1. Introduction

At Thiraviyam Pte Ltd (herein referred to as “we”, “us”, “our”, or “TPL”), we are committed to protecting and respecting your privacy, while complying with the provisions of the Personal Data Protection Act 2012 of Singapore (“PDPA”) as may be amended from time to time.

We have developed this Data Privacy Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.

This Privacy Policy (together with any other documents referred to in it) sets out the basis on which any personal data that we may collect from you, provided to us, is disclosed and processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This Privacy Policy applies to all users of our website Winovr.com.

If you are a minor (under the age of 21 or 18 according to relevant applicable laws), please obtain parental or guardian consent before sending any personal data about yourself to us.

2. How We Collect Your Personal Data?

In this Privacy Policy, “Personal Data” refers to any data and/or information, whether true or not, about an individual who can be identified from that data or from the data, to which we have or likely to have, including data in our records as may be updated from time to time. Under the PDPA, business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.

We are committed to safeguarding your privacy and will treat all personal data provided by you in strict confidence. We will only use and disclose your personal data in the manner set out in this Privacy Policy.

This Privacy Policy applies to all personal data that you provide to us and the personal data we hold about you. We will take reasonable steps to handle and to protect your personal data as required under the PDPA and other relevant legislations.

We collect your personal data when you:

1. Register or create an account: you will need to provide personal data including your name, gender, email address and/or mobile number, address, and/or date of birth and a password.
2. Subscribe to our premium Service: we will collect your billing information and payment details upon payment. Payments are processed by a third-party vendor (Stripe) and your credit card information is safely stored with them. Our partners never share your credit card details with us and under no circumstances can we receive these details.
3. Participate in referral incentives: your Bank Account information will be collected to facilitate the periodic referral payments.
4. Build your resume: you will have control over the information displayed on your profile, such as your education, work experience, skills, competencies, certifications, photo, location, address, references and any other information related to your resume / professional profile.
5. Enter into an agreement or contract with us to provide you with our consultancy and advisory services
6. Respond to our electronic direct mails (EDMs) sent by us as part of our marketing or promotion campaigns through an authorised third party EDM service provider
7. Are referred to us for our services by one of our clients
8. Visit our website and leave behind your contact information through our contact, feedback, service request forms
9. Contact or communicate with us via email or written correspondence

If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children or parents), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their personal data for the respective purposes set out in this Privacy Policy.

3. Types of Personal Data We Collect About You

The types of personal data we collect about you include:

1. Your contact information (Name, Email, Phone Number, Address)
2. Your personal details (Name, Gender and Date of Birth)
3. Your Professional Profile details for Resume (Education, Work experience, Certifications, Skills, Competencies, References and any other details required to complete your resume.)
4. Your payment details (Credit card, Bank account details)

We only retain personal data for so long as it is necessary. Data may be archived as long as the purpose for which the data was used still exists.

4. How We Use Your Personal Data?

We use the personal data you provide us for one or more of the following purposes:

1. Help you to build your resume and download it;
2. Share the data with education institutions, recruitment agencies, potential employers;
3. Analyse your visits to our website;
4. Verify your identity;
5. Provide our consultancy and advisory services, or any other services as requested by you;
6. Process account payables/receivables;
7. Process billing, payment and other credit-related activities;
8. Analyse and review payment trends by collecting aggregate information about payments;
9. Conduct direct marketing and lead generation activities through analysing and tracking of our sales proposals, advertisements and EDMs on our events, conferences, seminars and workshops;
10. Conduct joint marketing with other companies and service providers;
11. Communicate with customers, members and website visitors;
12. Respond to your inquiries and feedback to improve our quality of service;
13. Analyse the use of our products, services or websites;
14. Carry out our obligations arising from any contracts entered into between you and us;
15. Comply with or fulfil legal obligations and regulatory requirements.

If there is any change in the purposes for which we collect your personal data, we will inform you of such change. If you wish to get an explanation as to how it is processed, please contact us directly at dpo.thiraviyam@gmail.com.

The purposes listed above may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

We will only process your information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so as well as obtain your consent to the use of your personal data for such a purpose where we are required to do so by law.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

5. Who We Disclose Your Personal Data To?

Reasonable steps will be taken to protect your personal data against unauthorised disclosure.

We will keep the personal data we hold confidential but may disclose or provide information to the following entities or parties listed below subjected to the requirements of applicable laws, whether they are located overseas or Singapore in order to fulfil our services to you:

1. Education institutions
2. Training Providers
3. Recruitment agencies and Human Resource service providers
4. Potential Employers
5. External Service providers (includes third-party companies which perform services on our behalf, such as hosting, data analysis, artificial intelligence or machine learning services, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, mobile phone text (SMS) service, email delivery, and auditing services)
6. External Regulators (e.g. Skillsfuture Singapore)

In the event of business transfers where we sell, transfer or merge parts of our business or assets, your personal information may be disclosed to a third party involved in the transaction. The new owners may use your personal data in the same way set out in this privacy policy.

We shall endeavor to ensure that our personnel, agents, advisors, consultants, contractors and such other parties above who are involved in the collection, use and disclosure of your data will observe and adhere to the terms of this Privacy Policy, and to treat it in accordance with the law.

Other than the above, we will not disclose your personal information without your consent unless it is either authorised or required by law, necessary to prevent a threat to life or health, reasonably necessary to enforce legal regulations, or necessary to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.

In many circumstances, we are required to use and share your personal data to provide you with our services and/or fulfil our services. If you do not provide us with the required personal data, or if you do not accept this Privacy Policy, or if you withdraw your consent to our use and/or disclosure of your personal or customer data, it may not be possible for us to continue to fulfil our scope of services.

6. How We Manage the Collection, Use and Disclosure?

6.1 Obtaining Consent

Before we collect, use or disclose your personal data, we will notify you of why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for a job with us by sending in your resume/CV containing personal information.

Under the PDPA, individuals have the right:

1. to check whether we hold personal data about you and to access such data;
2. to require us to correct and update as soon as reasonably practicable any data relating to you that is inaccurate;
3. to ascertain our policies and practices in relation to personal data and the kind of personal data held by us; and
4. to object to the use of your personal data for marketing purposes and we shall not use your personal data for marketing purposes after you communicate your objection to us.

We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances (only those relevant to TPL are included):

1. The personal data is publicly available
2. The personal data is disclosed by a public agency or disclosed to a public agency
3. The personal data is necessary for any investigation or proceedings
4. The personal data is necessary for evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for)
5. The personal data is necessary for the purpose of managing or terminating an employment relationship
6. The personal data is necessary for a business asset transaction

In exceptional cases, we reserve the right to deny you access your personal data and may provide an explanation as required by applicable laws.

6.2 Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable notice in advance. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us.

Your request for withdrawal of consent can take the form of an email or letter to us, or through the “disable account and /or delete account” feature on the website.

6.3 Use of Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve the efficiency of our site to enhance your online experience. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer to recognise your preferences and to tailor content to you if you agree. Cookies contain information that is transferred to your computer's hard drive. They do not contain your customer data but only statistical data which is entirely anonymous.

We use only strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

All web-browsers offer the option to refuse any cookie and you can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) please note that this may affect the functionality of our site.

7. Data Accuracy

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date. You should ensure that all Personal Data submitted to us is true, accurate, up-to-date, correct and complete. This includes the correction of data that you have updated us (if applicable).

From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address). Failure on your part to provide the relevant updates may result in our inability to provide you with the services you have requested.

8. Data Protection

We are committed to safeguarding your privacy and all information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot completely guarantee the security of your data transmitted to our site; any transmission is at your own risk and you agree not to hold us responsible for any breach of security while accessing the internet that is out of our control.

We have implemented appropriate information security and technical measures to protect your personal data against loss, misuse, destruction, unauthorised alteration/modification, access, disclosure or similar risks. We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.

When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures, and have taken reasonable steps to comply with these measures.

9. Data Retention

We have a data retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes. We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

Regarding payment data, we store billing information and a full history of your payments either with our payment service providing partners or with us even if you cancel your subscription or delete your account for as long as necessary to comply with our legal obligation to keep transactional records to meet the requirements of local or international authorities.

10. How You Can Access and Make Correction to Your Personal Data?

You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by requesting for your NRIC or other official identification document. We will respond to your request as soon as possible, or within 90 days from the date we receive your request. If we are unable to do so within the 90 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

If you find that the personal data, we hold about you is inaccurate, incomplete, misleading or not up-to-date, you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 90 days from the date we receive your request.

11. Transfer of Personal Data

We may hold your data on servers in Internal Server and any other territories as we see fit from time to time. Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.

12. Data Breach Notification

In the unlikely event that we suffer a data breach pertaining to unauthorised access or disclosure of personal data being stored or processed by us, we will meet the PDPA's breach notification timelines and requirements to perform the needful, including but not limited to informing relevant authorities and affected individuals, based on the Significant Harm or Significant Scale definitions as set out by the PDPA.

13. Contacting Us

If you have any questions or comments regarding the use or disclosure of your Personal Data, or if you wish to know more about our Privacy Policies and practices, please contact our Data Protection Officer (DPO) at: dpo.thiraviyam@gmail.com

Any query or complaint should include, at least, the following details:

• Your full name and contact information
• Brief description of your query or complaint

We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

14. Changes to this Privacy Policy

We may update this Data Privacy Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.

Changes to this Notice take effect when they are posted on our website.

As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we may update this Privacy Policy from time to time to ensure that this Privacy Policy is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements.

Any amendments or changes that we may make to our Privacy Policy at any future time without prior notice in the future will be posted on this page. Your continued use of our services after changes to the Privacy Policy constitutes your consent and agreement to this Privacy Policy and any changes or updates. The updated Privacy Policy will apply to all personal data which you have previously provided to us.

The amended Privacy Policy will come into effect from the time that it is posted on our website. Subject to any rights that you may have at law, you agree to be bound by the prevailing terms of the Privacy Policy as updated from time to time on our website.

15. Governing Law And Jurisdiction

Nothing in this Privacy Policy shall limit the rights of the data subject under the PDPA. This Privacy Policy shall be governed in all respects by the laws of Singapore. You agree to submit to the exclusive jurisdiction of the Singapore courts.