PERSONAL DATA PROTECTION ACT 2012 (PDPA)
1. Collection, use and distribution of your personal data
(a) Bintan Resorts Ferries Pte Ltd (the “Company” or “We” ) generally collects the following data provided by you or your authorised representatives (collectively referred to as “Personal Data”):
- Passenger details such as title, first/given name, last/family name, date of birth, personal identification numbers/passport details;
- Contact details such as email address, mobile phone number, home number or business number; and
- Payment details such as details of credit or debit card (including name, card number, expiry date and card verification value/code) and billing address, which will be collected by our payment processors.
(b) Under the PDPA, the Company is required to obtain your consent for the collection, use and disclosure of your personal data for the Company’s own purposes and for the purposes of third parties including its affiliates, third party service providers (including its outsourced call centres), third party agents (including travel agents, resort operators and insurance companies, where you have requested for travel insurance) transport and excursion providers and relevant regulatory authorities.
(c) the Company collects Personal Data either directly from you or indirectly from your authorised representatives, third parties, through our website and other channels including our ticketing office.
(d) Your Personal Data may be collected, used and/or disclosed by the Company for the following purposes (hereinafter collectively referred to as the Purposes):
- to assist you in your travel arrangements including rescheduling and other operational matters relevant to your booking (for example, making your booking; generating an email confirmation for your booking; to verify your identity, booking, payment and for any other issues pertaining to your booking);
- to record your details as part of passenger details in the terminal operators system in Singapore and Bintan, Indonesia in order for the Company to generate the passenger manifest as required by third parties and for the purposes of the Singapore and Indonesian port and immigration authorities;
- to comply with the Company’s legal obligations for your safety and security;
- to maintain your account with us (if any);
- to send you marketing related information on products, services, benefits, promotions and rewards whether on services offered by the Company or related to Bintan Island as a whole;
- to improve the quality, content and efficiency of the Company’s website and services;
- to enhance your online experience;
- for market research (for example, to measure customer demand or interest in our promotions);
- in connection with contests or competitions the Company may run from time to time; or
- to respond to your questions, comments or queries.
(e) Marketing Messages
i. If you give us permission, we will send you marketing messages by email and/or SMS to keep you updated on what we’re up to and to help you view and find our products, services, benefits, promotions and rewards or related to Bintan Island as a whole.
ii. We may also hold onto some of your information even after you have closed your account or when it is no longer needed to provide the services to you. This is for reasonably necessary purposes, or when we are required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
iii. You may unsubscribe from marketing messages at any time:
1. Through your account settings
2. By clicking on the ‘unsubscribe’ link in any email
3. By contacting our Helpdesk +65 6240 1780 or email helpdesk@brf.com.sg.
iv. Once you do this, we will ensure that you do not receive further marketing messages. Please note that it may take a few days for all of our systems to be updated, so you may still receive messages from us while we process your request. This process will not stop us from providing service communications, such as order updates.
(f) Security Measures
We make reasonable efforts to provide adequate level of security appropriate to the risk associated with the collection, use and disclosure of Personal Data. We implement security measures to protect your Personal Data against unauthorized access, destruction, loss, alteration or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your Personal Data has been compromised, please contact us immediately using the contact information at paragraph 7 of this Policy.
(g) Sharing Your information
i. We do not sell any of your personal information to any third party.
ii. However, as a key part of providing our services to you, we do share your data with the following categories of entities :
1. Companies in our group, which are responsible for different activities but are relevant to the Purposes;
2. Companies involved in providing relevant services in relation to the Purposes, such as payment service providers, or other service providers like Changi Airport Group (applicable to Fly-Ferry Passengers);
3. Professional service providers, such as data processors, data analytics companies, marketing agencies, advertising partners website hosts and 3rd party platform providers, who help us run our business or improve our services and
4. Law enforcement and fraud prevention agencies or any other agencies/person empowered by law or an order of the court.
iii. As some of the entities are based overseas, we may need to transfer your Personal Data broad to enable our provision of services to you in relation to the Purposes. We will only transfer your Personal Data to another entity ( whether in Singapore or overseas) if it is necessary for our provision of services to you in relation to the Purposes. In addition, we will protect your Personal Data through the use of data protection agreements or by ensuring that the counterparty has in place appropriate levels of protection necessary to maintain the security and integrity of your Personal Data and will be in compliance with the PDPA.
iv. We may provide third parties with aggregated but anonymised information (such information will not suffice to identify you) about our customers for analytics purpose.
v. In the event that the Company or its assets are sold, acquired or merged with a third party, resulting in your personal information being transferred to such third party, your Personal Data will at all times continue to be subject to a privacy policy that complies with the requirements of the PDPA.
By proceeding to make your travel arrangements with the Company or continuing to register an account on this website, you consent to the Company and its affiliates, agents, business partners, marketing partners as well as authorized service providers collecting, using, disclosing and/or processing your Personal Data for the Purposes listed above. You further consent to the transfer of your Personal Data abroad to enable our provision of services to you in relation to the Purposes. You also confirm and agree that your consent granted herein does not supersede or replace any other consents which you may have previously provided to the Company in respect of your Personal Data, and is additional to any rights which the Company may have at law to collect, use or disclose your Personal Data. If you are making travel arrangements on behalf of other individuals, you confirm that you have obtained the consent of these other individuals for the Company to collect, use, disclose and process their Personal Data for the Purposes listed above.
2. Withdrawal of consent
(a) You can choose to withdraw your consent at any time by completing the Withdrawal of Consent Form and submitting the same to our Data Protection Officer by emailing, mailing or faxing the completed form to the address or fax number in paragraph 7 of this policy.
(b) Please allow up to 30 days for your request to be processed by the Company and your records to be updated.
(c) Please note that the withdrawal of consent may affect the provision of our services to you.
(d) Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection , usage and disclosure without consent is permitted or required under applicable laws.
3. Access to your Personal Data
(a) If you are an account holder on our website, you may access your stored Personal Data by logging onto your website account with the Company at https://www.brf.com.sg/.
(b) If you are not an account holder on our website and you wish to have access to your stored Personal Data, you may submit your access request to us by completing the Access Request Form and submitting the same to our Data Protection Officer by emailing, mailing or faxing the completed form to the address or fax number in paragraph 7 of this policy.
(c) For access of Personal Data via the Access Request Form, please allow up to 30 days for your request to be processed by the Company. In addition,
(d) Please note that a fee of $80 is payable for such service.
(e) In the exceptional circumstances provided in Section 21 and the Fifth Schedule of the PDPA, the Company reserves the right to deny access to an individual’s Personal Data.
4.Correction of your Personal Data
(a) If you are an account holder on our website, you may correct your Personal Data by logging onto your website account with the Company at https://www.brf.com.sg/.
(b) If you are not an account holder on our website and you wish to correct your stored Personal Data, you may submit your correction request to us by completing the Correction of Personal Data Form and submitting the same to our Data Protection Officer by emailing, mailing or faxing the completed form to the address or fax number in paragraph 7 of this policy.
(c) For Correction of Personal Data via the Correction of Personal Data Form, please allow up to 30 days for your request to be processed by the Company and your records to be updated.
(d) In the exceptional circumstances provided in Section 22 and the Sixth Schedule of the PDPA, the Company may, if it is satisfied on reasonable grounds, not proceed with your correction request.
5. Accuracy of Personal Data
(a) We rely on the Personal Data provided by you or your authorised representatives. In order for us to provide our services to you in relation to the Purposes, we require your Personal Data to be current, complete and accurate.
(b) If you are an account holder on our website, you may update your Personal Data by logging onto your website account with the Company at http://www.brf.com.sg/.
(c) If you are not an account holder on our website, you may update your Personal Data by completing the Correction of Personal Data Form and submitting the same to our Data Protection Officer by emailing, mailing or faxing the completed form to the address or fax number in paragraph 7 of this policy.
6. Retention of Personal Data
(a) We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
(b) We will cease to retain your Personal Data, or remove the means by which such data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.
7. Contact Us
Comments, questions, complaints about or requests relating to this Privacy Policy may be sent to our Data Protection Officer by the following means:
a. By email: dpo@brf.com.sg
b. By Post:
Bintan Resort Ferries Pte Ltd
3 Harbourfront Tower Two
#16-02
Singapore 099254
c. By Fax : +65 6661 0244
You may also contact our Data Protection Officer via telephone at +65 6661 0230.
8. Cookies
(a) Most websites like ours use cookies to enhance your online experience.
(b) A cookie is a small text file that is stored via your web browser on your computer’s hard drive. It recognizes your browsing preferences and tailor content to you.
(c) For example: Depending on your browser settings, you may be prompted to indicate if you wish for a website to remember certain details (such as a username and password) a cookie will be downloaded so that, upon re-visiting the same page in the website, the cookie will automatically re- populate the information remembered, without your having to re-enter it. Cookies identify a computer rather than an individual.
(d) Cookies on the booking system allow the system to remember your session so that it does not get mixed up with somebody else’s online.
(e) Most web browsers automatically accept cookies. Please refer to your browsers documentation to check if cookies have been enabled on your computer or to request not to receive cookies. Information and procedures regarding cookie handling are provided by the respective browsers documentation within the browser itself by clicking on help and performing a search on cookies’.
(f) For more information on cookies, please go to: http://www.whatarecookies.com/
9. Updates to the Privacy Policy
This Privacy Policy may be updated from time to time and the updated version will be posted on the Company’s website. This Privacy Policy is updated as at 1 June 2023.