PERSONAL DATA PROTECTION POLICY
(Effective date: 2 July 2014) (Revised on: 2 October 2024)
Your privacy is important to us. Please take a moment to read this Personal Data Protection Policy (“Policy”) to know and understand the purposes for which we may collect, use and/or disclose your Personal Data.
APPLICATION OF THIS POLICY
A. Scope of Policy
-
This Policy applies to Resorts World Inc. Pte Ltd and its subsidiaries (collectively known as “RWI Group”, “we”, “us” or “our”). Where the subsidiaries have their own specific personal data protection policy or equivalent, then such specific policies will prevail over this Policy. Where the subsidiary does not have its own data protection policy, this Policy shall apply.
-
This Policy applies to Personal Data collected, stored, disclosed and/or processed by us with regards to your relationship with us as a job applicant, employee, business contact, or anyone who has an interest (for whatsoever reason) in RWI Group. In short, all interactions with us will be subject to this Policy.
-
In addition to this Policy, we may also, through separate notices to investors or potential investors, address our specific privacy practices with respect to any non-public Personal Data we may collect from you as an investor in us or in funds that we sponsor or manage.
-
Our website may contain links to third party sites whose data protection and privacy practices may differ from ours. If you choose to visit these third party sites, please review their privacy policies to ensure that you understand and are comfortable with their practices concerning your Personal Data.
-
In the course of processing your Personal Data, we may invariably come across a third party’s Personal Data, such as an individual shareholder or individual director’s Personal Data. It is your responsibility to ensure that you have obtained the necessary consents from these individual third parties prior to disclosing to us. In any event, we are entitled to assume that you have obtained the necessary consents.
-
RWI Group does not knowingly solicit or collect Personal Data from children under the age of 18. If we learn that, despite these measures, a child under the age of 18 has submitted personal data to us, we will take reasonable measures to delete such data from our records and not use such data for any purpose (except were necessary to protect the safety of the child or others as required by law).
-
This Policy should be read as being subject to the provisions in and the exemptions provided for under the Personal Data Protection Act 2012 and its subsidiary legislation (as may be amended from time to time) (“PDPA”), as well as the guidelines that may, from time to time, be issued by the Personal Data Protection Commission ("PDPC") of Singapore.
DEFINITIONS USED IN THIS POLICY
B. Definitions and explanations of key terms used in the PDPA
-
The following are terms which have been defined either in the PDPA or the Advisory Guidelines on Key Concepts in the Personal Data Protection Act issued by the PDPC (the “PDPA Advisory Guidelines”). These definitions and explanations will similarly apply to the corresponding terms used in this Policy:
(a) “Collection” means any act or set of acts through which an organisation obtains control over possession of Personal Data.
(b) “Data Intermediaries” means an organisation that processes Personal Data on behalf of another organisation but does not include an employee of that other organisation.
(c) “Disclosure” means any act or set of acts by which an organisation discloses, transfers or otherwise makes available Personal Data that is under its control or in its possession to any organisation.
(d) “Individual” means a natural person, whether living or deceased, who is the subject of the Personal Data. Such Individuals include loyalty programme members, customers and web users, individuals on contact mailing lists or marketing databases, employees, contractors, and suppliers.
(e) “Organisation” includes any individual, company, association or body of persons, corporate or unincorporated, whether or not formed under the laws of Singapore, or resident, or having an office or a place of business, in Singapore.
(f) “Personal Data” means data, whether true or not, about an individual who can be identified from (i) that data; or (ii) that data and other information to which the organisation has or is likely to have access.
(g) “Processing” means the carrying out of any operation or set of operations in relation to Personal Data, which includes recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, and erasure or destruction.
(h) “Use” means any act or set of acts by which an organisation employs or utilises Personal Data.
PERSONAL DATA – TYPES COLLECTED, HOW AND WHEN COLLECTED
C. Types of Personal Data we collect
-
Personal Data may be provided to RWI Group in a number of ways. We may collect Personal Data relating to our customers, suppliers, representatives of the authorities, or non-governmental organisations. We may also collect Personal Data if it is relevant to our business relationship with you in any business entity.
-
The types of Personal Data which we may collect, use or disclose includes (but is not limited to) your:
(a) personal details, which includes your name, date of birth, gender, nationality, passport number (including date and place of issue), NRIC number, and signature;
(b) contact information (including street or mailing address, telephone number(s), email addresses, mobile statement, or emergency contact);
(c) employment details (including employment history, leave records, salary, benefits, income statement, title, and tenure);
(d) financial details, which includes your bank account details, bank statements, tax identification, credit history, financial experience, the type of investor you are (e.g. individual, accredited investor, analyst, broker), and source of funds and details relating to your investment activity, if you are an investor in us or the funds that we manage or sponsor;
(e) utility bills and information relating to your Central/Employee Provident Fund accounts (where applicable);
(f) health records and information about your medical condition, which includes prior medical history (where applicable);
(g) photographs and other audio-visual information;
(h) biometric data, which includes facial recognition, fingerprints, finger geometry, iris recognition, retina scanning, and voice recognition;
(i) sensitive personal data such as your religion and criminal convictions; and
(j) any other types of information that you choose to provide to RWI Group.
D. How and when Personal Data is collected; Cookies and how We use them
1. Generally, we may collect Personal Data:
(a) directly from you, with your consent, either through our staff or representatives, over the telephone / by email / through online interactions;
(b) through a third party (duly authorised by you); or
(c) when you submit your Personal Data to us for any other reason.
2. We may collect Personal Data about you, when You:
(a) apply for a job with us;
(b) enter into a business relationship with us;
(c) purchase / provide any products and/or services from / to us;
(d) seek access to our business premises;
(e) attend our exhibitions, conferences or events;
(f) contact us with feedback, queries or complaints;
(g) visit our website (see “Cookies” below); or
(h) share your Personal Data with us for any other reason.
3. Cookies and how We use them
(a) When you visit our website, cookies (i.e. small text files) may be placed on your browser. Cookies are primarily used:
(i) for administrative purposes, i.e. to improve your experience with our website; and/or
(ii) to capture anonymous analytics to improve our website experience and performance. This includes compiling statistical information such as the frequency of use of our site, the pages visited, and the length of each visit, as well as information about your computer operating system, browser, and country.
(b) We do not use cookies to store any Personal Data that could be read or understood by others.
(c) You may modify your browser settings to manage or decline cookies. If you choose to decline cookies, you may not have access to many features that make your browsing of our website smoother, and some of our services may not function properly.
PURPOSE OF COLLECTING PERSONAL DATA
E. Why do We collect Personal Data
1. We collect your Personal Data as part of our normal business operations, i.e. to process your application or request to proceed with any business and/or contractual relationship with you and/or to contact you and/or to fulfil our legal obligations.
2. As an employee of RWI Group, we may collect and use your Personal Data for:
(a) managing your employment and/or working relationship with RWI Group, including training, employee benefits, secondment or transfer, and health and safety administration;
(b) posting your photograph on the staff directory page on RWI Group’s company intranet;
(c) monitoring your usage of the computer network resources;
(d) internal audits and/or investigations within RWI Group;
(e) record-keeping purposes;
(f) payment of your salary;
(g) appointment of you as a director / authorised representative / bank signatory or its equivalent; and
(h) any other purpose reasonably relating to the above.
3. As a non-employee, we may collect and use your Personal Data for:
(a) processing job application, including background screening, conducting interviews, and assessing and evaluating your suitability for employment;
(b) establishing and verifying your identify, and conducting third party due diligence;
(c) managing our administrative and business operations;
(d) researching and marketing purposes;
(e) managing and responding to your feedback, queries, complaints, requests or suggestions;
(f) managing and preparing internal and external reporting;
(g) determining whether to accept your subscription, assess your suitability as an investor, or process your fund subscription application, if you are an investor in us or the funds that we manage or sponsor;
(h) complying with any applicable laws, regulations or guidelines issued by any legal or regulatory bodies which are binding on us, including assisting law enforcement or investigations by relevant authorities;
(i) preventing, detecting and investigating crime (including fraud, money laundering and terrorist financing);
(j) analysing and managing commercial risks; and
(k) any other reasonable purpose relating to the above.
HOW SECURE IS YOUR PERSONAL DATA
F. Security of Personal Data
1. We have appropriate technical and organisational security measures in place to prevent Personal Data from being accidentally lost, or used or accessed unlawfully. While we are committed to ensuring appropriate technical and organisational measures are in place, all risks cannot reasonably be eliminated. The technical and organisational measures include:
(a) designing and organising its security arrangements to fit the nature of the Personal Data held by RWI Group, and the possible harm that might result from a security breach;
(b) requiring employees to be bound by confidentiality obligation in their employment agreements;
(c) using technical measures such as access control, password protection, and dedicated user ID for authentication and encryption (where necessary);
(d) ensuring all our personnel have been trained to handle and protect Personal Data, and limiting the number of people who have access to the databases;
(e) implementing proper policies and procedures to ensure appropriate levels of security for Personal Data of varying levels of sensitivity; and
(f) conducting regular audits and risk assessments of our data protection compliance and adequacy.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
G. Retention of Personal Data
1. RWI Group may retain your Personal Data for as long as it is necessary to fulfil the purpose for which they were collected, or as required or permitted by applicable laws.
2. We will cease to retain your Personal Data as soon as it is reasonable to assume that such retention is no longer necessary for any other legal or business purposes.
WHOM DO WE DISCLOSE YOUR PERSONAL DATA TO; AND WHERE DO WE TRANFER YOUR PERSONAL DATA TO
H. Disclosure and transfer of Personal Data
1. RWI Group may, from time to time, for the same purposes as mentioned above, disclose and/or transfer your Personal Data to the following third parties:
(i) RWI Group of companies and other companies bearing the Genting / Resorts World name;
(ii) agents, contractors, and third party service providers (including their sub-contractors) who provide back-office services such as, but not limited to, information technology, payment, payroll, training, storage, audit, and legal, to RWI Group;
(iii) RWI Group’s insurers and banks;
(iv) medical practitioners appointed by RWI Group;
(v) governmental bodies, tax authorities, regulators, or other industry-recognised bodies as required by any applicable laws, rules and regulations, codes or practice, or guidelines of any applicable jurisdictions, who may in turn and for reasons beyond our control, exchange this information with other foreign authorities, including tax authorities; and
(vi) any other person who may be reasonably connected with the purposes set forth above.
2. If we transfer your Personal Data outside Singapore to the parties and for the purposes permitted under this Policy, we assure you that we will take necessary steps to ensure that the overseas transfer complies with the PDPA. By providing your Personal Data to us, you are deemed to have agreed to the overseas transfer. You can always revoke your consent by emailing our Data Protection Officer.
HOW YOU CAN ACCESS, CORRECT AND WITHDRAW YOUR PERSONAL DATA
I. Access and correction of Personal Data
1. RWI Group takes reasonable steps to ensure that your Personal Data is processed in accordance with the details that have been or may be provided, updated, amended and/or corrected by you from time to time.
2. You may request to access or correct your Personal Data by writing to the designated Data Protection Officer appointed by RWI Group at his/her email address provided below.
3. RWI Group may charge a fee for processing your request for access or correction. Such fee depends on the nature and complexity of your request.
J. Withdrawal of consent to processing Personal Data
1. You may at any time withdraw your consent in respect of the collection, use or disclosure of your Personal Data by notifying the designated Data Protection Officer in writing at his/her email address provided below.
2. In that event, you will be informed of the likely consequences of withdrawing your consent, and should you decide to proceed nonetheless, we will (and cause our data intermediaries and agents to) cease collecting, using or disclosing your Personal Data.
3. Please note that if you withdraw your consent for a limited purpose, we may still use your information for other purposes for which you have not withdrawn your consent, and such Personal Data may still be shared as permitted under the PDPA and other applicable laws.
4. If you do not want your Personal Data to be shared among affiliates or partners of RWI Group, you may opt out of such information sharing by notifying the designated Data Protection Officer in writing at his/her email address furnished below.
5. RWI Group will respond to your access or correction, or withdrawal of consent request, or any other request within the timeframe permitted by law (“Legal Timeframe”). If we are unable to respond within the Legal Timeframe due to the nature and complexity of your request, we will inform you in writing, immediately before the expiry of the Timeframe, of the estimated time by which we will be able to respond to the request.
6. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose your Personal Data where such collection, use and disclosure without consent is permitted under applicable laws.
ENQUIRIES AND UPDATES
K. Designated Data Protection Officer
1. If you have any question or complaint relating to your Personal Data, or you would like to obtain access and correct your Personal Data, or request to withdraw your consent to any use of your Personal Data as set out in this Policy, please contact our Data Protection Officer at: dpo@rwi.genting.
L.Review of Policy
1. RWI Group may review this Policy from time to time to ensure that this Policy is consistent with the PDPA or other applicable laws and regulations. If changes are made, we will update the Policy and reflect the date of such modification in the date above.