Personal Data as defined by Personal Data Protection Act 2012 (PDPA) means data, whether true or not, about an individual who can be identified from the data or from that data and other information to which the organization has or is likely to have access ("Data"). COSS values your privacy and is PDPA compliant. COSS shall collect, hold, process, use, disclose and share personal data and such information (hereinafter collectively referred to as "Data") in accordance with this Policy read with the Website Usage Agreement.
Coss.io collects, uses and may disclose personal data for business purposes deemed reasonable with regard to the consent expressed by the User, having notified him/her duly.
It is the User's responsibility to provide accurate, complete and true Data as and when required by COSS and COSS shall be at liberty to verify, to the best of its abilities, the accuracy of the Data provided.
Collection of Personal Data by COSS
COSS and its affiliates and authorized vendors collects Data from Users, businesses, partners, employees and other individuals who access and use any of the COSS services. COSS may obtain the Data from any device used to access and use the Website including but not limited to Computer, Mobile Phone and such other devices capable of providing access to the Website.
The Data may be collected at varied stages of the access and use of the Website. On Registration of an Account with COSS, personal information such as name, address, contact information, date of birth etc.; financial information such as bank account details, credit/ debit card numbers that are linked to the User's COSS Account etc.; IP address, device information, location and standard web log information including browser type, pages of the Website accessed, the traffic log to the Website and other information of similar nature may be collected. COSS may at any point in time require additional Data which may be shared with authorized third parties/ service providers to verify the User's identity and / or manage risk. Such additional Data may comprise of information like government identification number, tax payer information and information from third parties such as credit bureaus etc.
On using the Services provided, COSS collects information about the User's transactions and/ or other activities on the Website and continuously collects the information about your computer, mobile device or other access devices of similar kind. COSS also collects all Data submitted by the User on the Website through the Registration Form(s), Contact Us Form, email correspondence or Data which may be provided to our authorized third parties and Support teams. If the User contacts COSS or is contacted by COSS using telephone, COSS may monitor or record the phone call for quality assurance, training and security purposes. It is assumed that the User is of a legal age (at least 18 years of age), COSS does not intentionally collect Data of any individual below the legal age.
Consent to Data Collection
The COSS website including the third-party service providers store and use "cookies" so that COSS can provide a better and personalized User experience. Cookies are identifiers which a web site can send to User's browser to keep on User's computer to facilitate User's next visit to the Website. Most web browsers have a setting and the User can be notified User is sent a Cookie, giving the User the option to decide whether or not to accept it.
COSS may combine the User's visitor session information or other information collected through Cookies and other similar technologies with the Data collected in order to understand and improve User's online experience, mitigate risk and enhance security, recognize the User as a COSS Account holder and to determine what promotions and services the User prefers or are likely to be of interest to the User.
The User may decline and reject the Cookies if the Browser permits but doing so may interfere with the use of COSS features and services.
Use of Data Collected
COSS may use the Data collected for the following purposes:
- to provide you with an access to your coss.io Account and Services.
- to respond to the User's requests/ queries.
- for the purposes for which it was originally provided at the time when the Data was collected.
- provide Services available including but not limited to processing of transactions and communications regarding transactions such as notices, fee payments, troubleshooting etc.
- to maintain and improve our Services, Platform.
- to investigate, prohibit, intercept and prevent illegal activities such as fraud and money laundering etc. and prevent violation of any of our Website Usage Terms.
- to verify the User's identity.
- to inform Users and non-users about the services offered , industry developments, promotional offers and events held by COSS.
- monitor and analyze trends, usage, and activities in connection with our Services.
- for reporting purposes and general management (e.g. invoicing, account management).
- for recruitment, employment of the new personnel and providing internal services.
- for audit, compliance and risk management purposes.
- all other purposes related to the sphere in which coss.io functions.
You may voluntarily choose to unsubscribe from our promotional emails by clicking on use the 'Unsubscribe' button at the bottom of an email you have previously received from coss.io. You may also unsubscribe by getting in touch with the Data Protection Office appointed under this Policy. Please note that your request may take up to 28 days to be processed. COSS shall not use the Data for any other purpose except as stated above. The User shall be at liberty to withdraw his/ her consent on such use of Data as he/she deems fit. Please note, in the event consent to use Data is withdrawn, it may lead to restricted, limited or no access to certain features or services provided by COSS.
Disclosure of Data Collected
COSS will disclose to and share User's Data only with the following third parties and in the following events:
- With COSS affiliates, business and financial partners.
- With intermediaries or subcontractors hired by COSS including but not limited to third party identity verification service providers, service providers managing the Operations of COSS such as invoice and fee collection, technology providers and to provide information that according to COSS may be of relevance to the User.
- With any other Third Party to meet the purpose for which the information was originally submitted to COSS by the User.
- When COSS, in reasonable suspicion, believes such disclosure to prevent / investigate financial loss or crimes, physical harm or performance of unlawful activities.
- When it is required any law, rules, regulations or by a Court Order, with the Law Enforcement Authorities, including Government Officials.
- With Other COSS Account holders/ Users in order to complete, perform, cancel, restrict or reverse a Transaction and perform any other activities in relation to a Transaction request by the User.
- Any other person notified by the User.
Data Protection and Security
COSS respects the User's privacy and recognizes the need to protect the Data shared with it.
COSS implements the generally accepted security standards to protect the Data obtained by it. Special security measures are undertaken by COSS to prevent unauthorised access, collection, copying, use, modification, disposal or disclosure of Data and the associated risks. Some of the measures undertaken include firewalls and data encryption software. Physical access to the Offices is also regulated and only authorized employees can access User's Data strictly following all the necessary security requirements.
COSS will continue to enhance its security procedures as new technology becomes available.
Retention of Data
COSS continuously stores User Data and retains the Data to comply with its legal and business obligations. In case the purpose for which Data was collected is no longer being served, COSS shall cease to collect, use or disclose Data.
COSS shall retain record of the User's Data for a minimum period of five years from the date the User ceases operations and deletes his/her COSS Account. This retention of Data is in consonance with the PDPA and deemed necessary by COSS to resolve legal disputes, if any.
Access to Personal Data
The User can gain access to the Data provided by him/ her upon request. It shall be the sole prerogative of COSS to demand a written request for access. COSS shall be at liberty to verify the User's identity before acting on such requests. A request for access is governed by PDPA and as such can be provided to correct errors and omissions in the User's Personal Data with a view to provide accurate, complete and true information to COSS. Please note, that these access requests may be charged.
Withdrawal of Consent
The User shall be at liberty to withdraw his/ her consent with regard to collection, use or disclosure of Data. In case the User wishes to withdraw such consent, preliminary steps should be taken to notify COSS about the decision to withdraw consent. COSS shall inform the User about the potential consequences of proceeding with such an action including but not limited to limited, restricted or no access to certain features or services provided by COSS.
If the User proceeds and withdraws consent, COSS and any third party associated with it shall cease to collect, use or disclose Data, except for the cases when it is required or authorized under law or by Court Order.
Please note, in case of withdrawal of consent, COSS shall continue to retain the Data already collected for a period of five years as per Retention Clause above.
Transfer of Data Outside of Singapore
By submitting the Data, the User specifically consents to the transfer, storing or processing of it outside of his/ her jurisdiction for specific purposes such as identity verification, performance, completion, cancellation or reversal of Transaction(s) or providing of COSS Services. COSS shall in such events ensure that the standard of protection accorded to the Data in such territory outside Singapore shall be comparable to the protection under the PDPA.
Third Party Links and Data Protection
COSS may modify and amend this Policy from time to time without notifying User's personally. The amended policy shall be effective as soon as it is published on this page. The Policy shall have the 'last updated' date for the convenience of the User to take note of the latest amendments to the Policy. COSS recommends the User to visit this page on a regular basis. It is the User's sole responsibility to stay informed about the modifications and amendments.
Complaints and Queries
Details of the Data Protection Officer
Name - Ms. Asmita Dhingra
Business Contact Information - [email protected]