As a licensed and regulated financial service provider holding a Major Payment Institution (“MPI”) license issued by the Monetary Authority of Singapore (“MAS”), the Company is obliged to collect personal data from our prospects, customers, business partners (i.e. to do due diligence on ultimate beneficial owners, directors and ), before we do any on-boarding of customers i.e. account opening/registration, work with business partners, etc.

Customer may give us information, including personal information when they sign up to use Skyee Services – Skyee onboarding form. This also includes information customer provide through the continued use of Skyee Services on Skyee’s Website through promotion or survey, and when customer report a problem with our Skyee Services (refer to Section 5 on Types of Information Collected).

Skyee may also need additional commercial and/or identification information from customer e.g., where customer send or receive certain high-value or high-volume transactions or as needed to comply with Skyee’s anti-money laundering and countering the financing of terrorism (“AML/CFT”) obligations and review under applicable law.

According to the MAS, financial institutions operating in Singapore are required to put in place robust controls to detect and deter the flow of illicit funds through Singapore’s financial system, i.e. to help fight money-laundering.

The PDPA (together with its relevant regulations such as PDPR) provides the right for the Company to collect and process personal data when it is necessary to accurately establish or verify the identity of an individual to a high degree of fidelity where failure to accurately identify the individual would pose significant impact or harm to an individual and/or the organization. For example, the identity of an individual must be verified, particularly in the course of conducting Know Your Customer (“KYC”) checks to prevent fraudulent claims/activity in healthcare, financial or real estate matters.

In order to provide guidance and compliance requirements on AML/CFT, MAS has issued AML/CFT notices and guidance papers. The Company as a MPI licence holder therefore needs to comply with Notice PSN01 Prevention of Money Laundering and Countering the Financing of Terrorism – Specified Payment Services (“PSN01”).

The Company also collects personal data from employees as permissible by the PDPA and applicable laws i.e. Employment Act 1968. Under section 95 of the Employment Act 1968, all employers must maintain detailed employment records of employees covered by the Employment Act 1968, which includes employees’ NRIC number and other relevant information.

The types of personal data that Skyee collects about an individual may include, but are not limited to an individual’s name, ID number, address, nationality, email address and telephone numbers. The Company will only collect sensitive personal data (such as passport or other identification numbers, date of birth, bank account numbers, employment details) where required by laws and regulations. For the avoidance of doubt, the Company’s collection of sensitive data such as NRIC numbers, birth certificate numbers, foreign identification numbers and work permit numbers will be done in accordance with the PDPA and, in particular, the “Advisory Guidelines on the Personal Data Protection Act for NRIC and other national identification numbers”.

Skyee may collect various types of personal data about an individual, including:

• Identification information (e.g. Name, ID card and passport numbers, nationality, place and date of birth, gender, photograph, IP address);
• Contact information (e.g. postal address and e-mail address, phone number);
• Family situation (e.g. marital status);
• Education and employment information (e.g. level of education, employment, employer’s name);
• Banking, financial and transactional data (e.g. bank account details, credit card number, money transfers, originator name, originator bank, originator information, beneficiary name, beneficiary bank, beneficiary information);
• Client relationship information (e.g. source of funds); and
• Information related to an individual digital activity (e.g., IP address, browsing activity, geolocation etc.).

Skyee notifies all customers through medium such as Skyee Website, terms and conditions, etc on:

Deemed Consent

An individual may be deemed to have provided consent to the collection, use and / or disclosure of personal data for a purpose – you may find an explanation of such ‘deemed consent’ at https://sso.agc.gov.sg/Act/PDPA2012#pr15-(under Section 15 or 15A of PDPA).

Provision of Consent

An individual has not given consent under this PDPA for the collection, use or disclosure of personal data about the individual by the Company for a purpose unless —

Withdrawing Consent

If an individual wishes to withdraw consent, the individual should give us reasonable advance notice in writing. An individual may withdraw consent by sending an email to Skyee at service@Skyee360.com.

Upon receiving the individual’s notice of withdrawal of consent, Skyee may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for Skyee to notify you of the consequences of us acceding to the request, including:

Skyee may collect and use your information for any purpose not prohibited by applicable law.

Personal data that the Company collects will only be used for the purposes:

Examples of personal data that the Company collects may include (but is not limited to) the following purpose:

In addition, the Company may process and/or transfer such Personal Data to other members of the Company’s network and / or its third parties’ service providers or subcontractors (which may be located in other territories) for the purposes of (i) providing such financial services; (ii) maintaining the Company’s operations or client relationship management system; (iii) quality and risk management reviews, or (iv) providing information about the Company and / or the Company’s range of services.

Where personal data is to be used for a different purpose and / or shared with a third party in a situation not mentioned above, the Company will seek the individual’s consent before proceeding to use and / or share the personal data. For the avoidance of doubt, it is the Company’s policy to avoid collecting excessive and / or irrelevant personal data.

Skyee takes reasonable steps to protect an individual’s personal data from unauthorised disclosure.

Personal data that the Company collects from an individual is only disclosed to other members of the Company’s network and/or third parties for the intended purpose(s) which was stated and/or communicated to an individual at the time that the personal data was collected.

Such third parties shall provide the Company with written confirmation that they will provide adequate protection over the personal data in question. personal data may also be disclosed to third parties (whether in Singapore or otherwise) where the Company is compelled to do so by the relevant authorities or a competent authority e.g. Singapore Courts, Commercial Affairs Department (Singapore Police Force), MAS etc.

The Company will make a reasonable effort to ensure that personal data collected by or on behalf of the Company is accurate and complete, if the personal data:

Note: Please refer to paragraphs 16.4 to 16.9 of the Guidelines on PDPA for requirements relating to “reasonable effort”.

Skyee makes reasonable security arrangements to protect personal data in its possession in order to prevent: .

External data intermediaries who process and maintain personal data on the Company’s behalf will be bound by contractual data protection arrangements the Company has with them. Skyee strives to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Skyee will cease to retain its documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data, and retention is no longer necessary for legal or business purposes.

The Company will retain personal data and/or to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce, etc., for such period:

Section 26 of the PDPA limits the ability of an organization such as Skyee to transfer personal data outside Singapore. In particular, section 26(1) of PDPA provides that an organisation must not transfer any personal data to a country or territory outside Singapore except in accordance with requirements prescribed under the PDPA to ensure that organisations provide a standard of protection to personal data so transferred that is comparable to the protection under the PDPA. This requirement not to transfer personal data unless in accordance with the prescribed requirements is referred to in Transfer Limitation Obligation (Chapter 19 – The Transfer Limitation Obligation). Any data transferred outside of Singapore is processed only in accordance with the PDPA and any other applicable law.

Skyee reserves the right to amend this Policy at any time and shall review this Policy as it deems necessary. By continuing to use our services from us or by your continued engagement with us following any change or revision to this Policy, you will be deemed to have agreed to and accepted such amendments.

Contact Skyee via email at service@skyee360.com to:

• Withdraw consent to any use of personal data such as for marketing purposes;
• Obtain access to personal data (charges and fee might be applicable);
• Make corrections to personal data;
• Clarify any questions relating to our collection, use and/or disclosure of personal data;
• Provide feedback regarding this Policy; and/or
• Make any complaint relating to how Skyee manages personal data.

Any query or complaint should include, at least, the individual’s full name, contact information and a brief description of the query or complaint. The Company shall treat such queries and complaints seriously and will deal with them confidentially and within the reasonable timeframe in accordance with this Policy.