which survive after your browser is closed. They can be used by websites to recognise your computer when you open your browser and browse the internet again.
9.7. Categories of cookies we use. We may use the following categories of cookies:
9.7.1. Strictly Necessary Cookies: These cookies are necessary because they enable you to move around our websites and applications, and use certain features of our services. For example, strictly necessary cookies allow you to access secure areas. Without these cookies, some services cannot be provided.
9.7.2. Functionality Cookies: These cookies allow us to remember the choices you make and to tailor our services so we can provide relevant content to you. For example, a functionality cookie can remember your preferences (e.g. country or language selection), or your username.
9.7.3. Performance/Analytics Cookies: These cookies collect information about how you use a website. For example, a performance/analytics cookie will collect information about which pages you go to most often, how much time you spend on that page, or if you get error messages from certain pages. These cookies do not gather information that identifies you. The information these cookies collect is anonymous and is only used to improve how our services work.
9.7.4. Advertising and Tracking Cookies: Our websites and applications may feature advertising. We may allow third party companies, including advertising companies, to place cookies on our websites and applications. These cookies enable such companies to track your activity across various sites where they display ads and record your activities so they can show ads that they consider relevant to you as you browse the Internet. These cookies also allow us and third parties to know whether you have seen an ad or a type of ad, and how long it has been since you last saw it. This information may be used for frequency capping purposes, to help tailor the ads you see, and to measure the effectiveness of ads. These cookies are anonymous – they store information about the content you are browsing, but not about who you are.
9.8.1. Our Cookies. Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser.
9.8.2. Do Not Track. Some Internet browsers – like Chrome, Internet Explorer, Firefox, and Safari – include the ability to transmit DNT signals. Since uniform standards for DNT signals have not been adopted, our websites and applications may not be able to process or respond to DNT signals.
9.8.3. Advertising Cookies. To opt-out of third-party advertising networks and similar entities that use targeting/advertising cookies, go to http://www.aboutads.info/choices. Once you click the link, you may choose to opt-out of such advertising from all participating advertising companies or only advertising provided by specific advertising entities. For more information about third-party advertising networks and similar entities that use these technologies, please see http://www.aboutads.info/consumers.