Privacy Policy Your privacy is important to us. And we take the utmost care when using your information. The purpose of this policy is to detail our approach to protection of your Personal Data and to ensure the consistent handling of Personal Data and the compliance with the provisions of the Singapore Personal Data Protection Act 2012 and its regulations (“PDPA”). What is Personal Data? “Personal Data” is defined by the PDPA as data, whether true or not, about an individual who can be identified from that data or from that data and other information to which an organisation has or is likely to have access. Personal Data collected, used and disclosed by us will include a variety of information such as your name, e-mail address, mailing address, phone number(s), credit card information, bank details, personal identification number and any other information which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you. When do we collect your Personal Data? We may collect Personal Data from you when you register on our website, subscribe to our newsletter, respond to a survey, fill out any form (via our website or face-to-face), enter into any agreement with us, when you submit complaints, queries, requests, feedback and suggestions to us, when your images are captured by us via CCTV cameras while you are within our premises or photographs or videos taken by us or our representatives when you attend events hosted by us, when you submit job applications to us or when you submit your Personal Data to us for any other reason. What do we use your Personal Data for? Any of the Personal Data we collect from you may be used in the following ways:



To improve our website and user experiences with it

(Your Personal Data helps us to more effectively respond to your customer service requests and support needs)

   

To process transactions To respond to, process and handle your complaints, queries, requests, feedback and suggestions. To manage the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances) When we process your online applications, subscriptions, document submission and so forth

Your Personal Data, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than:

  

For the express purpose of delivering the purchased product or service requested. To administer a contest, promotion, survey, market research or other site feature To send periodic emails

The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, re-lated product or service information, etc. Note: If at any time you would like to unsubscribe from receiving future emails, we include de-tailed unsubscribe instructions at the bottom of each email. All Personal Data held by us is kept confidential. It is held and processed for lawful purposes only and is not used in any way that is incompatible with the purposes for which it was obtained. Consent and Notification We do not collect, use and/or disclose any Personal Data without your consent or without notifying you respectively except the consent or the notification is not required according to the regulations of the PDPA. We may be required to disclose Personal Data by a court order or to comply with other legal requirements. Purpose Limitation

We ensure that Personal Data will be collected, used and/or disclosed only for the purposes listed in this Privacy Policy and - if not exempted from the consent obligation under the PDPA – for purposes for which consent was obtained from you. Should Personal Data be required to be used for a new purpose, your approval will be obtained prior to using your Personal Data for the new purpose and/or you will be notified respectively, provided that no exemption to the consent or notification obligation applies according to the PDPA. We continue to use existing Personal Data in our possession, meaning Personal Data collected before the Personal Data protection provisions of the PDPA have become fully enforceable on 2 July 2014, for the purposes they have been collected for. Or otherwise consent will be obtained from you except if no consent is required under the PDPA. Do we disclose any information to outside parties? Personal Data may be exchanged with or among Centuryland Management, a business registered in Singapore, any of its existing or future related or associated companies (“Affiliate”) or any third party in order to satisfy the purposes for which the Personal Data have been collected (collectively referred to as “Recipients”). Personal Data will not be shared with a third party without a valid business or legal reason, a data sharing agreement in place, or without your consent. All Recipients who are managing and handling Personal Data supplied by us in accordance with the PDPA will be required to confirm that they will abide by the requirements of the PDPA with regard to the Personal Data supplied by us. Personal Data will only be transferred to Recipients not located in Singapore in accordance with the requirements of the PDPA to ensure that a suitable level of protection of the Personal Data, which is comparable to the protection under the PDPA, is provided. In case the country where the Recipient of Personal Data is located does not provide such comparable data protection standard by law or is taken to have satisfied such standard according to the PDPA, we will bind them either by contract or corporate rules to ensure that the Recipient complies with the material provisions of the PDPA. How do we protect your information? Appropriate technical, organisational and administrative security measures are in place to protect your Personal Data against unauthorised access, collection, use, disclosure, copying, alteration, accidental loss or theft, destruction, damage or similar risks. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers. All our staff are aware of the importance of maintaining confidentiality of your Personal Data. All of our employees who manage and handle Personal Data receive data protection awareness and training at the commencement of their employment. Particular emphasis is placed on the obligations under the PDPA. Do we use cookies? We do place cookies on your computer when you visit our website. You can determine the extent to which cookies are enabled or disabled by means of settings on your computer (usually in your Web browser, such as Internet Explorer). We assume that you agree to cookies being placed on your computer if your browser is set to allow them. Cookies are small files which require user permission in order to be installed on a computer’s hard drive. Cookies will only start to perform their functions after such permission is granted. By collecting and analysing data on the user’s browsing patterns, cookies allow web applications to respond to the user as an individual by tailoring a web application’s operations to the user’s specific needs and preferences. Permission for cookies is granted by default in most web browsers. You can however choose to disable this function in your browser’s settings. This may prevent you from taking full advantage of our website. We may use traffic log cookies to identify which pages are being used. This use is designed to assist us in gathering data on web page traffic. The gathered data is used only for statistical purposes and is removed from our database shortly after. Overall, the data collected by the cookies is used for the purpose of improving your browsing experience on our website. Cookies do not grant us access to your computer or any information about you outside of your browsing activity on our website. Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older. How long do we keep your personal data? We will keep Personal Data only as long as the purpose for which your personal data was col-lected is still being served and the retention is still necessary for legal or business purposes (“Purposes”). We will take all reasonable steps to ensure that all Personal Data is destroyed, permanently deleted or anonymised if it is no longer required for those Purposes. What rights do I have? Withdrawal of consent Under the PDPA you have the right to withdraw your consent to the collection, use and/or disclosure of your Personal Data upon reasonable notice. Any withdrawal of consent must be declared in writing to our Data protection Officer (“DPO”). In the event that you have withdrawn your consent, the DPO will advise you on the consequences of the withdrawal and will make sure that we cease to use or disclose the Personal Data for the purpose addressed by the withdrawal, unless the use or disclosure without consent is required or authorized under the PDPA or any other written law. If you withdraw your consent to any or all use of your Personal Data by us, depending on the nature of your request, please note that we may not be in a position to continue to provide our products or services to you or administer any contractual relationship in place. Access and Correction You have the right to access information held about you by us and, if the details are inaccurate, you may request that the data shall be amended. An access or correction request shall be made to the DPO in writing (email or mail). The Data Protection Officer will respond to a written request within 30 days after receiving the request or, if the DPO is unable to respond during that time, he/she shall within that time inform you in writing of the time by which he/she will respond to the request. Access to Personal Data You may request for access to your Personal Data that is in our possession or under our control. You may also seek information about the ways your Personal Data has been or may have been used or disclosed by us. Access and/or information can be denied by the DPO for reasons as set out in the PDPA. Correction Personal Data held by us is usually provided by you and we are therefore not responsible for its accuracy in the first instance. However, if there is a complaint about the inaccuracy of Personal Data kept by us that complaint should be referred to the DPO in writing (email or mail). Data Protection Officer If you have any questions regarding this Personal Data Protection Policy or any requests or complaints regarding the collection, use or disclosure of your Personal Data, please contact our personnel: Email:

[email protected]

Your Consent By using our website, you consent to our privacy policy. Amendment of Policy We reserve the right to change or amend this Privacy Policy from time to time at our sole discretion. The revised Policy will be available on our website.