1. INTRODUCTION

‍1.1 In this Privacy Policy ("Policy"):‍‍

"Act" refers to the Singapore Personal Data Protection Act 2012 as amended, revised or reenacted from time to time;‍"personal data" has the meaning given to it in the Act; any reference to "you", "your" and words of similar import refers to any individual who may have provided any personal data to us for any purpose and any online users and visitors to this website; and any reference to "we", "us" or "our" and words of similar import refers to Y-Lab and its successors and assigns.‍"Account" refers to the account that you have set up online through  the Y-Lab website.‍"E-newsletter" refers to the Y-Lab E-newsletter that you have subscribed to.‍"Terms of Use" refers to the terms of use found on the Y-Lab website, as amended from time to time.

1.2 By

accessing this website and any of its pages, and by using our App;
using any of our services or participating in any of our programmes; or
otherwise giving consent in particular circumstances,

you consent to the collection, use and disclosure of your personal data to us and agree to be bound by the following terms and conditions of this Policy.

1.3  If you are a resident of the European Union (“EU”), please see Appendix A for additional information regarding our use of your personal data.

2. COLLECTION AND USE OF PERSONAL DATA AND OTHER INFORMATION

2.1 Personal Data‍‍

As a general rule, we will collect and use your personal data solely for the purposes notified to you.

2.2 Withdrawal of Consent‍

You may withdraw your consent to the collection, use or disclosure of your personal data at any time by giving us reasonable notice. If you withdraw your consent, we will inform you of the expected consequences of your withdrawal.‍

2.3 Handling of Personal Data‍

Only authorised staff have access to your personal data. Our authorised staff are contractually obliged to maintain the confidentiality and privacy of your personal data at all times.‍

2.4 Disclosure of Personal Data‍‍

We do not sell any personal data in our possession to anyone or any third party for any purpose. Your personal data will not be published on our website or App or otherwise made available by us, unless otherwise agreed or self-initiated.  We will only disclose your personal data in circumstances that have been specifically notified to you or otherwise only in limited circumstances such as to government departments, statutory boards, regulatory or law enforcement agencies or in accordance with the applicable laws.

‍2.5 Compliance of Third Parties‍In the event that we may be required to share your personal data with any third party we will notify you beforehand and obtain your consent. Without prejudice to the foregoing, our website and App may contain links to other websites which are outside our control and are not covered by this Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used in accordance with their privacy policy, which may differ from ours.‍

2.6 Security Measures in Place to Protect Personal Data‍

(a) We have procedures in place to protect and safeguard the confidentiality of all personal data obtained by us and to ensure that it is kept safe, secure and private.

(b) In the case of personal data obtained obtained through the website and the App

we adopt the following systems security and monitoring measures:‍:‍(i

Firewalls, anti-virus protection and intrusion detection systems to detect and prevent any forms of illegitimate activities and/or illegal intrusions of our network systems;
Regular security reviews of our systems;
Vigilant monitoring to detect any suspicious online activities at our website and App server

We are committed to monitoring our security systems constantly for potential situations that could compromise the security or the privacy of our customers, online users, visitors to our website, and users of our App, and to exploring new technology continually to enhance our security system. Nevertheless, we do not warrant the security of your personal data transmitted to us using our website and Internet and online services. This is because you accept the risks that any of your personal data transmitted to or received by us using our website, App, and Internet and online services may still be accessed and/or disclosed by unauthorised third parties.

2.7 Aggregate Data and cookies‍‍

(a) Our server automatically recognises information regarding the domain name (or that of the visitor’s access provider) but not the email address or other information that allows users of our website or App to be identified (unless you choose to interact with us through activities such as subscribing to our mailing list or signing up for an event). We also collect aggregated information regarding user access or visits to our website and use of our App. Information collected automatically and aggregated information does not identify you personally and will only be used for analytical and statistical purposes, such as determining the countries from which our visitors originate.

(b) We may use cookies to identify you from other users on our website or App. These cookies may include (i) log-in cookies to remember you when you have logged in for a seamless experience; and (ii) session cookies to track your interactions from page to page and in order to store your selected inputs so you are not constantly asked for the same information. (A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device.) You can block or deactivate cookies in your browser settings. By continuing to use our website or App, you are agreeing to the use of cookies on the website or App as outlined above.‍

3. RESPONSIBILITY TO SAFEGUARD PERSONAL DATA WHEN USING THE WEBSITE OR APP

3.1 You are also responsible for safeguarding your personal data when you use our website or App:

(a) If you wish to access our website, please enter our website address directly in the browser address bar and not via hyperlinks within emails (unless those emails are sent by us).

(b) Clear your browser’s cache and history after each session. Default files on a computer, sometimes called "cache" files can retain images of personal data or otherwise sent to or received by us at our website, making them a potential target for a system intruder. Therefore, we strongly advise that you clear your browser’s disk cache and history after each visit to our website.

(c) Do not use a shared computer or an Internet cafe computer to perform transactions on  our website because such computers may be installed with certain software which could capture your personal data or otherwise without your knowledge.

(d) If you have installed or downloaded any software which claims to speed up your Internet connection or other software, games, screensavers etc, you should be aware that they may be spyware which has the ability to track your Internet sessions and/or gain access to your personal data and Internet browsing history. We recommend that you uninstall such spywares.

(e) Do not leave your personal computer unattended during your online session whereby your personal data may be viewed by unauthorised persons.

(f) Ensure that your personal computer has the latest anti-virus, anti-spyware and firewall software and updates to guard against new viruses. Make sure that your computer’s operating system and browser software are updated with the latest security patches.

(g) To access our App, please ensure you download it from the iTunes App Store or the Google Play Store.

(h) Update us if you change your contact details so that we can contact you in a timely manner on any issues or matters relating to your access to our website or App.

(i) Contact us if you notice something suspicious or encounter any issues, difficulties or irregularities in accessing our website or App.

(j) Do not open email attachments from strangers, install software or run programs from unknown sources or origins.

(k) Delete junk or chain emails.

(l) Email messages sent to us over the Internet containing your personal data cannot be guaranteed to be completely secure and you assume all risks arising or in connection thereto.‍

3.2

 It is important that you do your part to ensure that any personal data provided to us via our website, App, email or any other channels of communication are done in a safe and secure manner. We will not be liable to you for any losses, damages, expenses, costs (including legal costs) and charges (whether direct or indirect, foreseeable or unforeseeable, special or consequential or economic loss) incurred or suffered by you arising out of you sending email messages containing your personal data to us over the Internet or for any error, fraud, forgery, system failure or anything beyond our control or in connection with your failure to adhere to the terms and conditions herein and the terms and conditions of access to our website under and/or your failure to follow the above recommended security measures.

4. ACCESS TO PERSONAL DATA

Under the Act, you have the right of access to your personal data in our possession or under our control or information which may have been used or disclosed by us within a year before the date of your request. Your request for access must be made to us in writing and is subject to the payment of any fees that we may prescribe.

5. CORRECTION OF PERSONAL DATA

If you have any reason to believe that any personal data which you have provided to us is inaccurate, incorrect, incomplete or not updated, you may write to us. We will, after using reasonable efforts to verify the authenticity of the request, promptly update your records accordingly within seven (7) working days from the date of receipt of your request.

6. RETENTION OF PERSONAL DATA

Your personal data will be retained by us for as long as the original purposes or the legal or business purposes for which your personal data was collected continue. If retention is no longer necessary, we will use reasonable efforts to delete, destroy or de-identify your personal data unless retention of the same is required to satisfy legal or regulatory requirements or to protect our interests or in accordance with our policies.

7. WAYS IN WHICH PERSONAL DATA MAY BE COLLECTED

7.1 Personal data may be collected from you through our website and App in a variety of ways, including but not limited to the following: 

(a) when you open an Account with us;

(b) when you subscribe to our E-newsletter;

(d) when you make a donation to us;

(e) when you register on our website or App as a user, whether to sign up for exclusive online features, purchase tickets, receive notifications about events that interest you or for any other purpose available through registration;

(f) when you like, comment or share content on our website and App with other parties.‍‍

7.2 Apart from the website and the App, we may also collect personal data from you, or personal data on you may be received by us, through other means, including but not limited to the following:‍‍

(a) when you purchase tickets or sign up for services or programmes in person at our counters or through our authorised ticketing agents;

(b) when you are a member of a group booking or school trip;

(d) when you participate in any survey conducted by us.

This is not an exhaustive list.  In the event that we collect any personal data on you for any reason, or through any means, any such collection and use of your personal data will be subject to this Policy.‍‍

7.3 Use of Personal Data collected‍

Without prejudice to any other provision of this Privacy Policy, any personal data collected through our website and App or otherwise will be used and/or disclosed by us for any one or more of the following purposes:

(a) to respond to your requests and queries;

(b) to verify and process your personal particulars;

(d) to process your subscription to the E-newsletter and for purposes related to your subscription;

(e) to process your purchase of tickets or participation in any of our programmes, schemes or services;

(f) to process any purchases or donations made by you (offline or online), including effecting payment;

(g) to communicate with you;

(h) to enforce our legal rights and remedies under this Privacy Policy and the Terms of Use;

(i) for marketing research, user profile and statistical analysis;

(j) to send you information, promotions, updates and marketing and advertising materials in relation to our products and services and those of third party organisations;

(k) complying with applicable laws and regulations, the requests of law enforcement and regulatory officials, or orders of court; and

(l) for any other purpose including the disclosure of such information to third parties for commercial/business reasons.

8.TERMS OF USE

Your use of any services provided by us through our website and App are also subject to our Terms of Use which are incorporated by reference into this Privacy Policy. If there is any conflict, inconsistency or ambiguity between this Privacy Policy and the Terms of Use, this Privacy Policy will prevail.

9. CUSTOMER SERVICE AND ENQUIRIES

If you have any queries, concerns or complaints relating to the collection, use or disclosure of your personal data, please call us at (+65) 6271 7000 between 9:30am to 5pm, on Mondays to Fridays, or email the Data Protection Officer  at  hello@ylab.sg. We will attend to your queries, concerns or complaints as soon as possible.

10. AMENDMENTS TO THE POLICY

We may amend this Policy from time to time and will make available the updated Policy on our website. By continuing to access our website and App you agree to be bound by the terms and conditions of the Policy, as amended from time to time.

11. GOVERNING LAW AND SUBMISSION TO JURISDICTION

This Policy is governed by Singapore law and you agree to irrevocably submit to the exclusive jurisdiction of the Singapore Courts.

APPENDIX A

Additional Provisions Applicable to Processing of Personal Data of EU residents1‍These provisions apply to you if you are a resident of the EU‍‍.

Rights of Individuals Access, Correction and Erasure Requests‍ You have the right to:‍

ask us to confirm whether we are processing your personal data
receive information on how your personal data is being processed
obtain a copy of your personal data
request that we update or correct your personal data
request that we delete personal data in certain circumstances

Right to Object to Processing‍ You have the right to request us to cease processing your personal data:‍

for marketing activities, including profiling
or statistical purposes
where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal data to establish, exercise or defend a legal claim.

Right to Restrict Processing‍‍ You have the right to request that we limit the processing of your personal data:‍

while we are evaluating or in the process of responding to a request by you to update or correct your personal data
where such processing is unlawful but you do not want us to delete your personal data and would like us simply to store your personal data instead

where we no longer require such data, but you want us to retain the personal data to establish, exercise or defend a legal claim
where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request

Data Portability Requests

You have the right to request that we provide you or a third party that you designate with certain of your personal data in a commonly used, machine-readable format.  Please note that data portability rights only apply to personal data that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.

We will only release personal data to your designated third party where it is technically feasible and you agree that we are not responsible for the security of such personal data or its processing once released to such third party.

Submitting Requests‍ You may submit your requests as provided for under Clause 9  (Customer Service and Enquiries) of the main Policy.  We will endeavour to respond to all such requests within one month of receiving your request but may require up to two months to respond where there are extenuating circumstances.  Please note, however, that certain personal data may be exempt from such rights pursuant to applicable local laws.  We will verify your identity before responding to your request and may also charge you a reasonable fee for copies of personal data that you request.‍
Right to Withdraw Consent You may withdraw your consent to (i) any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account); or (ii) marketing activities by following the instructions on any marketing emails or contacting us in the manner provided for under Clause 9  (Customer Service and Enquiries) of the main Policy.
Segmentation (also known as profiling) and Automated Decision Making‍ We may from time to time use personal data to segment our visitors and customers based on share characteristics such as geography, behaviour or demographics.  With your consent, we make from time to time make automated decisions based on such segmentation or your specific personal data to offer you certain benefits based on your characteristics.  You may withdraw your consent to such automated decision-making at any time following the withdrawal of consent procedure described above.

 If there is any conflict between the provisions of this Appendix and the provisions of the main body of the Policy, the provisions of this Appendix will prevail.‍

[1] Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (commonly referred to as the “General Data Protection Regulation” (“GDPR”)

Y-Lab Privacy Policy