Singapore Privacy Policy

This privacy policy (“Policy”) explains how Merchant Management Solutions PTE. LTD., a company having its registered office at 10 Anson Road, #22-02 International Plaza, Singapore 079903 (hereinafter referred to as “Momos”, “We” “Our”) Processes Personal Data which Momos collects from You.

PERSONAL DATA COLLECTION, USE & DISCLOSURE

1. COLLECTION AND USE OF PERSONAL DATA 

Merchant Management Solutions PTE. LTD. (“Momos” or “We”) We collect, use and disclose any of the following information about you and refer to this hereafter as "Personal Data" throughout this policy:

2.1 Information you give us

As part of providing our services to you, we may require you to give us information about yourself. Apart from electronic means, our collection of your Personal Data may also take place, without limitation, when you contact us by phone, or email, or when we received it from third parties (such as food delivery platforms) you may have authorized to collect and disclose your information to us on your behalf.

2.2 The information you voluntarily give us may include, but is not limited to:

  1. your name, 
  2. date of birth, 
  3. contact information, such as your telephone number, e-mail address, or residential address;
  4. responses to customer feedback surveys, questionnaires or promotions; and
  5. financial information such as payment and banking information,

(collectively, "Personal Data").

2.3 Sources of your Personal Data

Your Personal Data has and/or will be obtained from the following sources: 

  1. information provided or submitted by you;
  2. information provided by third parties (such as third-party agents, payment service providers, our service providers or business partners);
  3. information gathered through promotional and / or marketing activities;
  4. such other written or verbal communications or documents delivered to us prior to or during the course of providing our services (contractual or otherwise) to you.

2. PURPOSES OF COLLECTING YOUR PERSONAL DATA

2.1 We, or third-party data processors and service providers acting on our behalf, may collect, use and store the Personal Data provided by you to enable you to receive our services. More specifically, we may collect, use and store your Personal Data for the following reasons:

  1. providing you with the products and services that you have requested e.g., notifying you regarding the status of your order or delivery;
  2. ensuring that your transactions on our websites are safe and secure;
  3. contacting you for feedback after a sale of a product or service;
  4. resolving any problems or disputes you may encounter in relation to our products and services;
  5. complying with legal and regulatory obligations and requirements;
  6. accounting, risk management, compliance and record keeping purposes;
  7. carrying out research, planning and statistical analysis; and
  8. conducting online surveys or feedback requests to evaluate our services during which Personal Data is collected for verification purposes

3. ACCURACY, RETENTION AND SECURITY OF PERSONAL DATA

3.1 As the accuracy of your Personal Data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your Personal Data or if there have been any changes to your Personal Data. Please note that we need certain types of Personal Data so that we can provide our services to you. If you do not provide us with accurate Personal Data, or ask us to delete it, we may no longer be able to provide our services to you.

3.2 We retain your Personal Data for as long as you use the services we provide or as is required by or allowed by applicable laws. As soon as practicable, we will cease to retain your Personal Data, or at least Personal Data in a form that can be associated with a particular individual, i.e., your Personal Data may still be retained in either an anonymized or aggregated form, once it is no longer required for the purpose it was collected for and retention is no longer necessary for legal or business purposes.

3.3 Once we receive your Personal Data, we will use all reasonably practicable steps and security measures as required under the applicable laws, to ensure that your Personal Data is stored securely and protected by us and our data processors against unauthorised or accidental access, processing, erasure, loss or use. Your Personal Data will be kept confidential and secure and will only be disclosed on a “need-to-know” basis. If we outsource or entrust your Personal Data with third party service providers or data processors, we will use contractual and other means to monitor their compliance with this privacy policy.

3.4 The transmission of information through the internet is not completely secure. Although we use security measures to secure your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us and any transmission of your Personal Data either to us or third parties is at your own risk.

4. DISCLOSURE OF PERSONAL DATA

We will share your Personal Data with the following categories of third parties, including:

  1. any person to whom we are compelled or required to do so under law; any party pursuant to an order of a court;
  2. any related and associated companies, affiliates and subsidiaries of ours, including those established in the future;
  3. any data processors processing your Personal Data on our behalf;
  4. where applicable, third parties who provide related services or products in connection with our business such as our vendors, business partners, and any party assisting us in carrying out the Purpose as laid our above;
  5. where you have consented for your information to be made available, parties which participate in joint marketing schemes with us;
  6. any agent, contractor or service provider who provides administrative, order processing, payment clearing, credit reference, debt collecting or other services necessary to the operation of our business;
  7. organisations including their professional service providers and relevant regulatory authorities whether within or outside Singapore, in connection with the acquisition, disposition and / or intended acquisition or disposition of the Company's assets and / or the Company itself whether directly or indirectly;
  8. any party or organisation who is bound by confidentiality agreements with us; 
  9. any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any applicable law; including, but not limited to government agencies, statutory authorities and industry regulators; 
  10. our auditors, consultants, accountants, lawyers or other financial or professional advisers.

5. TRANSFER AND SHARING OF PERSONAL DATA

5.1 Any third parties with whom we share your personal information are limited in their ability to use your personal information for any purpose other than to provide services to us. We will always ensure that any third parties with whom we share your personal information are subject to the same data protection principles as we are.

5.2 Please rest assured that we will only disclose the minimum amount of information which we think is necessary for the purposes set out above and that we will take all appropriate safeguards to ensure the integrity and security of your Personal Data.

5.3 For Personal Data transferred outside your jurisdiction (if any), we will ensure that the recipient will protect your Personal Data at a standard that is comparable to that under the applicable data privacy laws of your jurisdiction, as may be amended from time to time. We shall procure a similar contractual undertaking from any overseas recipient of your Personal Data in that regard. We will ensure that such transfer of your Personal Data takes place subject to this privacy policy (unless otherwise agreed by you) and complies with any applicable laws. If you have any concerns about the international transfer of your Personal Data please contact us using the details set out in this privacy policy.

6. FAILURE TO SUPPLY OR CONSENT TO THE COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

6.1 Except for Personal Data which is collected, used and disclosed for direct marketing purposes, you must provide us with the Personal Data which we request from you. If you do not consent and supply us with your Personal Data, this will result in the following:

  1. we will be unable to provide you with information, notices, services and/or products requested; 
  2. your ability to enter and participate in any contests or promotions organised by us may be affected; and
  3. the ability of third parties to enter into the necessary agreements in relation to the provision of services to you may be affected.

6.2 It is optional for you to provide your consent to use any of your Personal Data for direct marketing purposes.

7. YOUR RIGHTS TO ACCESS, LIMIT AND CORRECT YOUR PERSONAL DATA

7.1 We respect your legal rights to your Personal Data. We list below your legal rights and the measures we take to protect these rights. Not all data protection laws are the same so not all of these rights apply in all jurisdictions.

7.2 You may contact our Data Protection Officer by email at data@momos.com at any time and you may:

  1. check whether we hold or use your Personal Data and request access to such data; 
  2. request that we correct any of your Personal Data that is inaccurate, incomplete or out-of-date;
  3. request that we limit the processing of your Personal Data; 
  4. request for information concerning the ways your Personal Data has been or may have been used or disclosed by us within a year before the date of your request; 
  5. request that we specify or explain our policies and procedures in relation to Personal Data and the categories of Personal Data collected, used and disclosed by us; 
  6. withdraw, in full or in part, your consent given previously or request deletion of your Personal Data, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason (other than consent) for doing so; and
  7. lodge a complaint with the competent authority if you think that any of your rights have been infringed by us.

8. CHANGES TO OUR PRIVACY POLICY

8.1 We may occasionally change all or part of this privacy policy. Any changes will be effective immediately upon our posting of the updated privacy policy. If we make any material changes to this privacy policy, we will notify you of the changes through our website or e-mail.

8.2 If we make changes to the type of Personal Data collected, the purpose for collecting your Personal Data, who we may share your Personal Data with or how we may use your Personal Data, we will notify you in advance of such changes request your consent if required by applicable laws.

Please address all requests and/or questions or concerns which you may have regarding the subject matter and contents of this privacy policy to data@momos.com

PERSONAL DATA SHARING AGREEMENT (DSA)

BACKGROUND

  1. The Disclosing has agreed to transfer or share Personal Data received in Singapore on the terms as set out in this Data Sharing Agreement (“DSA”) and has signed an Agreement with Merchant Management Solutions.
  2. Each Party intends to use, collect, store, process or disclose any Personal Data disclosed to them strictly in accordance with the terms of this DSA.

1. AGREED TERMS

1. Definitions and interpretation

In this DSA, unless the context otherwise requires, the following terms shall have the meanings assigned to them below:

Shared Personal Data” :

means Personal Data which the Disclosing Party discloses to the Receiving Party, or which the Receiving Party processes on behalf of the Disclosing Party, including: a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

PDPA” :

means the Personal Data Protection Act 2012 as amended from time to time.

Personal Data” :

means data, whether true or not, about an individual who can be identified:

  1. from that data alone; or
  2. from that data and other information which the Receiving Party has or is likely to have access to.

Personal Data Breach” :

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Shared Personal Data transmitted, stored or otherwise processed.

Processing, processes and process” :

means any activity that involves the use of Personal Data or as the PDPA may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.

2. Handling and Protection of Personal Data

2.1 The Disclosing Party and the Receiving Party acknowledge that for the purpose of the PDPA, the Disclosing Party is the data controller / data collector and the Receiving Party is the data processor / data intermediary.

2.2 The Receiving Party shall at all times comply with all its obligations under the PDPA at its own cost and shall also ensure that all necessary measures for compliance with the PDPA are also put in place by any of its sub-contractors, subsidiaries or affiliates to whom Shared Personal Data may be transferred to for processing.

2.3 The Receiving Party shall not transfer any Shared Personal Data to a place outside Singapore without the Disclosing Party’s prior written consent. If the Disclosing Party provides consent, the Receiving Party hereby undertakes to Disclosing Party to ensure that the Shared Personal Data transferred outside Singapore will be protected at a standard that is comparable to that under the PDPA and the Receiving Party shall also procure a similar written undertaking from any overseas third party in receipt of any Shared Personal Data.

2.4 The Receiving Party shall maintain the confidentiality of all Shared Personal Data and only process, use or disclose Shared Personal Data:

  1. strictly for the purposes as stated in the Privacy Policy as found at https://www.momos.com/pdpa-privacy-policy-singapore-copy (the “Privacy Policy”);
  2. in accordance with the Disclosing Party’s prior written consent; 
  3. in accordance with the purposes for which consent to process, use or disclose such Shared Personal Data has been obtained from an individual;
  4. insofar as an exception or exemption under the PDPA applies; or
  5. when required by law or an order of court, but the Receiving Party shall notify the Disclosing Party as soon as practicable before complying therewith at its own cost.

2.5 The Receiving Party shall protect Shared Personal Data in the Receiving Party’s control or possession by taking into consideration the nature and sensitivity of the Shared Personal Data, and making reasonable security arrangements (including, where appropriate, physical, administrative, procedural and information & communications technology measures) to prevent unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of Shared Personal Data, or other similar risks.

2.6 For the purposes of this DSA, “reasonable security arrangements” shall include, but is not limited to, physical access controls, system access controls, data access controls, data transmission controls, data input controls, data pseudonymisation or encryption, data backups, and data segregation.

2.7 The Receiving Party shall only permit authorised personnel access Shared Personal Data on a need to know basis.

2.8 The Receiving Party shall provide the Disclosing Party with access to the Shared Personal Data that the Receiving Party has in its possession or control, as soon as practicable upon Disclosing Party’s written request.

2.9 Where the Disclosing Party provides Shared Personal Data to the Receiving Party, the Disclosing Party shall make reasonable effort to ensure that the Shared Personal Data is accurate and complete before providing the same to the Receiving Party. The Receiving Party shall put in place adequate measures to ensure that the Shared Personal Data in its possession or control remain or is otherwise accurate and complete. In any case, the Receiving Party shall take steps to correct any errors in the Shared Personal Data, as soon as practicable upon the Disclosing Party’s written request.

2.10 The Receiving Party shall not retain Shared Personal Data (or any documents or records containing Shared Personal Data, electronic or otherwise) for any period of time longer than is necessary to serve the purposes of this DSA or as stated in the Privacy Policy.

2.11 The Receiving Party shall, upon the request of the Disclosing Party:

  1. return to the Disclosing Party, all Shared Personal Data; or 
  2. delete all Shared Personal Data in its possession,

and, after returning or deleting all Shared Personal Data, provide the Disclosing Party with written confirmation that it no longer possesses any Shared Personal Data. Where applicable, the Receiving Party shall also instruct all third parties to whom it has disclosed Shared Personal Data for the purposes of this DSA to return to the Receiving Party or delete such Shared Personal Data and certify the same to the Receiving Party.

2.12 The Disclosing Party retains control of the Shared Personal Data and remains responsible for its own compliance obligations under the PDPA, including ensuring cyberinformation security for the information they process, providing any required notices and obtaining any required consents regarding the scope and purpose of the collection, use, disclosure, transfer and processing in respect of any Shared Personal Data upon which it gives instructions to the Receiving Party.

3. Notification of Breach and Indemnity

3.1 The Receiving Party shall immediately notify the Disclosing Party when the Receiving Party becomes aware of or has reason to believe there has been a Personal Data Breach or a breach of any of its obligations in Clause 2. The Receiving Party shall then provide the Disclosing Party with the following information: -

  1. description of the nature of the Personal Data Breach or breach of any of the Receiving Party’s obligations under Clause 2 including the types, approximate numbers, and categories of Personal Data concerned;
  2. the likely consequences; and
  3. a description of the measures taken or proposed to be taken to address or mitigate the possible adverse effects.

3.2 The Receiving Party shall reasonably co-operate with the Disclosing Party in the Disclosing Party's handling of the matter, including:

  1. assisting with any investigation; 
  2. providing the Disclosing Party with physical access to any facilities and operations affected;
  3. facilitating interviews with the Disclosing Party’s employees, former employees and others involved in the matter; 
  4. making available all relevant records, logs, files, data reporting and other materials required under the PDPA or as otherwise reasonably required by the Disclosing Party; and 
  5. taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or the unlawful processing of any Personal Data.

3.3 The Receiving Party shall not inform any third party of any Personal Data Breach without first obtaining the Disclosing Party's prior written consent, except when required to do so by law.

3.4 The Receiving Party agrees that the Disclosing Party has the sole right to determine:

  1. whether to provide notice of the Personal Data Breach to any affected individuals, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in the Disclosing Party's discretion, including the contents and delivery method of the notice; and
  2. whether to offer any type of remedy to affected individuals, including the nature and extent of such remedy.

3.5 The Receiving Party shall indemnify the Disclosing Party and its officers, employees and agents, against all actions, claims, demands, losses, damages, statutory penalties, expenses and cost (including legal costs on an indemnity basis), in respect of:

  1. a Personal Data Breach caused by the Receiving Party; 
  2. the Receiving Party’s breach of any of its obligations under Clause 2; or
  3. any act, omission or negligence of the Receiving Party that causes or results in the Disclosing Party being in breach of the PDPA.

3.6 The Disclosing Party shall indemnify the Receiving Party and its officers, employees and agents, against all actions, claims, demands, losses, damages, statutory penalties, expenses and cost (including legal costs on an indemnity basis), in respect of:

  1. a Personal Data Breach caused by the Disclosing Party;
  1. the Disclosing Party’s breach of any of its obligations under Clause 2; or
  2. any act, omission or negligence of the Disclosing Party that causes or results in the Receiving Party being in breach of the PDPA.

4. Receiving Party's employees

4.1 The Receiving Party will ensure that all employees identified at Annex A:

  1. are informed of the confidential nature of the Shared Personal Data and are bound by confidentiality obligations and use restrictions in respect of the Shared Personal Data; and
  2. are aware and have undertaken training on the Receiving Party’s obligations under the PDPA relating to handling Shared Personal Data and how it applies to their particular duties; and

4.2 The Receiving Party undertakes to take or that it will take reasonable steps to ensure the reliability, integrity and trustworthiness of all its employees with access to the Shared Personal Data.

5. Term and termination

5.1 This DSA will remain in full force and effect so long as:

  1. the Privacy Policy remains in effect; or 
  2. the Receiving Party retains any Shared Personal Data in its possession or control (“Term”).

5.2 If a change in the PDPA or any similar legislation prevents either of the Parties from fulfilling all or part of its obligations under this DSA, the parties will suspend the processing of Shared Personal Data until that processing complies with the new requirements. If the parties are unable to bring the processing of Shared Personal Data into compliance with the changed legislation, they may terminate the DSA on written notice to all other parties.

5.3 Upon termination or expiry of this DSA, the Receiving Party shall return, delete or destroy all Shared Personal Data in its possession pursuant to this DSA. The parties commit to fulfil all its outstanding obligations up to date of termination or expiry.

6. Audit

6.1 At least once a year, the Receiving Party will conduct site audits of its Personal Data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this DSA, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognised third-party audit firm based on recognised industry best practices.

6.2 On the Disclosing Party's written request, the Receiving Party will make all of the relevant audit reports available to the Disclosing Party for review.

6.3 The Receiving Party shall promptly address any exceptions noted in the audit reports within a reasonable timeframe given the severity of the exceptions raised.

7. Warranties

7.1 The Receiving Party warrants and represents that:

  1. its employees, subcontractors, agents and any other person or persons accessing Shared Personal Data on its behalf are reliable and trustworthy and have received the required training on the PDPA or other similar legislation relating to the handling and protection of Personal Data;
  2. it and anyone operating on its behalf will process the Shared Personal Data in compliance with the PDPA and other laws, enactments, regulations, orders, standards and other similar instruments in Singapore or in any other relevant jurisdictions; and
  3. considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of Shared Personal Data and the accidental loss or destruction of, or damage to, Shared Personal Data, and ensure a level of security appropriate to:

    (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage;

    (ii) the nature of the Shared Personal Data protected; and

    (iii) comply with all applicable legislation and its information and security policies, including the reasonable security arrangements required under this DSA.

7.2 The Disclosing Party warrants and represents that any Shared Personal Data transferred to the Receiving Party is legally collected and authorized to be transferred to the Receiving Party for the purposes as stated in the Privacy Policy and such Personal Data is permitted to be transferred to the Receiving Party under the method applied by the Parties and the Receiving Party’s expected use of the Shared Personal Data for the purposes as specifically instructed by the Disclosing Party will comply with the PDPA.

8. Rights of Third Parties

8.1 Save as provided for under the Personal Data Protection Act 2012, a person or entity who is not a party to this DSA shall have no right under the Contracts (Rights of Third Parties) Act (Cap. 53B) or any equivalent statute, legislative enactment, directive, regulation or under any other relevant laws to enforce any term of this DSA.

9. Variation

9.1 No variation, amendment or rescission of this DSA shall bind any Party unless made in writing in the English language and signed by all Parties.

10. Governing Law and Jurisdiction

10.1 This DSA shall be governed by and interpreted in accordance with the laws of Singapore

10.2 Parties hereby agree to submit to the exclusive jurisdiction of the courts of Singapore.

This agreement has been entered into on the date stated at the beginning of it.

Products
Customer EngagementBI and AnalyticsMarketing and GrowthMicrositeOffersCustomer CareCustomer Activate
Company
About UsContact UsCareers
Support
Help CenterLegal & Privacy
Resources
Case StudiesPress Room FAQBlog
Contact details
Existing Customers
support@momos.com
New Customers
sales@momos.com+6591834989

Join our community

No spam. Only sweet content and updates on our products.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Products
Customer ServiceBI and AnalyticsMarketing and GrowthMicrosite
Resources
Press RoomFAQBlog
Company
About UsContact UsCareers
Support
Help CenterPrivacy PolicyTerms & Conditions
Made with
Studiopresto
Follow us on social media