LAST UPDATED: April 2024
This is the privacy policy (“Policy”) of Grof (”Grof” or “Grof Services Pte Ltd” or “we” or “our” or “us”).
We take your privacy very seriously. We ask that you read this Policy carefully as it contains important information about what to expect when we collect personal information about you and how we will use your personal data, including how you may:
i) access and correct your personal data held by us; and
ii) make a privacy-related complaint and our complaint handling process.
1.1. Personal data that we collect and use includes your name, contact details, address and any other information that may be relevant in order for us to provide its products and/or services and to share information that may be of interest to you.
1.2. Your personal data may be collected by us, directly or indirectly, for instance:
i) when you visit or make transactions at our premise;
ii) when you respond to our promotions, or subscribe to our mailing lists;
iii) when you attend events organised by us;
iv) when your images are captured by us via CCTV cameras while you are within our premise, or when photographs or videos of you are taken when you attend events organized/ co-hosted/ sponsored by us;
v) when you use our services or enter into transactions with us (or express an interest in doing so);
vi) when you communicate with us by telephone, email, via our website or through other communication channels, for example, through social media platforms;
vii) when you submit an application for a position with us or when you provide documents or information including your resume in connection with such applications; and/or
viii) when you submit your personal data to us for any other reason.
1.3. We may collect personal data from third party sources, for example:
i) from our business partners and third party service providers which provide advertising, marketing and promotional services to us;
ii) from your referees, educational institutions or previous employers (if you have applied to Grof for a job);
iii) from your family members or friends who provide your personal data to us on your behalf; and/or
iv) from public agencies or other public sources.
1.4. We may obtain personal data about you when you visit our websites. When you visit our websites, we may monitor the use of the websites through the use of cookies and similar tracking devices. For example, we may monitor the number of times you visit the websites or which pages you go to. This information helps us to build a profile of its users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
1.5. In certain circumstances, you may also provide us with personal data of persons other than yourself. If you do so, you warrant that you have informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes. You agree to indemnify and hold us harmless from and against any and all claims by such individuals relating to our collection, use and disclosure of such personal data in accordance with the terms of this Policy.
1.6. If you are using our website and are below 16 years of age, please obtain consent from your parent or guardian before you submit any personal data to us. If you are a parent or guardian of a minor and you have reason to believe your child or ward has provided us with their personal data without your prior consent, please contact us to request for erasure of their personal data.
2.1. We collect, use and/or disclose personal data for the following purposes:
i) to provide clients with Grof’s services;
ii) to inform clients of new products and/or services;
iii) to invite clients to events;
iv) to process payments;
v) to respond to queries or requests;
vi) to conduct research and analysis to improve our products and/or services;
vii) to respond to legal processes or to comply generally with any applicable laws, governmental or regulatory requirements of any relevant jurisdiction (and any applicable rules, codes of practice or guidelines), including, without limitation, meeting the requirements to make disclosure under the requirements of any applicable law or assisting in law enforcement and investigations by relevant authorities;
viii) security and safety purposes in connection with our premises or events organised by us;
ix) administrative purposes, including but not restricted to finance, IT, HR and staff training;
x) such purposes that may be informed to you when your personal data is collected; and/or
xi) any other reasonable purposes related to the aforesaid.
2.2 We may collect, use and/or disclose personal data for legitimate purposes related to our business, which are not incompatible with the original purposes for which you have provided the personal data.
3.1. We intend to use your name, contact details, address and the history of products and/or services obtained by you, held by us from time to time to conduct direct marketing in relation to the products and/or services that may be provided by Grof, business partners, co-branding partners, third party providers. Grof will only use your personal data for direct marketing purposes with your consent. You may withdraw your consent, without charge to you, by contacting the Data Protection Officer (see below for details).
4.1. We may disclose your personal data to the following third parties for the purposes set out in this Policy or for other legitimate purposes:
i) third parties to whom you authorise us to disclose your personal data;
ii) Our professional consultants and advisors;
iii) Our business partners and service providers.
4.2. We may also transfer your personal data to our related entities. The third parties set out above and our related entities may either be situated in your country or in any of the following countries:
i) Singapore, Malaysia, Australia, Hong Kong and Indonesia; or
ii) such other countries in which Grof operates or obtains services from time to time.
4.3. We are committed to safeguarding your personal data when it is transferred across jurisdictions. We ensure that your personal data receives an adequate level of protection regardless of the jurisdiction to which it is transferred. For example, we may enter into contracts (or impose binding rules) with recipients to protect your personal data in a manner that is consistent with all applicable laws. You may obtain details of these safeguards by contacting the Data Protection Officer.
5.1. We do not sell, trade, or otherwise transfer to third parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, as long as these parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours and others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
6.1. Our websites uses cookies. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. The information is used to track visitor use of our websites and to compile statistical reports on website activity. For further information about cookies, please visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function if you remove cookies from your browser.
7.1. Our websites may contain links to other websites. This Policy only applies to our websites. When you link to other websites, you should read the privacy policies of such websites.
8.1. If Grof’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
9.1. While precautions will be taken to ensure that the personal data you provide is protected against unauthorised or unintended access, we cannot be held responsible for unauthorised or unintended access that is beyond our control.
9.2. We do not guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
9.3. We keep your personal data only for so long as we need the personal data to fulfil the purposes we collected it for, and to satisfy our business and/or legal purposes, including audit, accounting or reporting requirements. How long we keep your personal data depends on the nature of the data, for example:
i) we will keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings; and
ii) personal data collected for use for a limited purpose will generally not be retained for more than one (1) year after completion of the purpose.
Some information may be retained for longer, for example where we are required to do so by law, or need to retain it for the purposes of litigation.
9.4. In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.
10.1. You may access and correct your personal data held by us by contacting the Data Protection Officer. If you are a resident in the European Union, you may also enjoy certain additional rights such as:
i) Erasure: you may ask us to delete or remove personal data that we hold about you in certain circumstances.
ii) Restriction: you may ask us to suspend the processing of certain personal data we hold about you, for example, if you want us to establish its accuracy.
iii) Portability: you may request the transfer of certain personal data to another party under certain conditions.
iv) Objection: where we are processing your personal data based on a legitimate interest (or those of a third party), you may object to processing on this ground.
10.2. We may be permitted under applicable laws to refuse a request, for example, we may refuse:
i) a request for erasure where the personal data is required in connection with any claims; or
ii) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.
10.3. If you wish to exercise your rights, please contact the Data Protection Officer. You may be required to submit certain forms or provide certain information in order for your request to be processed. Where permitted by law, we may charge you a fee to process your request.
11.1. Your personal data is provided to us on a voluntary basis. Grof will only collect, use and disclose your personal data with your consent except where applicable law allows to do so otherwise. You may withdraw your consent by contacting the Data Protection Officer.
11.2. If you withdraw your consent to any or all use of your personal data or do not consent to the collection of your personal data by us, we may not be able to provide or continue providing you with products and/or services which you have requested. You understand and agree that in such instances where we requires your personal data to fulfil a contractual obligation to you and you withdraw your consent to collect, use or disclose the relevant personal data for those purposes, we cannot be held liable for breach of that agreement. Our legal rights and remedies in such event are expressly reserved.
12.1. We keep this Policy under regular review. If we change this Policy we will post the changes on www.grof.co, and place notices on other pages of our websites, so that you may be aware of the information we collect and how we use it at all times. This Policy was last updated on July 2023.
13.1. If you have any queries or comments on this Policy or the use of your personal data, please contact:
Email address: [email protected]
We will investigate your complaint and will use reasonable endeavours to respond to you as soon as reasonably possible.