2. Information we collect and hold about you
Information we collect and hold about you will often come from you directly (e.g. when you request to establish a business relationship with us) and this information may include the following:
Personal details (e.g. name, date and place of birth, nationality, passport information or other identification information, signature specimen)
Contact details (e.g. phone number, email address, residential address)
Transactional details (e.g. transactions with Orbit, payments you make and receive, bank accounts or digital wallet details)
Financial information (e.g. your assets and liabilities, income, financial statements, other source of wealth evidence)
Professional information (e.g. job title, position, work experience)
Your interactions with us through phone calls, emails, messaging applications, social media and other channels
When you access our websites and applications, data transmitted by your browser or device and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your device, your web browser, browser language and requesting domain, and IP address
Some of the information that Orbit collects may be special categories of personal data. For example, the counterparty due diligence checks Orbit carries out may reveal information about criminal convictions or offences.
If you do not provide personal data that we advise you is mandatory, it may mean that we are unable to provide you with our products and services and/or perform part or all of our obligations under our agreement(s) with you.
We may also collect information about you from public sources (e.g. public registers) and third parties.
Where you are a corporate entity, we may collect information about your beneficial owners, directors, connected parties, authorised representatives and employees.
If you give us personal data about other individuals, or if you permit us to share that information with third parties, then you confirm that they are aware of the information in this Policy. Before providing us with this information, you may provide a copy of this Policy to those individuals.
3. What do we use your information for and on what legal basis?
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we may process personal data, within applicable legal limitations, for the following purposes:
Counterparty due diligence. For example, to verify your identity and perform legal and regulatory compliance checks to comply with AML regulations and prevent fraud.
Relationship management. For example, to manage our relationship with you, including communicating with you in relation to your transactions with us, to receive and handle complaints and requests from you, to share information with you.
Transactions. For example, to enter transactions with you and ensure their proper execution, confirmation and settlement in accordance with your instructions and the terms of the transactions, to perform our obligations under such transactions.
Compliance, risk management and crime prevention, detection and investigation. For example, to carry out legal and regulatory compliance checks as part of the onboarding process, to meet our on-going regulatory and compliance obligations.
Support, enhance and maintain Orbit’s technology. For example, to take steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve our existing products and services or learn about other products and services we can provide.
We must have a legal basis to process your personal data. In most cases, the legal basis will be one of the following:
To allow us to take actions that are necessary in order to provide you with our products and services and/or perform our obligations with you, for example, to make and receive payments
To allow us to comply with our legal and regulatory obligations, for example, obtaining proof of identity to enable us to meet our anti-money laundering obligations
To meet our legitimate interests, for example, to provide information and assistance in relation to your transactions with us, as well as to send updates about our products and services
Where we have your consent to do so
The table below sets out the purposes for which we use your personal data and our legal basis for doing so:
4. How do we protect personal data?
All Orbit employees accessing personal data must comply with our internal rules and processes in relation to the processing of your personal data to protect them and ensure their confidentiality.
Orbit has also implemented adequate technical and organisational measures to protect your personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing.
5. Who will we share your information with?
We will keep your information confidential but we may share it with third parties (who also have to keep it secure and confidential) under the following circumstances:
Within Orbit. We may share personal data with Orbit’s subsidiaries and affiliates to ensure a consistently high service standard across our group, and to provide services and products to you.
Payment-processing service providers and others that help us process your payments, as well as other financial institutions who are members of the payment schemes or involved in making the payment.
Our service providers (including their subcontractors). We may engage with a service provider to process personal data on our behalf, or share information with professional advisers and consultants such as lawyers, auditors, accountants. When we do so, we will undertake due diligence, monitoring and assurance activities to ensure that the information is appropriately protected, and contractual clauses will be agreed between the parties to ensure that data protection and confidentiality is maintained.
Your advisers and representatives (such as accountants, lawyers, fund managers, financial or other professional advisers) if you have authorised anyone like this to represent you, or any other person you have told us is authorised to give instructions or to use our products or services on your behalf.
Regulators, law enforcement agencies and authorities where we are required, requested or permitted to do so by law, regulation, court order, or supervisory, regulatory or similar authority.
Fraud prevention agencies. In particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations including law enforcement agencies, to access this information to prevent and detect fraud or other crimes. You can ask us for the details of the fraud prevention agencies we share information with.
Others. A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Orbit’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
6. Transfers of Personal Data Outside of Singapore
We may process your personal data outside of the country in which you are based (including countries outside of Singapore) for the purposes set out in this policy. When we transfer your personal data to other countries, we will take reasonable steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
7. Retention of your data
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, or internal policy requirements.
As far as necessary, we will keep your data for the duration of our business relationship subject to applicable legal and regulatory requirements. In addition, we may retain and process your data after the termination of our relationship for compliance or risk management purposes in accordance with applicable laws and regulations, as well as pursuant to various retention and documentation obligations or if it is in Orbit’ legitimate interest. If we do, we will continue to make sure your privacy is protected.
In particular, we will retain information that enables us to:
Maintain business records for analysis and/or audit purposes
Comply with record retention requirements under the law (for example, as required under legislation concerning the prevention, detection and investigation of money laundering and terrorist financing)
Defend or bring any existing or potential legal claims
Deal with any future complaints regarding the services we have delivered
Assist with fraud monitoring
8. Access to and Correction of Personal Data
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to the contact details provided below.
A reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so, except where we are not required to do so under the Personal Data Protection Act 2012 of Singapore (“PDPA”) or other relevant legislation.
9. Withdrawing your consent
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request via email to the address provided below.
Upon receipt of your request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us by emailing us at the address provided below.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
10. Accuracy of Personal Data
We generally rely on personal data provided by you. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing us in writing or via email to the contact details provided below.
12. How to contact us
If you have any questions about this Policy, or if you would like more information on your rights, or wish to exercise them, please send us an email at: firstname.lastname@example.org.
We modify or update this Policy from time to time. We encourage you to frequently check this page for any changes to stay informed about the current policy. You acknowledge and agree that it is your responsibility to review this policy periodically and become aware of modifications.
14. Your acceptance of these terms
By using our websites or by submitting information to us, you signify your acceptance of the terms set out in this Policy. If you do not agree to this Policy, please do not use our websites or submit information to us. Your continued use of our websites, products and services following the posting of changes to this Policy will be deemed your acceptance of those changes.