In line with the stricter rules introduced by the Personal Data Protection Commission ("PDPC") which comes into effect on 1 September 2019, these guidelines clarify how the Personal Data Protection Act 2012 ("PDPA") applies to organisations’ collection, use and disclosure of NRIC numbers (or copies of NRIC), and retention of physical NRICs by organisations. Under the updated Guidelines, organisations are generally not allowed to collect, use or disclose NRIC numbers (or copies of NRIC). The treatment for NRIC numbers also applies to Birth Certificate numbers, Foreign Identification Numbers (“FIN”) and Work Permit numbers, collectively referred to in these Guidelines as ‘other National Identification Numbers.
Gardens by the Bay will no longer collect, verify or retain NRIC and other Identification Numbers in our ticketing procedures, our membership programmes or programmes organised by us for members of the public and has taken appropriate steps to delete records of NRIC and other Identification Numbers previously collected from our data base and have put in place the necessary measures to ensure the protection of personal details.
We respect your individual privacy and treat your Personal Data in accordance with the Personal Data Protection Act 2012 (PDPA). This Data Protection Policy explains to you how we deal with the information that we collect from you, in particular, the purposes for which we collect, use and disclose your Personal Data.
This Policy applies to all Personal Data processed online by Gardens by the Bay through all its websites and domains (collectively, the "Websites"), which include but are not limited to the following:
This Policy also applies where applicable to the use of cameras, mobile devices, closed-circuit television systems or other surveillance devices and systems at our premises.
1. Personal Data
"Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Examples of Personal Data include your name, telephone number, mailing address, email address, transactional data which you have provided us in any forms submitted to us, via your use of your Friends of the Gardens membership card, or via other forms of interaction with you.
2. Collection of Data
(i) Direct Interactions
We collect your Personal Data when you interact on our Websites or visit our premises, including when you:
(ii) Usage of Cookies
A "cookie" is a piece of data that is sent by a web server to a web browser. It identifies you as a unique user and enables the server to collect information from the browser. It will be sent to your computer every time you visit our Websites.
3. Links to Third Party Websites
The Website may contain links to and from external sites whose data protection and privacy practices may differ from ours. We are not responsible or liable for the content and privacy practices of these other websites, we encourage you to consult the privacy notices of those websites.
Gardens by the Bay has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that Gardens by the Bay shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
4. Consent of Collection of Personal Data
(i) By providing your Personal Data through any of the abovementioned ways, you have agreed to the collection, use and disclosure of the Personal Data by Gardens by the Bay for any of the purposes listed herein.
(iii) The Gardens and/or any party authorised by us may carry out photography and/or videography on the premises, including all ticketed and non-ticketed areas of the Gardens. You hereby grant us and such party authorised by us permission to use your image or likeness in a photograph, video, or other digital media for promotional, advertising, publicity or other purposes and in any format or media whatsoever. You further waive all rights whatsoever including copyright in these material which shall vest in Gardens by the Bay or any party authorised by Gardens by the Bay.
5. Purpose and Use of Personal Data
We will use your Personal Data which will include but is not limited to the following:
(i) to help us develop, improve, manage and administer the services we provide to you, including Wi-Fi services;
(ii) to help us verify your identity for processing and administering your membership application or registration;
(iii) to send you notifications and marketing messages in relation to our promotional events, offers, opportunities, products and programmes;
(iv) to conduct marketing activities including market research, customer profiling, customer insights and targeted marketing activities;
(v) to carry out profiling and statistical analysis to improve our services to notify you of changes to our programmes, policies, terms and conditions, platform updates and other administrative information;
(vi) to administer programmes, promotions and events;
(vii) to prevent, detect and investigate crime and security-related incidents, including fraud, and analyzing and risk management, and to be revealed only to law enforcement agencies, relevant government ministries, regulators, statutory boards or authorities in compliance with any laws or order of court;
(viii) to conduct surveys, questionnaires and requests for feedback;
(ix) to respond to your queries, requests, feedback and complaints;
(x) for promotional and publicity purposes, including taking photographs of participants at events or functions organized, hosted or participated at our premises when you visit our Gardens.
(xi) to meet the requirements of any applicable laws/regulations, enforceable governmental request or court order;
(xii) for any other purposes as may be specified in any notice given to you at the time your Personal Data is collected.
6. Disclosure of Personal Data
(i) We will take reasonable steps to secure your Personal Data against any unauthorised access, improper use or disclosure and ensure that access to your Personal data is limited to persons whom we reasonably believe requires access for effective delivery of our services to you for the purposes listed herein (where applicable) or any other purposes as consented by you.
(ii) Subject to the provisions of any applicable law and in order to carry out the purposes listed herein, we may share or disclose your Personal Data with our related corporations including but not limited to:
Gardens by the Bay will use all commercially reasonable endeavours to ensure that our employees, officers, partners and such other third parties who have access to your Personal Data observe and adhere to the terms of this Personal Data Protection Policy.
7. Access and Correction of Personal Data
(i) You may request to access and/or correct the personal data currently in our possession or control by submitting a written request to us. We will need sufficient information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request and shall attend to your request within 30 days. You may write to our Personal Data Protection Officer at the address provided below if you:
Data Protection Officer
Address: 18 Marina Gardens Drive, Singapore 018953
(ii) We will also be charging you a reasonable fee for the handling and processing of your requests to access your Personal Data. We will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to ordeal with your access request unless you have agreed to pay the fee.
8. Data Rights for European Union ("EU") Subjects
EU subjects who use our services online or at our ticketing counters may contact us to:
All requests made to us in exercising the rights above will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations.
9. Request to Withdraw Consent
(i) You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by submitting your request to firstname.lastname@example.org.
(ii) We will process your request within a reasonable time from such a request for withdrawal of consent being made and will thereafter not collect use and/or disclose your Personal Data in the manner stated in your request.
(iii) The withdrawal of your consent may mean depending on the extent of your withdrawal of consent for us to process your Personal Data, that we will not be able to continue with your existing relationship with us.
10. Administration and Management of Personal Data
(i) We will put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. We will not be responsible for any unauthorised use of your Personal Data by third parties which are attributable to factors beyond our control.
(ii) We will put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which the Personal Data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any legal or business purposes.
11. Complaint Process
If you have any complaint or grievance regarding how we are handling your Personal Data or about how we are complying with the PDPA, please contact us with your complaint or grievance at any of the following methods.
12. Updates on Data Protection Policy
(i) As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
(ii) We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website and can be viewed at this page.
(iii) You are encouraged to visit this page from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
This Data Protection Policy is last updated on 26 September 2018.