May 2024
In compliance with Singapore's Personal Data Protection Act 2012 (No. 26 of 2016), we provide you with the following information about the processing of your personal data on our website(s).
This privacy policy applies to the following website (including any subdomain or section) property and responsibility of Qriller (hereinafter, "Website" as corresponds): qriller.com
In this legal document, the legally obligatory information on the processing carried out on your personal data in the context of our Website is provided.
The present Privacy Policy regulates the processing of your personal data performed by Qriller, collected through the use of the services offered on the Website (hereinafter, "Services").
The latest update of this Privacy Policy is indicated at the top of the document and it will become effective as of the date indicated in each version. Please ensure that you visit our Privacy Policy page (linked here qriller.com/policy/privacy) regularly to obtain updated information on how Website handles your personal data.
The access and use of the Website and the accompanying Services are governed by the Terms of Use of the Website.
1.1 Qriller, as a data controller, is responsible for the processing of the Users' personal information on the Website.
1.2 Data Protection Officer: [email protected]
1.3 You may send an email to [email protected] to raise any questions, request or exercise of right regarding personal data protection.
2.1 Your personal data is processed with different purposes, each with a lawful basis.
2.2 When you register an account with us on Website to access the Services, whether if its through traditional methods (e.g. email and password) or through third party identity services (e.g. Google), you have given us your informed, unequivocal and specific consent to the processing of your personal data aimed to a specific purpose.
2.3 Generally, we collect Personal Data in the following ways:
2.4 We do not process sensitive information such as date of birth, gender, or nationality.
2.5 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the Products and Services you have requested.
2.6.1 When you register as a user, we request the personal data that we need for the management and fulfillment of our contractual relationship with you.
2.6.2 When you are requested to provide personal data that is deemed as necessary, due to legal obligation or in accordance with our contracting conditions, and you refuse to provide them, we may not be able to formalize said contract or provide the service, which will be communicated to you properly.
2.6.3 Personal data processed: username, email address, and means of payment. All data are mandatory
2.6.4 You can open your account as a registered user on Qriller with your own account on other platforms, such as Google, using the federated Login that you will find at the top of our websites, and access whenever you want through them, without having to create and remember a specific username and password to access Qriller.
2.6.5 This option is possible due to the collaboration between Qriller and Google as the joint controllers of the processing of your personal data, so that (i) you can identify yourself directly on these platform, (ii) they confirm that you are who you say you are, and (iii) we provide you with your login as a registered user on Qriller.
2.6.6 Qriller obtains from this platform, with your previous consent, your username, image and email address in order to register you as a Qriller user. On the other hand, this platform collects online identifiers (IP address), technical identifiers (from your device, as well as their advertising identifiers such as your "Google ID") and record, each time you use their login, the date and time of your access to Qriller. Further information can be found in Google Privacy & Terms
2.6.7 You can exercise your rights of access, rectification, erasure, limitation of processing, portability and revocation of consent in relation to the personal data obtained from these platforms (and other data that you may have provided to Qriller in your relationship with us) by contacting Qriller at the email address provided in this policy.
2.6.8 Please note that the rectification or deletion of your data in your Qriller account does not automatically imply the rectification or deletion of your data and accounts on the platforms that authenticate your identity: you must also contact them to exercise your rights.
2.6.9 To exercise your personal data protection rights in relation to any other data arising from your relationship with these platforms, you should contact the relevant platform.
2.7.1 We automatically collect collect certain information when you visit, use, or navigate the Website. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name , country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security (e.g. security mechanisms to prevent DDoS or bots) and operation of our Services, and for our internal and/or external analytics and reporting purposes.
2.7.2 We disclose your analytical data, including and not limited to your IP address, browser, device characteristics, operating system, language preferences, referring URLs, device name, country location, information how and when you use our Services, and other technical information, to Google Analytics for the sole purpose of tracking and analysing the use of Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy and Terms page
Personal data processed: IP address, device id and certain metadata such as the browser used or the HTTP/HTTPS header.
2.8.1 When you contact us requesting information, support or feedback, we process your data in order to assist you, based on consent expressed in your own request.
Personal data processed: contact information that you provide us with in order to respond to your request and the content of your request.
3.1 We process your Personal Data only for the necessary period of time. We keep your Personal Data as long as you have an active account with us.
3.2 An active account is an account that has not been closed. You can carry out closure of account through your profile section or by writing in to [email protected].
Note that request for closure of accounts will only be processed once the identity of the user has been verified. For more, read the withdrawing consent # clause.
3.3 Once the account is no longer active, the data is immediately wiped from our servers, excluding from our backups which persists for 14 weeks and purely exist for data rollbacks should any services outage causing data loss event occur.
3.4 A small fragment of your Personal Data in the form of pseudo-anonymised data (generated unique user identifier) will persist with the same retention duration mentioned above in account closure request logs to identify closed accounts should any data rollbacks occur.
4.1 Strong security controls have been implemented to safeguard users' personal information against loss, misuse, unauthorised access, disclosure or alteration.
4.2 Additionally, we have systems in place to reduce personal damage and data exposure in the unlikely event our data is compromised.
4.3 For example, to protect your personal data, all transmission of data is done through secure protocols (e.g. transport layer security (TLS)) which requires approved encryption procedure to communicate data between your computer or device and Website's server, as long as your browser supports TLS.
4.4 In accordance with our commitment to your privacy and your data protection right, we exclusively choose only top-tier service providers, leaders in their respective sectors. This minimises the likelihood of company data being compromised.
4.5 We take steps to ensure that your information is treated securely (as mentioned above) and in accordance with this policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will use reasonable measures to protect your personal data, for example, by encryption, we cannot guarantee the security of your information transmitted via the Platform; any transmission is at your own risk.
4.6 We have appropriate technical and organisational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of users. We maintain these technical and organizational measures and will amend them from time to time to improve the overall security of our systems.
4.7 We will, from time to time, include links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.
5.1 We ask that you to immediately notify us of any changes to your data so that the information contained in our systems is up-to-date at all times and does not contain errors. In this sense, you represent and guarantee that the information and data that you have provided us is accurate, current and truthful.
6.1 We guarantee the exercise of rights established in the Personal Data Protection Act 2012.
6.2 You can exercise the rights described below in the following ways: accessing qriller.com/account with a logged in session, through the support form available on the Website or by emailing us at [email protected]](mailto:[email protected]).
Note that we may require you to verify your identity before taking action on the request for the exercise of rights.
6.3 As a User, you have the following rights:
6.4 Additionally, in the event of a notified data breach whereby company data is compromised, every individual affected user will be notified by Qriller.
6.5 Users who suffers direct loss or damage due to any implicit or explicit violation of specific provision by Qriller can seek redress from Qriller, either in the form of informal negotiations or civil proceedings in a court.
7.1 As described in earlier clauses, request of closure or termination of account is possible through the login page, or by writing the request to [email protected].
7.2 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide the Services to you or administer any contractual relationship that is already in place, which in turn may result in the termination of any agreements that you have with us, resulting in you being in breach of your contractual obligations or undertakings.
7.3 Any Personal Data collected up to the point in time of the request to withdraw your consent will be erased thereafter once we have confirmed your request. However, data may still persist in backups with a retention period of 14 weeks.
7.4 Data backups purely exists to mitigate company damage in the event of a data loss which may occur as a direct result of a service outage. This is known as data rollbacks. Should a data rollback occur, we will take action to erase the Personal Data of your closed action by reviewing the account closure request logs which contains pseudo-anonymised data (the generated unique user identifier).
7.5 Therefore, to carry out the above stated feature, a small fragment of your Personal Data will still be present for up to but no longer than 14 weeks.
8.1 Qriller does not transfer nor share collected personal data with third parties external to the business.
8.2 We may share personal information with other third parties to ensure compliance with applicable laws, including
8.3 These services provided by third parties are necessary for the development of Qriller's business activity. The processing of personal data is at all times subject to a contract which establishes the duties of the data processor towards the data controller (us). Under no circumstances will personal information be used for other purposes.
8.4 In the event of business transfers, we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
9.1 The Privacy Policy and your use of the Website is governed by Singapore law.
May 2025