Privacy Policy

1. INTRODUCTION


1.1 Welcome to the www.talcyon.com website (the “Site”) run by Talcyon Pte Ltd, its related entities, affiliates, and subsidiaries (individually and collectively, “TALCYON”, “we”, “us” or “our”). TALCYON takes its responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) seriously and is committed to respecting the privacy rights and concerns of all users of our Site (we refer to the Site and the services we provide as described in our Site collectively as the “Services”). For European Union (“EU”) residents visiting our Site, please refer to the GDPR Addendum for your rights under the EU General Data Protection Regulation (GDPR). We recognise the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data. This Privacy Policy (“Privacy Policy” or “Policy”) is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us and/or that we possess about you, whether now or in the future, as well as to assist you in making an informed decision before providing us with any of your personal data. Please read this Privacy Policy carefully. If you have any questions regarding this information or our privacy practices, please see the section entitled “Questions, Concerns or Complaints? Contact Us” at the end of this Privacy Policy.


1.2 By using the Services, registering for an account with us, visiting our Site, or accessing the Services, you acknowledge and agree that you accept the practices, requirements, and/or policies outlined in this Privacy Policy, and you hereby consent to us collecting, using, disclosing and/or processing your personal data as described herein. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES OR ACCESS OUR WEBSITE. If we change our Privacy Policy, we will post those changes or the amended Privacy Policy on our website. We reserve the right to amend this Privacy Policy at any time.


2. WHAT INFORMATION DOES TALCYON COLLECT?


2.1 “Personal Data” or “personal data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include name, identification number, contact information.


2.2 We will/may collect personal data about you:


(a) when you register and/or use our Services or Site, or open an account with us;

(b) when you submit any form, including but not limited to application forms or other forms relating to any of our products and services, whether online or by way of a physical form;

(c) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our products and services;

(d) when you interact with us, such as via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;

(e) when you use our electronic services or interact with us via our website or use the Services on our website. This includes through cookies and/or other similar technologies which we may deploy when you interact with our website;

(f) when you carry out transactions through our website or Services;

(g) when you provide us with feedback or complaints;

(h) when you submit your personal data to us for any reason.


The above does not purport to be exhaustive and sets out some common instances of when personal data about you may be collected.


2.3 When you visit, use or interact with the Site, we may collect certain information by automated or passive means using a variety of technologies, which technologies may be downloaded to your device and may set or modify settings on your device. The information we collect may include your Internet Protocol (IP) address, computer operating system and browser type, the address of a referring web site (if any), and the pages you visit on our website, and the times of visit. We may collect, use disclose and/or process this information for the Purposes (defined below).


2.4 Such personal data collected includes but is not limited to:


• name;

• email address;

• billing address;

• telephone number;

• company name;

• occupation;

• country;

• any other information about the user when the user signs up to use our Services or website, and when the user uses the Services or website, as well as information related to how the user uses our Services or website; and

• aggregate data on content the user engages with.


2.5 If you do not want us to collect the aforementioned information/personal data, you may opt out at any time by notifying our Data Protection Officer in writing about it. Further information on opting out can be found in the section entitled “Opting Out and Withdrawing Consent” below. Note, however, that opting out of us collecting your personal data or withdrawing your consent for us to collect, use or process your personal data may affect your use of the Services.


3. SETTING UP AN ACCOUNT


In order to use certain functionalities of the Services, you will have to create a user account which requires you to submit certain personal data. When you register and create an account, we require you to provide us your name and email address as well as a username that you select. Upon activating an account, you will select a username and password. Your username and password will be used so you can securely access and maintain your account.


4. VIEWING WEB PAGES


As with most web sites, your computer sends information, which may include personal data about you that gets logged by a web server when you browse our Site. This typically includes without limitation your computer’s IP address, operating system, browser name/version, the referring web page, requested page, date/time, and sometimes a “cookie” (which can be disabled using your browser preferences) to help the site remember your last visit. If you are logged in, this information is associated with your personal account. The information is also included in anonymous statistics to allow us to understand how visitors use our site.


5. COOKIES AND SIMILAR TECHNOLOGIES


5.1 We may from time to time implement “cookies” and/or similar technologies to allow us or third parties to collect or share information that will help us improve our Site and the Services we offer or help us offer new services and features. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognise your computer or device and tell us how and when the Services or website are used or visited, by how many people and to track movements within our website. We may link cookie information to personal data. Cookies also link to information regarding what items you have selected for purchase, pages you have viewed. This information is used to keep track of your shopping cart, for example. Cookies are also used to deliver content specific to your interest and to monitor website usage. Cookies allow the website to remember important information that will make your use of our Site more convenient.


5.2 You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our Site or the Services, which may limit your browsing experience.


6. VIEWING AND DOWNLOADING CONTENT AND ADVERTISING


As with browsing web pages, when you watch content and advertising and other software on our Site or through the Services, most of the same information is sent to us (including, IP Address, operating system, etc.); but, instead of page views, your computer sends us information on the content, or advertisement viewed or installed by the Services and the website and time.


7. COMMUNITY & SUPPORT


We provide customer service support through email and feedback forms. In order to provide customer support, we will ask for your email address and phone number. Aside from this information, we do not ask for any personal data to provide customer support. We only use information received from customer support requests, including email addresses, for customer support services and we do not transfer or share this information with any third parties.


8. SURVEYS


From time-to-time, we request information from users via surveys. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose this information. Information requested may include contact information which will be used for purposes of monitoring or improving the use and satisfaction of the Services and will not be transferred to third parties.


9. HOW DO WE USE THE INFORMATION YOU PROVIDE US?


9.1 We may collect, use, disclose and/or process your personal data for one or more of the following purposes:


(a) to consider and/or process your application/transaction with us;

(b) to manage, operate, provide and/or administer your use of and/or access to our Services and our website, as well as your relationship and user account with us;

(c) to manage, operate, administer and provide you with as well as to facilitate our provision of, our Services, including remembering your preferences;

(d) to respond to, process, deal with or complete a transaction and/or to fulfil your requests for certain products and services, and notify you of service issues and unusual account actions;

(e) to enforce our Terms of Service or any applicable TALCYON end user license agreement;

(f) to protect personal safety and the rights, property or safety of others;

(g) for identification and/or verification;

(h) to maintain and administer any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Services;

(i) to deal with or facilitate customer service, carry out your instructions, deal with or respond to any enquiries given by (or purported to be given by) you or on your behalf;

(j) to contact you or communicate with you via phone/voice call, text message and/or fax message, email and/or postal mail or otherwise for the purposes of administering and/or managing your relationship with us or your use of our Services, such as but not limited to communicating administrative information to you related to our Services. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;

(k) to conduct research, analysis and development activities (including but not limited to data analytics, surveys, product and service development and/or profiling), to analyse how you use our Services, to improve our Services or products and/or to enhance your customer experience;

(l) to allow for advertising and other audits, and surveys to, among other things, understand its experience with the TALCYON client and service

(m) for marketing and in this regard, to send you by various modes of communication such as email, postal mail, location based services or otherwise, marketing and promotional information and materials relating to products and/or services (including products and/or services of third parties whom TALCYON may collaborate or tie up with) that TALCYON (and/or its affiliates or related corporations) may be selling, marketing or promoting, whether such products or services exist now or are created in the future. In the case of the sending of marketing or promotional information to you by voice call, SMS/MMS or fax to your Singapore telephone number, we will not do so unless we have complied with the requirements of the PDPA in relation to use of such latter modes of communication in sending you marketing information or you have expressly consented to the same;

(n) to respond to legal processes or to comply with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on TALCYON or on its related corporations or affiliates;

(o) to produce statistics and research for internal and statutory reporting and/or record-keeping requirements;

(p) to carry out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;

(q) to audit our Services or TALCYON’s business;

(r) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether relating to your use of our Services or any other matter arising from your relationship with us, and whether or not there is any suspicion of the aforementioned;

(s) to store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;

(t) to deal with and/or facilitate a business asset transaction or a potential business asset transaction, where such transaction involves TALCYON as a participant or involves only a related corporation or affiliate of TALCYON as a participant or involves TALCYON and/or any one or more of TALCYON’s related corporations or affiliates as participant(s), and there may be other third party organisations who are participants in such transaction. A “business asset transaction” refers to the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation; and

(u) any other purposes which we notify you of at the time of obtaining your consent.

(collectively, the “Purposes”).


9.2 As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.


10. HOW DOES TALCYON PROTECT CUSTOMER INFORMATION?


We implement a variety of security measures to ensure the security of your personal data on our systems. User personal data is contained behind secured networks and is only accessible by a limited number of employees who have special access rights to such systems. We will retain personal data in accordance with the PDPA and/or applicable law. That is, we will destroy or anonymise your personal data as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any legal or business purposes. If you cease using the Site, or your permission to use the Site and/or the Services is terminated, we may continue storing, using and/or disclosing your personal data in accordance with this Privacy Policy and our obligations under the PDPA. Subject to applicable law, we may securely dispose of your personal data without prior notice to you.


11. DOES TALCYON DISCLOSE THE INFORMATION IT COLLECTS FROM ITS VISITORS TO OUTSIDE PARTIES?


11.1 In conducting our business, we will/may need to disclose your personal data to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties, whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third-party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes. Such third parties include:

(a) our subsidiaries, affiliates and related corporations;

(b) contractors, agents, service providers and other third parties we use to support our business. These include but are not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres;

(c) a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of TALCYON’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by TALCYON about our Services users is among the assets transferred; or to a counterparty to a business asset transaction that TALCYON or any of its affiliates or related corporations is involved in; and

(d) third parties to whom disclosure by us is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.


11.2 For the avoidance of doubt, in the event that Singapore personal data protection law or other applicable law permits an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply.


11.3 This Privacy Policy is not a promise that your personal data will never be disclosed except as described in this Privacy Policy. For example, third parties may unlawfully intercept, or access personal data transmitted to or contained on the site, technologies may malfunction or not work as anticipated, or someone might access, abuse or misuse information, through no fault of ours. We will nevertheless deploy reasonable security arrangements to protect your personal data as required by the PDPA; however there can inevitably be no guarantee of absolute security such as but not limited to when unauthorised disclosure arises from malicious and sophisticated hacking by malcontents through no fault of ours.


12. INFORMATION COLLECTED BY THIRD PARTIES


12.1 Our Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the Site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.


12.2 We, and third parties, may from time to time make software applications available for your use on or through the Services. These applications may separately access, and allow a third party to view, your identifiable information, such as your name, your user ID, your computer’s IP Address or other information, and any cookies that you may previously have installed or that were installed for you by a third party software application or website. Additionally, these applications may ask you to provide additional information directly to third parties. Third party products or services provided through these applications are not owned or controlled by TALCYON. You are encouraged to read the terms and other policies published by such third parties on their websites or otherwise.


13. DISCLAIMER REGARDING SECURITY AND THIRD-PARTY SITES


13.1 WE DO NOT GUARANTEE THE SECURITY OF PERSONAL DATA AND/OR OTHER INFORMATION THAT YOU PROVIDE ON THIRD PARTY SITES. We do implement a variety of security measures to maintain the safety of your personal data that is in our possession or under our control. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the personal data confidential. When you place orders or access your personal data, we offer the use of a secure server. All personal data or sensitive information you supply is encrypted into our databases to be only accessed as stated above.

13.2 We therefore have no responsibility or liability for the content, security arrangements (or lack thereof) and activities of these linked sites. These linked sites are only for your convenience and you therefore access them at your own risk. Nonetheless, we seek to protect the integrity of our Site and the links placed upon each of them and therefore welcome any feedback about these linked sites (including if a specific link does not work).


14. ARE YOU VISITING OUR SITE FROM OUTSIDE SINGAPORE?


If you are visiting or accessing our website or purchasing products from outside of Singapore or otherwise contacting us from outside of Singapore, please be aware that your personal data and/or information may be transferred to, stored or processed in Singapore, where our servers are located and our central database is operated. The data protection law and other laws of Singapore and other countries might not be as comprehensive as those in your country. By using our Site or purchasing our products or Services, you acknowledge that your personal data and/or information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.


15. HOW CAN YOU OPT-OUT, REMOVE, REQUEST ACCESS TO OR MODIFY INFORMATION YOU HAVE PROVIDED TO US?


15.1 Opting Out and Withdrawing Consent


(a) To modify your email subscriptions, please let us know by sending an email to our Personal Data Protection Officer at the address listed below. Please note that due to email production schedules, you may still receive emails that are already in production.

(b) You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by sending an email to our Personal Data Protection Officer at the address listed below.

(c) Once we have your clear withdrawal instructions and verified your identity, we will process your request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request. If we are unable to verify your identity or understand your instructions, we will liaise with you to understand your request.

(d) However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue providing the Services to you, we may need to terminate your existing relationship with us, the contract you have with us will have to be terminated, etc., as the case may be, which we will inform you of.


15.2 Requesting Access and/or Correction of Personal Data


(a) If you have an account with us, you may personally access and/or correct your personal data currently in our possession or control through the Account Settings page on the Site. If you do not have an account with us, you may request to access and/or correct your personal data currently in our possession or control by submitting a written request to us. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Hence, please submit your written request by sending an email to our Personal Data Protection Officer at the address listed below.

(b) For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA exempts certain types of personal data from being subject to your access request.


(c) For a request to correct personal data, once we have sufficient information from you to deal with the request, we will:

(i) correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request; and

(ii) we will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

(d) Notwithstanding sub-paragraph (b) immediately above, we may, if you so consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.

(e) We will/may also be charging you a reasonable fee for the handling and processing of your requests to access your personal data. If we so choose to charge, we will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.

(f) We reserve the right to refuse to correct your personal data in accordance with the provisions as set out in PDPA, which require and/or entitle an organisation to refuse to correct personal data in stated circumstances.


16. QUESTIONS, CONCERNS OR COMPLAINTS? CONTACT US


16.1 If you have any questions or concerns about our privacy practices or your dealings with the Services, please do not hesitate to contact: info@talcyon.com.


16.2 If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.

Please contact us through email with your complaint or grievance:

E-mail: info@talcyon.com and Attention it to the “Personal Data Protection Officer”.


16.3 Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.


We will certainly strive to deal with any complaint or grievance that you may have fairly and as soon as possible.


17. GOVERNING LAW


This Privacy Policy is governed by the laws of the Republic of Singapore.


18. TERMS AND CONDITIONS


Please also read the Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of the Site and the Services.

GDPR ADDENDUM

EU General Data Protection Regulation (GDPR)


This GDPR Addendum, including any future modifications (the “Addendum”), forms a material part of the TALCYON’s Privacy Policy and applies to any “personal data” (as defined under the GDPR) that we may “process” (as defined under the GDPR) through your use of our Site and Services, whether as a guest or as a registered user. While TALCYON is a Singaporean company that is subject to Singaporean law, TALCYON will attempt to give effect to the GDPR for its EU users that are entitled to enforce rights under the GDPR to the extent commercially reasonable and to the extent that the GDPR’s requirements do not conflict with the requirements of Singaporean law. The purpose of this Addendum is to briefly describe: 1) rights under the GDPR; 2) the legal bases that support TALCYON ‘s processing activities; and 3) whether any automated processing methods are used for processing your personal data.


It is important that you read this policy in addition to our Privacy Policy or with any other policy notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your personal data. This policy supplements our Privacy Policy and other notices and is not intended to override them.


1. RIGHTS OF INDIVIDUALS


1.1 General. The GDPR provides a number of rights to you related to data privacy. We are responsible for ensuring that you are able to exercise certain privacy rights. TALCYON is considered to be a “data controller” under the GDPR with respect to its processing of your personal data. A data controller is essentially a person or organisation that can determine how and why your personal data is processed. The data controller responsible for ensuring that you are able to exercise certain privacy rights. Although your personal data may be shared with TALCYON’S affiliates as described in this Privacy Policy, we will always be the data controller in respect to such processing. If you wish to exercise any of the rights detailed below, please send an e-mail sufficiently detailing such request to the email stated in Section 16 of our Privacy Policy. Please note that if we receive a request from you to exercise your rights, we have the right to have you take reasonable steps to confirm your identity, including your residency within the EU. We are not obligated to, and will not, provide any individualised information or give effect to your rights unless we can reasonably confirm your identity.


1.2 Right to access basic information. You have the right to obtain confirmation from TALCYON as to how your personal data are being processed, including the following information:


(a) Confirmation of whether, where, and by whom your personal data are being processed;


(b) Purpose(s) for the processing;


(c) Categories of personal data being processed;


(d) Categories of recipients with whom the data may be shared;


(e) The period for which the data will be stored (or the criteria used to determine that period);


(f) The source of the data (where you were not the source); and


(g) Information about the existence of, and an explanation of the logic involved in, any automated decision-making that has a significant effect on you.



1.3 Right to confirmation on processing of personal data. Right to obtain from TALCYON confirmation as to whether or not personal data concerning you is being processed, and where that is the case, to request access to the personal data. This access to information includes, inter alia, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed to.


1.4 Right to rectification. Depending on the purposes of the processing, you have the right to have incomplete/inaccurate personal data completed, including by means of providing us with a written supplementary statement.


1.5 Right to be forgotten/erasure. Right to erasure of personal data concerning you in certain circumstances if:


(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;


(b) you withdraw consent to consent-based processing;


(c) you object to the processing under certain rules of applicable data protection law;


(d) the processing is for direct marketing purposes; and


(e) the personal data have been unlawfully processed.


(f) However, there are exclusions to the right to erasure. The general exclusions include where processing is necessary:


(i) for exercising the right of freedom of expression and information;


(ii) for compliance with a legal obligation;


(iii) for the establishment, exercise or defence of legal claims.


1.6 Right to restrict processing. Those circumstances include:


(a) you contesting the accuracy of the personal data;


(b) processing is unlawful but you oppose erasure;


(c) we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and


(d) you have objected to processing, pending the verification of that objection.


(e) Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it:


(i) with your consent;


(ii) for the establishment, exercise of defence of legal claims;


(iii) for the protection of the rights of another natural or legal person; or


(iv) for reasons of important public interest.




1.7 Right to data portability. Right to transfer your personal data between controllers and more specifically, you have the right to:




(a) Receive a copy of your personal data in a structured, commonly used, machine-readable format;


(b) Transfer your personal data from one organisation to another, where technically feasible;


(c) Store your personal data for further personal use on a private device; and


(d) Have your personal data transmitted directly between organisations without hindrance.



1.8 Right to object to processing of personal data. Right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data, but only to the extent that the legal basis for the processing is that the processing is necessary for:


(a) the performance of a task carried out in the public interest or in the exercise of any official authority vested in us;


(b) the purposes of receiving direct marketing from TALCYON;


(c) scientific and historical research purposes or statistical purposes; or


(d) the purposes of the legitimate interests pursued by us or by a third-party.


If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us, unless we can demonstrate compelling legitimate grounds for the processing which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.


Exercising this right will not incur any costs. However, such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.


1.9 Right to not be evaluated solely on the basis of automated decision-making processes. We do not utilise any automated decision-making processes. However, please see below for your rights to the same.


Subject to certain exceptions detailed below, you generally have the right to not have any decisions made about you that are based solely on “automated decision-making” processes.


An automated decision-making process involves using automated processing activities (activities that do not use human intervention) to make a decision about you that will materially affect you (i.e., a decision that would produce “legal effects” or otherwise have a similar “significant effect”).


A legal effect is something that will affect your legal rights, such as your freedom to associate with others, vote in an election, or take legal action. A legal effect could also be something that affects your legal status or rights under a contract, e.g., something that could lead to cancellation of a contract.


For data processing to have a significant effect, the effects of the processing must be sufficiently great or important to be worthy of attention. In other words, the decision must have the potential to: significantly affect your circumstances, behaviour, or choices; have a prolonged or permanent impact; or at its most extreme, lead to exclusion or discrimination.


Automated decision-making can include “profiling” activities whereby automated processing is used to evaluate certain personal characteristics in order to analyse or predict your preferences, behaviour, performance, reliability, location, or movements.


Please note that if a human being reviews and takes other factors into account in making a final decision, that decision is not considered to be “based solely” on automated processing.


In general, the use of automated decision-making processes is permitted where:


(a) it is necessary for a data controller to enter into or perform a contract with you;


(b) it is authorised by law; or


(c) you have explicitly consented, and appropriate safeguards are in place.



If a data controller is making decisions based on any automated decision-making processes, you are entitled to a description of what portions of the decision-making will be automated, reasons why automation is logical, and the significance and consequences behind the decision to automate the processing. TALCYON’s automated decision-making processes include:


(a) Determining eligibility to receive offers: TALCYON utilises automated decision-making processes in order to determine whether you are eligible for certain offers from TALCYON and/or its business partners. In utilising automated decision-making processes, we are able to quickly and efficiently identify those persons that are eligible to receive certain offers in relation to the Services.


(b) Determining what portions of the services you may access: TALCYON utilises automated decision-making processes in order to determine your access rights to use the Services. In visiting, registering, and/or subscribing to the Services, you are given different levels of access to TALCYON’s products and services. We use this information in order to inform the Services what product, services, and/or content you should be able to access.


(c) Subscription cancellation for non-payment: TALCYON utilises automated decision-making processes to identify and cancel access to the Services where it has not received the payments that it is properly owed.



1.10 Right to objection of processing of personal data. Right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.


1.11 If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your residence, your place of work or the place of the alleged infringement.


1.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.


1.13 We may process any of your personal data identified in this Privacy Policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interest, namely the protection and assertion of our legal right, your legal rights and the legal rights of others.


1.14 We may process and of your personal data identified in this Privacy Policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this is our legitimate interests, namely the proper protection of our business against risks.


1.15 In addition to the specific purposes for which we may process your personal data set out in the Privacy Policy above, we may also process your personal data where it is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.



2. CONTRACTUAL NECESSITY


2.1 TALCYON is permitted to process your personal data to the extent the processing is necessary:


(a) For the performance of a contract between you and TALCYON (e.g., to comply with the Terms of Use for our Services and/or any subsequent agreement TALCYON enters into with you);


(b) To respond to your request to access your personal data; or


(c) For the conclusion or performance of a contract between TALCYON and a third party where it is in your interest for the processing to occur.



2.2 In order for you to be able to access the Services, it is critical that TALCYON be able to process your personal data, particularly because many of TALCYON ‘s Services are based on a subscription model. Without being able to process your personal data, including your payment information, TALCYON would be unable to provide the Services to you.



3. BINDING LEGAL OR REGULATORY OBLIGATIONS


TALCYON is permitted to process your personal data where it has a binding legal or regulatory obligation to perform the processing to stay in compliance with applicable laws or regulations (e.g., tax reporting purposes). Other examples could include where TALCYON or one of its affiliates is required to respond to a court order, subpoena, or law enforcement agency request, to prevent fraud or abuse, or to protect the safety of individuals. Were TALCYON not able to process your personal data for such purposes, TALCYON could be subject to fines, penalties, and/or civil or criminal liability.



4. OTHER LEGITIMATE INTERESTS


4.1 TALCYON is permitted to process your personal data to the extent the processing is necessary for the purposes of legitimate interests pursued by TALCYON or a third party (“legitimate interests”). The exception is when those legitimate interests are overridden by your interests, fundamental rights, or freedoms. You have the right to object to TALCYON ‘s processing of your personal data on the basis of legitimate interests; if you wish to raise such an objection, please send an email detailing your specific objection(s) to the email stated in Section 16 of our Privacy Policy. TALCYON ‘s identified legitimate interests for processing your personal data include:


(a) Organisational Interests: As TALCYON is part of a larger group of related companies, it is often necessary for TALCYON to transmit your personal data within the organisational group. This allows for data to be shared amongst our affiliates so that each entity can carry out their legal, regulatory, and/or contractual responsibilities and/or coordinate/implement business plans, logistics, and/or operations. This is especially true because TALCYON’s affiliated entities may perform critical services for TALCYON, such as services related to: accounting, compliance, human resources, information technology and security, legal, management, etc.


(b) Operational Interests: To facilitate day-to-day operations and business planning for strategic growth. This includes: managing our relationship with you, our employees, other users/clients, vendors, business partners, and/or others; sharing intelligence with internal stakeholders; implementing training procedures; planning and allocating resources and budgets; performing data modelling; facilitating internal reporting; analysing growth strategies; aggregating analytics; and/or processing personal information to create anonymised data (e.g., for product improvement, analytics, etc.).


(c) Logistical Interests: To enable TALCYON ‘s business operations to run more efficiently, e.g., establishing how to allocate resources or to predict future demand.


(d) Research & Development Interests: To deliver and/or improve our products and services. It allows us to determine whether a product or service is working as intended, monitoring usage and conduct, and identifying and troubleshooting issues.


(e) Market Intelligence & Analytical Interests: TALCYON has a legitimate need to conduct market intelligence so that we can better promote our products and services by creating a better understanding of our users’ and/or customers’ preferences. This could include using diagnostic analytics to optimise products, services, and/or marketing campaigns by assessing/monitoring users’ usage of the products or services and/or conduct while using the products or services. Common metrics for evaluation could include monitoring pages and links accessed, ad performance and conversion tracking, number of posts, number of page views, patterns of navigation, time at a page, devices used, user reviews, where users are coming from, hardware used, operating system version, advertising identifiers, unique application identifiers, unique device identifiers, browser types, languages, wireless or mobile network information, etc. These metrics could be used to: personalise services and communications; determine which users should receive specialised communications based on how they use the product or service; create aggregate trend reports; determine the most effective advertising channels and messaging; and/or measure the audience for a certain communication.


(f) Personalisation Interests: To enhance and personalise the “consumer experience” we offer our current and/or prospective users/customers in our products and services.


(g) Monitoring Interests: To identify recurring problems and/or analyse the patterns of behaviour of users and/or customers, it is necessary for TALCYON to monitor your performance/behaviour on our Services.


(h) Direct Marketing Interests: For direct marketing purposes to occasionally update users on the Services, including occasional communications regarding updates to our activities, products, services, and/or events.


(i) Business-to-Business Marketing & Sales Interests: For marketing our products and services to other businesses, e.g., processing the information of a business contact in order to market our products and/or services to the affected data subject’s employer.


(j) Due Diligence Interests: For purposes of conducting due diligence. This could include, for example, monitoring official watch-lists, sanction lists and “do-not-do-business-with” lists published by governments and other official bodies globally. This could also include keyword searches of industry and reputable publications to determine if companies and individuals have been involved in or convicted of relevant offenses, such as fraud, bribery, and/or corruption.


(k) Fraud Detection & Prevention Interests: To help detect and prevent fraud, e.g., verifying that the registered address of the cardholder for a particular credit or debit card is the same as the cardholder’s normal place of residence or work.


(l) Updating Customer Details & Preferences: Processing your personal data is necessary to verify the accuracy of your user data and to create a better understanding of our past, present, and/or prospective users.


(m) Network & Information Security: For ensuring our network and information security, e.g., monitoring users’ access to our network for the purpose of preventing cyber-attacks, inappropriate use of data, corporate espionage, hacking, system breaches, etc. This could include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping “denial of service” attacks and damage to computer and electronic communication systems.


(n) Business Continuity & Disaster Planning Interests: To allow for the backup and protection of your information (e.g., utilising cloud-based services to archive/protect data) in order to ensure that such information is not improperly lost or modified. Such processing is also necessary to archive/protect data in accordance with legal, regulatory, organisational, and/or contractual obligations.


(o) Artificial Intelligence Interests: TALCYON may process your data utilising an algorithm that helps to streamline organisational processes, e.g., our customer service department putting in place an algorithm that helps to manage customer service requests by routing customer contacts to the most appropriate part of the organisation.


(p) Compliance with Laws and Regulations: TALCYON is subject to binding legal or regulatory obligations and needs to process your personal data in order to comply with such laws or regulations. Examples include: complying with reporting obligations; complying with screening obligations; responding to law enforcement requests; and/or responding to judicial/regulatory agency requests.


(q) Reporting Potential Threats to Public Security & Safety: TALCYON has a legitimate interest in reporting possible criminal acts or threats to public security/safety that we identify as part of our processing activities to a competent authority.



5. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA


5.1 If you access the Services from the EU, you are voluntarily transmitting your personal data to Singapore so that TALCYON can conduct certain processing activities as identified in the Privacy Policy and/or in this Addendum. Your data will also be processed by certain third-party data processors located in Singapore (including TALCYON ‘s affiliated entities, business partners, and service providers).


5.2 TALCYON shall ensure that any transfers made between itself and any data processors are made with appropriate safeguards in place to protect the information from unauthorised uses or disclosures to the extent reasonably possible.


5.3 For processors that process your personal data on TALCYON ‘s behalf, and will then transfer data to Singapore or another jurisdiction that is not deemed to have adequate safeguards, TALCYON shall ensure that appropriate safeguards (e.g., “Standard Contractual Clauses”), are in place between the TALCYON and the processor. Standard Contractual Clauses are a set of standard data protection clauses approved by the European Commission (“EC”) as an appropriate safeguard for protecting personal data when personal data are transferred internationally. The applicable Standard Contractual Clauses may be found at:


https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN.