The Swire Bulk Group’s Data Protection and Privacy Policy (“Policy”) explains why and how we process your Personal Data, your rights in relation to your Personal Data, and how to contact us if you need to (our contact details are set out at the end of this Policy).
Swire Bulk Pte. Ltd. (“Company”) and its subsidiaries and related companies (together with the Company, the “SB Group”, “we”, or “us”) are the Data Controller of the Personal Data we collected from our business customers, suppliers, service providers and partners (and each of their employees, officers, agents, contractors or any other individuals they engage with) (“you”, or “your”) and which is processed in accordance with this Policy.
Swire Bulk Pte. Ltd. (“Company”) and its subsidiaries and related companies (together with the Company, the “SB Group”, “we”, or “us”) are the Data Controller of the Personal Data we collected from our business customers, suppliers, service providers and partners (and each of their employees, officers, agents, contractors or any other individuals they engage with) (“you”, or “your”) and which is processed in accordance with this Policy.
Please note that some privacy rights and obligations may differ in certain locations based on applicable local Personal Data Protection Laws and we will provide you with additional information about our processing activities as and when required. We have included supplemental information for certain jurisdictions as schedules to this Policy as follows:
the United States of America Addendum which supplements this Policy in relation to the processing of Personal Data in the United States of America;
the Californian Addendum which explains how we comply with the California Consumer Privacy Act and the California Privacy Rights Act in relation to the processing of Personal Data relating to Californian residents;
the Australia Addendum which supplements this Policy in relation to the processing of Personal Data in Australia;
the People’s Republic of China Addendum which supplements this Policy in relation to the processing of Personal Data in the People’s Republic of China;
the Brazil Addendum which supplements this Policy in relation to the processing of Personal Data in Brazil;
the Canada Addendum which supplements this Policy in relation to the processing of Personal Data in Canada and;
the Singapore Addendum which supplements this Policy in relation to the processing of Personal Data in Singapore.
Swire Bulk has been awarded the Data Protection Trustmark (DPTM) certification by Singapore’s Infocomm Media Development Authority (IMDA), underscoring our responsible data protection practices.
We will continue to include supplemental information for other relevant jurisdictions as and when required.
This Policy applies to Personal Data collected, or otherwise obtained, by the SB Group from our business customers, suppliers, service providers and partners (and each of their employees, officers, agents, contractors, or any other individuals they engage with).
The SB Group will not knowingly process the Personal Data of children. If we learn that we have collected or received Personal Data from a child, we will delete that information.
This Policy applies to Personal Data collected, or otherwise obtained, by the SB Group from our business customers, suppliers, service providers and partners (and each of their employees, officers, agents, contractors, or any other individuals they engage with).
The SB Group will not knowingly process the Personal Data of children. If we learn that we have collected or received Personal Data from a child, we will delete that information.
– means the relevant regulatory authority in the jurisdiction administering the applicable Personal Data Protection Laws, including but not limited to:
• the Information Commissioner’s Office in the United Kingdom (“ICO”);
• the Personal Data Protection Commission of Singapore (“PDPC”);
• the California Privacy Protection Agency (“CPPA”);
• the Office of the Privacy Commissioner in New Zealand (“OPC”);
• the Office of the Australian Information Commissioner (“OAIC”); and
• the Cyberspace Administration of China (“CAC”).
• the National Data Protection Authority in Brazil (“ANPD”); and
• the Office of the Privacy Commissioner of Canada (“OPC”) and the Office of the Information and Privacy Commissioner for BC (“IPC BC”).
– means any information (e.g. names, contact details, passport number, biometric data, health data etc.) whether true or not, that relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, or relating to, an identified or identifiable natural person (e.g. customer, employee etc.) and “Personal Information” as such term is defined under CCPA, CPRA, the Australian Privacy Act, the PIPL, NZPA, PIPEDA, PIPA BC (as applicable) and “Sensitive Personal Data” as such term is defined under the LGPD.
– means any organisation which determines the purposes for which, and the manner in which, any Personal Data is processed, or a “Personal Information Handler” under the context of PIPL. We are the Data Controller of certain Personal Data used in our business and this includes the definition of “Business” in CCPA and CPRA.
– means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller and includes the definition of “Service Provider” in CCPA and CPRA and shall have the same or equivalent meaning of “entrusted party” as described in PIPL.
– means the relevant regulatory authority in the jurisdiction administering the applicable Personal Data Protection Laws, including but not limited to:
• the Information Commissioner’s Office in the United Kingdom (“ICO”);
• the Personal Data Protection Commission of Singapore (“PDPC”);
• the California Privacy Protection Agency (“CPPA”);
• the Office of the Australian Information Commissioner (“OAIC”); and
• the Cyberspace Administration of China (“CAC”).
• the National Data Protection Authority in Brazil (“ANPD”); and
• the Office of the Privacy Commissioner of Canada (“OPC”) and the Office of the Information and Privacy Commissioner for BC (“IPC BC”).
– means all applicable laws and regulations relating to Personal Data protection in force from time to time including any statute or statutory provision which amends, extends, implements, consolidates or replaces the same, including, without limitation:
• the EU General Data Protection Regulation 2016/679 (“GDPR”);
• the GDPR as it forms part of the domestic law of the United Kingdom by virtue of the European Union (Withdrawal) Act 2018, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;
• the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”);
• Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by the California Governor on June 28, 2018, including all regulations enacted in connection therewith, as the same may be amended, supplemented, or replaced from time-to-time (“CCPA”), including without limitation, starting on January 1, 2023, the California Privacy Rights Act, Cal. Civ. Code §§1798.100–1798.199.100, including all regulations enacted in connection therewith, as the same may be amended, supplemented, or replaced from time-to-time (“CPRA”);
• the Australian Privacy Act 1998 (Cth) (“Australian Privacy Act”);
• and the Personal Information Protection Law (“PIPL”) of the People’s Republic of China and its subordinate laws and regulations.
• the Brazilian General Personal Data Protection Law (No 13.709/2018) (“LGPD”), including all regulations and/or codes of practice made or issued in accordance with that Law; and
• the Personal Information Protection Act (“PIPEDA”) of Canada as well as provincial legislation for British Columbia, the Personal Information Protection Act
(“PIPA BC”)
– means any information (e.g. names, contact details, passport number, biometric data, health data etc.) whether true or not, that relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, or relating to, an identified or identifiable natural person (e.g. customer, employee etc.) and “Personal Information” as such term is defined under CCPA, CPRA, the Australian Privacy Act, the PIPL, NZPA, PIPEDA, PIPA BC (as applicable) and “Sensitive Personal Data” as such term is defined under the LGPD.
– means any organisation which determines the purposes for which, and the manner in which, any Personal Data is processed, or a “Personal Information Handler” under the context of PIPL. We are the Data Controller of certain Personal Data used in our business and this includes the definition of “Business” in CCPA and CPRA.
– means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller and includes the definition of “Service Provider” in CCPA and CPRA and shall have the same or equivalent meaning of “entrusted party” as described in PIPL.
We process your Personal Data in order to provide our products or services to you, or in order to receive products or services from you as set forth in this Section below.
Except as otherwise indicated, the Personal Data we collect is required to carry out the requested action. While the provision of your Personal Data is voluntary, if you do not provide your Personal Data to us, we may not be able to carry out the requested action. Generally, we collect Personal Data when you:
(a) submit forms or applications, resumes and/or CVs to us, we will collect from you or from third party recruiters, your identifiers (name, address, business and/or personal phone number, email address), protected classifications (gender, age, nationality), professional or employment-related information (employment history, job function or department, right to work information, information obtained from credit reference agencies). We use this information to assess your qualification for the position for which you applied, verify your identity, and conduct background checks or other verification purpose(s), to the extent permissible by law, and due diligence. We will also collect your national identity or passport numbers where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to, or to accurately establish or verify your identity to a high degree of fidelity. The legal basis for processing this information is to comply with a legal or regulatory obligation to which we are subject.
(b) submit queries, requests, complaints, or feedback, or otherwise communicate with us, we will collect your identifiers (name and email address), and any information you choose to include in your correspondence with us. The legal basis for processing this information is performance of our contract with you;
(c) ask to be included in our mailing list, we will collect your identifiers (name and email address). We use this information to fulfil your request to receive information we feel may be of interest to you. The legal basis for processing your information is your consent. You can revoke your consent with effect going forward by clicking on the “unsubscribe” link in each email. Please note that we will continue to send you transactional messages such as notifications necessary for the requested products or services;
(d) place, obtain, subscribe and/or make payment for our goods and/or services or when you supply goods and/or services, we will collect your identifiers (name, address, email address, telephone number) and payment information (payment card or account number, routing number (if applicable), payment card security code, payment card expiration date). We will use this information to process your subscription or purchase. The legal basis for processing this information is performance of our contract with you;
(e) take part in our surveys and/or events organised solely or jointly by the Company and/or any third parties, we will collect your identifiers (name, personal or business email address, and personal or business telephone number) and preferences (to the extent that this information is relevant to organising and managing those events [for example, your dietary requirements]). We use this information to contact you about future business opportunities and/or organise events, respectively. The legal basis for processing your information is your consent. You can revoke your consent at any time, with effect going forward, by sending a request to withdraw your consent, via email, to Dataprotection@swirebulk.com ; and
(f) visit one of our physical locations, we collect information relating to you that you give to us, or we otherwise obtain when you visit us (your signature, if you sign in, or are recorded on CCTV while visiting us, or you give us the registration details of your vehicle). The legal basis for processing your information is our legitimate interest for securing our properties.
In addition, we also collect information relating to you when we:
(a) conduct reviews for the purposes of (i) system and business process improvements, (ii) risk/fraud management, (iii) regulatory and compliance risk management and (iv) improvements to human resource processes (this shall include information such as your IP address, browser, time-zone setting, IP address); and
(b) conduct dispute resolution, preventing, detecting, and investigating non-compliance with laws, regulations and corporate policies and enforcing our contractual and legal rights and obligations.
If you provide us with any Personal Data relating to a third party (e.g. Personal Data of your dependents, spouse, children and/or parents), by submitting such Personal Data to us, you represent and warrant to us that you have informed them of how their information will be used, that you obtained the requisite consent of such third party and/or are authorised to provide us with such Personal Data for the relevant purposes contained in this Policy.
You are to ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to fulfil your requests and/or applications or delays in processing your applications.
Where the provision of your Personal Data is generally a contractual or legal requirement or is a requirement in order for us to enter into a contract, the consequences of any failure to provide such data will be that we may need to review any engagement or business relationship that we may have with you. Our legal rights and remedies in such event are expressly reserved. We also use the Personal Data collected for the above purposes to comply with the law and for other limited circumstances as described in Section 5.5 “Who we give your information to”.
We may conduct survey(s) to allow us to provide better services through customer research. You will be informed of the specific purpose(s) of each survey when we invite you to participate in the said survey. Participation in the survey is optional. The legal basis for the processing of your survey responses is your consent. You may revoke your consent with respect to being invited to future surveys by clicking the unsubscribe link included in the emails. Each of our surveys shall be conducted in accordance with the applicable Personal Data Protection Laws.
A cookie is a packet of data sent by a web server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server.
Our websites use cookies and similar tracking technologies (collectively, “Cookies“) to collect and use Personal Data about you (including internet and other electronic network activity information), to better understand and improve the usability, performance, and effectiveness of our websites, to help us tailor content or offers for you, and to serve our interest-based advertising. These technologies may also allow certain third parties to collect information about you. The legal basis for the processing of this information is your consent.
To learn more, including about how to consent to or withdraw your consent to Cookies, please see our Cookie Policy.
Information that we automatically obtain when you use our website and/or business systems/applications
When you use any of our websites or business systems/applications, we process the following types and categories of Personal Data (including internet and other electronic network activity information) which we collect automatically from your device. The legal basis for the processing of this information is your consent.
Some features within our websites or business systems/applications may only function upon confirmation of your location, and therefore such features will not be available if you choose not to provide your location data to us. The legal basis for this processing is consent.
Delivery of location services will involve reference to one or more of the following:
Information we receive from other sources:
We combine the information we collect directly from you and the information we collect automatically with information we collect from third party sources. We use this information and the combined information for the purposes set out above under Section 5.1 “Information we collect from you and why” and ” Information that we automatically obtain when you use our website and/or business systems/applications” (depending on the types of information we receive).
We do not carry out automated decision-making or profiling in relation to you.
Subject to the provisions of any applicable Personal Data Protection Laws, we may share the Personal Data identified in this Policy in the following instances:
Other disclosures we may make
We may also disclose your Personal Data in the following circumstances:
Where we engage or require a Data Processor to act on our behalf (such as suppliers, service providers or other third-party vendors), we will ensure that proper procedures are followed when appointing such third parties, including to incorporate adequate contractual provisions under the applicable Personal Data Protection Laws into services or supply agreements.
For a Sale. SB Group uses certain third-party cookies on its website and/or business systems/ applications. These cookie collects your internet and other electronic network activity and shares it with the third-party cookie providers. This use of your Personal Data may be considered a sale under the California Consumer Privacy Act. To opt out of this cookie, visit Do Not Sell or Share My Personal Information
Your Personal Data may be transferred to, and processed in, a country outside of your local jurisdiction or region for any of the purposes described in this Policy.
These countries may have differing (and potentially less stringent) laws relating to the degree of protection afforded to Personal Data.
We may process your Personal Data in countries outside your local jurisdiction or region:
Where your information is processed outside of your local jurisdiction or region, we (or our permitted third parties) will take reasonable steps to ensure that your Personal Data is protected in accordance with the applicable Personal Data Protection Laws.
For example, we may implement organisational, contractual and legal measures (e.g. through the implementation of an intra-group data transfer agreement including Standard Contractual Clauses) to ensure that your Personal Data is protected to the standard required in your local jurisdiction/region. You may request a copy of these measures by contacting us directly.
Unfortunately, no data transmission via the internet (including via mobile application, email or other messaging service) can be guaranteed to be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our website and/or business systems/applications, and any transmission is at your own risk.
However, we maintain commercially reasonable physical, electronic and procedural safeguards to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in accordance with the requirements of the applicable Personal Data Protection Laws.
All Personal Data you provide to us is stored on our secure servers. We comply with our security policies and standards when accessing or using this information and restrict access to your Personal Data to those persons who need to use it for the purpose(s) for which it was collected. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website and/or any business systems/applications, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone. All third-party service providers and other entities within the SB Group are required to take appropriate security measures to protect Personal Data in line with our policies. They are only permitted to process Personal Data for specified purposes and where appropriate, in accordance with our instructions.
All third-party service providers and other entities within our group are required to take appropriate security measures to protect Personal Data in line with our policies. They are only permitted to process Personal Data for specified purposes and where appropriate, in accordance with our instructions.
We have put in place procedures to deal with any suspected data security incidents and will notify you and any applicable Personal Data Protection Authority of a suspected breach where legally required under the applicable Personal Data Protection Laws, or if it is appropriate to do so.
Our website may, from time to time, contain links to external sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy policies of other websites. We have no control over Personal Data that you submit to or receive from these third parties.
We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required. If we require consent to collect certain information about you, and such consent is withdrawn (see Section 5.9), we will delete such information unless we are legally required to retain it.
If you are resident in the USA, Australia, People’s Republic of China, Brazil, Canada and Singapore, please refer to the Schedules of this Policy to learn more about your rights and how to exercise them.
Under certain circumstances and to the extent such rights are granted in accordance with the applicable Personal Data Protection Laws in your country, you may have the right to:
To the extent applicable under the applicable Personal Data Protection Laws:
Should you wish to exercise any of your rights, please contact us directly (see “How to exercise your rights” below).
You should be aware that not all these rights are absolute and there may be circumstances in which we will not fully comply with your request because of a specified legal ground or exemption. In certain situations, your Personal Data may be exempt from access, correction and deletion requests pursuant to the applicable Personal Data Protection Laws or other laws and regulations. We will always inform you if this is the case.
How to exercise your rights
You can also exercise the rights listed above at any time by contacting us directly at DataProtection@swirebulk.com or the contact details set out in Section 5.11 “Contact Details” below. Some jurisdictions may require such requests to be made in writing whilst others permit requests to be made orally or in writing. Please contact us if you are unsure as to how you may make a request. We will respond to your request in accordance with the applicable Personal Data Protection Law.
Please note that we may ask for proof of your identity and address. We also reserve the right, in accordance with the applicable Personal Data Protection Laws, to request additional information reasonably required to identify the specific information being requested or referred to, or any additional information reasonably required to confirm your identity.
To the extent permitted by the applicable Personal Data Protection Laws, we further reserve the right to charge you a reasonable fee for you to access your Personal Data, and for any additional copies of the materials provided, or to refuse to comply with the request.
If you have any concerns about our use of your information, you may also have the right to make a complaint to the relevant Personal Data Protection Authority. Please refer to the definitions section above (Section 4. “Definitions”), or to the relevant Schedule for your jurisdiction, to understand which Personal Data Protection Authority is relevant to the processing of your Personal Data.
Our full contact details are:
Name of Data Protection Officer (DPO): Mun Wai Wong
Contact number: +65 97727042
Email: DataProtection@swirebulk.com
Address: 300 Beach Road #28-02, The Concourse, Singapore 199555.
6.1 Policy Owner
The policy owner is stated at the beginning of this policy. If the policy owner changes, the policy must be re-issued to document this.
6.2 Failure to Comply
Employees must always adhere to the conditions of this policy. Non-compliance must be escalated to policy owner immediately.
6.3 Exceptions
There might be scenarios where exceptions to this policy may be required. Any exception requests must be submitted to the policy owner for consideration and approval.
6.4 Changes to Policy
Swire Bulk reserves the right to amend this policy at its sole discretion. In case of amendments, the policy owner will inform staff appropriately.
Last updated: 16 December 2022
This United States of America Addendum (“USA Addendum”) supplements this Policy to the extent that the CCPA and CPRA (effective January 1, 2023), California Online Privacy Protection Act (“CalOPPA”), Nevada’s NRS 603A.300, et seq., Children’s Online Privacy Protection Act (“COPPA”), and applies in relation to the processing of Personal Data in California, Nevada, and throughout the United States by the SB Group. In case of any inconsistences between this USA Addendum and the rest of this Policy, this USA Addendum prevails.
Please refer to the Schedule 2 CCPA / CPRA Addendum (“Californian Addendum”) to learn more about California residents’ privacy rights and how to exercise those rights.
NEVADA RESIDENTS
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your Personal Data. We do not currently sell any of your Personal Data under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at DataProtection@swirebulk.com Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.
DO NOT TRACK
We will not place cookies or collect information via cookies when your browser is set to Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
GLOBAL PRIVACY CONTROL
Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt out from certain types of data processing, including sales of data. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable Personal Data Protection Laws.
AGE RESTRICTION
The website and/or business systems/ applications are not intended for individuals under the age of sixteen (16). If we learn that we have collected or received Personal Data from a child under the age of sixteen (16), we will delete that information. If you believe we might have information from or about a child under the age of sixteen (16), please contact us at DataProtection@swirebulk.com
Last updated: 1 November 2024
This CCPA Addendum (“Californian Addendum”) supplements this Policy to the extent that the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its implementing regulations (“CCPA”) grants consumers (California residents) certain rights with respect to their Personal Data. The Californian Addendum must be read in conjunction with the rest of this Policy as it contains an additional explanation of why and how we process the personal data of California residents, their rights in relation to personal data, and how to contact us. In case of any inconsistences between this Californian Addendum and the rest of this Policy, this Californian Addendum prevails.
PERSONAL DATA UNDER THE CCPA
In this CCPA Addendum and in the Policy as it relates to the processing of Personal Data in California, “Personal Data” has the same meaning as “personal information” as defined in the CCPA. “Sensitive Personal Data” is a type of Personal Data and has the same meaning as “sensitive personal information” as defined in the CCPA.
How We Collect, Use, Disclose, Sell and Share Personal Data
The SB Group has collected the following categories of Personal Data and used, disclosed, sold or shared such information in the twelve (12) months prior to the effective date of this Policy:
Each of the above categories are disclosed for a business or commercial purpose as described in in Sections 5.1, 5.2, 5.3, and 5.5 of the Policy entitled “Information we collect about you and why”, “Information collected for Research & Development”, “Cookies and similar tracking technologies”, “Information that we automatically obtain when you use our website and/or business systems/applications” and “Other disclosures we may make”, respectively. Such information is disclosed to the third parties listed in Section 5.5 of the Policy entitled “Who we give your information to”.
The following categories of Personal Data were sold or shared in the twelve (12) months prior to the effective date of this Policy:
In the preceding twelve (12) months, SB Group has disclosed the following categories of Personal Data for a business purpose to the following categories of third parties:
SB Group uses certain third-party cookies on its website and/or business systems/ applications. These cookie collects your identifiers, internet or other electronic network activity information and geolocation and shares it with the third-party cookie providers. This use of your Personal Data may be considered a sale and/or sharing under the CCPA. To opt out of this cookie, visit Do Not Sell or Share My Personal Information.
As stated in the Policy, we will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required. If we require consent to collect certain information about you, and such consent is withdrawn, we will delete such information unless we are legally required to retain it.
DO WE SHARE YOUR PERSONAL DATA OVERSEAS?
We may share your Personal Data with overseas third parties. These overseas recipients may be located in, for instance, Singapore, and include:
We only ever share your Personal Data outside of the United States where we are permitted to do so under applicable laws. Generally, this means either you have authorized us to do so or we believe that the Personal Data will be processed and safeguarded by the overseas entity in way that is comparable to the protections offered under United States laws.
Consumer Rights
The Right to Know
Consumers have the right to request that the SB Group discloses to the consumer the following information:
The SB Group will provide this information to a consumer upon receipt and verification of a Verifiable CCPA California Consumer Request Form (hereinafter a “Request to Know”).
For details on how to submit a Request to Know, see Exercising your rights under the CCPA. Any information provided by the SB Group in response to a Request to Know will cover all information collected about you, unless impossible to retrieve, involves disproportionate effort (subject to CCPA regulations), or anything that violates trade secrets or data generated to help ensure security and integrity or as prescribed by regulation.
The Right to Delete
The Right to Request that the SB Group and its service providers delete your Personal Data
A consumer has the right to request that the SB Group deletes any Personal Data about the consumer which the SB Group has collected from the consumer, and the SB Group will notify any service providers or contractors acting on its behalf to do the same, and notify all third parties to whom the SB Group has sold or shared such Personal Data to delete the consumer’s Personal Data, unless this proves impossible or involves disproportionate effort. The SB Group will comply with a consumer’s request to delete his or her Personal Data upon receipt and verification of a Verifiable CCPA California Consumer Request Form (hereinafter “Request to Delete”). By law, the SB Group may retain certain Personal Data collected from a consumer, notwithstanding the consumer’s request to delete the same, if it is reasonably necessary for the SB Group to maintain the consumer’s information in order to:
The Right to Opt-Out
The Right to Opt-Out of the sale or sharing of your personal information
Under California law, a consumer has the right to opt out of sharing of his/her Personal Data for the purpose of targeted advertising and/or of the sale of his/her Personal Data by a business that collects Personal Data and sells and/or shares it (“Request to Opt-Out”). Certain sharing with marketing and analytics cookies is considered a “sale” under the CCPA. To opt-out of certain sharing of information with our third-party analytics and digital advertising service providers, you may set your preferences to reject analytics and advertising cookies by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of the applicable SB Group website.
The SB Group does not have actual knowledge that it sells or shares Personal Data about minors under the age of 16.
The Right to Non-Discrimination
The Right to Non-Discrimination for the exercise of your rights under the CCPA
A consumer has the right to be free from discrimination by the SB Group because the consumer exercised any of his/her rights under the CCPA. Examples of discrimination may include:
The Right to Correct Inaccurate Personal Information
A consumer has the right to request the SB Group to correct inaccurate Personal Data about the consumer, taking into account the nature of the Personal Data and the purposes of the processing of the Personal Data (“Request to Correct”). If the SB Group receives a verifiable consumer request to correct inaccurate Personal Data, the SB Group will use reasonable efforts to correct the inaccurate information.
The Right to Know What Personal Information is Sold or Shared and to Whom
In the event that the SB Group receives a verifiable consumer request from a consumer whose Personal Data has been sold, shared, or disclosed for a business purpose by the SB Group, the consumer has the right to request that the SB Group discloses to the consumer:
The Right to Limit Use and Disclosure of Sensitive Personal Data
The SB Group is not required to offer consumers a right to limit the use or disclosure of Sensitive Personal Data if the SB Group is using the Sensitive Personal Data for the following purposes, provided that the use of the consumer’s Personal Data is reasonably necessary and proportionate for this purpose:
If the SB Group is not using the Sensitive Personal Data for the above purposes, a consumer shall have the right to direct the SB Group to limit its use of the Sensitive Personal Data to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requested the goods or services. If the SB Group has received such a direction, the SB Group is prohibited from using or disclosing the consumer’s Sensitive Personal Data for any other purpose, unless the consumer subsequently provides consent to use the information for additional purposes. If the SB Group uses or discloses a consumer’s Sensitive Personal Data other than as necessary to perform the services or provide the goods, the SB Group will provide notice to consumers that this information may be used, or disclosed to a service provider or contractor, for additional, specified purposes and that consumers have the right to limit the use or disclosure of their Sensitive Personal Data.
HOW CAN YOU Exercise your rights under the CCPA?
Consumers may submit a request to exercise their rights under the CCPA by either of the following methods:
To submit a verifiable Request to Know, Request to Delete or Request to Correct, consumers will be asked to provide certain information to help us verify their identity. The information we ask consumers to provide to initiate a request may differ depending upon the type of request, the type, sensitivity and value of the Personal Data that is the subject of the request, and the risk of harm to you that may occur as a result of unauthorized access or deletion, among other factors. If we cannot verify a consumer’s identity or authority to make the request, we will not be able to comply with his/her request. We will inform consumers if we cannot verify their identity or authority. We will only use Personal Data provided in a verifiable request to verify the requestor’s identity or authority to make the request.
A consumer is entitled to utilize an authorized agent to exercise his/her rights under the CCPA. If the consumer chooses to utilize an authorized agent for this purpose, the SB Group reserves the right to require:
Any authorized agent submitting a Request to Know, Request to Delete or Request to Correct on behalf of a consumer should complete and submit a completed CCPA California Authorized Agent Designation Form to DataProtection@swirebulk.com along with his/her request on behalf of the consumer or provide all the information required by the CCPA California Authorized Agent Designation Form to the SB Group when submitting a consumer request via email or toll-free telephone.
DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?
We (or any member of the SB Group) will only send you direct marketing communications, information and offers about services that we think may interest you with your consent and in accordance with applicable law. This may take the form of emails, SMS or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the details set out in Section 5.11 of the Policy entitled “Contract Details” or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).
HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?
You can exercise your rights above and raise any concerns or complaints you may have about this CCPA Addendum or how we have handled your Personal Data, by contacting the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy entitled “Contract Details”.
Last updated: 16 December 2022
This Australia Addendum (“Australia Addendum“) supplements this Policy to the extent that the Australian Privacy Act applies in relation to the processing of Personal Data in Australia by the SB Group. In case of any inconsistences between this Australia Addendum and the rest of this Policy, this Australia Addendum prevails.
PERSONAL DATA UNDER THE AUSTRALIAN PRIVACY ACT
In this Australia Addendum and in the Privacy Policy as it relates to the processing of Personal Data in Australia, “Personal Data” has the same meaning as “personal information” as defined in the Australian Privacy Act.
“Sensitive information” is a type of “personal information” and has the same meaning as defined in the Australian Privacy Act.
The concept of a “Data Controller” does not exist under the Australian Privacy Act.
DO WE SHARE YOUR PERSONAL DATA OVERSEAS?
We generally collect your Personal Data in Australia. However, we will share your Personal Data with overseas recipients located in Singapore and Hong Kong SAR. These recipients include:
We only ever share your Personal Data outside of Australia where we are permitted to do so under applicable Personal Data Protection Laws. Generally, this means we will take reasonable steps to ensure your Personal Data is treated securely and in accordance with applicable Personal Data Protection Laws.
There are other circumstances where we may disclose your Personal Data to an overseas recipient. For example, where you have provided your consent, or we are otherwise permitted to do so under other relevant laws.
HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?
You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11.of the Policy.
We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).
If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.
We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the Personal Data Protection Laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.
DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?
We (or any member of the SB Group) may send you direct marketing communications, information and offers about services that we think may interest you, as permitted under applicable Personal Data Protection Laws. This may take the form of emails, SMS, or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the contact details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).
We will only send these communications in accordance with applicable privacy and marketing laws (such as the Australian Privacy Act (including Australian Privacy Principle 7), the Australian Spam Act 2003 (Cth), and only where you have opted in to (and not subsequently opted out of) receiving such communications from the us.
HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?
If you have any questions or concerns about this Australia Addendum or how we have handled your Personal Data, you may contact the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy.
Please also contact the Data Protection Officer if you have a complaint about privacy. If you make a complaint about privacy, the following will occur:
No. | Step |
1. | The Data Protection Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week. |
2. | If your complaint requires more detailed consideration or investigation: · we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and · we may ask you to provide further information about your complaint and the outcome you are seeking. |
3. | We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved. |
4. | In most cases, we will respond to your complaint within 30 business days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know. |
If you are not satisfied with our response to a complaint, or you consider that we may have breached the Australian Privacy Act (including the Australian Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator).
The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992, or you can fill out this form to make a complaint about our handling of your Personal Data. Full contact details for the Office of the Australian Information Commissioner can be found online at www.oaic.gov.au.
Last updated: 16 December 2022
This People’s Republic of China Addendum (“PRC Addendum“) supplements the Policy to the extent that PIPL applies to our processing of your Personal Data where such processing takes place in, or where you are an individual in, the People’s Republic of China (“PRC“), which for the purpose of the Policy, excludes the Hong Kong Special Administrative Region, the Macao Special Administrative Region and Taiwan Region. This PRC Addendum forms a part of the Policy. In case of any inconsistences between this PRC Addendum and the rest of the Policy, this PRC Addendum prevails.
The term “process/processing” used in the Policy shall have the same or equivalent meaning of “handle/handling” as described in PIPL.
Legal Basis for Processing of Personal Data
wIn respect of the various legal basis for processing your Personal Data being introduced in the main body of the Policy:
Notwithstanding the foregoing, in any of the following scenarios, we may only process your Personal Data with your separate consent:
(a) Disclosure of your Personal Data to other Data Controllers;
(b) Public disclosure of your Personal Data;
(c) Use of your image or identifying information collected from public places for any purpose other than safeguarding public security;
(d) Processing of your sensitive personal information (as described in PIPL); or
(e) Exporting your Personal Data from the PRC.
For the avoidance of doubt, in the event of a corporate reorganisation of the SB Group as mentioned in the “Who we give your information to” section, we may transfer your Personal Data without your consent but will inform you of the name and contact information of the recipient of your Personal Data, who shall continue to fulfill our duties as a Data Controller.
Data Export from the PRC
In order to comply with PIPL when exporting your Personal Data from the PRC (by ways of, including but without limitations, transferring your Personal Data outside the PRC or granting the overseas recipient access to your Personal Data stored in the PRC), we will take necessary measures to ensure that your Personal Data will be protected by the overseas recipient at a level at least up to the standards set by PIPL.
Subject to the volume and nature of the relevant data export involving your Personal Data, we will also meet at least one of the following requirements set by PIPL for exporting your Personal Data:
(a) Passing the data export security assessment conducted by CAC;
(b) Obtaining certification from a specialised institution under the applicable rules prescribed by CAC;
(c) Entering into a standard form contract formulated by CAC with the overseas recipient; and
(d) Satisfying other conditions under the applicable laws, administrative regulations or rules prescribed by CAC.
Your Rights
To the extent that PIPL applies to our processing of your Personal Data, you would have the right:
(a) To restrict or object to our processing of your Personal Data;
(b) To request access to or a copy of your Personal Data, except where the laws require us to keep your Personal Data confidential;
(c) To request us to provide the portal for transferring your Personal Data to other Data Controllers, but we may grant such request only if the conditions set by CAC have been met;
(d) To request the correction or supplement of your Personal Data, if you find it inaccurate or incomplete;
(e) To request the erasure of your Personal Data in any of the following scenarios:
(f) To request us to explain and elaborate the Policy and any other rules on the processing of your Personal Data.
Where our processing of your Personal Data is undertaken based on your consent, you would also have the right to withdraw such consent, but it shall not affect the effectiveness of our processing of your Personal Data which had already been undertaken before your withdrawal of consent.
Age Restriction
The website and/or business systems/applications are not intended for any individual under the age of fourteen (14). If we learn that we have collected or received any Personal Data from an individual under the age of fourteen (14), we will delete that information. If you believe we might have information from or about an individual under the age of fourteen (14), please contact us.
Local Contact
In addition to our contact details set out in the main body of the Policy, you may also contact Data Protection Officer in the following ways:
Address: Unit 1311-1312, HKRI Centre One, HKRI Taikoo Hui, 288 Shi Men Yi Road, Shanghai
Contact Number: 021-2285 3880
Email: DataProtection@swirebulk.com
Last updated: 22 June 2023
This Brazil Addendum (“Brazil Addendum”) supplements this Policy to the extent that the LGPD applies in relation to the processing of Personal Data in Brazil by the SB Group. In case of any inconsistences between this Brazil Addendum and the rest of this Policy, this Brazil Addendum prevails.
PERSONAL DATA UNDER THE LGPD
In this Brazil Addendum, “Personal Data” has the same meaning as the definition of “personal data” in the LGPD. “Sensitive Personal Data”, as such term is defined under the LGPD, includes information relating to health, genetic, biometric, racial, or ethnic origin, religious conviction, political opinion, union membership or organization of a religious, philosophical, or political information. The LGPD creates a higher standard of protection for Sensitive Personal Data and restricts its processing to certain authorized scenarios. The concept of “Data Controller” under the LGPD includes public or private individuals or legal entities, who are responsible for determining the purpose for which and manner in which Personal Data is processed. The concept of “Data Processor” shall have the same or equivalent meaning of “operator” as described in the LGPD.
DO WE SHARE YOUR PERSONAL DATA OVERSEAS?
We may share your Personal Data with overseas third parties. These recipients include:
We only ever share your Personal Data outside of Brazil where it is not in violation of LGPD. Generally, this means either you have authorised us to do so, or we will take reasonable steps to ensure your Personal Data is treated securely and will be processed and safeguarded by the overseas entity in a way that is comparable to the protections offered under the LGPD.
HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?
You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.
YOUR RIGHTS
We will respect the confidentiality of the Personal Data that we collect and ensure you the
exercise of your rights. Regardless of the purpose or legal basis we use to process your Personal Data, and to the extent that LGPD applies to our processing of your Personal Data, you have the right:
(a) To request confirmation of processing or access to your Personal Data;
(b) To request correction of your Personal Data, if you find it inaccurate or incomplete;
(c) To request the erasure, deletion, restriction from processing and/or anonymization of your Personal Data;
(d) To request us to provide information from Third Parties with whom your Personal Data has been shared; and
(e) To request us to provide information regarding the possibility for you to deny consent to the processing of your Personal Data.
HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?
You can exercise your rights above and raise any concerns or complaints you may have about this Brazil Addendum or how we have handled your Personal Data, by contacting the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. If you are not satisfied with our response to a complaint, you are also entitled to file a complaint with the data protection authority, in particular, ANPD.
Full contact details for the ANPD can be found online at https://www.gov.br/anpd/pt-br/canais_atendimento/fale-conosco.
Last updated: 22 June 2023
This Canada Addendum (“Canada Addendum”) supplements this Policy to the extent that PIPEDA, applies in relation to the processing of Personal Data in Canada, or to the extent that PIPA BC apply in relation to the processing of Personal Data in British Columbia respectively by the SB Group. In case of any inconsistences between this Canada Addendum and the rest of this Policy, this Canada Addendum prevails for all Personal Data for which Canadian privacy laws apply.
PERSONAL DATA UNDER PIPEDA AND THE PROVINCIAL PRIVACY LAWS
In this Canada Addendum, “Personal Data” has the same meaning as the definition of “personal information” in PIPEDA and under the Provincial Privacy Laws. “Sensitive” personal information is not expressly defined in PIPEDA and PIPA BC. The concepts of a “Data Controller” or “Data Processor” do not exist under PIPEDA and PIPA BC.
DO WE SHARE YOUR PERSONAL DATA OUTSIDE OF CANADA?
We may share your Personal Data with third parties located outside of Canada. These recipients include:
Accordingly, your Personal Data may become accessible to the courts and law enforcement and national security authorities of the jurisdictions your Personal Data is located when obtaining our services.
We only ever share your Personal Data outside of Canada where we are permitted to do so under PIPEDA or the applicable PIPA BC. We put in place contractual arrangements with service providers and third parties with whom we share Personal Data to ensure that Personal Data is processed and safeguarded in a way that is comparable to the protections offered under applicable Canadian privacy laws.
HOW TO ACCESS OR RECTIFY YOUR PERSONAL DATA
You are entitled to request access to any of your Personal Data that we collect subject to certain exceptions to and prohibitions on disclosure. Exceptions include where information is subject to solicitor- client privilege or where the information contains references to third parties or cannot be disclosed for legal, security or commercial reasons. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.
How to make a request for access to your Personal Data
No. | Step |
1 | Make a request for access in writing using the contact details at Section 5.11 of the Policy. |
2 | If at any time you need assistance with making your request, we will provide assistance upon request |
3 | We will respond to your request within 30 days, or 45 days in Alberta. In certain circumstances, we seek an extension to respond by up to 30 days in certain cases. A fee may be required subject to certain conditions. |
We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).
If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you are also entitled to request correction of the Personal Data by contacting our Data Protection Officer. After receiving a request from you, we will take reasonable steps to correct your Personal Data.
We may decline your request to access or correct your Personal Data in certain circumstances in accordance with PIPEDA or PIPA BC. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.
HOW TO MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA
If you have any questions or concerns about this Canada Addendum or how we handle your Personal Data, you may contact the Data Protection Officer at any time using the contact details provided at Section 5.11 of the Policy.
If you are not satisfied with our response to your enquiry, or you consider that we may have breached PIPEDA or PIPA BC, you are entitled to make a complaint to:
Federal: Office of the Privacy Commissioner of Canada can be contacted by telephone at 1800-282-1376. Full contact details for the OPC can be found online at www.priv.gc.ca/en/ and
British Columbia: Office of the Information and Privacy Commissioner for British Columbia can be contacted by telephone at (250) 387-5629. Full contact details for the IPC BC can be found online at www.oipc.bc.ca.
Last updated: 11 April 2024
This Singapore Addendum (“Singapore Addendum”) supplements this Policy to the extent that the Singapore Personal Data Protection Act 2012 (PDPA) (No. 26 of 2012) applies in relation to the processing of Personal Data in Singapore by the SB Group. In case of any inconsistences between this Singapore Addendum and the rest of this Policy, this Singapore Addendum prevails.
PERSONAL DATA UNDER THE SINGAPORE PERSONAL DATA PROTECTION ACT 2012
In this Singapore Addendum and in the Privacy Policy as it relates to the processing of Personal Data in Singapore, “Personal Data” as defined in the Singapore Personal Data Protection Act 2012 refers to data about an individual who can be identified from that data, or from that data and other information to which the organization has or is likely to have access.
DO WE SHARE YOUR PERSONAL DATA OVERSEAS?
We generally collect your Personal Data in Singapore. However, we will share your Personal Data with overseas recipients located in various countries. These recipients include:
We only ever share your Personal Data outside of Singapore where we are permitted to do so under applicable Personal Data Protection Laws. Generally, this means we will take reasonable steps to ensure your Personal Data is treated securely and in accordance with applicable Personal Data Protection Laws.
There are other circumstances where we may disclose your Personal Data to an overseas recipient. For example, where you have provided your consent, or we are otherwise permitted to do so under other relevant laws.
HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?
You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.
We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).
If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.
We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the Personal Data Protection Laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.
DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?
We (or any member of the SB Group) may send you direct marketing communications, information and offers about services that we think may interest you, as permitted under applicable Personal Data Protection Laws. This may take the form of emails, SMS, or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the contact details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).
We will only send these communications in accordance with Personal Data Protection Laws and only where you have opted in to (and not subsequently opted out of) receiving such communications from the us.
HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?
If you have any questions or concerns about this Singapore Addendum or how we have handled your Personal Data, you may contact the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. Please also contact the Data Protection Officer if you have a complaint about privacy.
If you are not satisfied with our response to a complaint, or you consider that we may have breached the Singapore Personal Data Protection Act, you are entitled to make a complaint to the Personal Data Protection Commission (PDPC).
The Personal Data Protection
Commission can be contacted by telephone on +065 63773131, or you may visit PDPC – Complaints and Reviews.
Swire Bulk Pte. Ltd.
300 Beach Road,
The Concourse,
#28-02 Singapore 199555
© 2024 Swire Bulk Pte. Ltd. All rights reserved.
You must be logged in to post a comment.