Data protection notice & privacy policy
- This Data Protection Notice (“Notice”) sets out the basis by which Automa8e Pte Ltd (“we”, “us”, or “our”) may collect, use, disclose or otherwise process the personal data of our customers.
- Automa8e respects the privacy of its online visitors and customers of its products and services and complies with applicable laws for the protection of your privacy, including, without limitation, the Personal Data Protection Act (“PDPA”) and European Union General Data Protection Regulation (“GDPR”).
- This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
1. Definitions
Wherever we talk about Personal Data below, we mean any information that can either itself identify you as an individual (“Personally Identifying Information”) or that can be connected to you indirectly by linking it to Personally-Identifying Information. Automa8e also processes anonymous data, aggregated or not, to analyze and produce statistics related to the habits, usage patterns, and demographics of customers as a group or as individuals. Such anonymous data does not allow the identification of the customers to which it relates. Automa8e may share anonymous data, aggregated or not, with third parties.
2. Why Automa8e Collects and Processes Data
Automa8e collects and processes Personal Data for the following reasons:
- where it is necessary for the performance of our agreement with you to provide a full-featured service and deliver associated Content and Services;
- where it is necessary for compliance with legal obligations that we are subject to (e.g. our obligations to keep certain information under tax laws);
- where it is necessary for the purposes of the legitimate and legal interests of Automa8e or a third party (e.g. the interests of our other customers), except where such interests are overridden by your prevailing legitimate interests and rights; or
- where you have given consent to it.
These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), and who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a user (section 6. below).
3. The Types and Sources of Data We Collect
3.1 Basic Account Data
When setting up an Account, Automa8e will collect your email address and country of residence. You are also required to choose a username and a password. The provision of this information is necessary to register an Automa8e User Account. During the setup of your account, the account is automatically assigned a number that is later used to reference your user account without directly exposing Personally Identifying Information about you.
3.2 Transaction and Payment Data
To make a transaction on Automa8e (e.g. to purchase tokens for Content and Services or to fund your Automa8e Wallet), you may need to provide payment data to Automa8e to enable the transaction. If you pay by credit card, you need to provide typical credit card information (name, address, credit card number, expiration date and security code) to Automa8e, which Automa8e will process and transmit to the payment service provider of your choice to enable the transaction and perform anti-fraud checks. Likewise, Automa8e will receive data from your payment service provider for the same reasons.
3.3 Other Data You Explicitly Submit
We will collect and process Personal Data whenever you explicitly provide it to us. This data includes:
- Information that you post, comment or follow in any of our Content and Services;
- Information sent through chat;
- Information you provide when you request information or support from us or purchase Content and Services from us, including information necessary to process your orders with the relevant payment merchant or, in the case of physical goods, shipping providers;
- Information you provide to us when participating in surveys
3.4 Your Use of the Website
We collect a variety of information through your general interaction with the website. Personal Data we collect may include but is not limited to, browser and device information, data collected through automated electronic interactions and application usage data.
3.5 Tracking Data and Cookies
We use “Cookies”, which are text files placed on your computer, and similar technologies (e.g. web beacons, pixels, ad tags and device identifiers) to help us analyze how users use our services, as well as to improve the services we are offering, to improve marketing, analytics or website functionality. The use of Cookies is standard on the internet. Although most web browsers automatically accept cookies, the decision of whether to accept them or not is yours. You may adjust your browser settings to prevent the reception of cookies, or to provide a notification whenever a cookie is sent to you.
3.6 Information Required to Detect Violations
We collect certain data that is required for our detection, investigation and prevention of fraud, cheating and other violations of the SSA and applicable laws (“Violations”). This data is used only for detection, investigation, prevention and, where applicable, acting on such Violations and stored only for the minimum amount of time needed for this purpose. If the data indicates that a Violation has occurred, we will further store the data for the establishment, exercise or defence of legal claims during the applicable statute of limitations or until a legal case related to it has been resolved. Please note that the specific data stored for this purpose may not be disclosed to you if the disclosure will compromise the mechanism through which we detect, investigate and prevent such Violations.
4. How Long We Store Data
We will only store your information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. After that, your Personal Data will be deleted, blocked or anonymized, as provided by applicable law.
In particular:
- If you terminate your User Account, your Personal Data will be marked for deletion except to the degree legal requirements or other prevailing legitimate purposes dictate a longer storage.
- Please note that Automa8e is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years.
5. Who Has Access to Data
Automa8e does not sell Personal Data. However, we may share or provide access to each of the categories of Personal Data we collect as necessary for the following business purposes.
5.1 Automa8e and its subsidiaries may share your Personal Data with each other and use it to the degree necessary to achieve the purposes listed in section 2 above. In the event of a reorganization, sale or merger we may transfer Personal Data to the relevant third party subject to applicable laws.
5.2 We may also share your Personal Data with our third-party service providers that provide customer support services in connection with goods, Content and Services distributed via Automa8e. Your Personal Data will be used in accordance with this Privacy Policy and only as far as this is necessary for performing customer support services.
5.3 In accordance with internet standards, we may also share certain information (including your IP address and the identification of Automa8e content you wish to access) with our third-party network providers that provide content delivery network services and game server services in connection with Automa8e. Our content delivery network providers enable the delivery of digital content you have requested, e.g. when using Automa8e, by using a system of distributed servers that deliver the content to you, based on your geographic location.
6. Deemed Consent by Notification
6.1 We may collect or use your personal data, or disclose existing personal data for secondary purposes that differ from the primary purpose which it had originally collected for pursuant to clauses 5 and 6. If Automa8e Pte Ltd intends to rely on deemed consent by notification for such secondary purposes, Automa8e Pte Ltd will notify you of the proposed collection, use or disclosure of his personal data through the appropriate mode(s) of communication.
6.2 In particular, we may rely on deemed consent by notification to collect, use or disclose your personal data for the following purposes:
1. Research and development of product or fulfilment of a contract.
6.3 Before relying on deemed consent by notification, Automa8e Pte Ltd will assess and determine that the collection, use and disclosure of the personal data will not likely have an adverse effect on you.
6.4 You will be given a reasonable period to inform us if you wish to opt out of the collection, use and disclosure of your personal data for such purposes.
6.5 After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your personal data in relation to those purposes.
6. Your Rights and Control Mechanisms
6.1 The data protection laws of PDPA and GDPR grant their residents certain rights in relation to their Personal Data. Take note of the following rights in relation to your Personal Data:
- Right of Access.
You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge (i) information whether your Personal Data is retained, (ii) access to and/or (iii) duplicates of the Personal Data retained. You can use the right to access your Personal Data through the Privacy Dashboard. If the request affects the rights and freedoms of others or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
- Right to Rectification.
If we process your Personal Data, we shall endeavour to ensure by implementing suitable measures that your Personal Data is accurate and up-to-date for the purposes for which it was collected. We generally rely on personal data provided by you (or your authorized representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
- Right to Erasure.
You have the right to obtain the deletion of Personal Data concerning you. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
- Right to Object.
When our processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR) of this Privacy Policy, you have the right to object to this processing. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular, if the data is necessary for the establishment, exercise or defence of legal claims. You also have the right to lodge a complaint with a supervisory authority.
- Right to Personal Data portability.
You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller under the conditions set out in Article 20 of the GDPR. Automa8e makes your Personal Data available in structured HTML format through the Privacy Dashboard as described above.
- Right, to Withdraw your Consent.
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) business days of receiving it. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 7 above.
7. Protection of Personal Data
7.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as a minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one-time password(OTP)/2-factor authentication (2fa)/multi-factor authentication (MFA) to secure access, and security review and testing performed regularly.
7.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
8. Transfers of Personal Data Outside of Singapore
8.1 We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
9. Data Protection Officer
9.1 You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Contact No. : +65 6684 9919
Email Address: DPO@automa8e.com
10. Effect of Notice and Changes to Notice
10.1 This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
10.2 We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.