“Data Protection Law” means all applicable laws and regulations pertaining to the security, confidentiality, protection or privacy of Personal Data, as amended or re-enacted from time to time, including (without limitation and to the extent applicable) the PDPA. If you are a resident of Singapore, Singapore law may provide you with additional rights regarding our use of your personal information. To learn more about your Singaporean privacy rights, click here.“PDPA” means the Personal Data Protection Act 2012.
“Good Industry Practice” means, in relation to any undertaking in any circumstances, the degree of skill, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person in the same or similar circumstances.
“Personal Data” means the personal data made available by or on behalf of the Customer to the Company for the purposes of these Terms, obtained by the Company in connection with these Terms, during the course of supplying the Goods that is processed by the Company on behalf of the Customer in accordance with these Terms.
“Regulations” means all legislation, and all rules or regulations of any kind, including orders, instructions or directions of a competent authority, and all related official guidance, whether enacted or enforced by any competent authority with whose decision or determination it is Good Industry Practice to comply.
“Security Incident” means either:
- The unlawful or unauthorised processing of Personal Data
- The accidental loss, destruction of, theft, use, disclosure or damage to, Personal Data
- Any other security incident affecting Personal Data (including (without limitation) a personal data breach as defined in the PDPA).
- Terms defined in the Data Protection Law shall have the same meaning when used in these Terms.
- The Company and the Customer shall each ensure that it shall comply with the provisions and obligations imposed on it by Data Protection Law.
- All Personal Data acquired by the Company from the Customer shall, at the Customer’s cost, be securely returned or deleted (at the option of the Customer) together with all copies in any form or in any media in the Company’s power, possession or control following the earliest to occur of:
- Termination or expiry of these Terms;
- A request from the Customer; and
- If the Company no longer needs the Personal Data in connection with the performance of its obligations under these Terms, provided always that the Company may retain copies of the Personal Data if it is required to do so under applicable law (including Data Protection Law).
- The Company shall implement and maintain reasonable adequate and appropriate technical and organisational measures and controls against Security Incidents and anticipated threats or hazards to the security or integrity of the Personal Data, pursuant to the standard required by Data Protection Law
- The measures to be adopted under this clause shall ensure a level of security appropriate to the harm that might result from a Security Incident and the nature of the relevant Personal Data, having regard to the state of technological development and the cost of implementing the measures.
- The Company shall, at the Customer’s reasonable request and the Customer’s cost and expense, provide the Customer with all information necessary to enable the Customer to verify the Company’s compliance with this provision entitled “Data Protection”.
- The Company shall, at the Customer’s reasonable request and the Customer’s cost and expense, provide the Customer with all information necessary to enable the Customer to verify the Company’s compliance with this provision entitled “Data Protection”