1. Scope and Consent
2. How We Collect Your Personal Information
We collect Personal Information from you and the devices (including mobile devices) you use to access or use our Services. You should ensure that all Personal Information submitted to us is complete, accurate, true and correct. If you fail to do so, we may be unable to provide you with the products and services you have requested.
The Personal Information we collect includes, but is not limited to, information of the kinds described below:
2.1 Information that we collect automatically
We collect information about your interaction with our sites and Services, advertising, mobile notifications or e-mail communications. This is typically information we receive from your computer or other devices, including your mobile devices, and includes:
- Device ID or unique identifier, device type, unique device token;
- Geo-location information, including location information from your mobile device (However, do keep in mind that most devices allow you to control or disable the use of location services in the device’s settings menu.);
- Computer and connection information; and
- Statistics on page views, traffic to and from the sites, referral URL, IP address and web log information.
2.2 Information that you give us when you use our Services
Such types of information include:
- Identity-related information that you provide us when you register an XFERS Account, including your name, physical address, email address, telephone and/or mobile phone number, business seller information, and unique identification number (e.g. NRIC or passport number), and identity-related information of the directors and executive officers of your corporate body authorised to operate your XFERS Account;
- Financial information such as your bank account information, credit card, or debit card;
- Transactional information based on your activities conducted on our sites and through our Services (such as information on your buying and selling activity and other content you generate or that relates to your Account);
- Shipping, billing and other information you provide to purchase or list a product or service via our Services. Where shipping services are provided through one of our programs, additional relevant shipping information (such as tracking updates) as provided by the chosen shipping partner;
- Information provided through chats, dispute resolution, referral services, or added to a web form or when adding/updating your Account information, or provided when you correspond through our sites and Services, or where you correspond with our customer service team; and
- Any additional information that XFERS may ask you to provide in order to verify your Account or listings.
2.3 Information from cookies, web beacons and similar technologies
- We and/or our authorised service providers may employ cookies in order for our server to recognise a return visitor as a unique User including, and not limited to, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
- The cookies are also used to link your device to your XFERS Account so that you do not have to re-enter your password each time you click on a link in the XFERS User panel page or query or access our Services. They are also used to automatically identify your XFERS Account when you contact us via the live chat feature.
- Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser or device settings. However, you may be required to re-enter your password more frequently during your use of our Services, or may not be able to enter certain part(s) of our website.
- Where possible, security measures are set in place to prevent unauthorised access to our cookies and similar technologies. A unique identifier ensures that only we and/or our authorised service providers have access to cookie data.
2.4 Information from other sources
- We may also obtain information about you from third parties. This may include:
- publicly available demographic information;
- additional contact information, User information or account information (including third-party account information) and other information required to verify you or your business’s identity or User information to assess fraud;
- credit check information;
- information from credit bureaus and financial institutions; and
- analytics data from your usage of our Services.
- If you give us Personal Information relating to a third party (e.g. information of your customers and/or employees), you must do so only with their consent. By submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Information for the respective purposes. In addition, you agree to inform them that we have collected their Personal Information and tell them how we collect, use and disclose the Personal Information.
3. How We Use Your Personal Information
We use the Personal Information we collect to operate, improve and personalise our Services; to contact you and provide you customer service; to detect, prevent and mitigate fraudulent or illegal activities; to assess your suitability as a candidate for employment where you submit a job application to us; and for all other such purposes as described in paragraph 3.5 of this Section. You agree that we may use your Personal Information as follows:
3.1 Operate, improve, and personalise our Services
- Provide you use of and access to our Services;
- Process your application for XFERS’ products and services;
- Process transactions and send notices about your transactions;
- Verify your identity, including during Account creation and password reset processes;
- Responding to your queries, feedback, complaints and requests, and to resolve disputes, collect fees, and troubleshoot problems;
- Give you access to your purchase and sales history, payment transaction history, internal email and other features and functionalities;
- Customise, measure and improve our Services;
- Provide other services requested by you as described when we collect the information;
3.2 Contact you and provide you customer service
- Provide you with customer support in relation to the use of our Services;
3.3 Detect, prevent and mitigate fraudulent or illegal activities
- Prevent, detect, investigate and report fraud, security breaches, potentially prohibited or illegal activities;
- Protect the security and integrity of our sites and Services;
- Compare the Personal Information you provide for accuracy, and verify it with information provided by third parties where necessary.
3.4 Assess your suitability as a candidate for employment
- Conducting interviews;
- Processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
- Obtaining employee references and for background screening;
- Assessing your suitability for the position applied for;
- Facilities management, including but not limited to maintaining the security of our premises and recording entries and exists; and/or
- Such other purposes which are reasonably related to the aforesaid.
- Detect, prevent, remediate breaches or attempted breaches of or otherwise enforce our policies, applicable law, or any agreement that we may have with you;
- Perform creditworthiness and solvency checks, and compare information for accuracy and verify it with third parties where necessary;
- Provide targeted marketing and advertising, provide service update notices, and deliver promotional offers based on your communication preferences;
- For accounting, audit or litigation purposes.
4. How We Share Your Personal Information With Other XFERS Users
The protection of your Personal Information is very important to XFERS. We will share selected Personal Information with other XFERS Users in order to facilitate your transactions and to help resolve a dispute between you and another XFERS User.
- When you transact with other XFERS Users, we may provide those Users with your Personal Information necessary to complete the transaction. Such information includes your name, phone number, email address, contact details, shipping and billing address, or other information needed to promote the reliability and security of the transaction. If a transaction is held, fails, or is later invalidated, we may also provide details of the unsuccessful transaction.
- Larger merchant XFERS Users (including marketplace platforms or other merchant e-commerce sites) may integrate our Services into their sites or apps to enable them to accept or send payments from or to you using XFERS.
- If you choose to “link” your XFERS Account with these third party sites, we may provide them with your XFERS Account information, including your Personal Information and your XFERS Account balance. By “linking” your XFERS Account, you will also authorise them to deduct money from or send payments to your XFERS Account without any further action or confirmation on your part.To streamline your transactions and to save you time in avoiding having to re-enter all your Personal Information into these third party sites, we may also disclose your Personal Information (including your passport or national identity documents) directly to these merchant XFERS Users to the extent required by them to remain in compliance with the laws and regulations applicable to them.
- If a XFERS User is sending you money and enters your email address or phone number, we may provide them with your registered name so they can verify that they are sending the money to the correct person and/or Account.
- In the case of a dispute between a buyer and seller, in order to facilitate dispute resolution, we may provide the buyer with the seller’s address so that goods may be returned to the seller.
- We will not disclose your credit card number or bank account number to anyone you have paid or who has paid you using XFERS, or with the third parties that offer or use our Services, unless we have your express permission, or where we are required to do so to comply with our obligations under credit card rules, a subpoena, or any other legal process or investigation.
Our policies and Terms of Service expressly prohibits a receiving party from using any Personal Information that we may share with them for unrelated purposes, such as to directly market to you, unless you have agreed to it. Contacting Users with unwanted or threatening messages is also against our policies and constitutes a violation of our Terms of Service.
Please note that merchants, sellers, and other XFERS Users you buy from or contract with have their own privacy policies, and although our Terms of Service does not allow the other transacting party to use this information for anything other than providing Services, we are not responsible for their actions, including their information protection practices.
5. How We Share Your Personal Information With Other Third Parties
Subject to any applicable law, we may also share your Personal Information with the following third parties for the purposes listed below:
- Members of the XFERS corporate family, to provide joint content, products, and services (such as registration, transactions and customer support), to help detect and prevent potentially illegal acts and violations of XFERS policies, and to guide decisions about their products, services, and communications. Members of our corporate family will use this information to send you marketing communications if you have requested their services.
- Credit bureaus and collection agencies to report Account information, as permitted by law.
- Banking partners (a) to comply with the requirements of credit card association rules for inclusion on their list of terminated merchants (in the event that you meet their criteria which includes having XFERS close your XFERS Account due to your breach of our Terms of Service); (b) to comply with their anti-money laundering and countering the financing of terrorism requirements; or (c) if we believe that disclosing your information is necessary to help us or our banking partners prevent fraud or assess and manage operational or financial risk.
- Third party payment service providers to facilitate their provision of services to you through our platform.
- Law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to us or one of our affiliates; when we need to do so to comply with the law or credit card rules; or when we believe, at our sole discretion, that the disclosure of Personal Information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms of Service.
- Other third parties to whom you explicitly ask us to send your information (or about whom you are otherwise notified and consent to when using a specific service).
- Other unaffiliated third parties, for the following purposes:
- Fraud Prevention and Risk Management: to help them prevent fraud or assess and manage risk. As part of our fraud prevention and risk management efforts, we also may share necessary account information with third parties in cases where we have placed a hold or other restriction on your Account based on disputes, claims, chargebacks or other scenarios regarding the sale or purchase of goods.
- Customer Service: for customer service purposes, including to help service your Accounts or resolve disputes (e.g., billing or transactional).
- Shipping: in connection with shipping and related services for purchases made using our Services.
- Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing requirements.
- Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
Please note that some of these third parties may be based in other countries where the laws on the processing and protection of Personal Information are less stringent than the laws in your country.
Additionally, if you open a XFERS Account directly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on a XFERS website) will be shared with the owner of the third party website or application. These sites are governed by their own privacy policies, and you are encouraged to review their privacy policies before providing them with your Personal Information. We are not liable or responsible for the actions or information practices of such third parties.
6. You May Access and Correct Your Personal Information
We take steps to ensure the Personal Information we collect from you is accurate and up to date, and that you have the ability to access or update/correct it.
6.1 Accessing your Personal Information
- At any time, you may access your Personal Information by logging in to your XFERS User panel and clicking on “Settings >> Account Verification”.
- If you are operating a merchant Account, you can view more information under “Merchant >> Details Verification”.
6.2 Updating/Correcting your Personal Information
It is your responsibility to ensure all Personal Information that you submit to us is complete, accurate, true and correct.
- Please update your personal data immediately if it changes or is inaccurate.
- If you wish to update/correct your Personal Information, please contact us at [email protected]. We reserve the right to reject your update/correction request if we have reasonable grounds to believe that such an update/correction should not be made.
7. Storage, Security and Retention of Your Personal Information
We store and process your Personal Information in a Singapore data centre operated by Amazon Web Services, Inc (“AWS”). We use AWS as our technology infrastructure service provider to power the main core of our Services.
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorisation controls.
AWS’s data centres utilise state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24×7 by trained security guards, and access is authorised strictly on a least privileged basis. For more information, please visit: https://aws.amazon.com/security/
AWS is also audited by third-party auditors who have verified their compliance with a variety of computer security standards and regulations, including:
- PCI DSS Level 1 – standard for storing, processing, and transmitting credit card information in the cloud);
- ISO 27001:2013 – a widely-adopted global security standard that outlines the requirements for information security management systems;
- ISO 27017:2015 – a global cloud-specific information security code of practice;
- ISO 27018:2014 – a code of practice designed to give cloud service providers security control implementation guidance to protect personally identifiable information;
- MTCS Tier 3 Certification (Singapore) – an operational Singapore security management standard (SPRING SS 584:2013), based on ISO 27001/02 Information Security Management System standards.
A full list of AWS’s third-party certifications can be viewed at: https://aws.amazon.com/compliance/
Despite our security precautions, we cannot fully guarantee the security of your Personal Information because of the inherent risks of data transmission over the internet. At all times, you assume the risks associated with the transmission of your Personal Information over the internet and the possibility of malware present on your device used for our Services. Therefore, you should ensure that you only enter or upload your Personal Information on a secure device within a secure environment.
We retain your Personal Information for as long as you continue to have an XFERS Account.
- If your XFERS Account is terminated (either by your request or by us), we will retain your Personal Information for at least 5 years after Account termination in order to comply with the regulatory requirements under the laws and regulations applicable to our Services.
- Under certain circumstances we may retain Personal Information from closed Accounts to prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, comply with applicable legal data retention obligations and take other actions permitted by law.
- After it is no longer necessary for us to retain your Personal Information, we will dispose of it in a secure manner according to our data retention and deletion policies.
8. Contact us about Privacy Questions