CapitaLand Privacy Policy
Dear customers,
We would like to share the following information about our data privacy policy and practices.
Lawful Basis and Transparency: We only collect what is needed
We adopt a pragmatic “Data-light, Data-tight” approach in our business conduct. We conduct an information audit to determine what information we process and who has access to it. There is a legal justification for the data processing activities. Our company has presented clear information about our data processing in different businesses and legal justification in the CapitaLand Group Personal Data Protection Policy (See enclosed).
California consumers can find specific disclosures, including “Notice at Collection” details, under paragraph 13.
EU and UK consumers can find specific information on the categories of data we process, our purposes of processing, their legal bases, retention periods, and data transfers, under paragraph 14.
How we practise Data Security
Data protection is taken into account at all times, from the moment we collect your personal data in business activities. We encrypt, pseudonymise or anonymise the data wherever possible. This is something that our staff are always aware of. We have internal data protection policies and IT security policy for our staff, and build awareness about data protection. Our business leaders know when to conduct a data protection impact assessment if applicable and we have a process in place to carry it out. For data breach matters, we have a process to notify authorities and other stakeholders where required, that is guided by an internal data breach reporting policy and business continuity management programme.
Accountability and Governance are our Priorities
We have Data Protection by Design and by Default. Our company has designated business leaders and data protection champions across the company to ensure compliance with EU GDPR, UK GDPR, Singapore PDPA and other data protection/privacy laws and regulations in the countries we operate in. We signed data processing agreement with third parties that process personal data in the business activities. We have a global network of Data Protection Officers or equivalent authorised persons as per applicable law in the countries / regions we operate in, who are familiar with our business activities and data processing, to ensure that your personal data is protected according to our policies and applicable legislations. As our company is headquartered outside EU, we have also appointed a representative in the EU and UK.
We respect your Data and Privacy Right
We have proper security procedures to handle our customers who make requests about their personal data that is with us. It is easy for our customers to correct or update inaccurate or incomplete information. They also have rights to object, and to complain, where applicable. We do not use automated processes to make decision about our customers. If there is use of Artificial Intelligence/Machine Learning or use of website / app cookies or similar technologies to make decision, this is notified to our customers on the relevant company websites / apps where such activities are taking place.
CapitaLand Group's Personal Data Protection Policy
Personal Data Protection is important to us
Protection of your Personal Data is important to us. This CapitaLand Personal Data Protection Policy (“Policy”) outlines how we manage the Personal Data we hold in One CapitaLand Ecosystem. The Policy applies to:
a) CapitaLand Group Pte. Ltd. (Registration Number 198900036N) that carries out real estate development through its development arm CapitaLand Development;
b) CapitaLand Investment Limited (Registration Number 200308451M) that carries out the businesses of listed fund management, private fund
management, lodging management and commercial management as well as investments in real estate; and/or
c) related corporations and affiliates (also described in the “How to contact us” paragraph 10.1 of this Policy);
referred to hereunder as “CapitaLand”, the “CapitaLand Group”, “we”, “us” or “our” collectively or singularly as the context requires.
What does this Policy cover?
This Policy describes how we will make use of your data in particular (i) when you interact with us and our websites, (ii) when you purchase products and services from us, (iii) when you create online accounts with us, (iv) when you interact with our app, (v) when you take part in our loyalty programs and other promotional activities, (iv) when you apply for a position with us, and (v) in any other interaction with us.
It also describes your data protection rights, which may include the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your Rights” section of this Policy under paragraph 6.
For the avoidance of doubt, any Personal Data collected by third party operators of our properties is not covered by this Policy. Third party operators refer to operators who are not members of the CapitaLand Group. These third party operators operate their business on these properties independently of the CapitaLand Group and the Personal Data of individuals such as guests and vendors are collected by the third party operators for their own purposes. CapitaLand Group does not have access to such Personal Data. Individuals should check directly with the third party operators on their data rights.
We respect the confidentiality of Personal Data and privacy of individuals and are committed to complying with the Singapore Personal Data Protection Act 2012 (“PDPA”) and other applicable data protection laws, including the European Union (“EU”) General Data Protection Regulation and the United Kingdom (“UK”) General Data Protection Regulation (collectively or singularly, as the context requires, the “GDPR”), where applicable. Please read this Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
We adopt a pragmatic “Data-light, Data-tight” approach in our business conduct.
“Data-light” means that we collect Personal Data only for what is required in business or in activities conducted by our organisation and will properly destroy the Personal Data once there is no business or legal purpose as per applicable law. We do not collect Personal Data randomly or indiscriminately without purpose.
“Data-tight” means that we do not disclose your Personal Data unless there is a legal basis to do so or prior consent has been obtained and we have administrative, physical and Information Technology (IT) security measures to protect your Personal Data.
This Policy aims at assuring transparency only, and so it supplements, but does not supersede nor replace, any consents you may have previously provided to us or will provide in respect of your Personal Data. This Policy also does not affect any rights which any member of the CapitaLand Group may have at law in connection with the collection, use or disclosure of your Personal Data.
For the avoidance of doubt, to the maximum extent permitted under applicable law, nothing in this Policy establishes any joint and several liability on the part of the CapitaLand Group members.
Generally, we process your Personal Data for one or more of the specific purposes identified in this Policy based on your consent obtained.
However, where the GDPR applies, we mainly rely on other legal bases for our processing of your Personal Data as described in the European Addendum in paragraph 14 of this Policy. In particular, we rely on the legitimate interests pursued by us or a third party such as managing the relationship between CapitaLand and you and facilitating internal business purposes and administrative purposes. In some cases, the provision and processing of your Personal Data may be a statutory and/or contractual requirement, or may be necessary in order to perform any contract you have agreed with us or perform services that you have requested. In such cases, we rely on necessity to perform legal obligation or necessity to perform a contract with you as the applicable legal basis to process your Personal Data.
In addition, if your Personal Data has been collected, used or disclosed by us in a particular jurisdiction which has specific requirements or exceptions to the definition of Personal Data, including sensitive Personal Data, we will comply with those requirements under the applicable data protection regulations in that jurisdiction.
1. Your Personal Data
1.1. “Personal Data” (or an equivalent terminology as per applicable law) refers to any data or information about you from which you can be identified either (a) from that data alone; or (b) from that data combined with other information. Examples of such Personal Data which you may provide us include (depending on the nature of your interaction with us):
a) your name, national registration identification number, passport number or other identification number, telephone number(s), mailing address, email address, facial image in a photograph or video recording (CCTV), car plate numbers, vehicle ID number, voice, biometric data (including finger or palm prints and facial characteristics for facial recognition) and any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with you;
b) information about your use of our websites, apps and services, including cookies, IP addresses, subscription account details and membership details;
c) your employment history, education background, and income levels; and
d) your payment related information, such as your bank account or credit card information, and your credit history.
2. Collection of Personal Data
2.1. Generally, we collect your Personal Data in the following ways:
a) when you submit forms relating to any of our products or services, or submit any online queries;
b) when you register for or use any of our services on websites owned or operated by us or when you register as a member on any of our websites owned and/or operated by us;
c) when you register for or use any of our services, including accessing our properties or registering for your stay at our serviced apartments or hotels, through self-service check-in booths or kiosks located at the properties;
d) when you interact with our customer service officers or any of our staff, for example, via face-to-face meetings, business interactions in events and exhibitions, telephone calls, letters, online forms (such as any “Contact Us” forms on our websites), online reservation chat, social media platforms and emails;
e) when you use or purchase our services or products;
f) when you establish any online accounts with us (such as Ascott Star Rewards accounts);
g) when you request that we contact you;
h) when you respond to our request for additional Personal Data;
i) when you ask to be included in an email or other mailing list;
j) when you respond to our promotions or other initiatives;
k) when you respond to our market surveys;
l) when you submit a job application or a scholarship application;
m) when we receive references from business partners and third parties, for example, where you have been referred by them;
n) when you submit your Personal Data to us for any other reason; and
o) when you browse our websites or use our apps. Please refer to paragraph 8 (Cookie Policy) below for more information.
We may monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation, and identity verification purposes, and while receiving feedback, responding to your queries, requests and complaints and other related purposes. Such monitoring or recording will be done in accordance with applicable law.
2.2. If you provide Personal Data of a third party (e.g. information of your dependent, spouse, children and/or parents) to us, you represent and warrant that the collection, use and disclosure of that Personal Data to us, as well as the further processing of that Personal Data by us for the purposes set out in this Policy, is lawful.
2.3 We take the privacy of children very seriously. We do not knowingly collect (nor do we wish to collect) any personal identifiable information from children who are below the age of 16 or as stipulated under applicable law. In the event we are notified of or made aware that such information has been collected, we will delete that information from our database and terminate the corresponding account, if any.
3. Use and Disclosure of Personal Data
3.1. Our business is to understand and meet your needs and provide you with the products and services that you require. To do this effectively, we need to collect a range of Personal Data about you. If you are in the EU or in the UK (“Europe”, “European”), please see the European Addendum in the paragraph 14 below for details on how we use and disclose your Personal Data.
3.2. In general, we will, subject to applicable law, use and disclose your Personal Data for the following purposes:
a) provide you with the products or services that you have requested;
b) help us review, develop, improve, manage the delivery of and – to the extent this requires the use of Personal Data – enhance our products and services, including analysing future customer needs, conducting market research and data analytics;
c) communicate with you and respond to your queries, requests and complaints;
d) provide ongoing information about our products and services which may be of interest to you;
e) handle disputes and conduct and facilitate investigations and proceedings;
f) protect and enforce our contractual and legal rights and obligations;
g) prevent, detect and investigate crime, including fraud and money-laundering, and analyse and manage other commercial risks;
h) manage our infrastructure and business operations and comply with internal policies and procedures;
i) facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any CapitaLand Group entity; and
j) comply with any applicable rules, laws and regulations, codes of practice or guidelines or assist in law enforcement and investigations by relevant authorities.
3.3. In addition, we may use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
a) If you have a membership account with us (for example as a member of CapitaStar or Ascott Star Rewards):
(i) process your application for the account;
(ii) maintain your account with us;
(iii) verify your personal particulars and process payment requests in relation to provision of the services which you may be entitled to or which you may have requested for;
(iv) provide you with the goods and services which you have signed up for;
(v) communicate with you of changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
(vi) resolve complaints and handle requests and enquiries;
(vii) conduct market research for statistical, profiling and statistical analysis for the improvement of services provided to you; and
(viii) process your Personal Data in relation to any of the purposes stated above.
b) If you download or use any of our mobile applications (apps):
(i) process your application for subscription services if they are provided in the apps;
(ii) maintain your account with us;
(iii) verify and process your personal particulars and process payment requests in relation to provision of goods and services connected to the app;
(iv) provide you with the goods and services which you have signed up for;
(v) communicate with you changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
(vi) resolve complaints and handling requests and enquiries;
(vii) conduct market research for statistical, profiling and statistical analysis for the improvement of services provided to you; and
(viii) process your Personal Data in relation to any of the purposes stated above.
c) If you are a prospective tenant or a tenant of any of our properties:
(i) conduct due diligence checks;
(ii) prepare lease and/or license documentation and any other documents as may be required;
(iii) perform administration of the lease and/or licence;
(iv) perform financial transactions such as rental payments;
(v) communicate with you changes and development to our policies, terms and conditions and other administrative information; and
(vi) any other purpose related to any of the above.
d) If you are a prospective user or a user of co-working space:
(i) conduct due diligence checks;
(ii) prepare agreements and any other documents as may be required for your use of our co-working space;
(iii) perform administration of agreements that you have with us, including access to our co-working space;
(iv) perform financial transactions such as payments;
(v) communicate with you changes and development to our policies, terms and conditions and other administrative information; and
(vi) any other purpose related to any of the above.
e) If you are a prospective user or a user of our data centres and for any reasonable purpose for the servicing of your agreement, occupation or in good management of our data centres by us or any of our authorised service providers:
(i) conduct due diligence checks;
(ii) prepare agreements and any other documents as may be required for your use of our data centre;
(iii) perform administration of agreements that you have with us, including access to our data centre;
(iv) perform financial transactions such as payments;
(v) communicate with you changes and development to our policies, terms and conditions and other administrative information; and
(vi) any other purpose related to any of the above.
f) If you are purchasing property from us or have indicated an interest in purchasing property from us:
(i) conduct due diligence checks;
(ii) prepare sale documentation and any other documents as may be required;
(iii) perform administration of the sale including handing over of possession of property and attending to defects rectification;
(iv) perform financial transactions such as progress payments for the sale;
(v) communicate with you changes and development to our policies, terms and conditions and other administrative information;
(vi) comply with any relevant legal or regulatory obligations, including maintaining the strata roll of the property development; and
(vii) any other purpose related to any of the above.
g) If you are a resident at one of our serviced apartments or hotels, or an employee or an organisation which is a customer of our serviced apartments or hotels:
(i) conduct due diligence checks;
(ii) establish user profiles to improve services and for marketing purposes;
(iii) meet quality assurance, employee training and performance evaluation purposes;
(iv) maintain the client relationship;
(v) prepare lease documentation and any other documents as may be required;
(vi) perform administration of the lease;
(vii) perform financial transactions such as payments for the period of stay, and enforce repayment obligations, credit and internal risk management;
(viii) communicate with you changes and development to our policies, terms and conditions and other administrative information; and
(ix) any other purpose related to any of the above.
h) If you are a shareholder, unitholder or Stapled Securityholder of our shares:
(i) administer the relationship, including the verification of your identity and/or the identity of your proxy (as may be applicable);
(ii) inform you of our performance and the products and services that we provide to our customers through circulars, reports, newsletters and communications;
(iii) communicate with you changes and development to our policies, terms and conditions and other administrative information; and
(iv) any other purpose related to any of the above.
i) If you are a vendor, a prospective vendor or a contractor:
(i) evaluate your proposal;
(ii) conduct background checks on you;
(iii) communicate with your deployed staff, after award of contract, who are in our properties to carry out work or services, and for any emergency or/and security concerns; and
(iv) any other purpose related to any of the above.
j) If you submit an application to us as a candidate for employment:
(i) process your application including pre-recruitment checks;
(ii) provide or to obtain references for background screening/vetting;
(iii) collect information about your suitability for the position applied for; and
(iv) any other purposes related to the aforesaid.
k) If you are an existing employee, CapitaLand Group’s Employee Personal Data Protection Policy would also apply to you.
3.4. The above purposes are not exhaustive, and depending on the nature of your relationship with us (for example, if you are a member of CapitaStar or Ascott Star Rewards), we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with applicable laws, and/or terms and conditions, and where necessary we will collect your consent for them.
3.5. When you apply for or hold a co-brand product which is offered jointly by us and our co-brand partner(s), we may also collect, use and disclose your Personal Data for the purpose of sharing your Personal Data with the co-brand partners for offering, marketing and promoting to you any products, services, offers or events which the co-brand partner thinks may be of interest to you. We will only share your Personal Data with the co-brand partners where permitted by applicable law.
3.6. Where you have provided us with specific consent or based on other lawful basis, as applicable, we may also use and disclose your Personal Data for the following purposes:
a) provide services and extend benefits to you, including promotions, loyalty and reward programmes, send you industry market updates (e.g. in real estate), newsletters (e.g. on property) and other information on our products, services, offers or promotions which may be of interest to you and conduct market research to develop special offers, promotional and/or marketing programmes; and
b) administer contests, competitions and conducting lucky draws, including, where necessary, announcing the results of these contests, competitions and lucky draws and identifying and contacting the winners.
3.7. In relation to particular products or services or in your interactions with us, we may also notify or have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes, in line with applicable law.
3.8. Your Personal Data will be protected and kept confidential, but subject to the provisions of any applicable law, your Personal Data may, depending on the products or services concerned, be disclosed to third parties set out below. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to third parties. Your Personal Data will, in each case, only be disclosed to the extent necessary and proportionate.
The third parties are:
a) other divisions or entities within the CapitaLand Group;
b) our joint venture/ alliance partners;
c) our agents, contractors, third party service providers and specialist advisers who have been contracted to provide us with administrative, financial, research, operational or other services such as telecommunications, information technology, payment, payroll, training, market research, storage and archival;
d) any third party business partners who offer goods and services or sponsor contests or other promotional programmes, whether in conjunction with us or not, and where permitted by applicable laws;
e) insurers or insurance investigators and credit providers;
f) the Credit Bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
g) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving the CapitaLand Group;
h) our professional advisors such as our auditors and lawyers;
i) relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority;
j) anyone to whom we transfer or may transfer our rights and obligations, including, for example, where we obtain the services of a third party organisation to handle any aspect of the processing of your Personal Data for the purposes notified to you in accordance with this Policy;
k) banks, credit card companies and their respective service providers;
l) third party technology solution providers such as consent management platforms, social media platforms, analytics providers and advertising companies and networks; and
m) any other party as may be consented to by you, as specified by you or as may be notified to you by us in subsequent notices.
3.9 We require that organisations outside the CapitaLand Group which handle or obtain Personal Data as service providers to us acknowledge the confidentiality of this data, undertake to respect any individual's right to privacy and comply with the PDPA, the GDPR and any other applicable data protection laws. As a requirement under these laws, we may be required to have specific agreements in place with such third parties to regulate and safeguard your data protection rights. We also require that these organisations use this information only for our purposes and follow our directions with respect to this information.
4. Transfer of Personal Data
4.1 Your Personal Data may be stored in external servers located overseas or in countries outside of your country of residence. In addition, as described above, in carrying out our business, it may be necessary to share information about you with and between our related corporations and affiliates, and third party service providers, some of which may be located in countries outside your country of residence. We will take reasonable steps to ensure that your Personal Data transferred outside of your country of residence is adequately protected. In addition, we will ensure that such transfers comply with the requirements of the applicable data protection laws.
4.2 For those in Europe, please see the European Addendum in paragraph 14 of the Policy for further details on how we transfer your data abroad.
5. Retention of Personal Data
5.1 We may retain your Personal Data for as long as it is necessary for the purposes it has been collected, and in most cases, up to 7 years unless otherwise permitted by applicable law or in order to defend legal claims. Where we no longer require your Personal Data for those purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.
5.2 For those in Europe, please see the European Addendum in paragraph 14 of the Policy for further details on Personal Data retention.
6. Your Rights
6.1 You have the following rights, under applicable data protection laws:
a) to obtain from us confirmation as to whether or not your Personal Data is being processed and request a copy of your information.
b) rectification of your Personal Data. We endeavour to ensure that all Personal Data we have about you is accurate and up-to-date. We understand that this information changes frequently with changes of address and other personal circumstances. We encourage you to contact us as soon as possible to enable us to update any Personal Data we have about you. Incomplete or outdated Personal Data may result in our inability to provide you with products and services you have requested;
c) where the processing of your Personal Data is carried out by automated means, you have the right to receive your Personal Data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller (the right to data portability);
d) in certain circumstances, you can request to have your Personal Data deleted or restrict the processing of it;
e) if we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances, and to the extent permitted under applicable laws. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is necessary for legal reasons. Where we use your data for direct marketing purposes, including profiling, you can always object using the unsubscribe link in such communications or by contacting us at the details provided in paragraph 10.1 below;
f) prevent any processing of Personal Data that is causing or is likely to cause unwarranted and substantial damage or distress to you or another individual;
g) for individuals in France, to instruct us on the processing (retention, deletion, disclosure) of your Personal Data after your death. You can change or revoke such instructions at any time; and
h) to lodge a complaint about the way in which your Personal Data is being used to a supervisory authority or a regulatory authority as per applicable law. If you are located in Europe, you can contact the supervisory authority in the member state of your habitual residence, your place of work, or in the country where the alleged infringement took place, or where the relevant member of the CapitaLand Group which has used your Personal Data is located. If you are in the EU, you can find information about your data protection authority here. If you are in the UK, this will be the Information Commissioner’s Office. In the UK, you also have the right to complain to us directly, using the contact details set out in this Policy.
6.2 Where we rely on your consent to use your Personal Data, you have the right to withdraw that consent at any time. This withdrawal will however not affect the lawfulness of processing based on your consent before your withdrawal.
For individuals outside Europe, if you withdraw your consent to any or all purposes and depending on the nature of your request, we may not be in a position to continue to provide our products or services to you. Please note, however, that if you have provided us consent in respect of the use of your Singapore telephone number(s) for receiving marketing or promotional information, any such consent provided will not be affected by your withdrawal of your other consent in accordance with the terms set out in this Policy. If you do not wish for your Singapore telephone number(s) to be used for receiving marketing or promotional information, please contact the relevant Data Protection Officer and specify that you wish to withdraw your consent for such purpose.
6.3 The exercise of these rights may not be applicable in your country or may be restricted under applicable laws – for example, due to judicial proceedings or the carrying out of investigations or if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
6.4 Where mandated under the applicable data protection laws, your exercise of the rights described or referred to above shall be free of charge. In all other situations, we may charge a fee to cover the cost of verifying the request and locating, retrieving and copying any material requested.
6.5 If you want to exercise any of your rights or if you wish to raise a complaint on how CapitaLand Group has handled your Personal Data, you may contact the relevant data controller or the Data Protection Officer (or equivalent authorised person as per applicable law) at the contact details provided in paragraph 10.1 below.
7. Management and Security
7.1 We have appointed Data Protection Officers (or equivalent authorised persons as per applicable law) to oversee our management of your Personal Data in accordance with this Policy and the applicable data protections law. We train our employees who handle your Personal Data to respect the confidentiality of your Personal Data, and we regard breaches of all applicable data protection laws very seriously.
8. Cookie Policy and links to other websites
8.1 We use cookies and similar technologies when you use our websites or apps (as applicable). CapitaLand websites have made use of a Cookie Consent Management (CCM) platform to help our online users know which cookies are used on our websites and why they are used and to express their choices in relation to Non-Essential Cookies. Please see our Cookie Policy for more details. For details on third-party cookies see the Cookie Policy. We encourage you to learn about the privacy policies and cookie policies of such third parties.
We use two types of cookies, Essential Cookies and Non-Essential Cookies. Please see our Cookie Policy for more details.
8.2 Our website may contain links to other websites operated by third parties, such as our business partners. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third parties. Once you have left our website, you should check the applicable privacy policy of such third parties at their respective websites to determine how they will handle any information they collect from you.
9. Telemarketing Policy
9.1 This section outlines our telemarketing policy which relates only to individual users of Singapore telephone numbers and was developed to comply with the Do Not Call (“DNC”) provisions under the PDPA. Our telemarketing policy applies to the CapitaLand Group unless we have notified you otherwise in writing.
9.2 We aim to comply with the DNC provisions and your choices to receive promotional and marketing messages:
a) If you have registered your Singapore telephone number with the relevant Singapore DNC registers, we will not send you promotional and marketing messages via SMS, fax, calls and other means (as applicable).
b) However, if you have previously consented to our sending you such messages to your Singapore telephone number(s), we will continue to do so until you withdraw such consent, regardless of your DNC nominations.
c) Also, if you currently have an existing, ongoing relationship with us, depending on the nature of that relationship, we may continue to send you promotional or marketing messages via SMS, fax, calls or any means, about products and services which are related to that ongoing relationship notwithstanding your registration with the DNC Registry, unless you opt-out of receiving such messages.
10. How to contact us
10.1 If you have any questions about this Policy or any queries relating to your Personal Data, or you would like to exercise your rights, for example to obtain access and/or make corrections to your Personal Data records, please contact the relevant data controller, or Data Protection Officers (or equivalent authorised persons as per applicable law):
CapitaLand Group Pte. Ltd
Address: 168 Robinson Road #30-01 Capital Tower Singapore 068912
Email: cldgrp_dpo@capitaland.com
CapitaLand Investment Limited
Address: 168 Robinson Road #30-01 Capital Tower Singapore 068912
Email: groupdpo@capitaland.com
CL International Management (UK) Ltd
Address: 6th Floor 2 London Wall Place, London, England, EC2Y 5AU
Email: europe.dataprotection@capitaland.com
UK Representative: Mr Graham Foster.
CapitaLand Malaysia Trust
Address: Unit No. 1-27, Level 27, Naza Tower No. 10, Persiaran KLCC
50088 Kuala Lumpur
Email: cmamydpo@capitaland.com
Privacy Policy site: https://www.capitaland.com/content/dam/capitaland-sites/international/legal-notices/BM-CapitaLand-Personal-Data-Protection-Policy-030725.pdf
CapitaLand Investment Management Korea Co Ltd
Address: Level 6, Seoul Finance Centre, 136 Sejong-daero, Jung-gu
Seoul, 04520, Korea
Email: korea.dataprotection@capitaland.com
Privacy Policy site: https://www.capitaland.com/kr/ko/footer-links/privacy-policy.html
CapitaLand Japan Kabushiki Kaisha
Address: Marunouchi Nakadori Building 6F, 2-2-3 Marunouchi, Chiyoda-ku,
Tokyo 100-0005, Japan
Email: Compliance_jp@capitaland.com
Privacy Policy site: 個人情報保護宣言.pdf
Wingate Group Holdings Pty Ltd
Address: Level 48, 101 Collins Street, Melbourne VIC 3000
Email: privacy@wingate.com.au
Privacy Policy site: https://www.wingate.com.au/legal/
The Ascott Limited
Address: 168 Robinson Road #30-01 Capital Tower Singapore 068912
Email: data.protection@the-ascott.com
For individuals residing in Georgia,
Email: data.protection@the-ascott.com
Representative: Mr Stephane Mayer
Citadines SA (a wholly owned subsidiary of The Ascott Limited)
Address: 120 rue jean jaurès F-92532 Levallois-Perret cedex France
Email: data.protection@the-ascott.com
EU Representative: Mr Stephane Mayere
For individuals residing in the EU and UK, we have appointed Bird & Bird Privacy Solutions as the Data Protection Officer who can be contacted at:
Name: Bird & Bird DPO Services SRL
Address: Avenue Louise 235 b 1, 1050 Brussels, Belgium,
Email: dpo.capitaland@twobirds.com
11. Governing Law
11.1 To the extent permitted by applicable law, this Policy and your use of this website shall be governed in all respects by the laws of Singapore. For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.
12. Review of this Policy
12.1 This Policy will be reviewed from time to time by us to take into account new laws and technology, changes to our operations and practices and the changing business environment. Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels. We will provide you with a new privacy policy when we make substantial updates, as may be required under applicable laws. If you are unsure whether you are reading the most current version, please contact us. We may also notify you in other ways from time to time about the processing of your personal information.
12.2 In the event of any inconsistencies between the English version and other translations of this Policy, the English version shall prevail.
13. California Privacy Rights Addendum
13.1 If you are a California resident and the processing of Personal Data about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that data.
a) Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of Personal Data and Sensitive Personal Data to be collected, the purposes for which such data is collected or used, whether such data is sold or shared, and how long such data is retained. You can find those details in this Policy below and by clicking on the above links.
b) Right to Know. You have a right to request that we disclose to you the Personal Data we have collected about you. You also have a right to request additional data about our collection, use, disclosure, or sale of such Personal Data. Note that we have provided much of this data in this Policy. You may make such a “request to know” by contacting the relevant Data Protection Officer at the contact details provided in paragraph 10.1 or by emailing us at us.dataprotection@capitaland.com.
c) Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate Personal Data and that we delete Personal Data under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, contact the relevant Data Protection Officer at the contact details provided in paragraph 10.1 or email us at us.dataprotection@capitaland.com.
d) Right to Opt-Out / “Do Not Sell or Share My Personal Data”. You have a right to opt-out from future “sales” or “sharing” of Personal Data as those terms are defined by the CCPA.
Note that the CCPA defines “sell,” “share,” and “personal Data very broadly, and some of our data disclosures described in this Policy may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online services, but do not “sell” or “share” any other types of Personal Data. If you do not wish for us or our partners to “sell” or “share” Personal Data relating to your visits to our sites for advertising purposes, you can make your request by selecting ‘Only essential cookies’ on our websites, emailing us at us.dataprotection@capitaland.com, or using other controls described in our Cookie Policy. If you opt-out using these choices, we will not disclose or make available such Personal Data in ways that are considered a “sale” or “sharing” under the CCPA. However, we will continue to make available to our partners (acting as our service providers) some Personal Data to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal data or stop all interest-based advertising.
We do not knowingly sell or share the Personal Data of minors under 16 years of age.
e) Right to Limit Use and Disclosure of Sensitive Personal Data. As described in paragraph 1.1 above, we may collect certain Sensitive Personal Data, including government-issued identification numbers (such as Passport numbers) and biometric information (such as fingerprints). Under the CCPA, you have a right to limit our use of your Sensitive Personal Data for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that we do not use Sensitive Personal Data for any such additional purposes.
13.2 You may designate, in writing or through a power of attorney, an authorised agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorised it to act on your behalf, and we may need you to verify your identity directly with us.
13.3 Further, to provide, correct, or delete specific pieces of Personal Data we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.
13.4 Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
13.5 Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided Personal Data to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal data to any third parties for the third parties’ direct marketing purposes.
13.6 We comply with this law by offering our customers a choice about the disclosure of Personal Data to third parties for their direct marketing purposes, and you can make or change such choice by emailing us at us.dataprotection@capitaland.com.
13.7 California Customers may request further information about our compliance with this law by emailing us.dataprotection@capitaland.com. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.
14. European Addendum (for EU and the UK)
For individuals in the EU or UK, we provide additional information on our data processing practices below. The European Addendum has priority in case of discrepancies with the other paragraphs of this Policy.
14.1 What data do we collect?
We collect and process Personal Data about you when you interact with us and our websites and apps, when you purchase products and services from us, when you apply for a job with us, or when you contact us in any other matter. This includes:
Category |
Details |
Identification Information |
Your name, national registration identification number, passport number, or other identification number |
Contact Information |
Telephone number(s), mailing address, email address |
Delivery Details |
Payment related information, such as your bank account or credit card information and your credit history |
Employment Information |
Your employment history, education background and income levels |
Device Information |
Information about your use of our websites and services, including cookies, IP addresses, the device or browser that you use, subscription account details and membership details |
Biometric Data |
Biometric data, including finger or palm prints and facial characteristics for facial recognition |
Recordings |
Your facial image in a photograph or video recording, and car plate registration numbers, in particular recorded on CCTV, voice. |
Sometimes, we receive information about you from third parties. In particular: vendors, property or recruitment agents, investors, lawyers, accountants, other advisers and consultants, fund administrators, customers, intermediaries, online platforms, travel agencies, brokers and other business partners, identity verification services, and credit reference agencies, sources designed to detect and prevent fraud. We may also collect Personal Data through publicly available sources such as public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, sanctions screening databases, and regulatory authorities.
14.2 How do we use this information, and what is the legal basis for this use?
We will only use your Personal Data for the purposes and legal bases set out below:
Purpose of processing |
Legal basis for processing |
Categories of personal data |
We will collect, use and store your Personal Data to: · provide you with the services and products you have requested and adjust them to your preferences; · process your application for the account or subscription service; · maintain your account with us; · verify your personal particulars and process payments; · resolve related complaints and handle requests and enquiries; and · communicate to you changes and developments to our policies, terms and conditions and other administrative information, including for the purpose of servicing you in relation to products and services we offer. We may monitor or record phone calls and customer-facing interactions for identity verification purposes and, for responding to your queries, requests and complaints and other related purposes. |
It is necessary for us to process your personal data in order to perform our contract with you, or to take steps at your request prior to entering into a contract with you. We have a legitimate interest in operating our services and products, websites and apps, and in improving their operation. As required by applicable law, we collect your consent for recordings and cookies. Explicit consent for Biometric Data |
Identification Information Contact Information Delivery Details Recordings Biometric Data
|
We will collect, use and store your Personal Data to: · review, develop, improve, manage the delivery of and enhance our products and services, in particular websites and apps, including to analyse future customer needs; · conduct market research and data analytics (which does not result in solely automated decision-making, including profiling); and · measure the effectiveness of our activities and campaigns We may monitor or record phone calls and customer-facing interactions for quality assurance, employee training, performance evaluation and identity verification purposes and, when receiving feedback, for responding to your queries, requests and complaints and other related purposes. |
We have a legitimate interest in operating our business, services, products, website and apps and improving their operation. We have a legitimate interest in managing our business and providing services to our clients. As required by applicable law, we collect your consent to recordings and cookies. |
Identification Information Contact Information Delivery Details Device Information Recordings |
We will collect, use and store your Personal Data to communicate with you on other matters and respond to your queries, requests and complaints.
|
Legitimate interest in communicating with you.
|
Identification Information Contact Information Delivery Details Device Information Recordings |
We will collect, use and store your Personal Data to: · extend benefits to you, including promotions, loyalty and reward programmes, to send you industry market updates (e.g., in real estate), newsletters (e.g., on property) and other information on our products, services, offers or promotions which may be of interest to you, and conduct market research to develop special offers, promotional and/or marketing programmes; and · administer contests, competitions and conducting lucky draws, including, where necessary, announcing the results of these contests, competitions and lucky draws and identifying and contacting the winners. |
Your consent. It is necessary for us to process your personal data in order to perform our contract with you, or to take steps at your request prior to entering into a contract with you. We have a legitimate interest in promoting our services to our clients. We have a legal obligation under tax laws related to our promotional activity.
|
Identification Information Contact Information Delivery Details Device Information
|
We will collect, use and store your Personal Data to provide ongoing information and ads about our products and services which may be of interest to you. |
Legitimate interest in promoting our services to our clients. Consent to direct marketing and cookies (as required by applicable law) |
Identification Information Contact Information Delivery Details Device Information |
We will collect, use and store your Personal Data to: · comply with any applicable rules, laws and regulations, codes of practice or guidelines, or assist in law enforcement and investigations by relevant authorities; · handle disputes and conduct and facilitate investigations and proceedings; · protect and enforce our contractual and legal rights and obligations; · prevent, detect and investigate crime, including fraud and money-laundering, and analyse and manage other commercial risks; and · assure security, including cybersecurity, access controls, network management and accessibility. |
We have a legal obligation under applicable laws. Legitimate interest in preventing and detecting fraud or other wrongdoing. Legitimate interest in defending our rights. In the UK, we may process your data for the recognised legitimate interests of preventing, detecting and investigating crime, assisting a public authority and/or safeguarding Explicit consent for Biometric Data.
|
All categories |
We will collect, use and store your Personal Data to manage our infrastructure and business operations and comply with internal policies and procedures.
|
Legitimate interest in managing and operating our business.
|
Identification Information Contact Information Delivery Details Device Information Recordings Employment Information |
We will collect, use and store your Personal Data to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any CapitaLand Group entity.
|
Legitimate interest in developing our business.
|
Identification Information Contact Information Delivery Details Device Information Recordings Employment Information |
We will collect, use and store your Personal Data for recruitment purposes, if you submit an application to us as a candidate for employment, including to: · process your application, including for pre-recruitment checks; · provide or obtain references for background screening/vetting; · collect information about your suitability for the position applied for; and · assess your performance. |
It is necessary for us to process your personal data to take steps at your request prior to entering into a contract with you or when performing a contract with you. We have a legitimate interest in choosing suitable candidates for positions with us. Your consent.
|
Identification Information Contact Information Employment Information |
There are instances where we have a legitimate interest to use your data. Our legitimate interest will vary depending on what we are using your data for, and we explain above what the interest is and how it relates to the processing operations that we are carrying out. Where we process Personal Data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals, and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details in paragraph 10.1 of this Policy. In the UK, there are certain legitimate interests that are recognised under the UK GDPR, where we are not required to carry out a balancing test. These are described in the table above.
Where we collect Personal Data to perform our contract with you or to comply with our legal obligations, providing such data is mandatory, and we will not be able to perform the contract, or we may be prevented from complying with our legal obligations to you or third parties (such as mandatory reporting, tax and accounting) without this information. In all other cases, provision of the requested Personal Data is optional, but if you choose not to provide the Personal Data, this may affect your ability to receive certain services or take part in certain activities where the information is needed for those purposes.
14.3. Data transfers
Personal Data may be transferred to and stored at a destination outside of Europe. Due to the global nature of our business, your Personal Data will be disclosed to CapitaLand Group Companies outside of Europe, in particular to Singapore.
All our personal data transfers are compliant with applicable data protection laws. The agreements we have in place within CapitaLand Group and with our third-party vendors and partners include appropriate safeguards to ensure that data flows are safe and that individuals can exercise their data protection rights. These include standard contractual clauses approved by the EU Commission, or other arrangements, as applicable in specific countries, and other safeguards as may be appropriate. We may also transfer data to countries with an adequate level of personal data protection based on decisions adopted by competent authorities, such as the adequacy decisions adopted by the European Commission or approved in accordance with the UK GDPR.
See the list of countries for which the European Commission has issued an adequacy decision here.
A list of countries approved in accordance with the UK GDPR is available here.
A copy of the relevant mechanism can be obtained for your review on request by using the contact details in paragraph 10.1 of this Policy.
14.4. Retention of Personal Data
We retain Personal Data for as long as we have a relationship with the individuals to whom the information relates and for a period after our relationship has ended. We will store your Personal Data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. If we have a contract with you, your Personal Data will be retained for the duration of your contract and for an appropriate duration after its termination in your country to protect us from any legal claim.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data; the potential risk of harm resulting from its unauthorised use or disclosure; the purposes for which we process the data and whether we can achieve those purposes by other means; and the applicable legal requirements. Unless otherwise required by applicable law, we will remove Personal Data from our systems and records or take appropriate steps to properly anonymise it at the end of the retention period.
(As at 15 September 2025)