Privacy Policy

Effective date 1 January 2023

  1.   Our commitment to your privacy
  2. Metal Manufactures (Singapore) Pte. Ltd. (“Company”,“we”,“us” or “our”) respects your privacy. The Company takes its privacy obligations very seriously and wishes to ensure you that your personal data is dealt with in accordance with the Personal Data Protection Act 2012 of Singapore (“Privacy Act”) and this privacy policy.

    This policy documents how we manage personal data (as defined in the Privacy Act), and is intended to enhance the transparency of our company’s operations, by notifying you of your rights and our obligations and provide information regarding:

      (i)

      the kinds of personal data which we will collect and hold;


      (ii)

      how we will collect, hold, use and disclose personal data;


      (iii)

      the purpose for which we collect, hold, use and disclose personal data;


      (vi)

      how you may access personal data that is held by us and seek correction of such personal data;


      (v)

      how you may complain about a breach of Privacy Act that binds us and how we will deal with such a complaint; and


      (vi)

      whether we are likely to disclose personal data to overseas recipients.

    This policy also includes our policy on the handling of credit reports and other credit-related information.

    We update our privacy policy periodically and encourage you to check our website regularly for any updates. A hardcopy of our privacy policy is also available upon request.

  1.   Our company
  2. The Company is a wholly owned subsidiary of Metal Manufactures Pty Limited (“MMPL”, the “MM Group”) incorporated in Australia. The MM Group provides support services to the Company.

  1.   Acknowledgements
  2. We acknowledge that we must take reasonable steps when handling personal data, and we will endeavour to follow this policy on each occasion, and have taken reasonable steps to comply with the Privacy Act, some examples are noted below.

      (i)

      Implementation of this privacy policy.


      (ii)

      Staff training and education (including internal procedures for our staff).


      (iii)

      Clear and transparent procedures regarding handling of complaints and disclosure of information.

  1.   Personal data
  2. For the purposes of the Privacy Act and this policy, “personal data” means data, whether true or not, about an individual who can be identified:

      (i)

      from that data; or


      (ii)

      from that data and other information to which the organisation has or is likely to have access.

    Some examples of personal data that we may collect include without limitation:

      a)

      your legal name;


      b)

      your business and trading names;


      c)

      the name and title of the individual who represents your organisation or access our websites on your behalf;


      d)

      the email address of that individual and the organisation;


      e)

      the website address and the domain type of your organisation;


      f)

      the telephone numbers, facsimile, postal and street addresses of the organisation information disclosed about your organisation in the enquiry or message submitted, including information we might be able to infer from the context such as sectoral, employment, turnover, geographical, and size issues;


      g)

      the subject matter of the enquiry or message;


      h)

      your browsing history on our website; and


      i)

      records of your communications and other interactions with us.

  1.   Purpose of collecting, using and disclosing personal data
  2. Primary purpose

    We will endeavour to only collect, use and disclose personal data which is relevant or reasonably necessary to the operation of our company and/or the provision or supply of goods and/or services to you or your organisation and to meet our contractual obligations to you or your organisation.

    We collect, use and disclose personal data in the administration of your account, which includes us contacting you or your organisation in order to update your account details (this assists us with keeping our records as up to date as possible) or in order to notify you of changes or improvements to our products or services that may affect our service to you. We may disclose personal data to third parties and administrators who assist in the administration of your account from time to time.

    We may also collect, use and disclose personal data for the following purposes:

      (i)

      assess credit applications;


      (ii)

      review existing credit terms;


      (iii)

      assess credit worthiness;


      (vi)

      collect overdue payments;


      (v)

      assess credit guarantees (current and prospective);


      (vi)

      internal management purposes;


      (vii)

      marketing of our services and products;


      (viii)

      sales of our services and products; and


      (xi)

      business development purposes and direct marketing of our services and products.

    We also collect, use and disclose personal data in order to satisfy our regulatory obligations under applicable laws and rules. In certain circumstances, personal data may be disclosed where required or authorised by law, for example, to government and regulatory authorities or in emergency situations and when assisting in lawful enforcement.

    Other purposes

    We may also collect, use or disclose personal data for both the primary purposes specified herein and purposes other than the primary purposes. In the event we shall use or disclose personal data for such use or disclosure which has not been informed hereunder, we shall notify you before such use or disclosure of personal data for that purpose.

  1.   How we will collect personal data
  2. Whenever it is reasonable and practicable to do so, we collect personal data about you directly from you. In some cases, personal data may be provided to us by third parties such as business associates or agents or collected from publicly available source. This will likely occur in instances where:

      (i)

      you have consented for this collection and use (which would usually be via our credit application form); or


      (ii)

      you would reasonably expect us to collect your personal data in this way and it is necessary for us to collect this information for a specific purpose.

    If you are asked to provide information about others it is your responsibility to ensure that you have their consent or are otherwise entitled to provide this information to us, and if necessary, we may require you to furnish us such supporting evidence as we may reasonably require to establish that such consent from the relevant individual has been obtained and has not be revoked. We may also collect, use or disclose personal data from other credit providers, credit reporting bodies and any other third parties for the purposes of our functions and activities including, but not limited to, credit, sales, marketing and administration.

    We may also collect personal data that we request from you regarding your use of our services or that we collect automatically from your visits to our websites.

    It is your responsibility to provide us with current and accurate personal data for the purposes set out above so that we can provide our services to you.

    Anonymous information

    If you or your organisation prefers, and to the extent that it is possible, it may choose to remain anonymous to the extent that the name of the organisation need not be provided to us, or in being provided, it is marked in a way that indicates that you prefer not to be personally identified. However, all data necessary for contractual relations to exist in real time, must be provided to us if we are to be able to fully supply you with our services.

    In circumstances where we are required to do so, or are authorised by law, a court or tribunal to ask for your identification, we will request your personal data.

    Further it is likely that it will be impractical for us to interact with you without some form of identification, and therefore we may request identification details from you at the beginning of each transaction. For example, we will not be able to open a commercial credit trading account or process a commercial credit application for you without obtaining identification details.

  1.   Disclosure of personal data
  2. Subject to our confidentiality obligations, we may disclose your personal data with anyone that you have given us permission to, any person acting on your behalf or a person or any person (including a MMPL partner) who may have introduced you to us.

    We may disclose personal data to third parties to assist us in providing our goods and services to you or your organisation. Personal data will be disclosed to third parties on a confidential basis and only if that disclosure is necessary to provide you with our goods and services.

    Without limitation to any other purpose set out in this policy, you consent to us providing personal data to:

      (i)

      commercial companies that have genuine and relevant product or service to inform you of, and to whom you would reasonably expect us to disclose information as part of our service offering to you;


      (ii)

      organisations involved in distribution or administration for and on behalf of us or related bodies corporate; and


      (iii)

      as otherwise permitted or required by law.

  1.   Disclosure overseas
  2. From time to time we may send personal data overseas, including to overseas MMPL group members and to service providers or other third parties who operate or hold data outside Singapore. Where we do this, we ensure that appropriate data handling and security arrangements are in place, and that the overseas recipient is bound by legally enforceable obligations or specified certifications to provide the transferred personal data a standard of protection that is comparable to that under the Privacy Act.

  1.   Information Security and Storage
  2. We will take steps to hold personal data in a manner which is secure and protected from unauthorised access. Personal data may be held in either a psychical form or in electronic form on our IT system.

    Personal data in electronic form is stored in databases shared by the MM Group (and its related bodies corporate) situated within Australia and equivalent jurisdictions. MMPL may also disclose personal data to companies that are part of the MMPL corporate family which may be located overseas (in which case personal data will remain confidential and the purpose for which the information is collected and used will not change).

    We use secure servers in order to store personal data and ensure proper data storage. We take all reasonable measures to protect personal data that we hold from misuse, loss, unauthorised access, modification or disclosure. We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions. We will endeavour to ensure our staff are trained with respect to the security of the personal data we hold and we will restrict any access where necessary.

    We will endeavour to destroy and de-identify the personal data once it is no longer required. In the event we hold personal data that is unsolicited and we were not permitted to collect it, the personal data will be destroyed as soon as practicable.

    If you provide paper-based documentation, we may retain the paper documents in addition to saving copies in an electronic format.

    In addition to sharing personal data within the MM Group, we may store personal data using overseas cloud storage products as well as other overseas information technology products and services, where we reasonably believe that the overseas recipient is subject to laws that protect the information in a substantially similar way to the Privacy Act. We will take steps to ensure that the overseas recipient is bound by legally enforceable obligations or specified certifications to provide the transferred personal data a standard of protection that is comparable to that under the Privacy Act.

  1.   Credit checks and credit reporting
  2. Disclosure to credit bureaus and credit reporting bodies (collectively, the “CRB’s”)

    We may disclose personal data to a CRBs in accordance with the permitted disclosures as defined under the Privacy Act.

    Where you apply to us for credit, one of our checks may involve obtaining a credit report about you.

    You consent to us obtaining and making disclosure of personal data about you from and to a CRB and/or another credit provider for a commercial credit related purpose and/or another related purpose. We hereby notify you we may use and/or disclose credit eligibility information in accordance with Part 3 of the First Schedule of the Privacy Act.

    Credit reports

    A credit report contains information about your credit history which helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and exchange this information with credit providers like us and other service providers such as phone companies.

    The Privacy Act limits the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.

    Information exchanged with credit reporting bodies

    The information we can exchange may include your identification details, what type of credit has been extended to you, the amount of credit extended to you, whether or not you have met your credit obligations and if you have committed a serious credit infringement (such as fraud). We also ask the CRB to provide us with an overall assessment score of your creditworthiness.

    Use and storage of credit-related information

    We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We may also use this information as part of arriving at our own internal assessment of your creditworthiness.

    We store credit-related information with your other personal data.

    Credit providers may ask CRBs to use their credit-related information to pre-screen you for direct marketing if consent has previously be given by you to CRBs for such purpose. You can ask a CRB not to do this. Also, if you’ve been, or have reason to believe that you’re likely to become, a victim of fraud (including identity fraud), you can ask the CRB not to use or disclose the credit-related information it holds about you.

  1.   Procedures for accessing, updating and correcting personal data
  2. You can contact us to access, correct or update your personal data.

    Request for access

    Upon request by you, we will, in accordance with the Privacy Act, provide you with the following as soon as reasonably possible:

      (i)

      personal data about you that is in the possession or under our control; and


      (ii)

      information about the ways in which that personal data has been or may have been used or disclosed by us within a year before the date of your request, (an “access request”).

    An access request may be for some or all of your personal data. You will only be granted access to your personal data where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful.

    We may deny access to information in certain circumstances as permitted by law.  For example, there are exemptions as specified in the Privacy Act where access may be denied.  If this is the case, we will provide you with the reason for our decision.

    Request for correction

    Should we hold personal data and it is inaccurate, out of date, incomplete, irrelevant or misleading, or incorrect you have the right to make us aware of this fact and request that it be corrected.

    Subject to the requirements of the Privacy Act, you may submit a request for us to correct an error or omission in your personal data that is in our possession or under our control (a “correction request”).

    Upon receipt of a correction request, we will consider whether the correction should be made. Unless we are satisfied on reasonable grounds that the correction should not be made, we will

      (i)

      correct the personal data as soon as practicable; and


      (ii)

      send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction request was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

    In assessing your request, we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then take reasonable steps to ensure that it is accurate, up to date, complete and not misleading.

    Submitting a request

    You can make an access request or a correction request by contacting your local Service Centre, or alternatively, by sending an email or letter addressed to our Privacy Officer, details specified below.

            The Privacy Officer

            Metal Manufactures Pty Limited

            Phone: +61 2 8839 9000

            Email: reportincident@mml.com.au

    With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.

    We will not charge you for making the correction request, and will typically not charge for an access request.

    We will investigate and deal with your request in a fair, efficient and timely manner. We will normally respond within 30 days. If we require further time we will notify you in writing within 30 days of the time by which we will be able to accede to your request.

  1.   Complaints
  2. In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Privacy Act please raise this with our Privacy Officer on the contact details below:

        The Privacy Officer

        Metal Manufactures Pty Limited

        Phone: +61 2 8839 9000 or 1800 931 141

        Email: reportincident@mml.com.au

    In dealing with your complaint we may need to consult another credit provider or third party.

    If you are not satisfied with the process of making a complaint to our Privacy Officer you may make a complaint to the Singapore Commissioner for Personal Data Protection (“Commissioner”) at https://www.pdpc.gov.sg/. We suggest you do this only after you have first followed our internal complaint processes.

  1.   Notification of Changes
  2. If we decide to change our privacy policy, we will post a copy on our website.

  1.   Further information about privacy rights and credit reporting rules
  2. For further information about the Privacy Act, please visit the Personal Data Protection Commission of Singapore’s website at https://www.pdpc.gov.sg/.

    This document does not create any additional rights under contract, statute or equity law.