Company Image
Privacy Policy

1. Introduction

At RE&S Enterprises Private Limited (collectively “RE&S”), we respect the privacy and confidentiality of the personal data of our Clients, Associates and others whom we interact with in the course of providing our services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.

We have developed this Data Protection Notice (collectively “Notice”) to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession through &Rewards loyalty programme. By agreeing to join &Rewards loyalty programme, you hereby consent to our collection, use and disclosure of your personal data, in the manner described in this Notice. Without limiting the generality of the foregoing, you authorise RE&S to transmit your personal data outside of Singapore in the manner and for the purposes described in this Notice.

2. How We Collect Your Personal Data

Generally, we may collect your personal data as follows:

When you

• Register for our &Rewards loyalty programme or create an account on our platforms;
• Provide consent or subscribe to receiving marketing promotion details;
• Share your feedback with us via the feedback form on our website (applicable to all websites managed by RE&S);
• Enter a competition, promotion or survey;
• Connect to WIFI at our premises;
• Use mobile or web applications developed by us.

3. Types of Personal Data We Collect About You

The types of personal data we collect about you include:

• Your contact information (Name, Address, Phone No., Email Address, Account Password);
• Your personal details which include – but not limited to the following - Gender, Date of Birth, Country of Birth, Country of Residence, Citizenship, Nationality, Race/Ethnicity and etc.;
• Information about your usage of – and interaction with – the above platforms, including traffic data, location data, the originating domain name of your internet service provider, statistics on page views, cookies and IP addresses.

RE&S does not guarantee the accuracy of data collected by &Rewards from its members. Members who wish to scrutinize, amend, or delete data relating to him or her, may do so via &Rewards members’ portal.

4. How We Use Your Personal Data

We use the personal data you provide us for one or more of the following purposes:

• To help us verify your identify for the purpose of processing and administering any membership application or registration;
• To keep track of member’s transaction records;
• To send you notifications and marketing messages in relation to our promotional events, offers, opportunities, products, benefits and programmes;
• To conduct marketing activities including but not limiting to market research, customer profiling, customer insights and targeted marketing activities;
• To respond to your queries, requests, feedback and complaints;
• To provide you with services and to help develop, improve, manage and administer the services we provide to you, including services provided on – and through – our platforms and WIFI services;
• To inform you of changes to our programmes, policies, terms and conditions, platform updates and other administrative information;
• To prevent, detect and investigate security incidents or breaches, crime, including fraud, and analysing and managing other risks.

5. Who We Disclose Your Personal Data To

We may share or disclose some of the personal data you provide us to the following entities or organisations outside RE&S in order to fulfil our services to you:

• With RE&S’ solicitors for purposes of legal advice, settlements of dispute or litigation to protect RE&S’ interest;
• With RE&S’ affiliate or subcontractors that managed ‘&Rewards’ loyalty programme;
• With persons involved in collection of a debt owed by that customer/member to RE&S
• In the event of a merger, acquisition, financing, or sale of assets or any other situation involving the transfer of some or all of our business assets, RE&S may disclose personal information to those involved in the negotiation or transfer;
• With others with your consent; or
• To comply with law or to respond to legal or regulatory processes or lawful requests, including enquiries from governmental and regulatory agencies.

RE&S reserves the right to delete completely specific customers’ data from RE&S’ database in the event that the said customers’ membership in ‘&Rewards’ loyalty programme is terminated and/or the said customers’ ‘&Rewards’ membership is cancelled or terminated for any reason whatsoever. RE&S reserves the right to delete all customers’ data in its database in the event that the ‘&Rewards’ loyalty programme is terminated for any reason whatsoever.

6. How We Manage the Collection, Use and Disclosure of Your Personal Data
6.1 Obtaining Consent

Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances (only those relevant to RE&S are included):

• The personal data is publicly available;
• The personal data is disclosed by a public agency or disclosed to a public agency;
• The personal data is necessary for any investigation or proceedings;
• The personal data is necessary for evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for);
• The personal data is necessary for the purpose of managing or terminating an employment relationship;
• The personal data is necessary for a business asset transaction.

6.2 Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us. Your request for withdrawal of consent can take the form of an email or letter to us, or through the “UNSUB” feature in an online service.

6.3 Use of Cookies

We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms. Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session. You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.

6.4 Third-Party Consent

If you do a transaction with us on behalf of another individual that will require you to provide that individual’s personal data to us, you must ensure that this individual has given his/her expressed consent to provide his/her personal data to us through you. We will require you to get a written confirmation from this individual that he/she has indeed given his/her expressed consent to you for us to collect, use or disclose his/her personal data.

7. How We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date. From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

You should ensure that all personal data submitted by you to us is complete and accurate.

8. How We Protect Your Personal Data

We have implemented appropriate physical, information, administrative security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks. We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.

Where RE&S provides and/or transfers any data that it collects from you to its parent, subsidiary, associated and affiliated companies, or to any agent, contractor or third party service provider, located outside of Singapore, RE&S confirms that any of the above-mentioned parties to whom your personal data is disclosed or transferred are, or shall be bound by legally enforceable obligations to provide a standard of protection to personal data comparable to the standard of protection as set out in the Personal Data Protection Act 2012 and RE&S will use its best endeavours to ensure that each such party maintains appropriate physical, technical and organizational security measures to protect your personal data against tampering and unauthorized access by third parties.

While RE&S uses reasonable efforts to protect personal data in its possession or under its control, the transmission of data over the Internet or any other public network may be subject to loss, interception and misuse.

All personal data you provide to us is stored on our secure servers. Any payment transactions will be encrypted and secured by a payment gateway that is PCI DSS compliant. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received personal data about you, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

9. How We Retain Your Personal Data

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes. We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

10. How You Can Access and Make Correction to Your Personal Data

You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.

11. Transfer of Personal Data

Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA.

12. Questions and Feedback

If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact us at: DPO@res.com.sg.

Any query or complaint should include, at least, the following details:

• Your full name and contact information
• Brief description of your query or complaint

We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

13. Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes. We will notify you of any modified versions of the privacy policy that might materially affect the way we use or disclose your personal information.

Add us to your homescreen!