Privacy Policy

Respecting your privacy and protecting your Personal Data

Fry & Laurie respects the privacy of users in accordance with our Privacy Notice. Our Privacy Notice applies solely to Personal Data collected by us.

We conduct our business with respect to collecting, using, disclosing and caring for Personal Data in compliance with the Singapore Personal Data Protection Act (PDPA) and other applicable data protection legislation.

On or before the collection of your Personal Data, we will notify you of the purpose(s) of why we want to collect, use or disclose your Personal Data. We will obtain your explicit consent before we collect, use or disclose your Personal Data unless there are exceptions to consent as provided for under the PDPA.

Information We Collect

Here are examples of personal data we collect (“Personal Data”):

• Your identity – This includes NRIC, FIN or passport number, address, telephone number, e-mail address, date of birth, any form of biometric that you may have submitted, as well as service-related information such as bank and credit card details, device ID and IP address.

• Your interaction with us – For example, a note or recording of a call you make to us, an email or letter you send to us, or other records of any contact you have with us.

• Provision of goods and services – This includes personal data that we have access to in the course of provision of goods and services.

• Information from other organisations – These organisations include fraud-prevention agencies, business directories, credit reference agencies or individuals we believe you have authorised to provide your personal details on your behalf.

Ways we collect Personal Data

We may collect your Personal Data when you:

• Use our Services

• Register for a specific product or service

• Sign up for alerts or newsletters

• Contact us with a question, or request for assistance

• Visit our Website and applications (through the use of cookies and other technologies)

• Provide us with products and/or services, in which case, please refer to “If you are a Subcontractor” under “How we use your personal data” section below on how we use your personal data.

Where you give us personal data about other individuals, you confirm that you are authorised to disclose and consent, on their behalf, to the processing of such personal data for the purposes described below, or other purposes for which your consent has been sought and obtained.

How We Use Your Data

We may use your personal data and share your personal data with third parties set out in “Sharing your personal data” below for the following purposes, purposes for which your consent has been obtained and other purposes permitted by applicable laws and regulations (“Purpose”):

If you are a Customer

Provisioning & administration of services

• Provide goods and/or services to you

• Enable us to process bills and payments

• Respond to enquiries and requests from you or people you have authorised

• Inform you about service upgrades and updates

Market research & service enhancement

• Conduct market research and customer satisfaction surveys to improve our customer service; develop new products, as well as personalise the services we offer you

• Perform market analysis

• Improve your user experience based on your usage behaviour on our websites and applications

Sharing of rewards and benefits

• Offer rewards and promotions

• Provide updates, offers, invitations to events and deliver relevant advertising, with your prior consent or if otherwise permitted under local laws and regulations

Security and risk management

• Handle any service, data breach and security issues

• Prevent and detect fraud or other crimes and recover debts

• Conduct internal audits and determine creditworthiness

• Ensure the safety and security of our properties and systems

• Conduct checks against money laundering, terrorism financing, corruption, compliance and related risks

Legal & regulatory requirements

• Meet legal, regulatory and other requirements including providing assistance to law enforcement, judicial and other government agencies

If you are a Supplier / Subcontractor

• To conduct due diligence / background checks that are mandated by legislation, our or our clients’ internal policies and practices

• For the purposes relating to the supply of goods and services and support by supplier / subcontractor to us

If you visit our Website

To contact you about your enquiries. We will not use your personal data for purposes other than the Purposes. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose other than the Purpose.

Sharing Your Data

We may share your personal data with:

• Business partners and vendors we work with to deliver goods and/or services you purchase or which we purchase

• Our clients for the purposes of performing our contract with our clients

• Regulatory authorities, law enforcement agencies, government agencies and other government organisations, as required by local laws and regulations

Your personal data is disclosed to the above only for the relevant Purposes stated above and for such other Purposes as you have consented to.

We will also ensure that overseas organisations we work with observe strict confidentiality and protection of personal data we transfer to them according to a standard of data protection that is equivalent to Singapore’s PDPA.

Accuracy of Data

We have implemented measures to verify and ensure that the personal data we collect, use and disclose are accurate, complete and up-to-date, especially where such data are required to make decisions about you or where we need to disclose such data to third parties.

Data Retention

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We have a data retention policy where we keep track of the retention periods of the various types of personal data that are in our possession. We will ensure that those data that have reached the end of their retention periods will be securely disposed of or destroyed.

Under certain of our business requirements, we may retain the personal data beyond the retention periods by anonymising them for use in data analytics, research and statistical analysis.

Your Rights

Withdrawing your consent

The consent that you provide us for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by sending an email request to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within twenty-one (21) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods and/or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in this section above.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose your personal data where such collection, use and disclosure without consent is permitted or required under the PDPA or other applicable laws.

Access to and correction of personal data

If you wish to make (a) a data access request for access to a copy of the personal data which we hold about you or information about the ways in which we have used or disclosed your personal data within the past one year, or (b) a data correction request to correct or update any of your personal data which we hold about you, you may submit an email request to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for a data access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction as requested by you, we shall generally inform you of the reasons why we are unable to do so (except where there are exceptions under the PDPA).

EEA Data Subjects & Transfers Outside the EEA

For our EEA users, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. We may provide your data to third party providers who are located outside the EEA, or they may use servers that are located outside the EEA. If this happens, we will ensure that adequate protection of your data is provided as required by applicable law, for instance by concluding Standard Contractual Clauses issued by the European Commission.

Residents of the EEA

We provide the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). If you reside in the European Territories (including the EEA, Switzerland, and the United Kingdom), our legal basis for collecting and using the Personal Data will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect Personal Data from you where the processing is in our legitimate interests. In some cases we may collect and process Personal Data based on consent.

EEA data subjects have certain rights with respect to your Personal Data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.

• Access, Correction or Deletion. You may request access to, correction of, or deletion of your Personal Data.

• Objection. You may object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes and may do so using the options provided in this Privacy Policy. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

• Restriction. You have the right to ask us to suspend the processing of your Personal Data in the following scenarios:

(a) if you want us to establish the data’s accuracy;

(b) where our use of the data is unlawful but you don’t want us to erase it;

(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

• Portability. You have the right to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

• Withdraw Consent. If we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

• File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your Personal Data. To file a request or act on one of your rights, please contact us at the contact details provided below. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

California Resident Notices

California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act of 2018 (the “CCPA”) allows you, the consumer who is a California resident, upon a verifiable consumer request, to request from businesses (like us) to:

• Delete any Personal Data about the consumer which the business has collected from the consumer;

• Disclose to the consumer certain information about the Personal Data that the business collects from the consumer; and

• Direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.

We do not sell any consumer Personal Data to third parties. If you want to submit a data access or data deletion request, please get in touch at privacy@frylaurie.com. However, if your request relates to Personal Data collected through any client’s or vendor’s websites or digital products, you’ll need to get in touch with the owner of that website or product directly. We may ask you certain questions to verify your identity, and ask for your email or other confirmation, before we process your request. Consistent with California law, if you choose to exercise your rights, you will not receive discriminatory treatment from us.

In certain situations, you can designate an authorised agent to make a request on your behalf. You may be asked to provide certain verification details such as a valid power of attorney, a valid government ID, and the authorised agent’s valid government ID before we proceed with your request.

California’s Shine the Light Law

If you reside in California, CA Civil Code § 1798.83 allows you to request and obtain from us once a year, free of charge, a list of the third parties to whom we may have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties. As a general policy, we do not share personal information with third parties for their own direct marketing purposes without getting your consent first. If all this sounds awful to you, you can prevent disclosure of your personal information to third parties for their direct marketing purposes by withholding consent.

Do Not Track Disclosure

Regulatory agencies such as the U.S. Federal Trade Commission have promoted the concept of Do Not Track as a mechanism to permit internet users to control online tracking activity across websites through their browser settings. Since no industry standard has been adopted, we currently do not process or comply with any web browser’s “do-not-track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our Site or use our Services.

Exclusions

Here are some things this Privacy Policy does not apply to:

• Any Personal Data collected by us that is not collected through the Services or this Website;

• Any unsolicited information you provide to us through the Services or any other means, which will be considered non-confidential and which we’ll be free to reproduce, use, disclose to and share with others without limitation or attribution.

Security Measures

We have implemented reasonable organisational and technical measures to secure and protect the personal data you provide us against any unauthorised access, use, disclosure, modification or disposal. These include:

• Safeguards to prevent security breaches in our networks and database systems

• Limits on access to information in our systems

• Strict verification processes to prevent unauthorised access to information

Nonetheless, we strongly recommend that you carefully consider what Personal Data you disclose via email or over the internet.

Contacting Us

You may contact our Data Protection Office at privacy@frylaurie.com if you have any request or enquiry on our personal data protection policies and procedures.

Other Terms and Conditions

Your access to and use of the Services is subject to the Terms of Use.

Changes to Our Privacy Notice

We reserve the right to update or modify this Privacy Notice at any time, without notice to you. We will post the latest changes to this page, and let you know at the bottom of this page the date this Privacy Notice were last updated. We strongly recommend that you review this Privacy Notice periodically, and especially before you provide any Personal Data to us. When you continue to use the Services after any changes or updates made to the Privacy Notice, this constitutes your agreement with the revised terms.

Effective Date: April 10, 2025