trustfinance-logo
TrustFinance

Data Processing Agreement

This Data Processing Agreement is an appendix to the Terms and Conditions regarding the delivery of TrustFinance’s services and products. This page can be found on terms and conditions hereinafter referred to as the Main Agreement) between the Customer and Trustfinance.com

Classifications

The meaning of words or expressions in "quotation marks" are consistent throughout this DPA. Any terms or expressions that are defined in the Terms of Use and Sale for Businesses have the same meanings when used in this DPA as well unless we specifically state them differently below.

  • "Applicable Data Protection Law" refers to all laws and rules that apply to the processing of Relevant Data by TrustFinance
  • The definitions provided in the PDPA apply to "Personal Data," "Special Categories of Personal Data," "Controller," and "Processor."
  • "Relevant Data" refers to the personal information listed in the appendix below.
  • TrustFinance is referred to as "TrustFinance", "we," "us," or "our."

Describe the relationship between you and TrustFinance.

1. As long as TrustFinance provides you with review invitation services and you are the Controller of the Relevant Data as defined by PDPA, you (the Controller) designate TrustFinance as a Processor to handle the processing of the Relevant Data.

2.This DPA shall be in effect between you and us for as long as your compliance with our Terms of Use and Sale for Businesses is maintained or as long as we continue to process Relevant Data on your behalf, whichever is the longer period.

What about instructions?

3. In accordance with this DPA and exclusively for the purpose outlined in the appendix below (or as otherwise may be agreed upon in writing between you and TrustFinance), you instruct TrustFinance to process the relevant data (the "Purpose"). If TrustFinance must handle relevant data for another reason, it may not do so and, unless prohibited by law from doing so, will notify you in writing of that reason.

4. TrustFinance will notify you right away if it thinks a directive you provide violates the relevant data protection law.

5. Although TrustFinance is not currently aware of any laws that would prevent it from fulfilling the DPA, it will notify you right away if that situation changes or is anticipated to change.

Transfers of Important Data

6. Unless TrustFinance has taken the required steps to ensure that the transfer complies with the applicable data protection law, it will not transfer relevant data outside of Singapore. Transferring the relevant data to a recipient in a nation that the Personal Data Protection Act 2012 (PDPA) has determined offers sufficient protection for personal data or to a recipient who has signed standard contractual provisions issued or authorized by the European Commission are two examples of these actions.

Forbidden Data

7. You acknowledge that it is against applicable data protection laws for you to reveal to TrustFinance for processing any Personal Data for which you do not have the rights, permissions, or consents necessary for TrustFinance to do so legally.

Security

8. Any person that TrustFinance authorized to process the Relevant Data must abide by a legal or other responsibility to maintain the confidentiality of the Relevant Data.

Safety procedures

9. In order to provide secure TrustFinance review invitation services, TrustFinance currently employs the organizational and technical safeguards outlined in our white paper on security procedures.

10. These precautions may change sometimes, but TrustFinance will always keep in place the right technical and organizational safeguards to guarantee a level of security commensurate with the risk and guard against the following:

  • nadvertently or maliciously lost, altered, or destroyed
  • not authorized disclosure or availability, or
  • otherwise handled against the relevant data protection law.

11.The data security requirements of the nation where TrustFinance is headquartered and where the data processing will take place, as well as any other applicable requirements that are directly imposed on it, will also be complied with by TrustFinance.

12.Technical and organizational security measures will be evaluated for suitability based on:

  • the status of the art nowadays;
  • the price of implementing them; and
  • the type, extent, context, and goals of processing, along with the likelihood of risks and their potential effects on data subjects' rights and freedoms to data protection.

13. In response to your request, TrustFinance will give you access to the data you need to verify that TrustFinance is abiding by its DPA obligations, including that the technical and organizational security measures outlined above have been put in place.

Audit

14. In order to audit whether TrustFinance complies with its obligations under the DPA, including whether the appropriate technical and organizational security measures have been implemented, you may at your own expense appoint an independent expert who will have access to TrustFinance facilities and the information necessary. This expert must not be a competitor of TrustFinance.

15. At least 14 days before you want your expert to have access, you must inform us. Additionally, they must sign a standard non-disclosure agreement with TrustFinance before we grant them access. This agreement guarantees that they will treat all information they obtain from TrustFinance and/or its affiliates confidentially and that they may only share it with you.

16. Any information discovered during the expert's inspection and audit must be shared with TrustFinance and will be kept private.

Requests from officials

17. Given that their representatives can produce valid identification, TrustFinance will grant access to its physical facilities to authorities who are authorized by Law of Singapore to enter your suppliers' facilities.

18. Unless TrustFinance is specifically forbidden from telling you by Law of Singapore, TrustFinance shall give you written notice of any request by an authority for the disclosure of the relevant data without undue delay after becoming aware of the circumstances.

Security breaches

19. Any suspicion or discovery of TrustFinance shall promptly notify you in writing of such suspicion or finding after becoming aware of the circumstances.

  • a security breach that causes the Relevant Data sent, stored, or otherwise processed by TrustFinance to be destroyed, lost, altered, or to be accessed either accidentally or unlawfully; and
  • any other significant breach of TrustFinance duties S's under sections 10 and 11 of this DPA.

Data subjects' rights and cooperation

20. Any requests from data subjects under Chapter III of the PDPA and, where technically feasible, under any other applicable data protection law, including requests for access, rectification, blocking, or deletion that relate to our processing of the relevant data, will be handled by TrustFinance as soon as possible.

21. In response to such a request, TrustFinance will only inform the data subject who made the request the following:

  • whether you sent the subject of the review an email inviting review; and
  • that you should get his or her request because it will be your responsibility to respond to it.

22. Where our assistance is required for you to comply with your duties, TrustFinance will help you satisfy any additional obligations that may be placed on you by Law of Singapore, linked to data processing. As part of this, we will cooperate with you in a fair manner as you complete any data protection impact assessments that may be necessary in accordance with PDPA.

23. If it is required for the performance of their duties under Law of Singapore, TrustFinance will also provide information related to the provision of the services to authorities or your external advisors and auditors.

24. TrustFinance has listed the servers, offices, and other locations that it uses to deliver the services covered by the Terms of Use and Sale for Businesses in the annex below. You can ask TrustFinance for details on the computers and locations that it uses to provide these services, and they will get back to you within 30 days.

Sub-processors

25. In order to process the Relevant Data for the Purpose, TrustFinance may use third-party sub-processors, but only if TrustFinance imposes data protection obligations on each sub-processor that require them to protect the Relevant Data at least to the same standard as TrustFinance in this DPA. The current sub-processors used by TrustFinance are listed here. Whenever TrustFinance plans to add a new sub-processor, TrustFinance will notify you in advance.

26. ​​If you have objective and justifiable grounds related to data protection, you have the right to object to any replacement or additional sub-processor before it is appointed. You may cancel your subscription (if any) by giving us 14 days' notice if TrustFinance declines to suggest an alternative sub-processor or if you object to every alternative sub-processor TrustFinance offers. If you want these terms, including this DPA, to end immediately, see section 37 of the Terms of Use and Sale for Businesses.

27. We will provide you with a copy of the data protection obligations in the contract between TrustFinance and the sub-processor upon request.

28. Any violation of this DPA brought on by an act, mistake, or omission of one or more of TrustFinance's sub processors will result in liability for TrustFinance.

Removal or restitution of Relevant Data

29. For the following durations, TrustFinance will keep the relevant data:

  • For all BCC emails, 30 days; and
  • For all other Relative Data, 3 years.

30. The Relevant Data will be returned or erased (including anonymized) as soon as these times have passed or upon your earlier request, as determined by TrustFinance acting reasonably. This won't apply if TrustFinance must keep some or all of the Relevant Data in order to comply with applicable law.

Information Security Officer

You can send an email to [email protected] to get in touch with our data protection officer.

Appendix

Purpose

providing you with one or more of our review invitation services, as described in the Terms of Use and Sale for Businesses (where you issue (or we send on your behalf) invitations to your customers requesting them to write a review on our platform about your products and/or services).

Types of data subjects

  • Your Clients

Types of Personal Data

  • Name
  • Email address
  • Reference numbers, such as an order ID or similar
  • Any other Personal Information that you include in the order confirmation emails you provide to customers.

Special Types of Personal Information

Since it is unnecessary for the purposes of offering you the review invitation services, TrustFinance does not knowingly collect or otherwise process any Special Categories of Personal Data. However, Special Categories of Personal Data may be processed if you decide to include this information in the order confirmation emails you send to customers who make purchases from you and the type of review invitation service you use requires TrustFinance to be copied on these emails.

TrustFinance는 사용자 경험 개선을 위해 분석용 쿠키를 사용합니다. 자세한 내용은쿠키 정책을 참조하세요