CaseTrust for Business

Data Protection & Privacy Policy​

Personal Data Policy

This is to inform you of how CASE handles your personal data (“Personal Data”) which is subject to the Personal Data Protection Act 2012 (Cap. 26) (“PDPA”). CASE will not share your personal information with third parties without your consent unless required by law. 

“Personal Data” is any information which can be used to identify you or from which you are identifiable. This includes but is not limited to your name, nationality, mobile number, email address, your image, the last three numerical digits and checksum of any government-issued identification number (e.g. “567A” from the full NRIC number of “S1234567A”), race and date of birth.

CASE may collect, use and disclose your data policy in a manner that promotes an environment of fair and ethical trade practices that furthers our vision of a consumer-friendly Singapore and may use your data in initiatives that champion consumers’ interests and promote fair-trading. CASE may also combine the collected Personal Data with other Personal Data in our possession. CASE takes reasonable efforts to ensure that your Personal Data collected by us is accurate and complete.

A. Collection of your Personal Data

CASE collects your Personal Data through the following means:

Complaint Against A Supplier

  • When you lodge a complaint against a Supplier (as defined under the Consumer Protection (Fair Trading) ("CPFTA")
  • When you communicate or interact with CASE via telephone, letters, fax, face-to-face meetings, our website, e-mail, social media and/or any other modes of contact. Telephone calls to CASE"s hotline may be recorded.

CASE may be required to collect your NRIC number for a public agency’s purpose. Unless otherwise stated, should you provide scanned documents that contain your NRIC number or other government-issued identification number, you shall blank out or mask your NRIC number or other government-issued identification number. In the event where partial collection of your NRIC is required, you should blank out or mask the first letter and the next 4 numerical digits, leaving only the last three numerical digits and checksum of that number (e.g. “567A” from the full NRIC number of “S1234567A”).

Complaint Against An Advertisement

  • When you lodge a complaint against an advertisement to the Advertising Standards Authority of Singapore ("ASAS")
  • When you communicate or interact with ASAS via telephone, letters, fax, face-to-face meetings, ASAS"l;s website, e-mail, social media and/or any other modes of contact. Telephone calls to ASAS’s hotline may be recorded.

Members

When you sign up as a member of CASE

Volunteers / Employment

  • when you apply to volunteer your services with CASE; and
  • when you submit an employment application or provide information on the same.

Events / Training / Seminars

  • when you apply to volunteer your services with CASE; and
  • When you sign up for seminars or events organised by CASE;

General

  • CCTV recording when you are on our premise;
  • When you sign up for seminars or events organised by CASE;
  • Photographs of videos taken by CASE or our representatives at events hosted by CASE; and
  • When you submit your Personal Data for any other reason.

B. How we use your Personal Data

CASE collects and uses your Personal Data for the following purposes:

  1. To verify your identity;
  2. To follow-up on your complaint against a Supplier;
  3. To follow-up on your complaint against an advertising practice;
  4. In responding to, processing and handling your complaints, suggestions and feedback;
  5. For compiling statistics for submission to government authorities / agencies / responding to media queries;
  6. To provide the necessary information to the Competition and Consumer Commission of Singapore (“CCCS”) to perform its role of administering agency for the CPFTA;
  7. To comply with applicable laws and regulations by the relevant authorities;
  8. In providing updates and reports to you about CASE through CASE’s mailing list, newsletters and magazine.

C. Disclosure of your Personal Data

CASE may disclose Personal Data for the following reasons:

  1. To any relevant authorities, including professional regulatory bodies and/or law enforcement agencies;
  2. To CCCS for the purposes of administering the CPFTA;
  3. To the extent necessary to comply with any laws, regulations, rules, directions, guidelines and other similar requirements;
  4. To an employee, volunteer or an independent contractor providing services to support CASE and whom is under a duty of confidentiality to CASE;
  5. Any other party to whom you authorise us to disclose your Personal Data to; and
  6. To the Supplier / business / organisation in order to follow-up on your complaint unless you expressly inform us otherwise.

CASE will only disclose your Personal Data as it is reasonably required to carry out our duties and to permit third parties to do the necessary work. Parties to whom CASE discloses your Personal Data to are required to comply with the PDPA (or similar data protection legislation).

D. Enquiries, Access, Correction of your Personal Data

Withdrawing Your Consent

You may refuse or withdraw your consent for us to collect, use or disclose your Personal Data by giving us reasonable notice. Please note that where you choose to do so, CASE may not be able to act for you in the matter.

 

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw your consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer.

 

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving. Should we require more time to give effect to a withdrawal notice, we will inform you of the time frame by which the withdrawal of consent will take effect.

 

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in the paragraph above.

 

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Access and Correction of your Personal Data

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

 

We will respond to your request as soon as reasonably possible. Before we accede to your access or correction request, we may need to verify your identity by checking identification document, and the legitimacy of your request. Should we not be able to respond to your request within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

 

If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

 

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

Accuracy

CASE takes reasonable efforts to ensure that your Personal Data collected by us is accurate and complete.

 

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing our Data Protection Officers at the contact details provided in paragraph below.

Safeguard

To safeguard your Personal Data, all electronic storage and transmission of Personal Data is secured with appropriate security technologies.

Retention

CASE will keep your Personal Data only for as long as it is required for business or law. Once your Personal Data is no longer required for these purposes, CASE will destroy, erase or make anonymous the Personal Data. In most instances, your Personal Data will be deleted after a period of 6 years from the initial collection of your Personal Data. Where CASE collects your NRIC number (or copies of your NRIC) for a public agency purpose, CASE will cease to retain your NRIC number (or copies of your NRIC) once CASE has completed the tasks required by the public agency.

Cross-border Transfers of Personal Data

Unless for business-related needs, we generally do not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, including entering into an agreement with the receiving party to accord similar levels of data protection as those in Singapore. 

Data Breach Notification 

In the event a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and if appropriate, report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required.

Changes

CASE reviews its Personal Data Policy and reserves the right to make changes from time to time to take into account changes in our organisation and legal requirements.

Contact Us

Please contact our Data Protection Officer at [email protected] if you:

  1. have any concern, enquiries, feedback or complaints on CASE’s Personal Data Policies;
  2. would like to withdraw your consent to any use of your Personal Data; or
  3. would like to obtain access and make corrections to your Personal Data records.

Please note that for consumer-related issues such as refunds, deliveries and warranties, please go here to submit your complaint online.

 

Effective: 8 May 2025

Last Updated: 8 May 2025