PERSONAL DATA PROTECTION POLICY

This Personal Data Protection Policy (“Policy”) sets out the basis upon which Sunstar Singapore Pte. Ltd. (“We”) may collect, use, disclose, and/or otherwise process personal data in accordance with the Personal Data Protection Act (No. 26 of 2012) of Singapore (“PDPA”) and all the associated regulations and guidelines as may from time to time be issued under it. Please read the following carefully to understand our policies and practices regarding the handling of your personal data.

APPLICATION OF THIS POLICY

1. As used in this Policy, “personal data” means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we (and all our affiliated entities and relevant unaffiliated third parties) have or are likely to have access. Personal data may include, without limitation, your (or such person’s): name; address; telephone number(s); email addresses; date of birth; gender; nationality; marital status; passport number, date and place of issue; NRIC number; driver’s licence number and expiration; photographs and other audio-visual material; employment information; payment information; credit card numbers; marketing preferences; preferred communication methods.

2. However, “business contact information” (which means your or such person’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and other similar information about you or such person, not provided by you or such person solely for your or his/her personal purposes, as the case may be) is not regarded as personal data for the purposes of this Policy.

USE OF COOKIES

3. When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

4. Cookies are small text files stored in your computing or other electronic devices which allow us to remember you or other data about you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.

5. Should you wish to disable the cookies associated with these technologies, you may do so by changing the settings on your browser. However, you may not be able to enter certain parts of our website.

PURPOSES FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

6. We collect your personal data that you knowingly and voluntarily provide in the course of or in connection with certain activities or transactions with us and/or our affiliated entities, third party service providers and agents. Any additional personal data that we collect about you will depend on the nature of the particular activity or transaction.

7. We currently, and/or may in the future, collect, use and disclose your personal data as authorised or required by written law and/or for any or all of the following purposes:

1. (a)  performing obligations in the course of or in connection with our provision of services to you;

2. (b)  verifying your identity;

3. (c)  responding to and processing your requests, queries, complaints, and feedback;

4. (d)  evaluating and improving the quality and content of our products and services;

5. (e)  processing purchase or credit transactions;

6. (f)  media coverage and marketing;

7. (g)  assessing and evaluating your suitability, eligibility or qualifications for employment or

   continued employment with us or with any of our affiliated entities;

8. (h)  safeguarding and defending our rights and property or that of any of our affiliated entities against any security threat (including, but without limitation to, threats to our

   physical infrastructure and environment, computer systems, and network);

9. (i)  complying with a court order or other legal process or other statutory and/or regulatory

   requirements of any governmental and/or regulatory authorities;

10. (j)  any other purposes for which you provided the information; and

11. (k)  transmission to any of our affiliated entities or any unaffiliated third parties including our

    third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.

DATA SECURITY

8. We use reasonable precautions to protect your personal data from accidental loss and unauthorised access, collection, use, disclosure, duplication, modification, disposal, destruction. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

ACCURACY OF PERSONAL DATA

9. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by contacting our Data Protection Officer at the contact details provided below.

RETENTION OF PERSONAL DATA

10. Personal data will be held for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

11. In situations where we transfer your personal data to countries outside of Singapore, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

WITHDRAWING YOUR CONSENT / ACCESS TO AND CORRECTION OF PERSONAL DATA

12. If you wish to:

1. (a)  request for access to a copy of the personal data which we hold about you, or information about the ways in which we use or disclose your personal data;

2. (b)  request for your personal data to be updated or corrected; or

3. (c)  withdraw your consent for us to collect, use and/or disclose your personal data in the

   aforementioned manner,

please contact our Data Protection Officer at the contact details provided below. Please note that a reasonable fee may be charged for requests in (a). If so, we will inform you of the fee before processing your request. We will endeavour to respond within 30 days of your request. If we are unable to do so, we will inform you in writing of the same within this period. We may, in certain circumstances, be entitled or required to refuse your request.

DATA PROTECTION OFFICER

13. If you have any questions regarding this Policy, please contact any of our Data Protection Officer (DPO) at: