Privacy Policy
Introduction
T-Bulk Asia (“Company”) and its subsidiaries and related companies (together with the Company, “T-Bulk Group”, “we”, “us” or “our”) acts as the Data Controller of Personal Data collected from our business customer, suppliers, service providers, and partners, including their respective employees, officers, agents, contractors, or any other individuals they engage (collectively referred to as “you” or “your”). Such Personal Data is processed in accordance with this Policy.
T-Bulk Asia does not knowingly collect or process personal data from children. If we become aware that we have unintentionally collected personal data from a child without appropriate consent, we will delete such information from our records as soon as possible.
This Data Protection and Privacy Policy (“Policy”) of the T-Bulk Asia explains to assist you in understanding the purposes and how to be processing your Personal Data.
Please note that privacy rights and obligations may vary depending on the applicable local Personal Data Protection Laws. Supplemental information relevant to certain countries are included in the schedules appended to this Policy as follows:
Schedule 1
Singapore Addendum to the Privacy Policy
Schedule 2
United States of America Addendum to the Privacy Policy
Schedule 3
Brazil Addendum to the Privacy Policy
Schedule 4
Australia Addendum to the Privacy Policy
Schedule 5
People’s Republic of China Addendum to the Privacy Policy
We will continue to provide supplemental information for other relevant jurisdictions as and when required.
Definitions
Personal Data Protection Authority means the competent regulatory authority in each jurisdiction responsible for administering the applicable Personal Data Protection Laws, including but not limited to:
- the Personal Data Protection Commission of Singapore (“PDPC”);
- the California Privacy Protection Agency (“CPPA”);
- the National Data Protection Authority in Brazil (“ANPD”);
- the Office of the Australian Information Commissioner (“OAIC”);
- the Cyberspace Administration of China (“CAC”); and
- the Information Commissioner’s Office in the United Kingdom (“ICO”).
Personal Data Protection Laws means all applicable statutes, regulations, directives, and subordinate legislation – whether local, national, or international – relating to the processing, protection, and security of Personal Data. These laws may be amended, revised, consolidated, extended, or replaced from time to time, and include, but are not limited to the following:
- Personal Data Protection Act 2012 of Singapore (“PDPA”);
- California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), including all applicable regulations, as amended from time to time. (References to the CCPA include the CPRA);
- Brazilian General Personal Data Protection Law (“LGPD”): including all regulations and/or codes of practice issued under the Law;
- Privacy Act 1988 (Cth) (“Australian Privacy Act”);
- Personal Information Protection Law (“PIPL”) of the People’s Republic of China, including subordinate laws and regulations;
- EU General Data Protection Regulation 2016/679 (“GDPR”); and
- UK General Data Protection Regulation (UK GDPR) as incorporated into domestic law by the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Personal Data means any information, whether true or not – that relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable natural person (such as a customer, employee, or other individual).
This includes, but is not limited to:
- Names
- Contact details
- Passport or identification numbers
- Other similar identifiers
This definition includes “Personal Information” as defined under applicable privacy laws, including
- California Privacy Rights Act (CPRA)
- Australian Privacy Act
- Personal Information Protection Law (PIPL) of the People’s Republic of China
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
- British Columbia’s Personal Information Protection Act (PIPA BC); and
- “Sensitive Personal Data” as defined under Brazil’s General Data Protection Law (LGPD), where applicable.
Data Controller means any organization that determines the purpose and means of processing Personal Data.
Data Processor means any natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller.
Policy Details
1. Information We Collect and Purpose of Collection
We collect various types of personal data directly from you and through your use of our services. This may include your name, contact details, identification numbers, payment information, and other relevant information. Unless otherwise indicated, the personal data we collect is necessary to perform the requested actions or services. While providing your personal data is voluntary, if you choose not to provide certain information, we may be unable to fulfil your request or provide specific services. We generally collect Personal Data when you:
- submit queries, requests, complaints, or feedback, or otherwise communicate with us, we collect personal identifiers such as your name and email address, along with any other information you choose to include in your correspondence. The legal basis for processing this information is the performance of our contract with you (where applicable), or our legitimate interests in responding to your communication;
(b) take part in our surveys and/or events organised solely by us or jointly with third parties, we collect personal identifiers such as your name, personal or business email address, and personal or business telephone number. We use this information to organise and manage the events and, where applicable, to contact you about future business opportunities. The legal basis for processing this information is your consent. You may withdraw your consent at any time with future effect by sending an email request to: sin.admin@t-bulk.asia.
(c) submit forms, applications, resumes, and/or CVs to us either directly or via third-party recruiters as we may collect the following categories of personal data:
- Identifiers: such as your name, address, business and/or personal phone number, and email address;
- Protected classifications: such as your gender, age, and nationality (to the extent permitted by applicable law);
- Professional or employment-related information: including your employment history, job function or department, right to work information, and information obtained from credit reference agencies (where applicable).
We use this information to assess your qualifications for the role applied for, verify your identity, conduct background checks or other verification activities (where permissible by law), and carry out due diligence.
Where necessary, we may also collect your national identity number or passport number to carry out appropriate checks in connection with a contract we have with you, with your employer, or with another entity to which you are related, or to establish or verify your identity with a high degree of accuracy. The legal basis for processing this information is to comply with legal or regulatory obligations to which we are subject, and where necessary, to take steps prior to entering into a contract.
We collect this information above to provide, maintain, and improve our services, communicate with you, comply with legal obligations, and personalize your experience.
2. Information Collected for Research and Development
From time to time, we may collect and use personal data for research and development purposes, including to improve our existing services and to develop new services. This data is processed in accordance with applicable privacy laws and is used solely to enhance our services.
3. Cookies and Similar Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behaviour, preferences, and device. These technologies help us analyse website usage, improve functionality, and deliver personalized content and advertisements (where applicable). You can manage your cookie preferences through your browser settings or, where required by law, through a cookie consent or opt-out mechanism provided on our website.
4. Automated Processing
We do not carry out any automated decision-making processes including profiling, in relation to your personal data.
5. Disclosure of Your Information
Subject to the provisions of any applicable Personal Data Protection Laws, we may share the Personal Data identified in this Privacy Policy in the following :
- Within T-Bulk Group: Where necessary, we share your Personal Data within T-Bulk Group for legitimate business purposes to efficiently carry out our operations and to the extent permitted by law. The legal basis for this processing is our legitimate interest in conducting our business efficiently.
- With Service Providers: We share your Personal Data with our service providers who assist us in delivering our services, including but not limited to:
- Our business partners, customers, suppliers, service providers, and subcontractors for the performance of any contract or other dealings we have with you or the entity you work for in the normal course of business.
- Our auditors, legal advisors, and other professional advisors or service providers.
- Credit reference agencies for the purpose of assessing your creditworthiness where this is related to entering into a contract with you or the entity you work for.
- Payment processing providers that offer secure payment processing services.
- With Government Regulators and Law Enforcement Agencies: We may disclose your Personal Data to relevant government regulators and/or law enforcement agencies (whether local or overseas) to comply with applicable laws, regulations, rules, codes of practice, guidelines, or schemes issued or administered by them.
6. Data Storage and Transfer
Your Personal Data may be transferred to and processed in countries outside of your local jurisdiction or region for the purposes described in this Privacy Policy. These countries may have data protection laws that differ from, and may be less stringent than, those in your jurisdiction.
We may process your Personal Data in other countries in the following circumstances:
- Cloud storage: When we use cloud service providers, your Personal Data may be stored and processed in data centres located outside your local jurisdiction or region.
- Order and service fulfilment: To process your orders, manage payment transactions, and provide customer support services, we may transfer and process your Personal Data outside your local jurisdiction or region to fulfil our contractual obligations to you or your employer.
- Legal obligations: We may be required to transfer and process your Personal Data in other jurisdictions to comply with applicable laws and legal obligations.
- Intra-group transfers: We may share and process your Personal Data within the T-Bulk Group across jurisdictions to support our business operations, in accordance with applicable Personal Data Protection Laws.
Where your Personal Data is transferred outside of your local jurisdiction or region, we (or our permitted third parties) will implement appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms to ensure your data is protected in accordance with applicable data protection laws.
7. Data Security Measures
Please note that no method of data transmission over the Internet (including via mobile applications, email, or other messaging services) is completely secure. While we take reasonable steps to protect your Personal Data, we cannot guarantee the absolute security of any data transmitted to our website or business systems/applications. Any such transmission is at your own risk. However, we implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, encryption, access controls, secure storage, and regular security assessments to ensure the ongoing confidentiality, integrity, and availability of your data.
All third-party service providers and entities within the T-Bulk Group are required to implement appropriate security measures and are permitted to process Personal Data only for specified purposes, and only in accordance with our instructions and applicable data protection laws.
Our website may, from time to time, contain links to external websites operated by third parties with different privacy practices. We are not responsible for the content, policies, or practices of these external sites. You are encouraged to review the privacy policies of any third-party websites before providing your Personal Data to them.
8. Data Retention Periods
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or to comply with applicable legal, regulatory, or contractual obligations. Once your data is no longer required, we securely delete or anonymize it to protect your privacy.
9. Your Data Protection Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data, including but not limited to the right to access, correct, delete, restrict, or object to the processing of your personal data, as well as the right to data portability. Additionally, where our processing is based on your consent, you have the right to withdraw that consent at any time.
If you are resident in the Singapore, USA, Brazil, Australia and People’s Republic of China, please refer to the Schedules of this Privacy Policy to learn more about your rights and how to exercise them.
10. Filing a Complaint with a Data Protection Authority
If you believe your privacy rights have been violated, you have the right to file a complaint with the relevant data protection authority in your jurisdiction. Contact information for these authorities is typically available on their official websites.
11. Contact Information
For questions, concerns, or requests related to your personal data or this privacy policy, please contact us at:
Email : sin.admin@t-bulk.asia
Address : 10 Anson Road #26-06 International Plaza Singapore 079903
Policy Details
1. Information We Collect and Purpose of Collection
We collect various types of personal data directly from you and through your use of our services. This may include your name, contact details, identification numbers, payment information, and other relevant information. Unless otherwise indicated, the personal data we collect is necessary to perform the requested actions or services. While providing your personal data is voluntary, if you choose not to provide certain information, we may be unable to fulfil your request or provide specific services. We generally collect Personal Data when you:
- submit queries, requests, complaints, or feedback, or otherwise communicate with us, we collect personal identifiers such as your name and email address, along with any other information you choose to include in your correspondence. The legal basis for processing this information is the performance of our contract with you (where applicable), or our legitimate interests in responding to your communication;
(b) take part in our surveys and/or events organised solely by us or jointly with third parties, we collect personal identifiers such as your name, personal or business email address, and personal or business telephone number. We use this information to organise and manage the events and, where applicable, to contact you about future business opportunities. The legal basis for processing this information is your consent. You may withdraw your consent at any time with future effect by sending an email request to: sin.admin@t-bulk.asia.
(c) submit forms, applications, resumes, and/or CVs to us either directly or via third-party recruiters as we may collect the following categories of personal data:
- Identifiers: such as your name, address, business and/or personal phone number, and email address;
- Protected classifications: such as your gender, age, and nationality (to the extent permitted by applicable law);
- Professional or employment-related information: including your employment history, job function or department, right to work information, and information obtained from credit reference agencies (where applicable).
We use this information to assess your qualifications for the role applied for, verify your identity, conduct background checks or other verification activities (where permissible by law), and carry out due diligence.
Where necessary, we may also collect your national identity number or passport number to carry out appropriate checks in connection with a contract we have with you, with your employer, or with another entity to which you are related, or to establish or verify your identity with a high degree of accuracy. The legal basis for processing this information is to comply with legal or regulatory obligations to which we are subject, and where necessary, to take steps prior to entering into a contract.
We collect this information above to provide, maintain, and improve our services, communicate with you, comply with legal obligations, and personalize your experience.
2. Information Collected for Research and Development
From time to time, we may collect and use personal data for research and development purposes, including to improve our existing services and to develop new services. This data is processed in accordance with applicable privacy laws and is used solely to enhance our services.
3. Cookies and Similar Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behaviour, preferences, and device. These technologies help us analyse website usage, improve functionality, and deliver personalized content and advertisements (where applicable). You can manage your cookie preferences through your browser settings or, where required by law, through a cookie consent or opt-out mechanism provided on our website.
4. Automated Processing
We do not carry out any automated decision-making processes including profiling, in relation to your personal data.
5. Disclosure of Your Information
Subject to the provisions of any applicable Personal Data Protection Laws, we may share the Personal Data identified in this Privacy Policy in the following :
- Within T-Bulk Group: Where necessary, we share your Personal Data within T-Bulk Group for legitimate business purposes to efficiently carry out our operations and to the extent permitted by law. The legal basis for this processing is our legitimate interest in conducting our business efficiently.
- With Service Providers: We share your Personal Data with our service providers who assist us in delivering our services, including but not limited to:
- Our business partners, customers, suppliers, service providers, and subcontractors for the performance of any contract or other dealings we have with you or the entity you work for in the normal course of business.
- Our auditors, legal advisors, and other professional advisors or service providers.
- Credit reference agencies for the purpose of assessing your creditworthiness where this is related to entering into a contract with you or the entity you work for.
- Payment processing providers that offer secure payment processing services.
- With Government Regulators and Law Enforcement Agencies: We may disclose your Personal Data to relevant government regulators and/or law enforcement agencies (whether local or overseas) to comply with applicable laws, regulations, rules, codes of practice, guidelines, or schemes issued or administered by them.
6. Data Storage and Transfer
Your Personal Data may be transferred to and processed in countries outside of your local jurisdiction or region for the purposes described in this Privacy Policy. These countries may have data protection laws that differ from, and may be less stringent than, those in your jurisdiction.
We may process your Personal Data in other countries in the following circumstances:
- Cloud storage: When we use cloud service providers, your Personal Data may be stored and processed in data centres located outside your local jurisdiction or region.
- Order and service fulfilment: To process your orders, manage payment transactions, and provide customer support services, we may transfer and process your Personal Data outside your local jurisdiction or region to fulfil our contractual obligations to you or your employer.
- Legal obligations: We may be required to transfer and process your Personal Data in other jurisdictions to comply with applicable laws and legal obligations.
- Intra-group transfers: We may share and process your Personal Data within the T-Bulk Group across jurisdictions to support our business operations, in accordance with applicable Personal Data Protection Laws.
Where your Personal Data is transferred outside of your local jurisdiction or region, we (or our permitted third parties) will implement appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms to ensure your data is protected in accordance with applicable data protection laws.
7. Data Security Measures
Please note that no method of data transmission over the Internet (including via mobile applications, email, or other messaging services) is completely secure. While we take reasonable steps to protect your Personal Data, we cannot guarantee the absolute security of any data transmitted to our website or business systems/applications. Any such transmission is at your own risk. However, we implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, encryption, access controls, secure storage, and regular security assessments to ensure the ongoing confidentiality, integrity, and availability of your data.
All third-party service providers and entities within the T-Bulk Group are required to implement appropriate security measures and are permitted to process Personal Data only for specified purposes, and only in accordance with our instructions and applicable data protection laws.
Our website may, from time to time, contain links to external websites operated by third parties with different privacy practices. We are not responsible for the content, policies, or practices of these external sites. You are encouraged to review the privacy policies of any third-party websites before providing your Personal Data to them.
8. Data Retention Periods
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or to comply with applicable legal, regulatory, or contractual obligations. Once your data is no longer required, we securely delete or anonymize it to protect your privacy.
9. Your Data Protection Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data, including but not limited to the right to access, correct, delete, restrict, or object to the processing of your personal data, as well as the right to data portability. Additionally, where our processing is based on your consent, you have the right to withdraw that consent at any time.
If you are resident in the Singapore, USA, Brazil, Australia and People’s Republic of China, please refer to the Schedules of this Privacy Policy to learn more about your rights and how to exercise them.
10. Filing a Complaint with a Data Protection Authority
If you believe your privacy rights have been violated, you have the right to file a complaint with the relevant data protection authority in your jurisdiction. Contact information for these authorities is typically available on their official websites.
11. Contact Information
For questions, concerns, or requests related to your personal data or this privacy policy, please contact us at:
Email : sin.admin@t-bulk.asia
Address : 10 Anson Road #26-06 International Plaza Singapore 079903
Schedule 1: Singapore Addendum
This Singapore Addendum (“Singapore Addendum”) supplements this Privacy Policy to the extent that the Personal Data Protection Act 2012 of Singapore (“PDPA”) applies to the processing of Personal Data in Singapore by the T-Bulk Group.
In the event of any inconsistency between this Singapore Addendum and the main body of the Privacy Policy, this Singapore Addendum shall prevail with respect to such processing in Singapore.
For the purposes of this Singapore Addendum and the Privacy Policy as it applies in Singapore, “Personal Data” has the meaning given under the PDPA. It refers to data, whether true or not, about an individual who can be identified:
- from that data; or
- from that data and other information to which the organisation has or is likely to have access.
Do We Transfer Your Personal Data Internationally?
We generally collect and process your Personal Data in Singapore. However, we may disclose your Personal Data to recipients located outside Singapore in the following circumstances:
- Service Providers – who handle, process, or store your Personal Data on our behalf (e.g. cloud storage providers or vendors assisting with system support or service improvement);
- Government Authorities – such as law enforcement agencies, regulatory authorities, or other public bodies requiring your Personal Data for purposes including state security, customs, or immigration;
- Other T-Bulk Group Entities – for internal administrative, business, or operational purposes.
We only transfer your Personal Data outside of Singapore where permitted by applicable Personal Data Protection Laws. In such cases, we will take reasonable steps to ensure that any overseas recipient provides a standard of protection that is comparable to that under the PDPA.
Do We Use or Share Your Personal Data for Direct Marketing?
We (or other members of the T-Bulk Group) may send you direct marketing communications and information about services that may be of interest to you, in accordance with applicable Personal Data Protection Laws. These communications may be delivered via email, SMS, or other communication channels.
You may opt out of receiving such communications at any time by:
- contacting our Data Protection Officer using the contact details; or
- using the opt-out mechanisms provided in our communications (e.g. the unsubscribe link in marketing emails).
Schedule 2: United Stated of America Addendum
This United States of America Addendum (“USA Addendum”) supplements this Privacy Policy to the extent that the following U.S. state and federal privacy laws apply to the processing of Personal Data by the T-Bulk Group in the United States:
- California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)
- California Online Privacy Protection Act (CalOPPA)
- Nevada’s NRS 603A.300 et seq.
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Virginia Consumer Data Protection Act (VCDPA)
- Utah Consumer Privacy Act (UCPA)
- Children’s Online Privacy Protection Act (COPPA)
In the event of any conflict between this USA Addendum and the main body of the Privacy Policy, this Addendum shall prevail with respect to Personal Data processing in the United States.
Sensitive Personal Information
Under applicable U.S. privacy laws (including the CPRA and other state laws), Sensitive Personal Information (SPI) may include:
- Government-issued identifiers (e.g., Social Security number, passport number)
- Financial account and login credentials
- Racial or ethnic origin
- Religious or philosophical beliefs
- Health or biometric data
- Precise geolocation data
We do not use or disclose Sensitive Personal Information for purposes beyond those permitted by law, such as providing services, preventing fraud, or verifying your identity. We do not use SPI to infer characteristics about you without your consent.
Data Retention
We retain your Personal Data (including Sensitive Personal Information) only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When Personal Data is no longer needed, we will securely delete or anonymize it.
The criteria we use to determine the retention period include:
- The nature of our relationship with you
- Legal and regulatory requirements
- Internal business and security needs
- The type and sensitivity of the Personal Data
Your Consumer Privacy Rights
Depending on your U.S. state of residence, you may have the following rights regarding your Personal Data:
Right | Description |
Right to Access | Request confirmation of whether we process your data and access a copy. |
Right to Correct | Request correction of inaccuracies in your Personal Data. |
Right to Delete | Request deletion of your Personal Data, subject to certain exceptions. |
Right to Data Portability | Request to receive your data in a portable, machine-readable format. |
Right to Opt-Out of Sales | Opt-out of the “sale” or “sharing” of your Personal Data with third parties. |
Right to Opt-Out of Profiling | Opt-out of automated decision-making or profiling that has legal effects. |
Right to Limit Use of SPI | Limit how we use and disclose Sensitive Personal Information. |
Right to Non-Discrimination | You will not be discriminated against for exercising any of your rights. |
How to Exercise Your Rights
To exercise the privacy rights, you need to submit your request to us by contacting us via the contact details provided.
For us to respond to your request, we must be able to verify your identity. We will not respond to any request if we are unable to verify that the personal information in our possession relates to you. Any personal information collected from you for the purpose of verifying your identity will be used solely for that purpose. We will not retain this information longer than necessary, nor will we use it for any unrelated purposes or disclose it further.
Do Not Track (DNT)
Your browser may allow you to set a “Do Not Track” (DNT) preference to indicate that you do not wish to be tracked online. We respect DNT signals and will not place cookies or collect information via cookies when your browser is set to DNT. You can manage this setting through the Preferences or Settings menu of your web browser.
Global Privacy Control (GPC)
Some browsers and browser extensions support Global Privacy Control (GPC) signals to automatically communicate your privacy preferences to websites you visit, including requests to opt out of certain types of data processing or “sales” under applicable laws.
Where we detect a GPC signal, we will make reasonable efforts to respect it in accordance with applicable U.S. data privacy laws.
Schedule 3: Brazil Addendum
This Brazil Addendum (“Brazil Addendum”) supplements this Policy to the extent that the Lei Geral de Proteção de Dados Pessoais (Law No. 13.709/2018, “LGPD”) applies to the processing of Personal Data in Brazil by the T-Bulk Group. In the event of any inconsistencies between this Brazil Addendum and the rest of this Policy, this Brazil Addendum shall prevail.
Personal Data Under The LGPD
In this Brazil Addendum, “Personal Data” has the same meaning as defined under the LGPD: data relating to an identified or identifiable natural person.
“Sensitive Personal Data,” as defined in the LGPD, includes data concerning racial or ethnic origin, religious beliefs, political opinions, union membership, or data concerning health or sex life, genetic or biometric data, when linked to an individual. The LGPD provides enhanced protections for Sensitive Personal Data, and its processing is limited to specific legal bases.
Under the LGPD:
- A “Data Controller” is the individual or legal entity, whether public or private, responsible for decisions regarding the processing of Personal Data.
- A “Data Processor” (or “operator”) is the party that processes Personal Data on behalf of the controller.
Do We Transfer Your Personal Data Internationally?
We may share your Personal Data with recipients located outside Brazil, including:
- Service providers that process or store Personal Data on our behalf (e.g., cloud storage providers or analytics platforms);
- Government authorities or regulators, including law enforcement agencies, when required by law or in connection with matters such as customs or immigration;
- Other SB Group entities, for legitimate business purposes.
We will only transfer your Personal Data internationally in compliance with the LGPD. This may include:
- Obtaining your explicit consent;
- Transferring data to countries with adequate data protection laws as recognized by the Brazilian data protection authority (ANPD); or
- Ensuring the recipient adopts standard contractual clauses or other safeguards required under the LGPD.
Your Rights Under The LGPD
We respect your privacy and will facilitate the exercise of your rights under the LGPD. Subject to the LGPD and applicable conditions, you have the right to:
(a) Request confirmation of whether we process your Personal Data;
(b) Request access to your Personal Data;
(c) Request correction of inaccurate or incomplete Personal Data;
(d) Request the anonymization, blocking, or deletion of unnecessary or excessive Personal Data or data processed in non-compliance with the LGPD;
(e) Request information about third parties with whom we have shared your Personal Data;
(f) Request information about the possibility of denying consent, and the consequences of such denial;
(g) Revoke your consent at any time, where processing is based on consent.
How to Exercise Your Rights
To exercise the privacy rights, you need to submit your request to us by contacting us via the contact details provided.
For us to respond to your request, we must be able to verify your identity. We will not respond to any request if we are unable to verify that the personal information in our possession relates to you. Any personal information collected from you for the purpose of verifying your identity will be used solely for that purpose. We will not retain this information longer than necessary, nor will we use it for any unrelated purposes or disclose it further.
Schedule 4: Australia Addendum
This Australia Addendum (“Australia Addendum”) supplements this Policy to the extent that the Privacy Act 1988 (Cth) (“Australian Privacy Act”) applies to the processing of Personal Data in Australia by the SB Group. In the event of any inconsistency between this Australia Addendum and the rest of this Policy, this Australia Addendum shall prevail.
Personal Data Under The Australian Privacy Act
For the purposes of this Australia Addendum and the Privacy Policy as it relates to Australia, “Personal Data” has the same meaning as “personal information” under the Australian Privacy Act — that is, information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not.
“Sensitive information” is a subset of personal information and includes information such as health information, racial or ethnic origin, political opinions, religious beliefs, and other categories specified in the Australian Privacy Act.
Note: The concept of a “Data Controller” or “Data Processor” does not exist under the Australian Privacy Act.
Do We Transfer Your Personal Data Internationally?
We generally collect your Personal Data in Australia. However, we may disclose your Personal Data to overseas recipients located in countries including Singapore and Hong Kong SAR. These recipients may include:
- Our service providers who process, handle, or store Personal Data on our behalf (e.g. data hosting providers, analytics providers, or technology partners);
- Law enforcement agencies, regulators, or government authorities where disclosure is required or permitted by law (e.g. for immigration, customs, or security purposes); and
- Other T-Bulk Group entities, where necessary for our legitimate business functions and as permitted under the Australian Privacy Act.
We only transfer Personal Data outside Australia in compliance with the Australian Privacy Principle 8 (APP 8). This generally means we will take reasonable steps to ensure that the overseas recipient does not breach the APPs, or we will obtain your informed consent to the transfer, or another exception applies under the Act.
Access To And Correction Of Personal Data
You may request access to, or correction of, the Personal Data we hold about you by contacting our Data Protection Officer using the contact details provided in the Privacy Policy. We take reasonable steps to ensure that the Personal Data we collect, use, or disclose is accurate, complete, and up to date. You can help us by notifying us if your details change or if you become aware of any errors in the information we hold.
If you believe that any Personal Data we hold is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to request that we correct it. We will take reasonable steps to do so.
In limited circumstances permitted under the Australian Privacy Act, we may refuse your request to access or correct your Personal Data. If we do, we will provide you with a written explanation and, in the case of correction, allow you to associate a statement with the information explaining your concerns.
Do We Use or Share Your Personal Data for Direct Marketing?
We (or any member of the T-Bulk Group) may send you direct marketing communications and information about our services that maybe of interest to you. These communications may be delivered via emails, SMS, or other communication channels, as permitted by law.
We will only send such communications:
- In compliance with applicable privacy and electronic communications laws, including the Australian Privacy Act (APP 7) and the Spam Act 2003 (Cth); and
- Where you have provided your consent, or as otherwise permitted under those laws.
You may opt-out of receiving direct marketing communications at any time by:
- Contacting our Data Protection Officer using the contact details; or
- Clicking the unsubscribe link or using other opt-out mechanisms included in our communications.
Schedule 5: People’s Republic of China Addendum
This People’s Republic of China Addendum (“PRC Addendum”) supplements the Policy to the extent that the Personal Information Protection Law of the PRC (PIPL) applies to the processing of your Personal Data where such processing occurs in, or relates to individuals located in, the People’s Republic of China (“PRC”). For the purpose of this Policy, the PRC excludes the Hong Kong Special Administrative Region, Macao Special Administrative Region, and Taiwan Region.
This PRC Addendum forms part of the Policy. In the event of any inconsistencies between this PRC Addendum and the rest of the Policy, this PRC Addendum shall prevail.
Legal Basis for Processing Personal Data
Where PIPL applies:
- We do not rely on “legitimate interests” as a lawful basis for processing your Personal Data.
- In addition to the legal bases outlined in the main Policy, under PIPL, we may also process your Personal Data without your consent in the following circumstances:
- Where it is necessary to respond to public health emergencies or to protect life, health, or property in emergencies;
- Where it is necessary for news reporting, public opinion supervision, or other activities in the public interest, provided that the processing is within a reasonable scope;
- Where the Personal Data has been publicly disclosed by you or lawfully made public by other means, and the processing is carried out within a reasonable scope and does not have a significant impact on your rights and interests.
Separate Consent Requirements
Notwithstanding the above, under PIPL, separate consent is required in the following situations:
- Disclosure of your Personal Data to other data controllers;
- Public disclosure of your Personal Data;
- Use of your image or identifying information collected from public places for purposes other than safeguarding public security;
- Processing of Sensitive Personal Information (as defined in PIPL); or
- Exporting your Personal Data outside the PRC.
Cross-Border Transfers of Personal Data
When exporting your Personal Data outside the PRC including by transferring it or allowing overseas recipients to access it. We will take necessary measures to ensure that such data is handled by the overseas recipient in a manner that meets or exceeds the protection standards required by PIPL.
Depending on the volume and sensitivity of the data, we will comply with one or more of the following mechanisms required under PIPL:
- Passing a security assessment conducted by the Cyberspace Administration of China (CAC);
- Obtaining personal information protection certification from a recognized institution;
- Entering into a standard contractual clause formulated by the CAC with the overseas recipient;
- Meeting any other applicable legal requirements under PRC laws, administrative regulations, or CAC rules.
Your Rights Under PIPL
Where PIPL applies to our processing of your Personal Data, you have the following rights:
- Restrict or object to the processing of your Personal Data;
- Access or request a copy of your Personal Data, unless laws require us to keep it confidential;
- Request portability of your Personal Data to another data controller, subject to CAC conditions;
- Request correction or supplementation if your Personal Data is inaccurate or incomplete;
- Request deletion of your Personal Data in the following situations:
- The purpose for processing has been fulfilled or can no longer be achieved;
- The retention period has expired;
- You have withdrawn your consent;
- Processing violates applicable laws or breaches our contract with you;
- Any other condition stipulated under applicable laws or regulations;
- Request explanations regarding this Policy or our other rules for handling Personal Data.
If our processing is based on your consent, you may withdraw your consent at any time. However, your withdrawal will not affect the legality of processing that occurred prior to the withdrawal.