Respecting Your Choice
Personal Data refers to any information about you from which you can be identified. Examples include your personal particulars, billing and payment details, and other information about your use of our products, services or websites.
We will continue to review this Policy and all privacy-related information made publicly available by Lexicon Blue, to ensure it is relevant and remains current with changing technologies, laws and regulations, and the evolving needs of Lexicon Blue.
For the purposes of this Policy, the following capitalised terms, unless elsewhere defined in this Policy, shall have the following meanings:
|“Act”||means the Personal Data Protection Act, in force as at the date of this Policy.|
|“DPO”||means data protection officer(s) appointed by Lexicon Blue pursuant to the Act.|
|“Laws”||means the Act, other Statutes, regulations made thereunder and any other applicable laws, regulations, guidelines, directives, codes of practice or, where the context so requires the order or other lawful request made by any Public Agency.|
|“Lexicon Blue / Lexicon Partners or Lexicon”||means Lexicon Blue Pte Ltd|
|“Policy”||means this Lexicon Blue Protection Policy, as may be amended or supplemented by Lexicon Blue in its discretion from time to time.|
|“Person”||means any individual to whom the Act applies, and includes an individual customer, prospective customer and any past or present user of our Services but excludes any corporate entity (including corporate customers) and any other entity that is excluded under the Act.|
|“Personal Data”||means personal data of a Person that Lexicon generally collects, uses or discloses which includes the following:
(a) Contact information, including name, address, telephone number and e-mail address and/or other identification information;
(b) Billing information, including payment details, credit history, credit card number, bank account, NRIC, passport or other equivalent identification number;
(c) Your preferences;
(d) Information from other organisations which include fraud prevention agencies, credit reference agencies we believe you may have authorised to provide your personal details on your behalf;
PROVIDED ALWAYS that the Person can be identified from such data.
|“Premises”||means Lexicon’s offices.|
|“Public Agency”||means any Government body, including any ministry, department, agency (including law enforcement agencies), or organ of State, any judicial or quasi-judicial body or disciplinary, arbitral or mediatory body appointed under any written law in Singapore or any statutory body established under a public Act for a public function that is so appointed by the Minister by notification in the Gazette for the purposes of the Act.|
|“Services”||means the services as may be offered by Lexicon or third parties (through Lexicon) to Persons including any updates, upgrades, re-contracting and/or renewals thereto.|
The scope and application of this Policy is as follows:
- This Policy applies to entities within Lexicon that is (a) offering Services, and (b) collecting, using or disclosing the Personal Data; to the extent as may be required by the Act;
- This Policy covers all practices regarding Personal Data;
- This Policy applies to all Persons. The Person who holds the account with the relevant entity within Lexicon must ensure that all end users under the same account understand and agree to this Policy;
- The application of this Policy is subject to applicable Laws, and to the extent that any Laws pre-existing the Act apply, such pre-existing Laws may supersede the applicability of the Act in the event of inconsistency, to the extent stipulated under the Act;
- This Policy does not supersede or replace any earlier consents you may have provided to Lexicon, and this Policy supplements all such pre-existing consents concerning the collection, disclosure and/or use of your Personal Data;
- References to the male gender include a reference to the female gender;
- References to the singular include a reference to the plural as the context so requires;
- Data Protection Officers
1.1 The DPO has been appointed to oversee compliance with the Act. Other employees within Lexicon may be delegated to act on behalf of the DPO or to take responsibility for the day-to-day collection and processing of Personal Data.
1.2 Lexicon shall make known, upon request, the title of the person or persons designated as DPO. The DPO may be contacted at:
- Collection of Personal Data
2.1 Personal Data may be collected from you in the following ways:
- A Person gives it to us when a Person makes a purchase or applies for our Services, or when a Person enquires with us about our Services, or which is otherwise volunteered to us in anyway;
- When you use our products or Services;
- Automatically, when a Person visits our websites and other websites which we own or manage, using technologies such as cookies (either by Lexicon or a third party), contracts with us or with any third parties via our websites. A cookie is a small piece of data stored on your hard drive that helps us improve your access to our site and helps us identify repeat visitors to our site. These cookies are primarily used to store configuration information. For more details refer to the Lexicon Cookies Policy;
- During CCTV recordings when a Person visits our Premises;
- We obtain it from other entities within Lexicon;
- We obtain it from other sources, such as employers, credit agencies, law enforcement agencies and/or other Public Agency;
- We obtain it from other service providers for the purposes of providing billing services on behalf of these service providers;
- When you participate in a survey, self-assessment or register your interest for any specific products or Services;
- When you purchase or obtain third party services or products through us;
- When we receive references from third parties, where you have been referred by them;
- When we lawfully seek information from third parties about you in connection with the products and Services you have applied for;
- When you submit your Personal Data to us for any other reasons; and/or
- We collect it by other lawful means.
2.2 Unless permitted by Laws, Lexicon shall not collect Personal Data without the consent of the Person.
2.3 All Persons warrant and represent to Lexicon that Personal Data which he discloses to Lexicon, or to another entity that subsequently provides it to Lexicon, is accurate and complete.
2.4 A Person who volunteers Personal Data of another person to Lexicon also warrants and represents to Lexicon that he/is authorised by such other person to disclose such Personal Data to us, and that such Personal Data is accurate and complete.
2.5 The collection of your Personal Data is necessary for Lexicon to provide you with the Services. If you are unable to provide the Personal Data, Lexicon is unable to provide the Services requested by you.
- Purposes for Collection, Use and Disclosure of Personal Data
3.1 Depending on the Services which you subscribe to, your Personal Data may be collected, used and/or disclosed for the following purposes:
- To verify your identity, and to process orders and applications for Services;
- To provide the Services;
- To respond and deal with enquiries or complaints and for other customer-care activities;
- To generate bills, facilitate the payment of bills, manage accounts and for debt-recovery functions;
- To carry out credit checks, for the preparation of credit reports and for the evaluation of creditworthiness;
- To manage, develop and improve our business and operations to serve you better;
- To carry out market research and customer surveys;
- To conduct investigations or take action in relation to bad debts, crime and fraud prevention, detection or prosecution, risk management, or to prevent you or Lexicon from harm, illegal or unlawful activities;
- To conduct investigations or take action in relation to any violation of any of our terms and conditions for Services;
- To third parties who perform Services on our behalf, but only to the extent necessary for the Services to be performed;
- To facilitate third party services if purchased, obtained, administered or processed through us;
- To improve your user experience and/or our product and service delivery to you;
- To keep you informed of our Services and products and the services and products of our partners;
- To protect and maintain the Personal Data, and to have access to it including for making corrections to the Personal Data;
- To comply with legal and regulatory requirements imposed by any Public Agency, and otherwise with Laws;
- Any other purpose necessary, ancillary or consequential to the above specified purposes.
3.2 Your Personal Data will be disclosed for the purposes indicated below to our officers and employees, third parties, service providers, advisors, which includes without limitation, the following persons or entities:
- Banks, credit card companies, and payment vendors for the processing of payment;
- Vendors for provision of services including document storage and printing of bills;
- Debt collection agencies;
- Credit information companies and credit bureaus;
- Courier services companies;
- Public Agencies;
- Advisors, including auditors and lawyers who advise us;
- Our business partners and vendors we work with to deliver the products and Services you have subscribed to;
- Any other party to whom you authorise us to disclose Personal Data to.
Where this involves the transfer of your Personal Data outside Singapore, we will comply with the Act and take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the Act.
3.3 Unless permitted by Laws, Lexicon shall not use or disclose the Personal Data for any other purpose, without first identifying and documenting the other purpose and obtaining the consent of the Person.
3.4 Upon request by a Person, our employees collecting Personal Data shall explain this Policy.
- Deemed Consent
4.1 Persons are deemed to have given their consent for the collection, use and disclosure of Personal Data in the following circumstances:
(a) When the Person voluntarily provides his Personal Data to us;
(b) When the Person is aware of the purposes for which he is providing his Personal Data to us;
(c) It is reasonable for the Person to have provided the Personal Data to us in the circumstances; and
(d) In any other circumstances where consent is deemed under the Act.
- Limiting Collection, Use and Disclosure of Personal Data
5.1 Lexicon collects Personal Data primarily from Persons who are our customers (including prospective customers). The collection of Personal Data is limited to that which is necessary for the identified purposes.
5.2 Unless permitted by Laws, Lexicon will not disclose Personal Data to other persons or entities for the advertising, promotion or marketing of such other party’s products and services, and Lexicon will not sell for payment the Personal Data to anyone for any marketing purpose; without your consent.
- Retention of Personal Data
6.1 Lexicon will collect and retain Personal Data via the procedures described in this Policy and/or other reasonable controls and practices at Lexicon’s discretion, for as long as such Persons remain our customers and for as long as it is necessarily required or relevant for business or legal purposes.
- Withdrawal of Consent
7.1 Persons are able to withdraw their consent to our continued use and disclosure of Personal Data as described in this Policy at any time. Such withdrawal should be made formally in writing to the DPO. We shall process your withdrawal request within a reasonable time (depending on the complexity of the request and its impact on our relationship with you), and in any event no later than within ten (10) business days of receiving your request.
7.2 If consent is withdrawn, the Person acknowledges that Lexicon may no longer be able to provide the Services. Accordingly, Lexicon may, insofar as such consent is integral to the provision of the Services, cease to provide the Services to the Person. Notwithstanding any withdrawal of consent, (a) unless otherwise agreed by Lexicon, Persons will still be bound by their contract(s) for Services with the relevant entity in Lexicon, and should the Person choose to terminate the relevant contract(s), early termination charges and other charges, penalties or contractual consequences may apply in accordance with the contract(s) or under Laws and Lexicon reserves its rights thereof, and (b) Lexicon has the right to terminate the contracts in its discretion, without liability to the Person.
7.3 Persons may write in to the DPO at email@example.com for more information regarding the implications of withdrawing consent.
- Protection of Personal Data
8.1 To the extent required by the Act, Lexicon shall protect Personal Data in its possession or under its control against risks of unauthorised access, collection, use, disclosure, copying, modification, disposal or destruction, through reasonable and appropriate security measures.
- Accuracy and Correction of Personal Data
9.1 To the extent required by the Act, Lexicon will use reasonable efforts to ensure that the Personal Data it uses is sufficiently accurate and complete to minimise the possibility that incorrect Personal Data may be used to make a decision that impacts the Person to whom the Personal Data relates, or if such Personal Data is likely to be disclosed to a third party. However, you acknowledge that there may be circumstances where Lexicon is entitled to assume such accuracy and completeness, in accordance with Laws.
9.2 We encourage Persons to inform us when there are any changes to the Personal Data which they have provided to Lexicon, so as to ensure that we have the most current, accurate and complete information. Upon request by a Person, Lexicon may, in accordance with the Act, correct or complete any Personal Data found to be inaccurate or incomplete as soon as practicable. Any unresolved differences as to accuracy or completeness of Personal Data shall be noted in the Person’s records. Save as otherwise required under the Act, the Person may only correct any Personal Data which the Person has provided to Lexicon. Lexicon reserves the right to not correct Personal Data where permitted under the Act.
9.3 We will respond to your correction request as soon as reasonably possible, and in any event no later than within ten (10) days of receiving the request. You may contact our DPO at firstname.lastname@example.org to request a correction.
- Access to Personal Data
10.1 To the extent required by the Act, upon request, Lexicon shall provide a Person with an account of his Personal Data which is in Lexicon’s possession or control. Such information requested for shall be provided within a reasonable time (and in any event no later than within thirty (30) days) and at reasonable cost to the individual.
10.2 To the extent required by the Act, upon request by a Person, Lexicon shall provide information relating to how the Person’s Personal Data has been or may have been used or disclosed within a year before the date of such request. Lexicon may also provide a standard list of possible third parties as part of its response to all access requests for information relating to the disclosure of Personal Data during such period, and the same shall suffice as performance of Lexicon’s obligation in respect thereof. Such information requested for shall be provided within a reasonable time and at reasonable cost to the individual.
10.3 Subject to the Act, Lexicon may not be able to provide access to all of the Personal Data that they hold about a Person. For example, Lexicon may not provide access to Personal Data if such provision could reveal Personal Data about another person, if such information is subject to legal privilege or if such provision will be contrary to national interest. If access to Personal Data cannot be provided, the reasons for denying access will be provided upon request, to the extent permitted under Laws.
10.4 Persons may seek access to their Personal Data by writing in to the DPO at email@example.com
- Procedures and Practices
11.1 Lexicon has implemented the following procedures to give effect to this Policy:
- Implementing procedures to protect Personal Data and to oversee compliance with the Act; including means to access and/or correct Personal Data and to facilitate withdrawal of consent;
- Establishing procedures to receive and respond to inquiries or complaints in relation to Personal Data;
- Training and communicating to employees about this Policy;
- Developing public information to explain this Policy; and
- Notifying changes to this Policy on Lexicon’s website.
12.1 Lexicon may revise and/or amend and/or supplement this Policy at its discretion from time to time. Such changes will be published on this website. Persons are advised to check back periodically to ensure that they are aware of any such changes. To the fullest extent permissible under Laws, you agree to be bound by the prevailing terms of this Policy.
12.3 For more information on the Personal Data Protection Act 2012 or to contact the Personal Data Protection Commission (PDPC) please visit http://www.pdpc.gov.sg/
Last updated: 05 July 2021