Your personal data privacy is important to us and Get is highly committed in respecting and managing your Personal Data collected in line with this Policy.
This Personal Data Privacy Policy sets out the collection, use and disclosure of your Personal Data. “Personal Data” means any data or information, whether true or not, about an individual who can be identified either (a) from that data; or (b) from that data and other information to which Get is likely to have access to. Personal Data excludes Business Contact Information which means an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes.
When and what kind of Personal Information do we collect?
Get may collect Personal Data:
- When you provide Personal Information by filling in online or hardcopy forms when applying for Get’s services or feedback, asking queries, making requests and other submissions;
- If and when you contact Get (i.e. telephone calls, online chat programmes, social media and emails), we may keep a record of that correspondence;
- When you visit our website, we may collect details of your visits to our website including, but not limited to, cookies, location data, weblogs and other communication data, that you access;
- When you fill up online or hardcopy job application forms to apply for a job at Get;
- If you enter into any contract with Get or purchase any products/services from Get; or
- If you participate in any exhibition, event, competition or workshop organised by Get or where Get is a participant.
Get may collect the following kinds of Personal Data through the different channels mentioned above:Full name;Business and/or personal email addresses;
- Mobile and business telephone numbers;Bank account details;NRIC/ID/Passport numbers and copies for organisations using our platform and vendors, if requiredPhotos and videos (i.e. Facebook profile pictures), if applicable;
- IP addresses and location data;
- Additionally, if you are applying for employment with Get, Get will collect the following Personal Information and/or information:
- Date of Birth;
- Nationality;
- Marital Status;
- Gender;
- Race;
- Educational and employment history and professional qualifications, including testimonials and references;
- Medical, legal and financial history;
- Next of kin, family or emergency contact information; and
- Curricula Vitae, if any.
What purposes does Get Collect, Use and Disclose Personal Information?
Get may use the Personal Information and/or information we collect from you for any of the following purposes:
- To perform or carry out Get’s obligations arising from any contracts entered into between you and us;
- To enable Get’s vendors and service providers (e.g. Web hosting, Credit Card Processing) to fulfil obligations/services as stipulated in your contract with Get;
- To handle products and services requests and enquiries;
- For payment administration purposes, if any;
- To administer and update your records in our databases; monitoring and maintaining a copy of your record of previous transactions;
- To facilitate the delivery, maintenance and enhancement of Get’s products and services;
- To plan, monitor, and enhance the provision of new products, services, projects, and planning of events;To improve Get’s customer service through your feedback;
- To facilitate data analysis and business planning purposes;
- To process your enquiries and any and all other ancillary administrative purposes;
- For communications, sales and marketing efforts and publicity purposes;
- For ../get-templates/vendor management and communications purposes;
- For government, audit and other regulatory purposes;
- For recruitment and evaluation purposes if you apply for a job with Get, i.e. to determine job suitability;
- To apply for employee work visas at the Ministry of Manpower;
- For internal reporting and/or accounting purposes; and
- Purposes incidental to each or all of the above.
We may also contact you by any means of communication for which you have given us contact details, including but not limited to via email, telephone numbers, and post, for the purpose of getting your feedback. In addition, if you are an organisation using our platform, we may reach out to provide you with information which may be of interest to your organisation.
We only collect, process, use or disclose such Personal Information, in accordance with this Policy and for the purposes as stated above. If you are acting as an intermediary, or otherwise on behalf of a third party, or supply us with information regarding a third party, you undertake that you are an authorised representative or agent of such third party and that you have obtained consent from such third party to our collection, processing, use and disclosure of their Personal Information. Because we are collecting the third party’s data from you, you undertake to make the third party aware of all matters listed in this Policy by referring them to our [agencies’] website. We rely on the above undertakings in collecting, processing, using or disclosing any such Personal Information belonging to that third party.
Consent for the collection and use of your Personal Information
You consent to the collection, use and disclosure of your Personal Data for the above mentioned purposes and agree to be bound by the obligations it imposes on you, when you accept this Privacy Policy. You accept this Privacy Policy when you continue to browse on Get’s website.
In this regard, please note that it is on your part to ensure that all personal data submitted to us is complete, accurate, true and correct at the time of submission. Failure on your part to do so may result in our inability to provide you with products and services you have requested.
Please note that if you do not consent to any of the above business purposes, Get may also be unable to meet the purposes for which the information was collected.
Does Get disclose Personal Information to third parties?
Get may disclose your Personal Data for the purposes stated within this privacy policy to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in the Companies Act (Cap. 50).
On occasion, Get may use vendors and service providers to assist us in the processing of your Personal Data as outlined under “What purposes does Get Collect, Use and Disclose Personal Data?” You consent to such use of your Personal Data by continuing to browse on Get’s website.
Get will not transfer Personal Data within or outside Singapore unless it is ensured that the Personal Data will be accorded a level of protection which is comparable to the protection under the PDPA.
For how long does Get retain your Personal Information?
Get will cease to retain Personal Data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.
Does Get use cookies to collect and use Personal Information?
When you visit any of Get’s websites, Get may collect or analyse anonymized information from which individual information will not be identified. The information collected may include the number of users and the amount of time they stay on our website, which countries they are from, and what mode of device they are currently using to view our website, as well as domain information that helps us to learn our client’s profile, the frequency of viewing. We use this information to improve our website’s content and navigation.
Some parts of this website may use cookies, which enable us to track usage patterns, enforce security, and offer you a customized content. A cookie is a small text file that our server places on your computer hard drive as a unique identifier.
Note that our cookies do not have an expiration date and do not collect personally identifiable information.
You may disable the use of cookies by selecting the appropriate settings on your browser. This may however result in you being unable to experience the full functionality of the websites.
How does Get protect your Personal Information?
The Personal Data that we hold about you may be stored on servers hosted in Australia. Get implements a variety of security measures to maintain the safety of your submitted information. All electronic storage and transmission of personal data is secured and stored on managed servers with controlled access and appropriate security technologies.
Although every reasonable effort has been made to ensure that all personal data will be so protected, Get cannot be responsible for any unauthorised use or misuse of such information and from risks which are inherent in all internet communications.
Your Personal Data will only be disclosed for the express purpose of delivering the product or service requested and shall not be sold or disclosed to any other company for any other reason whatsoever without your consent.
Links to third party websites from Get’s website
Our websites may contain links to other external websites, such as our business partners. We are not responsible for the privacy policies and practices of these websites taken care of by third-parties. We strongly encourage you to check the privacy policy of each website that you visit. Some of these third-party websites may 5 have our logo or trademark acknowledged on their website. However, these websites are not operated and maintained by us. Please contact the owner of the respective websites should you have any questions on their privacy policies.
Use by Our Clients
Our clients use Get as a platform for various purposes listed above. Get does not control the content or the types of information that our clients may choose to collect or process using Get. That information, including personal data, belongs to them and is collected, used, disclosed and protected by them according to their own privacy policies and is not subject to Get’s Privacy Policy.
Get processes our clients’ information, including personal data, as they direct and in accordance with our agreements with our clients, and we store it on our servers, but we do not have control over its collection, use or management. Our agreements with our clients prohibit us from using that information, except as necessary to provide and improve the platform and our services, as permitted by this Privacy Policy, and as required by law. Get might have no direct relationship with individuals who provide Personal Data to our clients. Our clients control and are responsible for correcting, deleting or updating information they have collected from you using Get. Get may work with the clients to help them provide notice to their visitors about their data collection, processing and usage. Get is not responsible for the clients’ use of information they collect using Get.
Access and Correction of Personal Information
Further Information
If you are concerned about the handling of your Personal Data, or if you have any complaints or queries related to your Personal Data or our Privacy Policy, please contact Get’s Data Protection Officer (“DPO”) at [email protected].
Get reserves the right to change this Policy with or without notice from time to time.
Security Program
We drive a security program that includes the following focus areas: product security, infrastructure controls (physical and logical), policies, employee awareness, intrusion detection, and assessment activities. The security team runs an in-house Incident Response (“IR”) program and provides guidance to Get employees on how to report suspicious activity. Our IR team has procedures and tools in place to respond to security issues and continues to evaluate new technologies to improve our ability to detect attacks against our infrastructure, service, and employees. We periodically assess our infrastructure and applications for vulnerabilities and remediate those that could impact the security of customer data. Our security team continually evaluates new tools to increase the coverage and depth of these assessments.
Network Security
Get defines its network boundaries using a combination of load balancers, firewalls, and VPNs. We use these to control which services we expose to the Internet and to segment our production network from the rest of our computing infrastructure. We limit who has access to our production infrastructure based on business need and strongly authenticate that access.
Account Security
We will encrypt the passwords using using Bcrypt algorithm (this creates a non-reversible secure password hash) and phone/email will be encrypted/decrypted using hybrid encryption mode.
Get never stores your password in plaintext. We use Brcrypt algorithm which creates a non-reversible secure password hash to securely store your account authentication information. We select the number of hashing iterations in a way that strikes a balance between user experience and password cracking complexity. We limit failed login attempts on both a per-account and per-IP-address basis to slow down password guessing attacks. Get currently offers two-step verification (“2SV”), also known as two-factor or multi-factor authentication, for all selected accounts, and aim to roll it out to all users as soon as possible. Our 2SV mechanism is based on a time-based one-time password algorithm (TOTP). All users can generate codes locally using an application on their mobile device or can choose to have the codes delivered as a text message.
Product Security
Securing our Internet-facing web service is critically important to protecting your data. Our security team drives an application security program to improve code security hygiene and periodically assess our service for common application security issues including: CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking.
Every client application that talks to our service uses a well-defined thrift API for all actions. By brokering all communications through this API, we’re able to establish authorisation checks as a foundational construct in the application architecture. There is no direct object access within the service and each client’s authentication token is checked upon each access to the service to ensure the client is authenticated and authorised to access a particular organisation, event or merchandise.
Customer Segregation
Get’s service is multi-tenant and does not segment your data from other users’ data. Your data may live on the same servers as another user’s data. We consider your data private and do not permit another user to access it unless you explicitly share it.
Media Disposal and Destruction
We securely erase or destroy all storage media if it has ever been used to store user data. We utilise a variety of storage options in Amazon Web Services(“AWS”), including local disks, persistent disks, and Cloud Storage buckets. We take advantage of AWS’ cryptographic erasure processes to ensure that repurposing storage does not result in exposing private customer data.
Data Retention and Storage
Customers data are kept for at least 5 years after the termination or closure of their account. All data is encrypted and stored in a data centre operated by Amazon Web Services (“AWS”), which is compliant with:
- PCI DSS Level 1
- SOC 1, 2, 3
- ISO 9001, 27001, 27017, 27018
- For others, see http://aws.amazon.com/compliance/
Activity Logging
Get performs server-side logging of client interactions with our services. This includes web server access logging, as well as activity logging for actions taken through our API. We also collect event data from our client applications.
Transport Encryption
Get uses industry standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology. In addition, we support HTTP Strict Transport Security (“HSTS”).
We support a mix of cipher suites and TLS protocols to provide a balance of strong encryption for browsers and clients that support it and backward compatibility for legacy clients that need it. We plan to continue improving our transport security posture to support our commitment to protecting your data. We support STARTTLS for both inbound and outbound email. If your mail service provider supports TLS, your email will be encrypted in transit, both to and from the Get service. We protect all customer data flowing using IPSEC with GCM-AES-128 encryption or TLS.
Resiliency / Availability
We operate a fault tolerant architecture to ensure that Get is there when you need it. This includes:Diverse and redundant Internet connectionsRedundant application load balancersRedundant servers and virtual instancesRedundant underlying storage