Compliant with the Singapore Personal Data Protection Act 2012 (PDPA) | Effective: 27 August 2018
1. Purpose
This Policy governs how Ticket2u ('the Company') collects, uses, discloses, and protects personal data in accordance with the PDPA.
2. Data We Collect
- Customers: name, NRIC/FIN, contact details, payment info
- Employees: personal, employment, payroll records
- Vendors: business contact and contract information
3. Purposes of Collection
- Providing and administering our products/services
- Processing payments and fulfilling contracts
- Recruitment and HR administration
- Legal and regulatory compliance
- Marketing (with consent; opt-out available anytime)
4. Consent
We obtain consent before or at the point of data collection. Individuals may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at [email protected]
5. Disclosure to Third Parties
We do not sell personal data. Data may be shared with service providers, auditors, or government authorities on a need-to-know basis. Overseas transfers comply with PDPA transfer obligations.
6. Data Retention
Personal data is retained only as long as necessary for its purpose or as required by law (e.g., employee records: 7 years; customer records: 5 years). Data is securely disposed of thereafter.
7. Data Protection Measures
- Access controls and role-based permissions
- Encryption of sensitive data in transit and at rest
- Regular staff training on data protection
- Physical security for hardcopy records
- Periodic review of systems and vendors
8. Your Rights
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Withdraw consent: Opt out of processing at any time
- Data portability: Request data in machine-readable format
Requests will be responded to within 30 calendar days.
9. Data Breach Response
In the event of a notifiable data breach, we will inform the PDPC within 3 calendar days and notify affected individuals promptly where there is risk of significant harm
10. Direct Marketing
Marketing messages are only sent with consent. All communications include an unsubscribe option. Opt-out requests are honoured within 30 days.
11. Complaints & Contact
For queries, access/correction requests, or complaints, please contact us:
Unresolved complaints may be escalated to the PDPC at www.pdpc.gov.sg
12. Policy Review
This Policy is reviewed annually or upon material changes. The latest version is available on our website and shared with all staff.