Privacy Policy

PRIVACY AND COOKIE POLICY

APPLICATION OF THIS POLICY

The privacy of the users of the Midstar Website (the “Website”) is important to us (“Midstar”, “we”, “our”, “us”) and we are therefore keen on being transparent about the data we collect about the Website User (“you”, “your”), how it is used and with whom it is shared.

This Privacy & Cookie Policy (the “Privacy & Cookie Policy”) applies to you when you access and use our Website. While browsing our Website, you shall also take note of the specific policies that may apply to you depending on your relation with us, such as Business Privacy Policy, Employment Privacy Policy and Recruitment Privacy Policy.

Please take a few minutes to review our Privacy & Cookie Policy. By accessing and/or using our Website, you are consenting to the collection, use, disclosure and other processing of your data, including any personal data.

ONCE YOU HAVE READ THROUGH OUR POLICIES, ACCEPTED THE USE OF OUR WEBSITE COOKIES AND CONTINUE BROWSING THROUGH OUR WEBSITE, WE SHALL CONSIDER THIS AS YOUR CONSENT TO THE SAME. SHOULD YOU NOT WISH TO CONSENT TO THE COLLECTION, USE, PROCESSING, DISCLOSURE, AND/OR TRANSFER OF YOUR PERSONAL DATA, THEN YOU SHALL IMMEDIATELY STOP ANY FURTHER USE OF OUR WEBSITE.

GUIDING PRINCIPLES

We comply with the following guiding principles regarding data processing, and ensure that any data we process is:

• • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • processed for specified, explicit and legitimate purposes determined at the time of collection of personal data and not further processed in a way that is incompatible with those purposes; (‘purpose limitation’);
  • relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimisation’);
  • accurate and, where necessary, kept up to date; including via erasure or rectification without undue delay (‘accuracy’);
  • kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data is processed (‘storage limitation’);
  • kept secure, including being protected against unauthorised or unlawful processing (including transfers) and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

USE OF COOKIES

When you visit our Website, you will be presented with a message bar requesting you to consent to set our Website cookies.  Any data that we collect via cookies is obtained through prior notice to you and with your consent; by giving your consent to the placing of cookies, you are enabling us to provide a better experience and service to you. You may, if you wish, deny consent to the placing of cookies, however certain features of our Website may not function fully or as intended and our Website may no longer be personalised to you. The purpose of cookies is to help our Website keep track of your visits and activity to offer a more focused user experience when using/browsing our Website. We have carefully chosen the cookies we use and have taken steps to ensure that your privacy is protected and respected at all times. The following sections explain the different types of cookies used on our Website and how you can control them.

WHAT IS A COOKIE?

A computer “cookie” is a term for a packet of data or text files placed on your computer to store standard Internet log information and visitor behaviour information. They are widely used in order to make  websites work, or work in a better, more efficient way, and do so by enabling the Website to recognise you and remember important information that will make your use of the Website more convenient (through a “session cookie” lasting only as long as the session).

TYPES OF COOKIES WE USE AND WHY?

We use cookies in a range of ways to improve your experience on our Website, including:

• • Analytics and Performance – We use performance cookies to collect information on how you interact with our Website, including what pages are visited most, the overall patterns of usage on the Site, any difficulties you had with our Website, whether our advertising is effective or not, as well as other analytical data. We use these details to improve how our Website functions and to understand how users interact with them.
  • Functionality – In some circumstances, we may use functionality cookies which allow us to recognise you on our Website and remember your previously selected preferences to provide enhanced and more personalised features. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

HOW DO WE MANAGE COOKIES?

Most browsers allow you to control cookies through their settings and you can set your browser  to not accept cookies. Further, most browsers also enable you to review and erase cookies which may be adapted to reflect your consent to the use of cookies. However, in a few cases, some of our Website features may not function as a result.

To learn more about browser controls, please consult the documentation that your browser manufacturer provides.

DATA COLLECTION

Data that is collected automatically: When you are browsing through our Website and to the extent that you have accepted the use of our Website cookies, some data may be automatically collected, including your IP address, web browser type and version, operating system, the referring link you followed to access our Website (such as links provided through Google Ads or on our social media channels) and your activity on our Website (the date of your visit, the frequency with which you access our Website, the content you browse and the manner in which you use and interact with the same).

Data that you provide: Some data may be voluntarily provided by you when you contact us through our Website or through email, telephone or social media channels using the information provided on our Website, or by completing surveys or providing feedback on any of our message boards or via email; such data may include your name, contact information, such as email address and telephone numbers, social media profiles and other data as may be provided by you. 

PURPOSES FOR PROCESSING

When you have accepted the use of our Website cookies, we will collect and process your data for the following purposes:

• • to provide you with effective customer service, products, information and services you request;
  • to personalise your sessions on our Website in order to better fit your interests, such as offering you relevant, individually tailored content;
  • to understand how people use our Website. We retain and evaluate information on your recent visits to our Website and how you move around different sections of our Website for analytics purposes so that we can make it more intuitive;
  • to contact you with information and notices related to your use of our Website;
  • to invite you to participate in surveys and provide feedback to us;
  • to improve the content, functionality and usability of our Website; 
  • to fulfill our legitimate interests in carrying out our operations and enhancing our presence in the market; and
  • for any other purpose identified in an applicable policy or other agreement between you and us.

ANALYTICS

We collect data to analyse our Website in general, to gain insights into how to improve it and to target our marketing measures to your specific needs. By accepting the use of our Website cookies, you are consenting to the use of your data for our analytical purposes. If you have already consented to the use of your personal data for our analytical purposes and wish to withdraw the same, you can do so by contacting us via the address in the Contact section.

SHARING OF DATA

We may share your data with the following groups of people for the following reasons:

• • Within Midstar – for internal management and administrative purposes.
  • Our Employees, Agents and/or Professional Advisors – to carry out the day-to-day business activities, perform duties and/or provide advice on our overall operations. 
  • Third-Party Service Providers – where their provision of services owed to us requires the processing of your data.
  • Relevant Authorities – when we are required to by law, or when we need to ensure compliance with any and all applicable laws.

INTERNATIONAL TRANSFER OF DATA

We acknowledge that during the carrying out of our business operations and duties, some data handled may be transferred to third parties assisting us in the implementation, administration and management of our operations, now or in the future. These third-party recipients may be located in a jurisdiction that is subject to different data privacy laws and protections. Where the processing of your data takes place in such countries, we shall ensure that transfers of your personal data are made under obligations no less than those defined under this Privacy Policy.

SECURITY

We take steps to protect your personal data from unauthorised access and against unlawful processing, accidental loss, destruction and damage. We limit access to your personal data to those who have a genuine need to know it. Those processing your data are subject to a duty of confidentiality and will do so only in an authorised manner. We securely store your data through the implementation of technical support systems and security measures, such as antivirus protection, encryption and privacy filters to ensure that all storage and transmission of your data by us and disclosure of the same to any third party is done in a safe and secure manner in compliance with the applicable laws. 

It is important to note that no method of transmission over the Internet or method of electronic storage is completely secure and hence, we believe in constantly reviewing and enhancing our information security measures as per industry standards; despite the steps that we take to protect your personal data, we cannot guarantee the security of your personal data transmitted via the Internet; any transmission is therefore at your own risk.

DATA RETENTION

We will not keep your personal data longer than we need to, and how long this is depends on several factors including:

• • Why we collected it in the first place;
  • How old it is;
  • Whether we need it to protect you or us;
  • Whether there is a legal or regulatory reason for us to keep it, including tax or security related obligations (in such case, you understand and acknowledge that our legal basis for the processing of your personal data would be compliance with the relevant laws and/or regulations). 

When you withdraw your consent (provided that your consent is the lawful basis of processing your data), or when we no longer need the data for any of the specified Purposes, we will delete it from or anonymise it in our systems, as may be applicable.

YOUR RIGHTS

We make sure that you are fully aware of all your data protection rights as a data subject. Your rights regarding the processing of personal data are as follows: 

The right to access – You have the right to request for copies of data we hold about you at any time. 

The right to rectification – You have the right to request rectification of any part of your data you believe is inaccurate or completion of any information you believe is incomplete.

The right to erasure – You have the right to request deletion or removal of your personal data, under certain conditions.

The right to restrict processing – You have the right to restrict the processing of your personal data or limit the manner in which it is done, under certain conditions.

The right to data portability – You have the right to request transfer of the personal data that we have collected to another organisation or directly to you, under certain conditions.

The right to object to processing – You have the right to object to the processing of your personal data, under certain conditions.

The right to withdraw consent – You have the right to withdraw your consent for our processing of your data, provided your explicit consent is the lawful basis for our processing. 

ACCESS TO  AND CORRECTION OF PERSONAL DATA

If you wish to (a) request access to a copy of the personal data which we hold about you or (b) make a request to correct or update your personal data and/or any other information which we hold about you, you may submit such requests via email to our Data Protection Officer at the contact details specified herein. 

We shall respond to your access/correction request(s) as soon as reasonably possible. Should we not be able to respond to your access/correction request(s) within thirty (30) days after receiving it, we shall inform you in writing within sixty (60) days of the time by which we will be able to respond to your request. If upon evaluation of your request it is decided that we are unable to provide you access to any personal data or to make a correction requested by you, we shall inform you of the reasons why we are unable to do so (except when we are not required to do so under the applicable data protection laws).

Please note that depending on the request that is being made, you will be able to access your personal data in document form and not the entire document. If the record of your personal data forms a negligible part of the aforesaid data then, in that case, we will only provide you with our confirmation on the same.

OBJECTION AND WITHDRAWAL OF CONSENT

You understand that you are not obliged to consent to and may object and/or withdraw your consent to our use, disclosure and otherwise processing of your personal data, at any time by contacting our Data Protection Officer using the contact details provided herein. However, you also understand that your consent is important for us to be able to carry on any or all of the Purposes to the extent that the provision of your explicit consent is the lawful basis for the processing of your personal data and your objection to our processing or withdrawal of consent will not affect our right to continue to collect, use and disclose your personal data where such collection, usage and disclosure without consent is required or permitted under this Policy and/or the applicable laws.

You may also exercise your right to lodge a complaint with the relevant authority, against any unauthorised action that you believe we have taken in connection with your data in accordance with the applicable laws.

EFFECT OF POLICY AND CHANGES TO POLICY

This Privacy & Cookie Policy applies in conjunction with any other policies, notices, consent clauses as well as any contractual clauses as may be applicable. We keep our Privacy & Cookie Policy under regular review and place any updates on this web page. Please have a look at the last effective date at the top of this page to see when it was last updated. Any changes in this Privacy & Cookie Policy will become effective, without prior notice, when we make the revised Policy available on our Website, and your continued access to and usage of our Website constitute your acknowledgement and acceptance of such changes.

BUSINESS PRIVACY POLICY

APPLICATION OF THIS POLICY

Midstar (“we”, “our”, “us”) is committed to protecting and respecting the privacy of its Clients, Suppliers and Service Providers.

This Business Privacy Policy together with our Privacy & Cookie Policy sets out the basis upon which we, Midstar, process the personal data of our Clients, Suppliers and Service Providers, provided knowingly and voluntarily (whether verbally or in writing) directly in connection with their business or contractual relationship with us (including data provided through Know Your Customer or KYC forms) or via a third party.

Data on registered businesses that is Clients, Suppliers and Service Providers, is not personal data because it relates to a legal entity and not a natural, living person. However, the contact information of individuals within these legal entities is classified as personal data; therefore this Business Privacy Policy applies to employees, representatives and/or other individuals working for our Clients, Suppliers and Service Providers (“you”, “your”) whose personal data has been collected by us or provided to us in the business context for commercial purposes.

For the avoidance of doubt, “Client” refers to a customer, prospective customer or target customer of Midstar; “Supplier” refers to a current or prospective vendor or subcontractor of Midstar; and “Service Provider” refers to a vendor or supplier of a service.

Please read the following carefully to understand our views and practices regarding your personal data and the manner in which we control and process it in a business context.

By engaging with us in a business context, you acknowledge, represent and warrant that:
a) You have read and understood this Policy, and consent to the collection, use and disclosure of your data in accordance with this Policy for the Purposes defined herein;
b) In the event that we have received your personal data from any third party pursuant to the Purposes, we shall not be held liable for the methods and authorities employed in collecting,  retaining, processing and disclosing of the personal data by the third party.

DATA WE COLLECT

The type of personal data that we collect, and use depends on the particular business context and the purpose for which it was collected. We collect and process some or all of the following types of data:

• • contact details including your name, job title, gender, date of birth, nationality, country and city of birth, passport copy/information and identification cards; work address, mailing address, telephone numbers, and email address;
  • details of your professional qualifications and experience;
  • financial information, bank account details, creditworthiness, and other relevant financial and payment-related information collected to perform a business transaction;
  • CCTV images and visit information for visitors to any of the Midstar offices.

PURPOSES FOR PROCESSING

This Business Privacy Policy is to inform data subjects that their personal data shall be processed for purposes relating to the establishment and fulfilment of our commercial/contractual relationships, including:

• • to offer, negotiate, conclude, manage and perform contracts with Clients, Suppliers and Service Providers (including the provision of financial services and advice);
  • for marketing and public relations (including direct marketing);
  • to fulfil our legitimate interests in carrying out our operations such as enhancing our presence in the market through social media channels;
  • to conduct market research and competitor analysis;
  • to communicate with individuals that are, or who represent, Clients, Suppliers or Service Providers;
  • for the performance of our business operations or day to day business management;
  • to manage our accounts and records;
  • to ensure legal and regulatory compliance and internal control evaluations and audits including those conducted by our internal and external audit service providers;
  • to carry out due diligence and other screening activities that may be required by law or that have been put in place by us;
  • to obtain legal advice, including in connection with the sale, purchase or merger of a business;
  • to ensure the protection of our legal rights, including for legal proceedings and litigation and use in connection with legal claims, compliance, regulatory, investigative purposes.

SHARING AND TRANSFER OF DATA

As and when we are required to share your data, we ensure that such sharing of data is on a need-to-know basis.

For more information on our Data Sharing and Transfer practice, please go through the sections headed ‘SHARING OF DATA’ and ‘INTERNATIONAL TRANSFER OF DATA’ respectively in our Privacy & Cookie Policy.

SECURITY

For more information on the security of your data held by us, please go through the section headed ‘SECURITY’ in our Privacy & Cookie Policy.

DATA RETENTION

For more information on our data retention policy, please go through the section headed ‘DATA RETENTION’ in our Privacy & Cookie Policy.

YOUR RIGHTS

For more information on your rights, please go through the section headed ‘YOUR RIGHTS’ in our Privacy & Cookie Policy.

EFFECT OF POLICY AND CHANGES TO POLICY

This Business Privacy Policy applies in conjunction with the Privacy Policy and Cookie Policy and any other policies, notices, consent clauses as well as any contractual clauses as may be applicable. We keep our Policies under regular review and place any updates on our Website.

RECRUITMENT PRIVACY POLICY

APPLICATION OF THIS POLICY

Midstar (“we”, “our”, “us”) is committed to protecting and respecting the privacy of its Job Applicants. This Recruitment Privacy Policy together with our Privacy & Cookie Policy sets out the basis upon which we, Midstar, process the personal data of Job Applicants, including data they provide knowingly and voluntarily, data which we require and request from them for the management of their recruitment with us and/or data which is provided by a third party in the recruitment context.

For the avoidance of doubt, you are a Job Applicant when you apply for a role or position at any of our offices by submitting your resume to us directly: through email, through our social media channels, through the careers portal on our Website; or through a third party.

This Recruitment Privacy Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, or process personal data for fulfillment of the Purposes (as defined herein).

Please read the following carefully to understand our views and practices regarding your personal data and the manner in which we control and process it.

By submitting your application to us, you acknowledge, represent and warrant that:

1. 1. You have read and understood this Policy, and consent to the collection, use and disclosure of your data in accordance with this Policy for the Purposes defined herein;
   2. You have obtained the necessary consents and/or permissions from your referees for us to use the information contained in your application to contact your referees as provided herein, if applicable;
   3. In the event that we have received your personal data from any third party pursuant to the Purposes, we shall not be held liable for the methods and authorities employed in collecting, retaining, processing and disclosing of the personal data by the third party.

DATA WE COLLECT

We collect and process some or all of the following types of data which gives us a general overview of you including your background, your skills and your experience, and how the same is relevant to the role that you are applying for; it may include your legal name, gender, date of birth, nationality, country and city of birth, your photographic and/or visual data, passport copy/information and identification cards; mailing address, telephone number/s, email address and other contact details; educational background, employment and training history, professional qualifications and certifications, employment references and any other information that is received/collected as part of your employment application, including those that may be received via our Website cookies when you are applying through our Website. For more information about how our Website uses cookies, please have a look at our Privacy & Cookie Policy.

PURPOSES OF PROCESSING

Your data as a Job Applicant will be collected, processed, used and may be disclosed to third parties for the following Purposes:

• • to verify your identity, and the accuracy of the personal details and other information that has been provided;
  • to contact you, assess and evaluate your availability and suitability for a current or potential position within our organisation;
  • to carry out due diligence and other screening activities that may be required by law or that have been put in place by us;
  • to ensure compliance with our policies and our legal, regulatory, contractual, and health and safety requirements;
  • to ensure protection of our legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, and investigative purposes;
  • to respond to enquiries and requests from you or those you have authorised; and
  • statistical analysis.

We may use technological means while fulfilling any or all of the above Purposes; however, any decision that we take in relation to your recruitment will be made by us, independent of any such technological means used.

SHARING AND TRANSFER OF DATA

As and when we are required to share your recruitment-related data, we ensure that such sharing of data is on a need-to-know basis.

For more information on our Data Sharing and Transfer practice, please go through the sections headed ‘SHARING OF DATA’ and ‘INTERNATIONAL TRANSFER OF DATA’ respectively in our Privacy & Cookie Policy.

SECURITY

For more information on the security of your data held by us, please go through the section headed ‘SECURITY’ in our Privacy & Cookie Policy.

DATA RETENTION

In the event that your job application is unsuccessful, or when your relationship with us has been terminated or altered in any way, we may still retain your personal data for a reasonable period of time in accordance with legal requirements, the fulfilment of the Purposes, and/or other administrative purposes such as consideration for future vacancies. We may also host your personal data with a third-party cloud storage service.

For more information on our data retention policy, please go through the section headed ‘DATA RETENTION’ in our Privacy & Cookie Policy.

YOUR RIGHTS

To know more about your rights, please go through the section headed ‘YOUR RIGHTS’ in our Privacy & Cookie Policy.

EFFECT OF POLICY AND CHANGES TO POLICY

This Recruitment Privacy Policy applies in conjunction with the Privacy & Cookie Policy and any other policies, notices, and consent clauses, as well as any contractual clauses as may be applicable.

EMPLOYMENT PRIVACY POLICY

APPLICATION OF THIS POLICY

• • Midstar (“we”, “our”, “us”) is committed to protecting and respecting the privacy of its Employees. This Employment Privacy Policy, together with our Privacy & Cookie Policy and Recruitment Privacy Policy, sets out the basis upon which we, Midstar, process the personal data of our Employees including data they provide knowingly and voluntarily, data which we require and request from them for the management of their employment with us, and/or data which is provided by a third party in the employment context.
  • For the avoidance of doubt, Employee (“you”, “your”) refers to any person who is hired by us, for a wage, salary, fee or payment in accordance with an employment contract, including graduates and interns.
  • This Employment Privacy Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for fulfillment of the Purposes (as defined herein).
  • Please read the following carefully to understand our views and practices regarding your personal data and the manner in which we control and process it.

By engaging with us in an employment context, you acknowledge, represent and warrant that:

a) You have read and understood this Policy, and consent to the collection, use and disclosure of your data in accordance with this Policy for the Purposes defined herein;
b) You have obtained the necessary consents and/or permissions from your referees for us to use the information contained in your application to contact your referees as provided herein, if applicable.

DATA WE COLLECT

We collect and process some or all of the following types of data:

Application information: This is information that gives us a general overview of you, including your background, your skills and your experience, and how the same is relevant to the role that you are applying for. It may include your legal name, gender, date of birth, nationality, country and city of birth, your photographic and/or visual data, passport copy/information and identification cards; mailing address, telephone number(s), email address and other contact details, educational background, employment and training history, professional qualifications and certifications, employment references and any other information that is received/collected as part of your employment application.

Human Resource Management information: This is information collected during your employment with us and required for the management of your employment which may include financial information such as salary, bank account details, corporate credit card usage, employment benefits; information about your use of our property such as computers, laptops and phones; personal information of your dependents and/or spouses; travel history; biometrics and health records; performance and conduct through the period of employment such as appraisals, performance reviews, absence records and disciplinary records; and clearance certificates and any other information collected during your tenure of employment with us.

PURPOSES FOR PROCESSING

Your data as an Employee will be collected, processed, used and may be disclosed to third parties for the following Purposes:

• • to verify your identity and the accuracy of the personal details and other information that has been provided;
  • to assess and evaluate your suitability in any current or future position;
  • to efficiently manage and administer your employment, such as employee career development, compensation and benefits, performance management, and other administrative and management purposes as may be required for the functioning of our operations;
  • for the performance of our business operations or day-to-day business management;
  • to fulfil our legitimate interests in carrying out our operations such as enhancing our presence in the market through social media channels;
  • to fulfil our obligations in the performance of our contract with you;
  • to implement and enforce measures related to ensuring the security of our premises, assets, confidential information and connected person(s) including without limitation, employees, shareholders, stakeholders and third-party providers.
  • to carry out due diligence and other screening activities that may be required by law or that have been put in place by us;
  • to ensure compliance with our policies and our legal, regulatory, contractual, and health and safety requirements;
  • to ensure protection of our legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, and investigative purposes.

Your personal data including your visual and photographic data including that which is taken by us or anyone appointed by us when you attend events at our premises or otherwise, with the exclusion of sensitive personal data or special categories of personal data as defined under the applicable laws, may be used by us to enhance our presence in the market through social media channels.

The said Purposes may continue to apply, even when your relationship with us has been terminated or altered in any way, for a reasonable period thereafter in pursuance of our legitimate interests and/or to protect us or you from any dispute or legal proceedings that may arise.

We may use technological means while fulfilling any or all of the above Purposes; however, any decision that we take in relation to your employment will be made by us, independent of any such technological means used.

SHARING AND TRANSFER OF DATA

As and when we are required to share your employment-related data, we ensure that such sharing of data is on a need-to-know basis. For more information on our Data Sharing and Transfer practice, please go through the sections headed ‘SHARING OF DATA’ and ‘INTERNATIONAL TRANSFER OF DATA’ respectively in our Privacy & Cookie Policy.

SECURITY

For more information on the security of your data held by us, please go through the section headed ‘SECURITY’ in our Privacy & Cookie Policy.

DATA RETENTION

For more information on our data retention policy, please go through the section headed ‘DATA RETENTION’ in our Privacy & Cookie Policy.

YOUR RIGHTS

To know more about your rights, please go through the section headed ‘YOUR RIGHTS’ in our Privacy & Cookie Policy.

EFFECT OF POLICY AND CHANGES TO POLICY

This Employment Privacy Policy applies in conjunction with the Privacy & Cookie Policy, Recruitment Privacy Policy and any other policies, notices, consent clauses as well as any contractual clauses as may be applicable.

CONTACT

If you wish to withdraw your consent or object to our processing of your personal data, request access and/or correction of your personal data, or have any queries, comments or concerns, you can contact our Data Protection Officer at dpo@midstar.com.