Information, privacy and data security statement
WEX Finance Inc and Optal Singapore Pte Ltd are the card issuers in Singapore. WEX Asia Pte Ltd is an operating entity in Singapore. In addition, WEX Bank is the card issuer in Thailand and Hong Kong. The WEX Group, is committed to protecting your privacy and the confidentiality of your personal information.
We are bound by the Privacy Act 1988 (Commonwealth) as amended, and the principles set out in that Act.
This Information, Privacy and Data Security Statement outlines how we manage your personal information.
2. When and how do we collect information?
We collect information from you when:
- you apply for a WEX virtual credit card or for any other product that we may offer from time to time
- you communicate with us in person or over the telephone, send us a letter or an e-mail, or complete a form or survey on our website
We may also collect personal information about you from a third party:
- when considering an application by you for a WEX virtual credit card or another product we offer
- when taking steps to deal with an overdue payment owed by you
The third parties we collect information from includes credit reporting agencies, other creditors referred to in credit reports or in an application for a WEX virtual credit card or other product and your nominated referees.
Via our website
Our system automatically collects some information from your computer when you complete a membership application and when you log in to our system through one of our websites. Generally, the information that we collect in this way is not personal information and cannot be used to identify you.
3. What information do we collect?
The information we collect always includes your name and may also include your mailing address, telephone number, e-mail address, date of birth and your financial details. Where we collect information constituting your name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about you (not provided by you solely for your personal purposes), it may constitute business contact information, which is not subject to the data protection provisions of the PDPA.
In addition, our system automatically collects the unique network address of your computer, generally called the “IP address”, so that our system can send information to your computer. It is possible to determine the general geographical location of a computer from its IP address. But in all other respects an IP address is anonymous.
We only collect your email address when you voluntarily submit it to us. We do not use your email address and IP address to personally identify you.
For security and record keeping purposes, we use “cookie” technology to collect and retain information about the session between your computer and our system.
What is a “cookie”? A cookie is a small text file stored by a web site on your computer to keep track of information about your browsing on that site.
Where we collect information (which whether by its own or together with other information which we have or are likely to have access) which does not enable us to personally identify you, such information will not constitute personal data and will not be subject to the PDPA.
4. How do we use information?
When you submit an application to us, we collect your personal information primarily to:
- assess your application for a virtual credit card; and
- if we provide you with a virtual credit card, to administer that virtual credit card.
If you do not provide us with all of the personal information that we request, we may not be able to provide you with a credit account.
When you complete an online form or survey, we use the information provided to consider improvements to our products and to offer new products, including products offered by our partners that we think may interest you.
We also use information that we collect for the following additional ancillary purposes:
- for servicing our relationship with you
- for internal accounting and administration
- for regulatory compliance
- to protect us from error or fraud
- to help us identify and inform you about other products or services that might benefit you
From time to time, we may use the personal information collected from you to identify products and services which may benefit or interest you. We may contact you by email to let you know about those products or services.
If you do not wish to receive direct marketing, you can e-mail us at email@example.com or log in to the secure members’ login area on our website.
5. When do we disclose personal information?
We keep your personal information confidential
We keep your personal information including your name and account details confidential except:
- when the law requires us to disclose the information, such as to a law enforcement body or a court under a subpoena
- when disclosure is in the public interest, such as to disclose a suspected or actual crime or misdeed
- when it is in our interest, such as in relation to legal action to which we are a party
- in accordance with the provisions or exemptions provided for in the PDPA; or
- with your consent
Your consent can be:
- Given expressly, either verbally or in writing. For example, when you submit an application, whether via an online form or over the telephone, you give your express consent for us to obtain a credit report about you from a credit reporting agency.
- Implied from your actions or your decision not to take action. For example, if you use our telephone service and continue the call after hearing a message, including a recorded message, notifying you that we will monitor the call, we can reasonably conclude that you agree for the call to be monitored.
Who we disclose personal information to and why
We will not disclose your personal data to third parties for the purpose of direct marketing unless you have consented to this.
Where you have consented, we disclose your personal data to third parties such as our partners. For example, if you have purchased a product in conjunction with another service provided to you by a partner, we may disclose personal data to the partner so the partner can provide services to you.
Giving information to third parties
Sometimes, we give your personal data to service providers contracted by us so that they can help us provide services to you. The service providers are contracted to fulfil a specific function and we only disclose such personal data to them as is necessary to fulfil that function.
We may, from time to time, transfer to and store your personal data with contracted service providers located in the United States of America. If we do transfer your personal data to our service providers in the United States of America, it will be managed in accordance with the terms of the PDPA and the regulations promulgated thereunder (as may be amended from time to time) and with this Information, Privacy and Data Security Statement.
6. How do you access, update and correct personal data?
Accessing your personal data
You can request access to the personal data we hold about you. The time it takes for us to respond to your request depends on the type and quantity of personal data you wish to access. We may, at our discretion, charge a reasonable fee for your access to the personal data. Generally, we will contact you within three working days of your request to advise you of our estimated response time.
The law may prevent us from disclosing certain information to you. If this is the case, we will advise you accordingly.
You can contact us:
- By e-mailing us at firstname.lastname@example.org
If you are our customer, we provide a members’ login area on our website, which will allow you to view and update personal information. You can also opt out of receiving marketing communications and updates.
This information is transmitted back to us by the use of SSL technology (see the Security section below).
Keeping your personal data up-to-date
If any of your personal data changes, please contact us to update it so that we can continue to provide you with the best possible service. We will take reasonable steps to ensure your personal data is accurate, complete and up-to-date whenever we collect or use it.
Correcting your personal data
If you find that the personal data about you that we hold is inaccurate, incomplete or out-of-date, please contact us and we will correct it.
7. How do we keep your information secure?
We protect any personal data that we hold from misuse and loss. We also protect it from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Only authorised users can access your personal data, and access is only for approved purposes.
Your personal data may be stored in hardcopy documents, as electronic data, or in our software or systems.
We maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.
The Internet has rapidly changed the way we do business. It allows WEX to provide services that you can access from the convenience of your own office, home or via a mobile device.
We understand that you may be concerned about the confidentiality and security of the personal data we collect about you online. Accordingly, we have systems in place to ensure our online dealings with you are as secure and confidential as your dealings with us in person, or on the telephone.
Data collected and transferred through the secured member log in section of this site uses Secure Socket Layer (SSL) technology. This protects information being transmitted on-line by automatically applying to the message an encryption code that is “unreadable” to a computer that is not the intended recipient.
This site uses 128-bit encryption and authentication tools to protect your personal data. Encryption is the standard means of protecting information transferred between two parties over the Internet.
In the event that your personal data is transferred to a service provider in the United States of America, the data transferred is also protected by SSL technology. In addition, it is protected by an advance security method based on dynamic data and encoded session identifications, and is hosted in a secure server environment that uses firewalls, intrusion detection systems and other advanced technology to prevent interference or access from outside intruders.
You can obtain information about how credit reporting bodies with which we deal handle your credit related personal data by contacting them on the contact numbers, or at the addresses, that we have listed above.
If you think you are a victim of fraud, you can request that a credit reporting body not use or disclose credit reporting information about you.
If you believe that the privacy of your personal data has been compromised, you are entitled to complain. We will respond to your complaint as soon as possible but within 2 working days, to let you know who is responsible for managing your complaint. We will try to resolve the complaint within 10 working days. When this is not possible, we will contact you within that time to let you know how long we estimate it will take to resolve the complaint.
We have also appointed a Customer Advocate who will objectively and impartially investigate your complaint if you are dissatisfied with our internal complaints process.
How to make a complaint
If you have a complaint about the handling of your personal data, you are entitled to complain. We will take responsibility for your complaint at the point where the problem occurs. If your complaint is not resolved to your satisfaction, you can then contact our Privacy Officer (who is responsible for ensuring that we comply with the PDPA to the extent applicable) between 9am and 5pm [Singapore time], to deal with your complaint.
How to make a complaint
If you have a complaint about the handling of your personal data, you are entitled to complain. We will take responsibility for your complaint at the point where the problem occurs. If your complaint is not resolved to your satisfaction, you can then contact our Privacy Officer (who is responsible for ensuring that we comply with the PDPA to the extent applicable), to deal with your complaint.