Last updated 29 May 2022
THE INFORMATION WE COLLECT ABOUT YOU
We collect information about you when you provide it to us, when you use our products, services, and website, and when other sources provide it to us, as follows:
Account information: When you subscribe to our products or services or create an account with us, we collect information from you such as your name and email address, username, phone number, address, and organization. We also ask for and collect personal information such as an email address and name from any individual that you authorize to use our products or services.
Billing information: When you need to make a payment to us for our products or services, we collect your billing details, including a billing address and financial and payment information.
The information provide by you: we collect the information that you give to us, for example when you:
- contact us by phone, email, online chat, or otherwise.
- fill in forms on our website.
- register to use our website.
- sign up for our newsletters and promotions.
- respond to a survey run by ourselves (e.g. to get feedback on our own services and training courses).
- register or attend one of our events or training courses.
- participate in forums on our website.
- contact us for customer support.
Technical information: We may also use the information we collect in aggregated or anonymized form (without identifying you), to analyze users interactions with our platforms and products, research, development, marketing, analytics, etc.
Third-party services: if you choose to enable or connect to a third-party application or service in conjunction with our products and services, that third-party service may make certain information about you available to us, for example your name and email address in order to authenticate you. You should check your privacy settings on these third-party services to understand and control the information provided to us through these services.
Information from other users: other users of our products or services may provide us with information about you. For example, when another individual authorizes you to use our products and services, they will provide us with your name and email address, or an individual in your organization may provide us with your contact information if they designate you as the billing or technical contact on your organization’s account.
WHAT WE DO WITH THE INFORMATION WE GATHER
We use the information that we hold about you in the following ways. For each of these, we have identified our legal basis for processing your information in that way.
This section does not relate to your Survey Data – we process this only in accordance with your instructions and our agreement with you.
Providing our products and services: we use your information to provide you with the products and services which you have subscribed to or requested. This may include providing you with customer support and with the benefits of any auto-update feature associated with the relevant product or service. This processing is necessary to perform our contract with you for these products and services.
To collect payment: we use your information to collect fees due to us for your use of our products and services, in order to perform our contract with you.
Responding to inquiries: we will use your contact information and any information that you send to us to respond to your questions, requests for information, or complaints. Depending on the nature of your inquiry, we may do this on the basis of performing our contract with you or our legal obligations, in providing you with the best service and understanding of how we can improve our products and services based on your experience.
Third-party services: where you choose to enable or connect to a third-party application or service we use the information provided about you by that application or service to enable to perform our contract with you.
To protect our business, products, services and website: we will use your information in accordance with our legitimate interests of administering and maintaining our systems and ensuring network and information security, for example to prevent unauthorized access to our networks, to investigate faults, to control the abuse of our products or services, to prevent denial of service attacks and to monitor system usage and server load.
Legal requests: we may need to use your information to comply with a legal obligation such as to respond to a court order or a request from a supervisory authority or government, or to prevent fraud.
Marketing: we may use your information to provide you with information about our products and services, offers, and events that we consider may be of interest to you. This information will relate to our own products and services only, and we will not provide your information to third parties for marketing purposes. We send these communications either on the basis of your consent (where you have specifically consented to receive such communications) or in accordance with our legitimate interests of growing our business.
Legal basis for processing (EEA and UK only): where your data is processed by Midstay or if you are an individual from the EEA or the UK, we must have a legal basis for collecting and using your information when we act as data controller. This will be one of the following:
- where we require the information to perform a contract with you (e.g. to deliver the services that you have requested);
- where we have your consent to do so, and in this case you have the right to withdraw or refuse to give your consent at any time. This will not however affect the lawfulness of any processing based on your consent before you withdraw it;
- where the processing is necessary for our legitimate interests (and those legitimate interests are not overridden by your interests or fundamental rights and freedoms); or
- where we need to comply with a legal or regulatory obligation.
If you have any questions about or require further information concerning the legal basis on which we collect and use your information, including regarding our legitimate interests, please contact us.
WHO WE SHARE YOUR INFORMATION WITH
We will only disclose your information in the circumstances below:
Our service providers: we may disclose your information to our third-party service providers. In each case we have agreements in place with the service provider to ensure that they provide appropriate protection for your information and to ensure that they are only permitted to use your information in accordance with our instructions and as necessary to provide the relevant service to us.
For example, we engage third parties to provide the following services:
- Manage credit card processing
- Hosting our application
- Hosting our landing page
- Provide online chat service
- Provide analytics information
- Provide our assets media service
- Provide our database service
Professional advisers: we may need to disclose your information to our professional advisers, including our lawyers, bankers, auditors, and insurers.
Competent authorities, courts, and tribunals: we may also have to disclose your information if this is reasonably required to:
- comply with any applicable law, regulation or legal process, or to respond to a request from a government or a regulatory body.
Forums: if you use the forums on this website, you should be aware that any personal information you submit there can be read, collected, or used by other users of these forums, and could be used by them to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums or for private messages that you send via the forum. To request the removal of your personal information from our community forum, contact us at firstname.lastname@example.org.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Midstay data centers are managed by AWS. Below is the standard service of technical and organizational measures (TOMs):
- Physical Security: Data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Data center operations have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX)
- Environmental Safeguards: Fire Detection and Suppression, Power System, Climate and Temperature Control
- Network Security: Firewalls, DDoS Mitigation, Spoofing and Sniffing Protections, Port Scanning
- Data Security: Customer Applications, postgres databases (SSL encryption)
- System Security: System Configuration, Customer Application Isolation, System Authentication
- Vulnerability Management (mitigate risk)
- Backups: Customer Applications, Customer Postgres Databases, Customer Configuration and Meta-information
- Disaster Recovery: Customer Data Retention and Destruction
YOUR RIGHT AS A DATA SUBJECT
Your right to access: at your request, we will provide you with information about whether we hold any of your personal information and provide a copy of this information to you. To request this information please contact us at email@example.com. You may update, amend, correct, or request the deletion of your personal information as described above.
If you wish to access, correct, or delete your Survey Data, opt-out of any use or disclosure of your Survey Data or exercise any of the other rights described below in relation to your Survey Data, you will need to contact our customer support directly. Where necessary, we will provide assistance to our customers to deal with your request.
Where we are the data controller, you may have the right to exercise the following additional rights:
Right to access: You have the right to obtain from us confirmation as to whether or not we process your personal data, and where that is the case, you have the right to obtain a free copy of the processed data.
Right to rectification: You have the right to obtain the rectification of inaccurate and/or incomplete personal data.
Right of erasure: in certain circumstances you have the right to erasure personal information held about you, although this may be qualified where e.g. it is necessary for that information to be retained for record-keeping purposes or compliance with our obligations.
Right to be forgotten: In a number of cases and circumstances, the data subjects can have their personal data deleted. Exceptions may be made to this right in the context of scientific research insofar as the exercise of this right threatens to render impossible the achievement of the purposes of that processing or seriously jeopardize it.
Right to object: you may have the right to object to our processing of your personal data for purposes based on our legitimate interests. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
Right to restrict the processing: you may have the right to request that we restrict the processing of your personal data (e.g. where you believe that the personal data we hold about you is inaccurate or unlawfully held).
Right to data portability: you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal information provided by you to another data controller.
If you would like to exercise such rights, please contact us at firstname.lastname@example.org. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. You can send an e-mail to email@example.com or by post to the below-mentioned address and will be answered within a reasonable time. In case of need, you may file a complaint with the supervisory authority, which is Personal Data Protection Commission Singapore (PDPA).
HOW LONG WE KEEP YOUR INFORMATION
We will retain your information for as long as your account is active or as needed to provide our products or services or otherwise fulfill the purposes described in this policy, including for the purposes of satisfying any legal, accounting or reporting requirements. If you wish us to delete your personal information, please contact us at firstname.lastname@example.org at any time. If we are unable to comply with that request, for example because we need to retain some or all of your information to comply with a legal obligation, we will let you know and will explain why.
SECURITY OF YOUR INFORMATION
The security of your Information is important to us. We take reasonable and appropriate measures to protect your information from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. We implement certain physical, administrative, and technical safeguards that are designed to protect the integrity and security of your information.
Our security procedures are continuously revised based on new technological developments. Our security measures include:
- encryption of data;
- security controls which protect the entire Midstay’s IT infrastructure from external attack and unauthorized access; and
- internal policies setting out our data security approach and training for employees.
Or via post at:
Attention: Midstay Data Protection
MIDSTAY PTE. LTD.
160 Robinson Road
#14-04 Singapore Business Federation Centre