Privacy Notice
This Privacy Notice (“Notice” or “Data Protection Notice”) sets out the basis on which Possbly Pte. Ltd. (“Possbly”, “we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of our prospective service users, service users, service users' authorised representative in accordance with Singapore’s Personal Data Protection Act (“PDPA”).
It is important that you read this Privacy Notice in its entirety to fully understand how we handle your data before proceeding with Possbly.
This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
Generally, this Notice is applicable when you use our social media platform as a service which is accessible via websites (https://www.possbly.app, https://possbly.app, https://possbly.com ) and mobile web application installation on your smart devices.
This Notice is also applicable to other Services such as inquiries about our social media platform, and seeking user support Services (collectively, the “Services”). This Notice does not apply to information our service users may process when using our Services.
If you are looking for California-specific data protection information, check out our CCPA Notice which is incorporated into this Notice.
If you are looking for EU-specific data protection information, check out our GDPR Notice which is incorporated into this Notice.
We may collect and receive information about users of our Services (“users”, “user”, “you”, or “your”) from various sources, including: (i) information you provide through your user Account on the Services (your “Account”) if you register for the Services; (ii) your use of the Services; and (iii) from third-party websites, Services, and partners.
The collection, use, disclosure or otherwise processing of personal data of our service users will be in accordance with guidelines set out by Singapore’s government or any applicable government data management policy. Possbly Pte. Ltd. will comply with the relevant requirements under the applicable government’s data management policy.
We recommend that you read this Privacy Policy in full, to ensure you are fully informed. If you have any questions about this Notice, please contact us at privacy@possbly.app
PERSONAL DATA
1. As used in this Notice:
“Personal data” means data, whether true or not, about an individual (whether a prospective service user, service user, service user' authorised representative or otherwise) who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
2. Depending on the nature of your interaction with us and the information you have posted under your user profile, we may collect some types of information from you. Please refer to clauses 3 to 10 to learn more about the types of information we collect.
3. User Account Registration & User Verification Request: When you register for a user Account or request to verify your user profile to become a verified content creator and collect payments or update your user profile, we may ask for your user information such as name, password, company name, residential address, office address, email address, and telephone number, nationality, government-issued identity proof, government issued passport, government-issued driving licence, profile username, profile URL, profile picture, profile cover picture, other social profile URL links, or your choice of profile category.
4. Payment Information: As a user, when you make a transaction, such as subscribing or giving a tip, you will be directed to either PayPal or Stripe third-party payment processing where you are required to enter your financial information such as your credit card or debit card information. We do not store your financial information on our systems; however, we have access to and may retain, subscriber information through our third-party payment processor.
As a verified creator, you will be required to enter your PayPal Account email address under your Account. This email address is stored on our system to make payment to you. We only need this email address to process the payment. So, we do not store any other financial information such as your local bank information, credit card or debit card information as these will be stored by PayPal.
5. User Content: Possbly’ s features allow you to publicly post content as part of our Services. By registering for or using our Services, you agree that your profile information and the content you post may be viewed and used by other users and third parties we do not control.
6. Communications: If you contact us directly, we may receive additional information about you such as your name, email address, phone number, inquiry subject, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email sent from us.
7. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits). “Personal Data” includes equivalent terms in other Data Protection Laws, such as the CCPA-defined term “Personal Information,” as the context requires.
8. Cookies and Other Tracking Technologies: As is true of most websites, we gather certain information automatically and store it in log files. In addition, when you use our Services, we may collect certain information automatically from your device. This information may include internet protocol (“IP”) addresses, browser type, internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services. Cookies contain a small amount of information that allows our web servers to recognize you. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our Services, the functionality of our Services, frequency of visits, and other information related to your interactions with the Services. We may track your use across different websites and Services. In some countries, including countries in the European Economic Area (“EEA”), the information referenced above in this paragraph may be considered personal data under applicable data protection laws.
9. Usage of our Services: When you use our Services, we may collect information about your engagement with and utilization of our Services, such as processor and memory usage, storage capacity, navigation of our Services, and system-level metrics. We use this data to operate the Services, maintain and improve the performance and utilization of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
10. Third-Party Accounts: If you choose to link our Services to a third-party Account, we will receive information about that Account, such as your authentication token from the third-party account, to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party Accounts to learn about your options.
COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
11. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your express consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
12. We may collect and use your personal data for any or all of the following purposes:
a. establishing or managing your relationship with us. This includes:
i. Where you are a prospective user, processing and evaluating your registration for our Services;
ii. Where you are a user, providing the Services requested by you; and monitoring, evaluating, improving, and/or auditing of Services provided. This may include an assessment of the quality of the Services provided and the effects of the Services provided (both in the short and long term, and after you have stopped using the Services);
iii. Where you are a user’s authorised representative; and
iv. processing and evaluating the user’s application for our Services.
b. providing you with information on our upcoming events or activities, where you have specifically requested to receive such information;
c. verifying your identity to comply with legal regulations such as but not limited to the age requirement, and nationality for sanction rules compliance;
d. responding to, handling, and processing queries, requests, applications, complaints, abuse reports, and feedback from you;
e. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
f. any other purposes for which you have provided the information;
g. transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
h. any other incidental purposes related to or in connection with the above.
13. We may disclose your personal data:
a. where such disclosure is required for, or in connection with, the provision of the Services requested by you;
b. to third-party service providers, agents and other organisations we have engaged to perform any of the purposes listed in clause 12 above for us;
c. to comply with any applicable laws, regulations, codes of practice, guidelines, rules, or requests by public agencies, or to assist in law enforcement and investigations; and
d. any other party to whom you authorised us to disclose your personal data to, or where necessary to undertake any action requested by you.
14. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
15. After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your personal data about those purposes.
DEEMED CONSENT BY NOTIFICATION UNDER PDPA
16. We may collect or use your personal data or disclose existing personal data for secondary purposes that differ from the primary purpose for which it had originally collected for. Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the personal data will not likely have an adverse effect on you. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of his personal data through appropriate mode(s) of communication such as email.
17. You will be given a reasonable period to inform us if you wish to opt out of the collection, use and disclosure of your personal data for such purposes. You will be given a reasonable period to inform us if you wish to opt out of the collection, use and disclosure of your personal data for such purposes.
18. In particular, we may rely on deemed consent by notification to collect, use or disclose your personal data for the following purposes:
a. users’ data analysis;
b. your continued use of our Services constitutes your acknowledgement and acceptance of any changes made to this Notice and any Terms and Conditions and policies of Possbly;
c. merchandise (physical products and digital products) order and request fulfilment; and
d. in connection with the sale, merger, bankruptcy, sale of assets, funding, or reorganisation of our company. We will notify you via the email provided by you if a different company receives your data.
RELIANCE ON THE LEGITIMATE INTERESTS EXCEPTION
19. In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of Possbly Pte. Ltd. or another person. In relying on the legitimate interests exception of the PDPA, Possbly Pte. Ltd. will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
20. In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
a. Fraud detection and prevention;
b. Detection and prevention of misuse of Services;
c. Network analysis to prevent fraud and financial crime, and perform credit analysis;
d. Collection and use of personal data on company-issued devices to prevent data loss;
e. To comply with sanction laws which refers to the economic or financial sanctions laws and/or regulations, trade embargoes, prohibitions, restrictive measures, decisions, executive orders, or notices from regulators implemented, adapted, imposed, administered, enacted and/or enforced by any Sanctions Authority.; and
f. To comply with applicable laws and regulations such as trade-specific laws, contract laws and children data protection laws.
The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
WITHDRAWING YOUR CONSENT
21. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you or your authorised representative in writing. You or your authorised representative may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request via email or otherwise in writing to our Data Protection Officer at the contact details provided below. If you are unable to submit your request in writing or if you require any assistance with the submission of your request, you can ask for more support via the contact form.
22. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
23. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or Services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in the manner described in clause 44 below.
24. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
ACCESS TO AND CORRECTION OF PERSONAL DATA
25. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request via email or otherwise in writing, to our Data Protection Officer at the contact details provided below at clause 44. If you require assistance with the submission of your request, you can ask for more support via the contact form.
26. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
27. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA, or any applicable instructions given by legal authorities).
SECURITY: PROTECTION OF PERSONAL DATA
28. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as making sure all transactions are secured via a secure server (SSL), minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching/upgrading of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one-time password(OTP)/2-factor authentication (2FA)/multi-factor authentication (MFA) to secure access (after Beta Release), and security review and testing performed regularly. We do not retain or store any credit card information on our servers. All credit card information that is used to purchase products and Services is processed and stored by our third-party payment processor (ie. PayPal.com or Stripe.com) on their secure servers.
29. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will ever occur, but we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
ACCURACY OF PERSONAL DATA
30. We primarily rely on the personal data provided by you (or your authorized representative). It is essential to ensure that your personal data remains current, complete, and accurate. Therefore, please promptly inform our Data Protection Officer at the contact details provided below or update your user profile settings for minor updates if there are any changes to your personal data. To maintain data accuracy, we may periodically send you emails requesting verification of any changes to your personal data that you would like us to update.
If we do not receive a response from you, but there is evidence of changes to the original data, we may contact you via email to verify the changes and request you to rectify and update the data. However, if we do not receive a response, we reserve the right, at our sole discretion, to either delete or update the data from our records or temporarily suspend your user Account.
Please ensure that you keep your personal data updated to ensure the accuracy and relevance of the information we hold. Your cooperation in providing timely updates is greatly appreciated.
If you have any concerns or questions regarding the updating of your personal data, please reach out to our Data Protection Officer using the contact details provided below.
RETENTION OF PERSONAL DATA
31. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
32. We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.
TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE
33. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, and any applicable privacy laws such as GDPR.
GDPR NOTICE
34. Under the General Data Protection Regulation (GDPR), if you are an EU citizen or EU resident, you have the following data protection rights:
a. Right of Access and Correction Request - You have the right to obtain access to your personal data. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below. Alternatively, you may also update your profile’s username and email and any information in your Account settings on Possbly.
b. Right to erasure – You have the right to request the erasure of your personal data and delete your Account. Please be aware that this deletion of the Account is final and cannot be reversed. Once deleted, it will cease to exist on our servers. However, where we do not need your information to provide the service to you, we retain it only if we have a legitimate business purpose in keeping such data or where we are subject to a legal obligation to retain the data. We will also retain your data if we believe it is or will be necessary for the establishment, exercise, or defence of legal claims. You may submit your request in writing or via email to our Data Protection Officer at the contact details provided below or submit an Account deletion request via online form.
c. Right to restrict processing – You have the right to block or suppress further use of your personal data. You may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
d. Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., in Excel spreadsheet or Word documents), and to request that it be transferred to another organisation on your behalf. You may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
e. Right to object to automated decision-making – You have the right not to be subject to a decision based solely on automated processing which produces legal effects on or significantly affects you. In addition, you may choose to opt-out of marketing communications we send you at any time by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please notify us via the link provided in the content. You may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
f. Right to withdraw consent - if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
g. Right to complain – You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
h. Please note that a reasonable admin fee may be charged for an access request (i.e., receiving a password-protected copy of your personal data to your email address) or to transfer your personal data in a password-protected electronic document to another organisation on your behalf. If so, we will inform you of the fee before processing your request.
i. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the GDPR, or any applicable instructions given by legal authorities).
CCPA NOTICE
35. Under the California Consumer Privacy Act of 2018 (CCPA), if you are a California resident, you may exercise the following rights:
a. Right to Know and Access - you have the right to know about and access the personal information we collect and how it is disclosed, used and shared.
b. Right to Opt-Out of Sales and Sharing - you have the right to opt out of the sale or sharing of your personal information.
c. Right to Correct - You also have the right to request in certain circumstances that we correct Personal Information that we have collected about you when that Personal Information is inaccurate.
d. Right to Delete - Subject to certain exceptions, you have the option to delete Personal Information about you that we have collected from you.
e. Right to Limit – You have the right to limit the use and disclosure of sensitive personal information collected about you.
f. Right to Equal Service and Price - You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.
g. Verification - Requests for access to or correction or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations. We verify your identity by asking you to provide verification information such as but not limited to ID number or billing information specific to your Account that we can match against information that we may have collected about you previously.
h. Shine the Light - We do not rent or sell any user personal data and it includes yours. We will also never share your Personal Information without your consent unless we are prohibited by law from doing that.
i. Exercise your Rights - To exercise any of your rights under the CCPA, you may use Possbly built-in features to do so such as updating your user profile settings or dropping us an email or submitting your request in writing to the contact information provided below.
j. Please note that a reasonable admin fee may be charged for an access request (i.e., receiving a password-protected copy of your personal data to your email address) or to transfer your personal data in a password-protected electronic document to another organisation on your behalf. If so, we will inform you of the fee before processing your request.
k. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the CCPA, or any applicable instructions given by legal authorities).
COOKIES
36. We use cookies for the proper functionality of the website and web applications and to give our users an improved browsing experience. Please see our cookie policy for more information on our use of cookies.
YOUR CHOICES
37. You can use some of the features of the Services without registering, thereby limiting the type of information that we collect.
38. You may unsubscribe from receiving certain promotional emails from us. If you wish to do so, simply follow the instructions found at the end of the email. Even if you unsubscribe, we may still contact you for informational, transactional, account-related, or similar purposes.
39. Many web browsers have an option for disabling cookies, which may prevent your browser from accepting new cookies or enable selective use of cookies. Please note that, if you choose not to accept cookies, some features and the personalization of our Services may no longer work for you.
LOG FILES
40. Possbly follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and are a part of hosting Services' analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is to analyse trends, administer the site, track users’ movement on the website, and gather demographic information.
CHILDREN PRIVACY
41. We do not knowingly collect information from children under the age of 13, and children under 13 are prohibited from using our Services. If you learn that a child has provided us with personal data violating this Privacy Policy, you can alert us at privacy@possbly.app. Creating an account with false info is a violation of our terms. This includes accounts registered on behalf of someone under 13 years old.
42. In some countries, the law requires a parent or guardian to give consent for people older than 13 years old, but under the age of consent in their country (e.g., 18 years old or 21 years old in some countries), to use our service. Please note that we do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old or less than the legal age of your country to permit submission of your information, you may not submit any personal data to us personally. If you learn that a child has provided us with personal data in violation of this Privacy Policy, you can alert us at privacy@possbly.app. Creating an account with false info is a violation of our terms. This includes accounts registered on behalf of someone under 16 years old or the minimum legal age of your country.
43. By accessing and/or using this Platform, you represent that you are at least 13 years old or 16 years of age (for some countries) or not under guardianship. If you are below 16 years old or under guardianship: you must obtain approval from your parent(s) or legal guardian(s); and your parent(s) or legal guardian(s) are responsible for: (i) all your actions in connection with your access to and use of our Services; (ii) your compliance with this Notice, all of our other published Policies, Terms and Conditions, and Terms of Use; and (iii) ensuring that any of your usage of the Services will not, in any event, result in any violation of applicable laws and regulations relating to child protections. If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or legal guardian(s) is not willing to open the user Account under their name, you must cease accessing the Services. Creating an account with false info is a violation of our terms. This includes accounts registered on behalf of someone under 16 years old or the minimum legal age of your country.
DATA PROTECTION OFFICER
44. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Attention To: Data Protection Officer
Contact Number: +65 62081388
Email Address: privacy@possbly.app
Address: Wood Square Tower One, 12 Woodlands Square, Unit #13-88 Singapore 737715
EFFECT OF NOTICE AND CHANGES TO NOTICE
45. This Notice applies in conjunction with any other notices, policies, terms and conditions, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
46. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our Services constitutes your acknowledgement and acceptance of such changes.
Effective date: 11/08/2023
Last updated: 11/08/2023