ALWAYS ON TIME (AOT)

PRIVACY POLICY

Last updated: [17 March 2022]

1. General

• This is the privacy policy (“Policy”) of Always on Time (“Platform”). The Platform, applications, website and other services that we may offer (collectively referred to as the “Platforms”) are provided for and operated by AOT Software Pte. Ltd. (Company Registration No. 202138465G), a private company limited by shares incorporated in Singapore and having its registered address at 150 Beach Road #28-05/06 Gateway West Singapore 189720 (hereinafter referred to as “Company”, “we,” and “us”).
  
  
• Users (“you” or “your“) are to read this Policy carefully and to refer to it as and when required. By using the Platform, you are deemed to have accepted our practices as described in this Policy and undertaken to comply with the same.
  
  
• We recognise your privacy and have adopted this Policy which is compliant with the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”) and the European Union General Data Protection Regulation (“GDPR”) to reflect our commitment to respecting and protecting your privacy and personal data.
  
  
• This Policy outlines the personal data that we collect, how it may be used, how it is stored and retained, whom it may be transmitted to as well as our and your responsibilities in relation to such uses and disclosures. We draw to your attention that we utilize Facebook Business Tools and Google Ads and your personal data collected may be used for the purpose of remarketing, which is a way of attracting visitors back to the Platforms.
  
  
• The PDPA recognises the rights of individuals to protect their personal data (including rights of access and correction) and the requirement for organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

2. Collection of information

• We collect information when you create an account and use the Platform. We also collect information you share with us from third-party social network providers such as Facebook or other third party service providers such as Google with whom you maintain a profile with or an account with, including but not limited to:
  
  
• Full name, including any aliases;
  
  
• Unique identification number (such as an identity card number, company unique entity numbers, birth certificate number or passport number);
  
  
• Business Names;
  
  
• Business websites or social media links;
  
  
• Job titles;
  
  
• Residential address;
  
  
• Date of birth;
  
  
• Nationality; and
  
  
• E-mail address(es) and other contact information that you may provide to us.
  
  
• With regard to each of your visit to our Platform we may collect, in accordance with applicable laws and, where required, with your consent, information relating to the devices you use and the networks that they are connected to when using our services. This may include the following information: your IP address, log-in information, smartphone device brand and type, browser type and version, operating system and platform, advertising identifier, information about your visit including the URL clickstream to, through and from our Platforms, products you viewed or searched for, download errors, length of visits to certain pages, and page interaction. We may collect this information through the use of various technologies including cookies.
  
  
• We will collect only the information listed in paragraph 2.1 above that is reasonable for us to provide you with our services. We will not be responsible for relying on inaccurate or incomplete data arising from your failure to notify us of any changes or inaccuracies in your personal data that was initially provided.
  
  
• The information which you have provided us shall be retained for the period of time which you operate an account on the Platform In the event that any of your account on any of the Platforms is suspended or blocked, we will keep your data for a period of between 2 and 10 years in order to prevent them from circumventing the rules applying to our Platform, after which we shall cease to retain your personal data.

3. Use of information
   

• By using the Platforms, you expressly authorise and consent to us gathering, reviewing, retaining and where reasonably required, transmitting your personal data to our intermediary companies and entities for the proper and reasonable purpose of them storing and using the data responsibly and in accordance with the PDPA. When you provide personal information through our Platform, the information may be sent to servers located outside of Singapore.
  
  
• We will also take appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations that are in-line with the requirements under the PDPA. Notwithstanding the foregoing, you acknowledge that despite the use of commercially reasonable measures to ascertain the foregoing, the Company is not able to eliminate third party risk leading to data breaches that arise from negligence, default or bad faith of such third party providers,
  
  
• We may use this information to:
  
  
• Ensure that the content on our Platforms are presented in the most effective manner for you and understand your interests;
  
  
• Provide the services on the Platform to you and contact you on the same;
  
  
• Allow you to participate in features of the Platforms and other services;
  
  
• Communicate with you by email or other chosen means to send relevant notifications about our events and services that may be of interest to you;
  
  
• Contact you and notify you about changes to the Platforms or the services that we offer (except where you have expressly requested for us not to do so);
  
  
• Ensure that you comply with our terms and conditions and the applicable law; and
  
  
• Send to you important notifications that you will require in order to use the Platforms.

• By using the Platform, you expressly authorize and consent to the Company gathering, reviewing, retaining and transmitting your personal data as is proper and reasonable for the purposes enumerated in Clause 3.3. above, in accordance with the PDPA and GDPR.

Remarketing

• We use remarketing services offered by Google Ads and Facebook Business Tools to advertise the Platform on websites across the Internet to you after you have visited or browsed any medium hosting the Platform, such as the AOT Website and mobile or web applications developed by AOT.
  
  
• Third-party vendors such as Google, Facebook may use cookies and/or device identifiers to inform, optimize, conduct measurements and serve advertisements to you based on your past visits to the Platform. You may find interest-based advertising on the Platform and on third-party websites using information collected using the cookies and/or device identifiers. For example, Facebook Business Tools such as Facebook Pixel, Conversions API (formerly known as Server-Side API), Facebook SDK for App Events, Offline Conversions, App Events API and Offline Events API collect contact information and event data which may include personal data. The information collected by Facebook using cookies, web beacons and other storage technologies may be used for purposes that include matching users to advertising subjects, measurement, analytics, targeting and personalizing advertisement delivery.
  
  
• To control the use of information collected by cookies and/or device identifiers, you can configure your browser to reject cookies, or you can prevent the collection of data generated by cookies related to the use of the Platform by the use of various methods including, but not limited to:
  
  
• signing into your Google Account and setting the personalization buttons under the Google Advertising Settings therein to “off”;
  
  
• You may also access: https://support.google.com/ads/answer/2662922 , and understand your options for controlling your advertising preferences on websites and/or mobile applications;
  
  
• You can also control the use of device identifiers at having regard to the information at: https://support.google.com/ads/answer/1660762#mob;
  
  
• You may also opt out of a third-party’s vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page at: https://thenai.org/opt-out/ ;
  
  
• You can also exercise your choice to opt-out of the collection and use of information for ad targeting at: http://www.aboutads.info/choices and  http://www.youronlinechoices.eu/ ).
  
  
• You may select the cookies that you are enabling. By proceeding, you agree to the functions associated with the cookies you have selected.

4. With whom we share your information

• We do not share your personal information with others except as indicated in this Policy or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:
  
  
• Service providers: We may share information, including personal information, with third parties that perform certain services on our behalf. These services may include, without limitation, server hosting, marketing and supporting our notification service functionality. These service providers may have access to personal information needed to perform their functions but are not permitted to disclose or use such information for any other purposes. In particular,
  
  
• We may allow third party service providers, advertising companies, advertisement networks, merchandising companies and other third parties to display advertisements and brands on our Platforms. These companies may use tracking technologies, such as cookies or web beacons, to collect information about users who view or interact with their advertisements.
  
  
• We do not provide any non-anonymized personal information to third parties. We will adhere strictly to the provisions in the PDPA in relation to any disclosure and dissemination of information to any third parties.
  
  
• We may disclose your information, including personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights, to defend against legal claims, or as otherwise required by law.
  
  
• We will not transfer any of your personal data to a country or territory outside Singapore except to organisations that provide a standard of protection to personal data that is comparable to the protection under the PDPA. Notwithstanding the foregoing, you acknowledge that despite the use of commercially reasonable measures to ascertain the foregoing, the Company is not able to eliminate third party risk leading to data breaches that arise from negligence, default or bad faith of such third party providers,
  
  
• Notwithstanding any of the provisions under this section, where you request that the personal data you have provided to the Company be transmitted to another organization (“Porting Request”), the Company shall:
  
  
• Verify your identity using commercially reasonable action, without for the avoidance of doubt, any obligation to exhaustively prevent and detect malicious requests for personal data;
  
  
• Verify whether your Porting Request is a request in respect of your personal data that is collected by or in the control of the Company;
  
  
• Acknowledge receipt of the Porting Request;
  
  
• Provide the personal data in your Porting Request to the organization identified by you in a commonly used machine readable format, accepted by the target organization (such as but not limited to .xml, .json and .csv or such other structured format that can automatically be read and processed by a computer) within a 1 calendar month using all reasonable measures to transfer such data securely, without for the avoidance of doubt, any obligation to exhaustively prevent and detect malicious intent by any organization that is target of a Porting Request; and
  
  
• Inform you within 1 calendar month of the transmission of personal data pursuant to the Porting Request, without for the avoidance of doubt, any requirement to confirm the receipt of the personal data sent pursuant to the Porting Request by the target organization.
  
  
• References to an organization shall take its meaning under the PDPA, and refers to any individual, company, association or body of persons, corporate or unincorporated, whether or not formed or recognized under the law of Singapore or resident in Singapore.
  
  
• The Company shall, from time to time, review the portion of the Privacy Policy relating to the Porting Request to ensure compliance with the PDPA and any amendments to the Privacy Policy shall be subject to Clause 9 below.

5. Third Party Sites

5.1.   There are a number of places on our Platforms where users may click on a link to access other websites that do not operate under this Policy. For example, if users click on an advertisement (news and promotions) on our Platforms, they may be taken to a website that we do not control. These third-party websites may independently solicit and collect information, including personal information, from the users and, in some instances, provide us with information about the users’ activities on those websites. You are advised to consult the privacy statements of all third-party websites that you visit. You are informed that you are seeing such third-party advertisements as a result of our remarketing tools.

6. How we protect personal information

• We will take commercially reasonable security measures to help safeguard your personal information from unauthorised access, collection, use, copying, modification, disposal and disclosure. However, no system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your personal information, activities on the Platforms, or other communications will always remain secure.
  
  
• If you wish to delete your personal data in our possession, please email us at support@aot.plus .

7. Children’s privacy

Although our Platforms are for a general audience, we restrict the use of our Platforms to individuals aged 18 and above. We do not knowingly collect, maintain, or use personal information of children under the age of 18. It is your sole responsibility to provide your correct birth date.

8. No Third-party Rights

This Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Platforms.

9. Notification of changes to our Privacy Policy

• As part of our efforts to ensure that we properly manage, protect and process your personal data, we will review our policies, procedures and processes from time to time.
  
  
• We reserve the right to amend the terms set forth under this Policy at our absolute discretion.
  
  
• We will post details of any changes to this Policy on the Platforms to help ensure that you are always aware of the information that we collect, how we use it, and in what circumstances, if any, that we share it with other parties.
  
  
• You are encouraged to visit the Platforms from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
  
  
• If you do not agree to the updated policy, you must stop accessing or using the Platform.

10. Data Breaches

• The Company shall, in the event of a compromise of personal data:
  
  
• Assess the extent to which personal data collected by the Company has been compromised and put in place appropriate measures to contain the breach of personal data and minimize any harm to you arising from the breach of personal data;

• Analyze and determine the cause of the data breach;

• Ascertain if the data breach is a notifiable data breach under the PDPA;

• Report the data breach to the Singapore Personal Data Protection Commission if the data breach is a notifiable data breach;

• Ascertain if you are required to be informed of the data breach having regard to the Personal Data Protection (Notification of Data Breaches) Regulations 2021 and the Advisory Guidelines on Key Concepts in the PDPA;

• Inform you if you are required to be notified of the data breach; and
  
  
• Take continuing action to prevent further harm to you arising from the breach of personal data, including but not limited to reviewing measures taken to contain breaches of personal data and protect personal data.
  
  
• The Company shall, in managing data breaches, have regard to the Guide on Managing and Notifying Data Breaches under the PDPA (“Guide”). Subject to the compliance of the Company with the Guide in the event of a breach of personal data, by continuing to use the Platform following such an event of breach, you confirm that you accept the adequacy of measures taken by the Company following an event of breach of personal data.

11. Specific provisions related to the European Union General Data Protection Regulation (GDPR)

• We acknowledge that the GDPR will apply if we process or hold any personal data of individuals residing in the EU or if we offer goods or services to individuals in the EU (“EU Individuals”).
  
  
• We understand that we may lawfully process personal data if consent is provided by the EU Individual for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for our compliance with a legal obligation.
  
  
• We understand that personal data must be processed lawfully, fairly and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.
  
  
• We acknowledge and agree that the GDPR affords EU Individuals with rights such as:
  
  
• Right to access and obtain a copy of the EU Individuals’ personal data, including the purposes of processing and who the personal data has been disclosed to;
  
  
• Right to rectify inaccurate personal data concerning the EU Individual;
  
  
• Right to erasure of personal data concerning the EU Individual in certain circumstances;
  
  
• Right to restriction of processing of personal data in certain circumstances, such as where the accuracy of the personal data is contested, or the processing is unlawful;
  
  
• Right to data portability by receiving personal data concerning the EU Individual or data which has been provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to another organisation;
  
  
• Right to object to the processing of personal data in certain circumstances, including for the purposes of direct marketing; and
  
  
• Right not to be subject to automated decision-making (including profiling) where this has a legal effect on the EU Individual or significantly affects him.
  
  
• We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.
  
  
• By proceeding with or continuing with the use of the Platform, you agree that this Policy and the Terms and Conditions of Use of the Platform provide sufficient protection to your personal data rights under the GDPR. You also agree that where the Company has acted on your request in accordance with Clause 10.5, the action by the Company is in all respects, compliant with the GDPR.

12. Contact & Data Protection Officer

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or request relating to your personal data, you may use one of the following means:

• Email to our Data Protection Officer at support@aot.plus;
  
  
• We will process your request within fourteen  (14) working days from the date on which the request for withdrawal of consent was made, and will thereafter not collect, use and/or disclose your personal data.

However, your withdrawal of consent may mean that we will not be able to continue with the existing relationship with you and the contract that you have with us will have to be terminated.