Singtel’s Data Protection Policy
Respecting your privacy and protecting your personal data
Singtel collects information to understand your needs better. This helps us to improve our services and the way we communicate with you.
We know that privacy is important to you and we strive to be as open and transparent as possible in how we serve you.
We conduct our business in compliance with the Personal Data Protection Act (PDPA) and have implemented additional measures to protect your personal information.
Singtel’s Data Protection Policy aims to help you understand how we collect, use, share and protect your personal information.
Ways we collect your personal information
We may collect your personal information when you:
- Subscribe to our services
- Use our network and other Singtel products or services
- Register for a specific product or service (e.g. registering your interest to purchase handsets)
- Sign up for alerts or newsletters
- Contact us with a question or request for assistance
- Participate in a competition, lucky draw or survey
- Visit our websites
The information we collect
The information we collect depends on the Singtel products and services you use and subscribe to. Here are key examples:
- Your identity – This includes NRIC, FIN or passport number, address, telephone number, e-mail address, date of birth, as well as service-related information such as bank and credit card details, device ID and IP address.
- Your interaction with us – For example, a note or recording of a call you make to one of our contact centres, an email or letter you send to us or other records of any contact you have with us.
- Your account information – For example, the subscription services you use or other details related to your account.
- Information on your use of our services – For example, the phone numbers you call or send text messages to and vice versa, as well as the date, time and duration of your calls through our network and the approximate location of your mobile device.
- Information on equipment and our network – For example, information on the performance of your device on our network.
- Your preferences – This is based on what you share with us on how you would like to be contacted, and your preferred products, services and lifestyle activities for example.
- Information from other organisations – These organisations include fraud-prevention agencies, business directories, credit reference agencies or individuals we believe you have authorised to provide your personal details on your behalf.
How we use your information
We may use your information for:
Provisioning & administration of services
- Process your orders and activate or deactivate services
- Enable us to process bills and payments
- Respond to enquiries and requests from you or people you have authorised
- Inform you about service upgrades and updates
- Provide directory assistance
- Facilitate interconnection and inter-operability with other telecommunications operators
Market research, network & service enhancement
- Conduct market research and customer satisfaction surveys to improve our customer service; develop new products, as well as personalise the services we offer you
- Improve our network, for example by looking at usage and mobility patterns
- Perform market analysis*
(*Upon request from private and public organisations, we may provide information collected as described above for their planning purposes. The information included within any reports to these organisations is always aggregated and anonymised such that no particular individual is identifiable.)
Sharing of rewards and benefits
- Offer rewards and promotions, and share promotional benefits and loyalty programs which you may qualify for
- Provide updates, offers, invitations to events and deliver relevant advertising, including through voice and SMS with your prior consent or if otherwise permitted under local laws and regulations
Security and risk management
- Inform you of service and security issues
- Prevent and detect fraud or other crimes and recover debts
- Conduct internal audits
- Ensure the safety and security of our properties and systems
- Conduct checks against money laundering, terrorism financing and related risks
Legal & regulatory requirements
- Meet legal, regulatory and other requirements including providing assistance to law enforcement, judicial and other government agencies
We will not use your personal data for purposes other than what we have informed you, or which are permitted under local laws and regulations.
We will not offer, publish or share your personal data with third parties outside of the Singtel Group for commercial purposes, without seeking your explicit permission.
We will retain your information for only as long as there is a business or legal need.
Sharing your information
We may share your information with:
- Companies in the Singtel Group
- Business partners and vendors we work with to deliver services you have subscribed to
- Industry regulators and other government organisations, as required by local laws and regulations
- Financial institutions for purposes such as facilitating GIRO payments
- Research institutions for market analysis purposes
Your information is disclosed to the above only for relevant purposes (please refer to those mentioned in this Policy) or to protect the interests of our customers.
In some cases, we encrypt, anonymise and aggregate the information before sharing it. Anonymising means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments e.g. age groups.
We will also ensure that overseas organisations we work with observe strict confidentiality and data protection obligations.
Protecting your information
We have implemented stringent measures to secure and protect your information. These include:
- Safeguards to prevent security breaches in our network and database systems
- Limits on access to information in our systems and the systems of our business partners and vendors
- Strict verification processes to prevent unauthorised access to information
Respecting your contact preferences
Singtel is committed to complying with the Do Not Call (DNC) provisions. We have always been mindful of engaging our customers in a more targeted and relevant way.
We may send marketing messages to your Singapore telephone number if:
- you have given us consent, OR
- you have not registered with the national DNC Registry, OR
- the sending of such messages is permissible under applicable laws and regulations.
Our marketing messages aim to update you about our exclusive offers, rewards programme and special deals from our preferred partners and advertisers.
If you wish to continue receiving such messages or to opt out, you can indicate your preference at any time via MyAccount (from 2 July 2014). Your request will be processed within 30 days, except for marketing messages sent via bills, which will be processed in the next 2 billing cycles.
Please note that after opting out, you may still continue to receive non-marketing messages, such as product updates and service notices as permitted under applicable local laws and regulations.
Feel free to contact our Data Protection Officer at email@example.com.
You may also refer to our FAQ section for more details.
We may amend or modify this Policy from time to time, such as in response to changes to legislation. We remain committed to safeguarding your information and being open about our data protection practices.
This Policy is to be read together with our Terms and Conditions of Services - General and applies to all products and services provided by any Singtel Group Corporation under the Terms and Conditions of Services - General.
Capitalised terms in this Policy have the meanings given to them in the Terms and Conditions of Services - General unless otherwise defined. “We”, “our” and “us” refer to all Singtel Group Corporations.
What is ‘personal data’?
Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.
For more information, please visit Personal Data Protection Commission.
Is there any type of data that is not covered under the PDPA?
All non-personal data (such as statistics, numbers and other information that cannot be linked back to an individual) and business contacts are not covered under PDPA.
For more information, please visit Personal Data Protection Commission.
Are the rights of a child covered under the PDPA?For any child below 13 years of age, the rights to consent, access and correction can only be granted by their guardians.
Who are Singtel’s preferred partners?They are companies which share a close business relationship with Singtel in areas such as co-branding, marketing collaborations and other strategic partnerships. These companies belong to a diverse range of industries, e.g. banking and entertainment. Our preferred partners include United Overseas Bank and Universal Studios Singapore.
Who are Singtel’s third party merchants/advertisers?They are companies which engage Singtel and our communications channels to offer exclusive or other exciting deals and promotions to Singtel’s customers. These companies are from a diverse range of industries, including banking, retail and travel. Some examples of our third party merchants are Performance Motors, Dior and Orchard Central.
How will Singtel handle existing personal data collected before the effective date of the data protection provisions on July 2, 2014?
Our General Terms & Conditions have been updated to inform customers of the purposes for which their personal data may be collected, used or disclosed.
We have implemented stringent data handling guidelines to ensure our employees handle customers' personal data with care and security.
There will be no change in these business processes, but customers will have greater control from 2 July 2014 in managing how their personal data is used.
How does Singtel obtain my consent for collecting, using or disclosing my personal data?
You may have given your consent when you signed up for our services:
- via Service Agreement form
- when you purchase a prepaid SIM card
- when you use our mobile application(s) and services
- when you join lucky draws, register and participate in our event and launches
Does Singtel need to obtain consent from existing customers to use and/or disclose their personal data that they have given to Singtel before the PDPA - Data Protection provisions comes into force (July 2, 2014)?Under the PDPA regulations, Singtel relies on your agreement to consent to the General Terms & Conditions when you signed up for our services.
How do I withdraw consent from Singtel to collect, use and/or disclose my personal data?
You may request to withdraw your consent at My Account (Click on “My Account: Manage Bills & Services” → “Personal Data Protection Act”). Your request for withdrawal of consent for all modes will take effect within 30 days (except for marketing advertisements sent via bills which will take 2 billing cycles).
Please note that the use of your personal data may be essential in order for us to provide the product/service which you have subscribed.
Am I able to reinstate my consent after I have withdrawn it?Yes, you may do so at My Account .
I am a Singtel customer but my father has a Singtel postpaid mobile line registered under my name. Can he manage his own preferences for the mobile line that he is using?Any changes can only be made by the registered subscriber at My Account .
I am holding on to a Singtel prepaid mobile line. How do I manage my preferences?For the prepaid line(s) under your name, you may call the prepaid hotline to manage your preferences.
I am a Singtel-UOB co-brand credit cardholder. Will Singtel and UOB be sharing my personal data with each other?Singtel and UOB will only exchange personal data for purposes which are essential to the provision of the service you signed up for (e.g. getting rebates for spending on the credit card).
Can I access the personal data that Singtel has of me?
If I cannot find my personal data in the two portals, how can I request for access to this data?
I have submitted a request to Singtel to know what personal data it has about me. How long will it take for this request to be processed?Upon receipt of a duly completed request form , it will take up to 30 days to process your request. A customer service officer will be in contact with you regarding the feasibility of your request and any related charges.
Do I need to pay for accessing my personal data with Singtel?Depending on the type of personal data that you have requested for, a fee may be charged to cover our costs for providing such data. No fee will be charged when you access your personal information over the Internet or when making basic inquiries.
Can I submit a request for access to personal data on behalf of someone else?
You may request for access to personal data on behalf of someone else only if you obtain and are able to produce documents of proof of his/her authorisation. These documents include:
- Copy of NRIC of the person authorising the access
- Copy of NRIC of the person being authorised to access the data
- Letter of authorisation signed by the person authorising the access
- Any other supporting documents where applicable
My personal data is incorrect. How can it be corrected?
What are Do Not Call (DNC) provisions?
The DNC provisions under the PDPA generally prohibits organisations from sending unsolicited marketing messages (in the form of voice calls, text or fax messages) to Singapore telephone numbers, including mobile, fixed-line, registered with the National DNC Registry.
Marketing messages carrying commercial intent to provide products/services sent to individuals via telemarketing calls or messages are regulated by the DNC provisions.
The DNC provisions do not cover messages that are for business-to-business marketing; pure market survey/research or which promote charitable or religious causes; personal messages sent by individuals; public messages sent by government agencies, and political messages.
For more information, please visit Do Not Call Registry & You.
What types of marketing messages are included in the DNC provisions?
Messages sent using voice call, text message or fax – with the intention of promoting, offering to supply or provide the following: goods, services, interests in land, business or investment opportunities, etc. are considered marketing messages that are included in the DNC provisions.
Do the DNC provisions restrict Singtel from sending marketing messages via email or direct mail?
No. Marketing messages sent via email or direct mails are not included in the Do Not Call provisions.
What types of marketing messages will Singtel send me if I consent to receiving such messages?
You can expect to receive relevant and differentiated offers which include:
- Information about your re-contract status and offers
- Exclusive promotions
- Special rewards for limited time periods
- Invitation to exclusive music & sporting events, phone launches, etc.
- Offers from Singtel’s preferred partners and third party merchants, on a diverse range of products & services such as travel, dining, shopping & fashion.
Can Singtel send me marketing messages on behalf of other organizations?
Singtel collaborates with some organisations to send marketing messages on their behalf. Thus, you may receive promotional offers for non-Singtel products (such as travel, education, property, cars, sports, shopping, fashion, etc.). However, please be assured that Singtel does not sell or disclose your personal data to other organisations.
Why am I receiving marketing messages from Singtel even though I have registered in the national DNC Registry?
You may either have given us your consent to contact you for marketing purposes via phone call or text messages, or your registration in the National DNCR is still being processed. Please visit Personal Data Protection Commission for more information on the effective date of your registration (Note: You may still continue to receive marketing messages up to 60 days from the time of your registration).
How do I manage my preferences in receiving marketing messages from Singtel?
Log in to My Account with your OnePass and your request will be updated within 30 days. Customers may opt-out/in from different modes (e.g. SMS, voice calls, emails, etc.) and purposes (e.g. surveys, sending marketing messages, etc.). For a full list of the modes and purposes, please log in to My Account.
Is there a fee involved?
No, there is no fee charged to change your contact preferences with Singtel.
How do I know if my number is successfully taken off from Singtel’s contact list?
You can check the status of your request by logging on to My Account.
How long will my request be valid after I have consented to receive marketing messages from Singtel or opted out?
Your request will be valid until you decide to change your preferences at My Account. We will also reset the status when a Singtel telephone number is terminated or ported out to another service provider.
Will my existing services be affected if I want to stop receiving marketing messages from Singtel?
No. Your existing services will not be affected in any way if you would like to stop receiving marketing messages from us. However, you may miss out on offers related to your services, such as re-contract, rewards programme, exclusive offers, invitation to events and phone launches.
Do I need to submit a new request if I change my telephone number?
Yes. You will need to update your preferred contact modes at My Account.
Are B2B marketing calls or messages covered under the DNC registry?
B2B marketing calls, SMS/MMS and fax messages are not within the scope of the DNC Registry. The PDPC recognises that B2B marketing calls or messages may be essential to the day-to-day operations between businesses and note that consumers will not be affected by the exclusion of B2B marketing calls or messages from the DNC provisions.
Therefore, you will continue to receive B2B related marketing messages.
Can business customers subscribe to DNC?
Organisations may register their Singapore telephone numbers with the DNC Registry. Telemarketers would have to exclude contacting and/or messaging these registered numbers.
In general, only the account-holder or subscriber of the telephone line should register the telephone number with the DNC Registry. Where the account-holder of subscriber of the telephone line is the organisation and not the employee, employees should seek permission of the organisation if they wish to register their business numbers.