PRIVACY POLICY — WORLD ON A WIRE

ANALYTICS

This website collects personal data to power our site analytics, including:

Information about your browser, network, and device
Web pages you visited prior to coming to this website
Your IP address

This information may also include details about your use of this website, including:

Clicks
Internal links
Pages visited
Scrolling
Searches
Timestamps

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

COOKIES

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.
These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.

FONTS

This website uses font files from Google Fonts and Adobe Fonts. To properly display this site to you, servers where the font files are stored may receive personal information about you, including:

Information about your browser, network, or device
Your IP address

For website visitors

This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:

Information about your browser, network and device
Web pages you visited prior to coming to this website
Your IP address

Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalized form.

PERSONAL DATA PROTECTION POLICY

WORLD ON A WIRE AGENCY PTE. LTD.

This Data Protection Notice (“Notice”) sets out the basis which WORLD ON A WIRE AGENCY PTE. LTD. (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers and other individuals in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including without limitation, personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

Definitions

1. As used in this Notice:

“customer” means any individual person who has either (a) contacted us through any means regarding goods/services that we may provide, or (b) may or has actually entered into a contractual relationship with us, for the provision of goods/services or otherwise; and

“personal data” means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

2. Here are some types of personal data that we may collect:

● name

● address

● email address

● phone number

● age

● date of birth,

● gender

● marital status

● photographs

● video recordings

● nationality

● passport /identity card copies

● employment information

● cookies/IP addresses

● other background information such as income data, financial records, tax records

3. Other terms used in this Notice shall have the meanings given to them in the PDPA

1. Notification

1.1. Notification to Customers

1.1.1. General Notification

Before collecting personal data, individuals are informed of the purpose of collection or how the data will be used, and any potential disclosures, unless there are exceptions that we can rely upon under the law. Customers are provided with clear and concise information about the company's data protection policies at the point of collection, ensuring transparency and informed consent.

Some examples of the purposes for collection or use of personal data are as follows:

(a) performing obligations in connection with our provision of the goods and/or services requested by you;

(b) administering your relationship with us;

(d) responding to queries, feedback and or complaints;

(e) processing payment;

(f) complying with any applicable laws;

(g) assisting with investigations conducted by any regulatory or law enforcement agency;

(h) any purpose for which you have provided us personal data;

(i) any other incidental business purposes related to or in connection with the above; and

(j) transmitting data to third parties (eg. third party service providers, contractors, agents) whether in Singapore or elsewhere, for any of the abovementioned purposes.

The purposes listed above may continue to apply even in situations where customers relationship with us has been terminated for a reasonable period thereafter (eg. for a period to enable us to enforce our rights under a contract with the individual).

1.1.2. Disclosure

We generally do not disclose personal data without first obtaining a customer’s consent. Disclosure will then be only for the specific purpose that the customer has been informed about (subject to any exemptions under the law).

Notwithstanding the abovementioned, we may however disclose an individual’s personal data:

(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by the individual; or

(b) to third party service providers, contractors, agents and other parties we have engaged to perform any of the functions in connection with the above mentioned purposes.

Furthermore, we may disclose an individual’s personal data:

(d) companies providing services pertaining to insurance and/or reinsurance to us, and associations of insurance companies;

(e) our agents, contractors or third party service providers (eg. telecommunications, business process outsourcing, mail processing, email support, call centres, IT support, data processing, payment assistance, payroll processing, training, market research, storage);

(f) professional advisers (eg. our legal advisers, auditors, bankers); and

(g) the authorities (eg. regulators, law enforcement agencies).

1.1.3. Updates on Data Protection Policies

Changes to data protection policies are communicated through legal documentation, the company website, and direct communication with affected customers. Updates are also provided via letters and email notifications.

1.1.4. Granular Consent Management

Before collecting certain types of personal data, we will provide customers with detailed options to specify their consent for different types of data processing activities. For example, customers can separately consent to:

● Receiving marketing communications via email or SMS.

● Sharing data with third-party vendors for personalized advertising.

Consent can be withdrawn for any individual activity at any time.

1.1.5. Express Consent for Sensitive Data

● In circumstances where personal data collected includes sensitive information, such as health data, financial records, racial or ethnic origin, or religious beliefs, we will obtain express written consent from the individual before processing such data.

● We will also provide a clear explanation regarding the use of this sensitive data, and the security measures implemented to protect it. Any use of such data beyond its original purpose will require renewed consent from the individual.

1.2. Automated Monitoring and Surveillance

1.2.1. Notification of Monitoring

Customers are informed if any form of automated monitoring is in place, such as call recordings for training or security purposes, monitoring of internet use, or closed circuit television camera (CCTV) surveillance on premises.

1.2.2. Awareness Measures

Prominent notifications are displayed to notify persons of CCTV surveillance to ensure awareness of monitoring activities. Automated or manual phone messages inform callers that their calls may be recorded and the purpose of such recording.

1.2.3. Cookies and Tracking Technology

The company uses cookies and other tracking technologies on its website to enhance user experience and perform analytics. Users are notified through a banner and provided with the option to manage their cookie preferences. Consent is required for the use of non-essential cookies, such as those used for targeted advertising.

1.2.4. Automated Decision-Making and Profiling

In certain instances, we may process personal data for the purpose of automated decision-making, including profiling (eg. decisions related to loan assessments, credit scoring, or targeted marketing). Where such decisions have significant effects on customers, the company will ensure that customers are informed of the use of automated decision-making and profiling. Furthermore, customers will be given the right to:

● Request additional information on how the decision was made

● Seek human intervention in the decision-making process

● Object to the profiling or automated decisions where these impact their rights or interests

2. Consent

2.1. General Requirement for Informed Consent

2.1.1. Obtaining Consent

Clear and informed consent is obtained before collecting, using, or disclosing personal data, preferably in writing. If verbal consent is obtained, it is documented internally for record-keeping.

2.1.2. Consent for Third-Party Data

When clients provide third-party personal data (e.g., data about family members or business associates), they must ensure that consent has been obtained from the customers involved, unless there are exceptions that we can rely upon under the law.

2.1.3. Marketing Communications

Opt-Out Mechanism: We provide clear options for customers to opt out of marketing communications at any time.

Third-Party Data Sharing: We disclose if personal data will be shared with third-party vendors for marketing purposes, and obtain the customer’s consent for this purpose.

2.1.4. Consent for Call Recording

We inform customers that their calls may be recorded for quality assurance or training purposes, obtaining consent in advance.

2.2. Deemed Consent

2.2.1. Voluntary Provision of Data

Customers are deemed to have consented when they voluntarily provide their data for specific purposes, such as submitting a job application or engaging in preliminary discussions for services.

2.2.2. Consent via Third Parties

Deemed consent also applies when data is shared by a third party under lawful circumstances, such as client referrals or introductions by other business entities.

2.2.3. Usage of Personal Data in situations of deemed consent

In situations of deemed consent, we may collect or use personal data, or disclose existing personal data for any reasonable purposes, even if they differ from the primary purpose which it had originally collected pursuant to our earlier notifications. In situations of deemed consent, we may, where feasible, provide the client a reasonable period to opt-out.

2.2.4. Sharing of information between group/related/affiliated entities

We will inform clients about the structure of our group companies and the manner in which we may share information between group/related/affiliated companies.

2.3. Exemptions to Consent Requirement

The following and all other exemptions under applicable laws permit us to collect, use or disclose personal data without obtaining prior consent from customers. This list is non-exhaustive.

2.3.1. Publicly Available Data

Consent is not required for the use of publicly available data, such as information from public directories, unless the data was obtained unlawfully or the individual has expressly stated that they do not wish their data to be used.

2.3.2. Situations of Interest

Personal data can be collected, used, or disclosed without consent in situations clearly in the individual’s interest, such as emergencies or compliance with legal obligations, unless there are exceptions that we can rely upon under the law. Generally, these situations arise where consent cannot be obtained in a timely manner or the individual would not reasonably be expected to withhold consent.

2.3.3. Evaluative purposes

Evaluative purposes means

(a) for the purpose of determining the suitability, eligibility or qualifications of the individual to whom the data relates:

(i) for employment or appointment to office;

(ii) for promotion in employment or office or for continuance in employment or office;

(iii) for removal from employment or office; or

(iv) for the awarding of contracts, awards or other similar benefits; or

(b) for the purpose of determining whether any contract, award or other similar benefit should be continued, modified or cancelled.

2.3.4. Investigations or legal proceedings

These circumstances arise when such data collection, use and/or disclosure is necessary for any investigation or proceedings, if it is reasonable to expect that seeking the consent of the individual would compromise the availability or the accuracy of the personal data.

2.3.5. Public agencies

When the disclosure is to a public agency and such disclosure is necessary in the public interest

2.3.6. AML/CFT

In relation to clients, prospective clients and any other relevant persons (such as their representatives or connected persons), for the purposes of complying with our anti-money-laundering and countering-the-financing-of-terrorism (“AML/CFT”) obligations, such as in the course of our performing client due diligence, we may, directly or indirectly collect, use, and disclose personal data without the respective individual’s consent.

3. Purpose Limitation

3.1. Specific and Legitimate Purposes

3.1.1. Purpose of Collection

Personal data is collected only for specific, legitimate purposes that are communicated to the customers. If the data needs to be used for a different purpose, additional consent is obtained unless there are exceptions that we can rely upon under the law.

3.1.2. Parental Consent for Minors

We will obtain explicit parental consent before collecting personal data from minors under the age of 18.

3.1.3. Purpose of collection of Information Unique to Our Industry

WORLD ON A WIRE AGENCY PTE. LTD. ("Company" or "WOAW") engages in music sub-distribution activities and artist management. In pursuit of its business objectives, the Company may collect personal data for the purposes of music promotion, artist representation, content distribution, and ensuring compliance with contractual obligations.

Types of Personal Data & Methods of Collection:
=====================================
The Company collects and processes the following categories of personal data for the purposes outlined in this Policy:
- Identity Data: Names, likenesses, photographs, images, videos, biographical material
- Contact Data: Email addresses (limited to individuals who have subscribed to receive promotional material)
- Promotional Content: Photos, videos, and social media content for promotion purposes
- Analytics: Including personal data to power our site analytics, such as information about your browser, network, and device, web pages you visited prior to coming to this website, your IP address
- Website information: Clicks, internal links, pages visited, scrolling, searches, timestamps

Generally, we collect Personal Data in the following ways:
===========================================
(a) when you submit any form, including but not limited to application and registration forms or other forms relating to any of our property developments, hospitality Products or Services;
(b) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our Products and Services;
(c) when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;
(d) when you use our electronic services, or interact with us via our websites, and apps or use services on our websites;
(e) when you request that we contact you or request that you be included in an email or other mailing list;
(f) when you respond to our promotions, initiatives or to any request for additional Personal Data;
(g) when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;
(h) when you are contacted by, and respond to, our marketing representatives and customer service officers;
(i) when we receive references from business partners and third parties, for example, where you have been referred by them with your consent;
(j) when we seek information from third parties about you and receive your Personal Data in connection with your relationship with us, including for our Products and Services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
(k) when you submit your Personal Data to us for any other reasons.

Purpose of Collecting Personal Data:
============================
- Personal data is processed in accordance with applicable data protection laws and for the following lawful purposes:
- Music promotion for radio, online platforms, press, artists, and DJs;
- Facilitation of artist representation and content distribution;
- Compliance with contractual obligations regarding the use of artist materials.
- Sharing information with Squarespace, our website analytics provider, to learn about site traffic and activity.
- Personal data collected by the Company may be used/shared for promotional purposes via platforms such as TikTok. The Company ensures that no data is transmitted without appropriate legal confirmation. Data may be transmitted worldwide in accordance with applicable data protection laws.

Generally, the Company collects, uses processes and discloses your Personal Data for the following specific purposes on basis of the consent given (where applicable) for:
(a) transacting with you and providing our products and services;
(b) responding to your queries, feedback, complaints and requests;
(c) managing the administrative and business operations of the Company and complying with internal policies, reporting requirements and procedures;
(d) facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
(e) requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;
(f) monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
(g) matching any Personal Data held which relates to you for any of the purposes listed herein;
(h) preventing, detecting and investigating crime and analysing and managing commercial risks;
(i) managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(j) hosting, storing or backing-up your Personal Data, which may be on third party servers or data clouds;
(k) legal purposes in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(l) our legitimate and/or lawful interests pursued by us or third parties appointed by us. When we rely on such a legitimate and/or lawful interest as a basis, we will conduct an assessment and such interests include (but are not limited to) providing products and services that you have contracted with us for or have requested from us in, responding to queries that you may have of us, managing or administering the business relationship between you and us;
(m) conducting investigations relating to disputes, billing or fraud;
(n) meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal, statutory or regulatory bodies which are binding on WOAW (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies, disclosures required in the public interest or emergencies and conducting audit checks, due diligence and investigations which may be carried out by statutory authorities); and/or; and/or
(o) purposes which are reasonably related to the aforesaid.

In addition, the Company collects, uses and discloses your Personal Data for the following purposes:
(p) If you are a shopper, visitor, customer or an employee of an organisation which is a customer of the Company;.
(q) providing customer service and support (including but not limited to customer relationship management, service operations and delivery, administering rewards and benefits and attending to your requests for any other goods and services whether or not offered by the Company); and/or
(r) purposes which are reasonably related to the aforesaid.

Furthermore, where permitted under the Act, WOAW may also collect, use and disclose your Personal Data for the following "WOAW Additional Purposes":
(s) leads generation and management for marketing WOAW's products and services, organising promotional and corporate social responsibility projects;
(t) providing additional Products and Services and benefits to you, including promotions, loyalty and reward programmes;
(u) matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision, marketing or offering of Products and Services, whether by WOAW or other third parties;
(v) administering contests and competitions and marketing campaigns, and personalising your experience at WOAW's touchpoints;
(w) communicating to you advertisements involving details of our Products and Services, special offers and rewards, either to our customers generally, or which we have identified may be of interest to you (including but not limited to upselling, cross selling and telemarketing);
(x) conducting market research, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you Products and Services as well as special offers and marketing programmes which may be relevant to your preferences and profile; and/or
(y) purposes which are reasonably related to the aforesaid.
In addition, where permitted under the Act and subject to the provisions of any applicable law, your Personal Data may be disclosed, for WOAW Additional Purposes, to the vendors or other third party service providers in connection with promotions and services offered by WOAW.

Protection of Personal Data
=====================
- The Company implements appropriate technical and organizational measures to safeguard personal data, including but not limited to:
- Access to the Company's online promotion tools is restricted by login credentials, accessible only to authorized personnel;
- Electronic data is stored securely on cloud storage systems such as Dropbox, accessible solely by the Company's representative;
- All systems containing personal data are protected by two-factor authentication and password protocols.
- The Company adheres to a policy of data minimization and ensures that personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.
- Specifically email contact data collected for purposes of promotional activities, is retained solely for the duration of its use in promotional activities and is deleted when no longer required.
- The Company's contractors are informed of data protection obligations and are expected to know and practice proper data privacy.

Notice on Cookies
==============
Our website is hosted by Squarespace. We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity. These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you. These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.

Squarespace collects personal data when you visit our website, including: Information about your browser, network and device, web pages you visited prior to coming to this website, your IP address. Squarespace analyzes the data in a de-personalized form.

3.2. Prohibited Activities

3.2.1. Unsolicited Marketing

We generally do not engage in unsolicited marketing activities, such as cold calling, email spamming, or mass text messaging, unless the individual has consented or there are exceptions that we can rely upon under the law. We will at all times ensure we specifically comply with all laws pertaining to do-not-call (DNC) registers.

3.3. Business Contact Information

3.3.1. Usage of Business Information

Business contact information, such as names, job titles, and business email addresses, is not subject to data protection rules and can be used freely for business purposes, such as client communications.

3.4. Legitimate Interests Exception

3.4.1. Legitimate interests exception explained

In line with the legitimate interests exception, we will collect, use or disclose personal data for the following purposes:

● Fraud detection and prevention;

● Detection and prevention of misuse of services;

● Network analysis to prevent fraud and financial crime, and perform credit analysis; and

● Collection and use of personal data on company-issued devices to prevent data loss.

4. Protection Obligation

4.1. Security Measures

4.1.1. Administrative Measures

Employees are required to sign confidentiality agreements and adhere to strict policies regarding data access and usage. Annual training sessions are conducted to reinforce data protection awareness and understanding of the company’s policies and legal obligations.

We minimise collection of personal data as much as possible.

4.1.2. Physical Measures

Personal data stored physically is secured in locked cabinets accessible only to authorized personnel. Access to sensitive areas is restricted to authorized employees, and all visitors are logged and accompanied at all times.

4.1.3. Technical Measures

Information systems are protected by strong passwords, encryption, and secure network protocols. Sensitive data is segmented and access is limited to authorized users based on roles. Regular antivirus and anti-phishing software updates are performed to prevent unauthorized access and ensure system integrity. Where necessary, we will employ data anonymisation techniques.

4.1.4. General disclaimer to data subjects

Customers are made aware, however, that no method of transmission over the internet or otherwise, or method of electronic storage is completely secure.

Whilst data security cannot be guaranteed, we strive to protect the security of data and are constantly reviewing and enhancing our information security measures.

4.2. Data Intermediaries

4.2.1. Handling by Third Parties

Third-party service providers who handle personal data on our behalf are required to adhere to our data protection standards equivalent to ours. These may be ensured by way of contracts of engagement or we may assess the suitability of third parties based on other generally accepted industry practices.

4.2.2. Encryption Standards for Data Transfers

We ensure that when personal data is transferred to third parties, especially across borders, it is encrypted in accordance with AES-256 encryption standards. This encryption applies both to data at rest and during transmission. Third-party vendors involved in such transfers are required to implement encryption and security protocols equivalent to acceptable industry standards.

Where personal data is transferred to jurisdictions with lower data protection standards, we will take additional measures, such as encryption, anonymization, or contractual clauses, to ensure data security.

4.2.3. Cross-Border Data Transfer Documentation

The company ensures that when personal data is transferred outside of Singapore, the recipient country has equivalent data protection standards. Where necessary, additional safeguards such as encryption or contractual clauses are implemented. All cross-border transfers are documented and reviewed to ensure compliance with data protection laws.

4.3. Data Access and System Security

4.3.1. Access Control

Role-based access control is implemented to limit access to personal data based on employee roles and responsibilities. Data access is monitored and audited regularly to ensure compliance with internal policies and legal requirements.

5. Accuracy Obligation

5.1. Ensuring Data Accuracy

5.1.1. Data Verification

Personal data provided directly by customers is presumed to be accurate unless there is reason to believe otherwise. Customers are encouraged to provide updated information as needed, by informing our Data Protection Officer (“DPO”) by email.

5.2. Correction Requests

5.2.1. Request Handling

Customers can request corrections to their data if they believe it is inaccurate or incomplete. The request is verified, and the data is updated if necessary. If a correction request is denied, the data is annotated with the requested changes and the reason for refusal.

6. Retention Limitation

6.1. Data Retention Notice

6.1.1. Retention Guidelines

Personal data is retained only for as long as reasonably necessary to fulfill the purposes for which it was collected or to comply with legal requirements. Once no longer needed, data is securely deleted or anonymized, unless there are exceptions that we can rely upon under the law.

6.1.2. Legal Obligations

Certain regulations, such as AML/CFT laws, the Companies Act, and tax laws, require us to retain personal data for at least five years (following termination of our business relationship or completion of the relevant client transaction) or more. This includes client records, accounting documents, and business transaction records. This Notice is also subject to our archiving and records retention policies.

6.2. Annual Data Review and Disposal

6.2.1. Disposal Process

At the end of each financial year, the DPO reviews all personal data to identify records that should no longer be retained. Data that no longer serves the original purpose and is not subject to any legal retention requirements is securely destroyed or anonymized.

6.2.2. Documentation of Disposal

All disposal actions are documented to ensure transparency and accountability. The disposal records include details of the data destroyed, the method of destruction, and the date of disposal.

6.3. Special Retention Circumstances

6.3.1. Extended Retention

In special cases, such as ongoing investigations, legal disputes, or AML/CFT compliance, data may be retained beyond the usual retention period. The DPO maintains a list of data that must be preserved due to these circumstances and notifies management of any extended retention requirements.

6.3.2. Post-Retention Procedures

Once the reason for extended retention is no longer applicable, the data is reviewed again and securely disposed of if it is no longer required for legal or business purposes.

6.4. Data Retention During Business Asset Transactions

6.4.1. Transfer and Disposal

During business transactions involving the sale or transfer of assets, personal data of employees, clients, or shareholders collected for the transaction is either securely transferred to the new owner or destroyed if the transaction does not proceed.

6.5. Data Retention Policy for Communications

6.5.1. Call logs and message records

Call logs and message records will be retained for 5 years in order to meet our compliance obligations.

6.6. Deceased Individuals

6.6.1. General treatment of data of deceased individuals

In the case of individuals who have passed away, for a period of ten (10) years, we will continue to ensure rights pertaining to non-disclosure and protection of his/her personal data shall still apply. The deceased individual’s rights may be exercised by his/her personal representative or nearest relative.

7. Transfer Limitation

7.1. Data Transfers to Third Parties

7.1.1. Safeguarding Data Transfers

Personal data is only transferred to third parties when necessary for business operations and under strict safeguards, such as confidentiality agreements, unless there are exceptions that we can rely upon under the law. All third-party recipients are required to adhere to data protection standards equivalent to ours.

7.1.2. Verification of Third-Party Standards

Before transferring data to any third party, especially those outside Singapore, we verify that they have adequate data protection measures in place. This includes reviewing their data protection policies, contractual obligations, and security practices.

7.2. Cross-Border Transfers

7.2.1. Overseas Data Transfers

Data is transferred outside Singapore only when necessary and with the individual’s consent, unless exceptions apply. We ensure the recipient country has comparable data protection standards or take necessary steps to provide additional protection.

7.2.2. Notification and Consent

Affected customers are informed of the extent to which their personal data will be protected in the foreign jurisdiction. Their consent is sought before transferring data, except where exemptions under the law apply.

8. Access and Correction

8.1. Right to Access

8.1.1. Access Requests

Customers can submit written requests to access their personal data held by us. The DPO will verify the identity of the requester and provide the data as soon as reasonably practicable. We endeavour to do so within thirty (30) days, unless exceptions that we can rely upon under the law apply. If additional time is needed, the requester is informed of the reason and the expected completion date. A reasonable fee can be charged for such requests. We will inform the individual of such fees before processing the request.

We will provide the application with the following:

(a) information on the personal data in our possession or controlled by us; and

(b) information on how we have or may have used or disclosed such data within 1 year of the date of such request.

8.1.2. Mandatory Denial of Access

Access requests will be denied if providing the data could:

● Threaten the safety or health of another individual

● Reveal personal data about another individual without their consent

● Be contrary to national security or public interest

● Data pertaining to ongoing prosecution / investigations

● Other legitimate reasons for denial

If access is denied, customers are informed of the reasons unless exceptions under the law apply.

8.1.3. Discretionary Denial of Access

We may at our discretion deny access to the data in the following circumstances:

● Opinion data pertaining to prospective, current or past customers which we retain for evaluation purposes

● Data that reveals commercial information that harms our commercial competitive position

● Opinion data pertaining to prospective, current or past employees (eg. suitability for positions or promotions)

● Any other opinion data that we retain for evaluation purposes

8.2. Correction Requests

8.2.1. Data Amendment

Customers can request corrections to their personal data if they believe it is inaccurate or incomplete. We verify the request and update the data if necessary. If a correction request is refused, we annotate the data to reflect the requested changes and the reason for refusal.

8.2.2. Notification of Corrections

After correcting the data, we inform every organization to which the data has been disclosed within the past year, unless it is impracticable or involves disproportionate effort.

8.3. Withdrawal of Consent

8.3.1. Withdrawal Process

Customers can withdraw consent for the collection, use, or disclosure of their personal data at any time by submitting a written notice conveyed by email, to our DPO. Upon receiving the notice, within reasonable period, we will inform the individual of the potential consequences of the withdrawal, such as the impact on service provision or employment (ie. cessation of provision of products and/or services, or termination of employment). Within reasonable period, we will cease using or disclosing the data as soon as reasonably practicable, unless retention is required for legal obligations or legitimate business purposes. The period depends on the complexity of the case. In general we try to process the request within thirty (30) days.

8.3.2. Notification to Third Parties

Third parties who have been provided with the individual’s personal data are notified to cease using or disclosing the data, unless exceptions that we can rely upon under the law apply.

8.4. Consequences of Withdrawal

8.4.1. Service Impact

Withdrawal of consent may limit or prevent the provision of certain services. The individual is informed of these limitations before the withdrawal is processed.

8.4.2. Employment Impact

For employees, withdrawing consent may result in changes to job responsibilities, limitations in processing payroll, or even termination of employment if the data is essential for the employment relationship.

9. Data Protection Officer

9.1. Contact Information

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:

Name of DPO : Jan Simon Spielberger

Contact No. : +6531581836

Email Address : worldonawireagency@dpoguard.com

10. Effect

10.1. Application of Notice

This Notice applies in conjunction with all other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.

We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Date: 15 March 2025