TALK TALK PRIVACY POLICY

Garena Online Private Limited (“Company” or “We”) takes its responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) seriously. We know that you as our user care about how your personal data is collected, used, processed and/or disclosed. We recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data. This Privacy Policy (“Privacy Policy” or “Policy”) is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us and/or that we possess about you, whether now or in the future, as well as to assist you in making an informed decision before providing us with any of your personal data.

Please read this Privacy Policy carefully.

By using the services (“Services”), registering an account with us, visiting our website or accessing the Services, you acknowledge and agree that you accept the practices, requirements, and/or policies outlined in this Privacy Policy, and you hereby consent to us collecting, using, disclosing and/or processing your personal data as described herein. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES OR ACCESS OUR WEBSITE. If we change our Privacy Policy, we will post those changes or the amended Privacy Policy on our website. We reserve the right to amend this Privacy Policy at any time.

Any capitalized terms used herein without definition shall have the meaning given to them in the Talk Talk End User License Agreement (“Agreement”): http://talktalk.sg/eula.

I. PRIVACY PRINCIPLES

Personal Data” or “personal data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include name, identification number, contact information.

This Privacy Policy reflects the following principles that we strive to uphold when handling your personal data:

(i)        When we collect your personal data, to the extent required by applicable data protection law, we will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect, use, disclose and/or process your personal data without your consent. Such notification of purposes and consent is achieved by this Privacy Policy where at section V, we have set out the purposes for which we may/will be collecting, using, disclosing and/or processing your personal data.

(ii)     We are committed to complying with the PDPA and handling your personal data in accordance with the PDPA.

(iii)     We will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your personal data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us of any changes in your personal data that you had initially provided us with.

(iv)    We will put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks to your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.

(v)     We will put in place measures such that your personal data in our possession is destroyed or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any legal or business purposes.

(vi)    Where your personal data is to be transferred out of Singapore, we will comply with the PDPA in doing so. We will take appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the PDPA. This may include us entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or applicable law permits us to.

(vii)  Our privacy practices will be transparent to you, as manifested by this Privacy Policy.

II. WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy covers our treatment of personal data and/or information that we gather when you are accessing and/or using our Services or website. This Privacy Policy does not apply (i) to the practices of companies that we do not own or control (including, without limitation, the third party content providers from whom you may receive content through the Services), or (ii) to individuals that we do not employ or manage.

This Privacy Policy DOES NOT apply to information that:

• We collect offline (unless otherwise stated by us) or on any other company’s services or websites, including third party websites you may access through the Services; or

• You provide to or is collected by, any third party that is not collecting your personal data on our behalf.

Our other websites and services and these third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.

Company does not knowingly collect or solicit personal data from anyone under the age of 13 or knowingly allow such persons to register. If you are under 13, please do not attempt to register for/through our website or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal data to Company or on our website. In the event that we learn that we have collected personal data from a child under age 13 without parental or legal guardian consent, we will delete that information as quickly as possible. If you believe that we might have any personal data from or about a child under 13, please contact us at [dpo@garena.com].

III. WHAT INFORMATION DOES TALK TALK COLLECT?

We will/may collect personal data about you:

(a)           when you register and/or use our Services or website, or open an account with us;

(b)          when you submit any form, including but not limited to application forms or other forms relating to any of our products and services, whether online or by way of a physical form;

(c)           when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our products and services;

(d)          when you interact with us, such as via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;

(e)          when you use our electronic services, or interact with us via our website or use services on our website. This includes through cookies which we may deploy when you interact with our website;

(f)            when you carry out transactions through our website or Services;

(g)           when you provide us with feedback or complaints;

(h)          when you register for a contest, for games or game specific events;

(i)             during your gameplay; and

(j)            when you submit your personal data to us for any reason.

The above does not purport to be exhaustive and sets out some common instances of when personal data about you may be collected.

In addition, when you visit, use or interact with our website or our mobile apps, we may collect certain information by automated or passive means using a variety of technologies, which technologies may be downloaded to your device and may set or modify settings on your device. The information we collect may include your Internet Protocol (IP) address, computer/mobile device operating system and browser type, type of mobile device, the characteristics of the mobile device, the unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, the address of a referring web site (if any), and the pages you visit on our website and mobile Apps, and the times of visit. We may collect, use disclose and/or process this information for the Purposes.

Our mobile apps may collect precise information about the location of your mobile device using technologies such as GPS, Wi-Fi etc.. We collect, use, disclose and/or process this information for one of more of the Purposes including location-based services that you request or to deliver relevant content to you based on your location or [to allow you to share your location to other users as part of the services under our mobile apps]. For most mobile devices, you are able to withdraw your permission for us to acquire this information on your location through the device settings. If you have questions about how to disable your mobile device's location services, you could contact your mobile device service provider or the device manufacturer.

Such personal data collected includes but is not limited to:

·         name;

·         email address;

·         date of birth;

·         billing address;

·         telephone number;

·         gender;

·         any other information about the user when the user signs up to use our Services or website, and when the user uses the Services or website, as well as information related to how the user uses our Services or website; and

·         aggregate data on content the user engages with.

Whenever you interact with Talk Talk through a PC or mobile phone, we automatically receive and record information on our server logs, which may include personal data about you, such as but not limited to the following information:

·         Services usage data i.e. information regarding the version of our software you are using, the location from where you downloaded our software, how often you launch our software, which features you use, and the number of apps you have downloaded.

·         Data on the quality of our Services i.e. information regarding crashes and your connection between your phone and your computer. This data assists us in making our software more stable and efficient.

·         Data on user downloads i.e. information regarding which apps you download and your average download speed.

·         Aggregate statistics on content i.e. the number of contacts you have on your phone, and the number of apps, songs, videos, or other content you have on your phone. This information is only collected as aggregate data, without reference to you or your contacts’ identities.

·         Hardware and software identification i.e. the type of mobile phone you are using, the version of Android or Windows operating system, the size of your device’s screen and internal storage.

In addition, we will/may also collect and process your personal data in the following instances:

·         If you use our app update feature, a list of the apps on your phone is sent to our server, so that we can tell you which updates are available.

·         If you are using our software and it crashes, the crash report sent to our server may contain some information about the operating system that you use.

·         If you download content via our desktop software, we store a copy to your computer so that the next time you connect your phone you do not have to download it again.

·         If you provide us with your name and email address, we may use this information for the purpose of contacting you regarding our services and products. You may opt out of such communications at any time by unsubscribing through our website or contacting us  or our Data Protection Officer through one of the methods listed at the end of this Policy.

If you do not want us to collect the aforementioned information/personal data, you may opt out at any time by notifying our Data Protection Officer in writing about it. Further information on opting out can be found in Section XI below. Note, however, that opting out of us collecting your personal data or withdrawing your consent for us to collect, use or process your personal data may affect your use of the Services. For example, opting out of the collection of location information will cause its location-based features to be disabled.  


Our Services do NOT collect the following information:

(a)    Your friends’ phone numbers;

(b)   Any of the content of your text messages, either sent or received;

(c)    Your music, photos, or videos; or

(i)       The content you download via Company.

IV. COOKIES

Whenever you interact with our website, we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your computer or device and tell us how and when the Services or website are used or visited, by how many people and to track movements within our website. We may link cookie information to personal data. Cookies link to information regarding what items you have selected for purchase, pages you have viewed, or games you have played. This information is used to keep track of your shopping cart, for example. Cookies are also used to deliver content specific to your interest and to monitor website or game usage. You may be able to change the preferences on your browser or device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.

V. WHY WE COLLECT, USE, DISCLOSE AND PROCESS YOUR PERSONAL DATA

We may collect, use, disclose and/or process your personal data for one or more of the following purposes:

(a)           To consider and/or process your application/transaction with us;

(b)          To manage, operate, provide and/or administer your use of and/or access to our Services and our website, as well as your relationship with us;

(c)           To manage, operate, administer and provide you with as well as to facilitate our provision of, our Services, including remembering your preferences;

(d)          To process, deal with or complete a transaction and/or to fulfil your requests for certain products and services;

(e)          For identification and/or verification;

(f)            To maintain and administer any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Services;

(g)           To deal with or facilitate customer service, carry out your instructions, deal with or respond to any enquiries given by (or purported to be given by) you or on your behalf;

(h)          To contact you or communicate with you via phone/voice call, text message and/or fax message, email and/or postal mail or otherwise for the purposes of administering and/or managing your relationship with us or your use of our Services, such as but not limited to communicating administrative information to you related to our Services. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;

(i)             To conduct research, analysis and development activities (including but not limited to data analytics, surveys, product and service development and/or profiling), to analyse how you use our Services, to improve our Services or products and/or to enhance your customer experience;

(j)            For marketing and in this regard, to send you by various modes of communication such as email, postal mail, location based services or otherwise, marketing and promotional information and materials relating to products and/or services (including products and/or services of third parties whom Company may collaborate or tie up with) that Company (and/or its affiliates or related corporations)  may be selling, marketing or promoting, whether such products or services exist now or are created in the future. In the case of the sending of marketing or promotional information to you by voice call, SMS/MMS or fax to your Singapore telephone number, we will not do so unless we have complied with the requirements of the PDPA in relation to use of such latter modes of communication in sending you marketing information or you have expressly consented to the same;

(k)           To comply with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on Company or on its related corporations or associated companies;

(l)             To produce statistics and research for internal and statutory reporting and/or record-keeping requirements;

(m)        To carry out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;

(n)          To audit our Services or Company’s business;

(o)          To prevent or investigate any fraud, unlawful activity or omission or misconduct, whether relating to your use of our Services or any other matter arising from your relationship with us, and whether or not there is any suspicion of the aforementioned;

(p)          To store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;

(q)          To deal with and/or facilitate a business asset transaction or a potential business assert transaction, where such transaction involves Company as a participant or involves only a related corporation or affiliated company of Company as a participant or involves Company and/or any one or more of Company’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “business assert transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation; and

(r)            Any other purposes which we notify you of at the time of obtaining your consent.

 (collectively, the “Purposes”)

As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.

VI. DO WE DISCLOSE THE PERSONAL DATA WE COLLECT TO THIRD PARTIES?

In conducting our business, we will/may need to disclose your personal data to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties, whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes. Such third parties include:

·         our subsidiaries, affiliates and related corporations;

·         contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose to them. These include but are not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres;

·          a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Company about our Services users is among the assets transferred; or to a counterparty to a business asset transaction that Company or any of its affiliates or related corporations is involved in;

·         Third parties to whom disclosure by us is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.

Where we disclose your personal data to third parties as explained above, we will employ our best efforts to require such third parties to protect your personal data.

We may also release or disclose aggregated information about our users and/or information that does not identify any individual and/or device (ie. information that is not personal data), without restriction.

For the avoidance of doubt, in the event that Singapore personal data protection law or other applicable law permits an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply.

This Privacy Policy is not a promise that your personal data will never be disclosed except as described in this Privacy Policy. For example, third parties may unlawfully intercept or access personal data transmitted to or contained on the site, technologies may malfunction or not work as anticipated, or someone might access, abuse or misuse information, through no fault of ours. We will nevertheless deploy reasonable security arrangements to protect your personal data as required by the PDPA; however there can inevitably be no guarantee of absolute security such as but not limited to when unauthorised disclosure arises from malicious and sophisticated hacking by malcontents through no fault of ours.

VII. RETENTION OF PERSONAL DATA

We will retain personal data in accordance with the PDPA and/or applicable law. That is, we will destroy or anonymize your personal data as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any legal or business purposes. If you cease using our website, or your permission to use our website is terminated, we may continue storing, using and/or disclosing your personal data in accordance with this Privacy Policy and our obligations under the PDPA. Subject to applicable law, we may securely dispose of your personal data without prior notice to you.


VIII. DISCLAIMER REGARDING SECURITY AND THIRD PARTY SITES

WE DO NOT GUARANTEE THE SECURITY OF PERSONAL DATA AND/OR OTHER INFORMATION THAT YOU PROVIDE ON THIRD PARTY SITES. We do implement a variety of security measures to maintain the safety of your personal data that is in our possession or under our control. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the personal data confidential. When you place orders or access your personal data, we offer the use of a secure server. All personal data or sensitive information you supply is encrypted into our databases to be only accessed as stated above.

In an attempt to provide you with increased value, we may include third party links on our site(s). These linked sites have separate and independent privacy policies as well as security arrangements. We therefore have no responsibility or liability for the content, security arrangements (or lack thereof) and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).

IX. ARE YOU VISITING OUR SITE FROM OUTSIDE SINGAPORE?

If you are visiting or accessing our website or purchasing products from outside of Singapore or otherwise contacting us from outside of Singapore, please be aware that your personal data and/or information may be transferred to, stored or processed in Singapore, where our servers are located and our central database is operated. The data protection law and other laws of Singapore and other countries might not be as comprehensive as those in your country. By using our site or purchasing our products, you acknowledge that your personal data and/or information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

X. CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time. Our collection, use, disclosure and/or processing of personal data is subject to the Privacy Policy in effect at the time such personal data in question is collected, used, disclosed and/or processed by us. If we make changes to this Privacy Policy, we will post such changes or amended Privacy Policy on our website or will notify you of the same by sending you an email. You are bound by any changes to the Privacy Policy when you use the Services after such changes have been first posted. Your continued use of our Services, [continued maintenance of an account with us], or access to our website will signify yoru acceptance of the changes to our Privacy Policy. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting this Privacy Policy to check for any changes.

XI. HOW CAN YOU OPT-OUT, REMOVE, REQUEST ACCESS TO OR MODIFY INFORMATION YOU HAVE PROVIDED TO US?

Opting Out and Withdrawing Consent

To modify your email subscriptions, please let us know by sending an email to our Personal Data Protection Officer at the address listed below. Please note that due to email production schedules you may receive any emails already in production.

You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by sending an email to our Personal Data Protection Officer at the address listed below.

Once we have your clear withdrawal instructions and verified your identity, we will process your request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request. If we are unable to verify your identity or understand your instructions, we will liaise with you to understand your request.

However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue providing the Services to you, we may need to terminate your existing relationship with us, the contract you have with us will have to be terminated, etc., as the case may be, which we will inform you of.

Requesting Access and/or Correction of Personal Data

If you have an account with us, you may request to access and/or correct your personal data currently in our possession or control through the Account Settings page on the Site. If you do not have an account with us, you may request to access and/or correct your personal data currently in our possession or control by submitting a written request to us. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Hence, please submit your written request by sending an email to our Personal Data Protection Officer at the address listed below.

For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA exempts certain types of personal data from being subject to your access request.

For a request to correct personal data, once we have sufficient information from you to deal with the request, we will :

(a)           correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request; and

(b)          we will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

Notwithstanding sub-paragraph (b) immediately above, we may, if you so consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.

We will/may also be charging you a reasonable fee for the handling and processing of your requests to access your personal data. If we so choose to charge, we will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.

We reserve the right to refuse to correct your personal data in accordance with the provisions as set out in the PDPA, which require and/or entitle an organisation to refuse to correct personal data in stated circumstances.

XII. CONSENT TO ELECTRONIC NOTICE IF THERE IS A SECURITY BREACH

If we are required to provide notice of unauthorized access and/or other invasion of certain security systems under applicable law, you hereby agree that we may do so when required (or voluntarily) by posting notice on our website or sending notice to any email address based on the records we have of you, in our good faith discretion. You agree that notice sent to you will be regarded as notice to others for whom you are acting, and agree to pass the notice on to them.

XIII. QUESTIONS, CONCERNS OR COMPLAINTS

If you have any questions or concerns regarding our Privacy Policy, please send us a detailed email to [dpo@garena.com]. We will make every effort to resolve your concerns.

If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.

Please contact us through email with your complaint or grievance:

E-mail: dpo@garena.com and attention it to the "Personal Data Protection Officer". Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.

We will certainly strive to deal with any complaint or grievance that you may have fairly and as soon as possible.

XIV. GENERAL

This Privacy Policy is governed by Singapore law.