PERSONAL DATA PROTECTION POLICY
Bridgestone Tyre Sales Singapore Pte. Ltd. (“Bridgestone”) seeks to comply with the provisions of the Singapore Personal Data Protection Act 2012 (“PDPA”).
TYPES OF PERSONAL DATA COLLECTED
The types of personal data that we may collect include your name, residential address, age, telephone number(s), e-mail address(es) and any other information that may be specific to you and/or personally identify you.
COLLECTION OF YOUR PERSONAL DATA
When collecting the personal data you submit to us via this site or otherwise, we will indicate the purpose(s) of such collection, and will undertake such collection within the prescribed limits of doing so.
If you do not wish to provide us with your personal data, you may opt out of doing so. However, please note that by withholding the personal data requested of you, you may not be able to acquire the products and/or services (whether on our site or otherwise) which require such personal data.
In addition, please note that when you visit our site, we automatically receive your Internet Protocol address and/or information on any web pages of our site that you visit, and record such information on our server. Such collected information may be used to customise the site content that you view, which you review and improve our site contents.
USE OF PERSONAL DATA COLLECTED
We will use your personal data only for the specific purpose(s) indicated to you prior to our usage. We will inform you beforehand if an occasion arises whereby we need to use your personal data for a purpose(s) which had not been originally indicated to you.
If you do not agree to such use of your personal data, you may opt out of our usage of your personal data. However, please note that by opting out, you may not be able to acquire the products and/or services (whether on our site or otherwise) which require the usage of such personal data.
TRANSFER AND/OR DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
Transfer and/or disclosure of personal data to third parties in general
Your personal data may be transferred and/or disclosed to other third parties where we have obtained your consent to do so; where disclosure to Bridgestone-affiliated companies, subsidiaries, distributors or agencies is necessary so as to answer any of your enquiries; where disclosure to other companies which we have engaged, and with whom we have confidentiality agreements, is necessary in order for us to implement what we have indicated to you; or where disclosure is required in urgent circumstances in order to protect life, body or property.
Transfer and/or disclosure of personal data to third parties located outside of Singapore
Please be informed that we will be adopting cloud-based solutions to store our data, wherein such cloud services may be situated in jurisdictions outside Singapore and/or on servers provided to Bridgestone by third party service providers, where such data will include personal data submitted to us, via this site or otherwise. While such personal data is still within our possession or under our control, we will take appropriate steps to ensure that we comply with the data protection provisions under the PDPA. These steps include the measures stated in this Policy.
In addition, we warrant that:
(a) The processing, including the transfer itself, of the personal data will be carried out in accordance with the provisions of the PDPA;
(b) Throughout the duration of the data processing services, we will instruct the third party to process the personal data transferred only on our behalf and in accordance with the provisions of the PDPA;
(c) The security measures are appropriate to protect your personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, in particular where the processing involves the transmission of your personal data over a network, and against all other unlawful forms of processing, and that these measures ensure a standard of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; and
(d) In the event of sub-processing, the processing activity is carried out by a sub-processor providing at least a comparable standard of protection for your personal data as required by the PDPA.
The third-party providing the cloud-based solution will also be bound by legally enforceable obligations (as defined in the PDPA), pursuant to a contractual agreement with us, to provide our clients’ personal data with a standard of protection at least comparable to the protection afforded by the PDPA, in the countries and/or territories that it will be transferred to.
If you do not wish for your personal data to be transferred, you may opt out of doing so. However, please note that by opting out, you may not be able to receive the full suite of products and/or services provided by Bridgestone (whether on our site or otherwise) which require such personal data. In particular, we wish to highlight that by opting out, we would not be able to verify your purchase and the five year manufacturer warranty as the case may be. In this regard, we regret that without registration of your personal data and details of such purchase you may be foregoing such warranty coverage accordingly.
USE OF SITE AND PROVISION OF PERSONAL DATA BY INDIVIDUALS UNDER THE AGE OF 18
We are committed to protecting personal data of individuals under the age of 18. We therefore recommend that guardians review our products and/or services, whether these are provided on this site or otherwise, before allowing their wards under the age of 18 to acquire them.
If you are under the age of 18, please only provide your personal data with your guardian’s consent to do so.
When you submit your personal data on this site, we will use Secure Sockets Layer protection, or other equivalent methods of data transmission protection, in order to protect the transmission of your data.
As part of our commitment to keep your personal data secured, we have implemented and maintain reasonable technical, physical, and administrative security measures for the security of personal data in the event of its loss, misuse, unauthorised access, disclosure, or alteration.
Access to premises and facilities
We have implemented technical and organisational measures in our efforts to ensure that any person’s access to our premises and facilities will be within authorised limits. Such measures include the installation of identification/magnetic card readers and electronic door security systems at the entrances of high-security rooms in the premises, the issuance of keys only to personnel with the requisite clearance, the employment of security personnel and the installation of surveillance facilities in the premises such as alarm systems and closed-circuit television cameras.
Access to systems
We have implemented technical and organisational measures in our efforts to ensure that any person attempting to access our systems will be identified and authenticated. Such measures include requiring the system passwords of all personnel to be of a certain minimum length, alphanumeric and changed periodically.
Access to data
We have implemented technical and organisational measures in our efforts to ensure that personnel access to the data stored by us will be on a “need-to-know” basis. Such measures include monitoring and logging personnel’s data access activities, and granting differentiated access rights to personnel based on their job scopes and transactions undertaken.
We have implemented technical measures in our efforts to ensure that data will be securely transported, transmitted or communicated to, or stored on, external media (both manual and electronic forms). Such measures include data encryption and the use of digital signatures.
We have implemented technical measures in our efforts to allow for subsequent checks on whether new data had been entered into our system or whether existing data in our system had been changed or deleted, by whom, and the content of such data. Such measures include keeping records of personnel login details and their data input activities.
We have implemented technical and organisational measures in our efforts to ensure both the physical and logical security of our data. Such measures include the installation of anti-virus software on, and the mirroring of hard disks in, all personnel’s computers, conducting regular data backups, remote data storage, and the establishment of disaster recovery plans.
LIMITATIONS ON THE RETENTION OF PERSONAL DATA
We will endeavour not to retain your personal data in our possession and/or electronic databases if such retention is no longer required to meet the purpose(s) for which they were collected, and/or such retention is no longer necessary for our legal or business purposes. For the avoidance of doubt, we will be entitled to retain and/or use your personal data as long as it serves an evaluative purpose.
Your personal data may be transferred to law enforcement or government agencies, or authorised third parties, in response to verified requests relating to criminal investigations, alleged illegal activity or any other activity that may expose us to legal liability.
ENQUIRIES, AMENDMENT OR REMOVAL OF PERSONAL DATA
Please contact our Data Protection Officers if you would like to make any enquiries on, and/or corrections to, and/or request deletion of, any personal data belonging to you which is in our possession and/or under our control.