Privacy Policy
Privacy and Personal Data Policy
Last Updated 23 June 2021
This Privacy Policy applies to Tasman Environmental Markets Pty Limited (TEM) in its offering of carbon offset calculation and offsetting services through its association with Singapore Airlines Limited (“SIA”) . TEM in its association with SIA is collectively referred to as “we”, “us”, “our”.
TEM is a corporation registered in Australia with Business Number 58 142 268 479 and a registered office at Suite 1, 651 Victoria Street, Abbotsford Vic 3067, Australia.
For the purposes of data protection legislation, Singapore Airlines is the data controller and TEM is the data processor. Singapore Airlines’ Privacy policy is available at www.singaporeair.com/en_UK/privacy-policy.
We collect, use and disclose Customer Data (as defined below) in order to provide you with an effective and efficient experience with us. The collection, use and disclosure of Customer Data enables us to provide services and products that are most likely to meet your needs and requirements. This Privacy Policy outlines our policy and responsibility in relation to the collection, use and disclosure of Customer Data.
By continuing to use our services, you signify that you have read and understood this Privacy Policy.
Relevant Regulations
TEM is cognisant of, and complies with, its privacy obligations in a variety of jurisdictions including but not limited to, Singapore under the Personal Data Protection Act (PDPA); Australia under the Australian Privacy Principles; New Zealand under the Privacy Act; California under the California Consumer Privacy Act (CCPA) and the European Union under the General Data Protection Regulation (GDPR).
Data Security
TEM follows industry good practice in making and maintaining its systems to minimise the risk of any security issues.
What information do we collect about you?
We collect information when you purchase carbon offsets on our carbon offset website and mobile application such as your contact details, travel information and credit card details. In addition, we collect device and technical information from you, and any other information you may submit when you use our website or mobile application (collectively referred to as “Customer Data”). This policy requires visitors and users to accept cookies being stored in order to continue using the website.
How will we use the information about you?
We use your information to fulfil our contract of service with you or otherwise optimise our products and better deliver any other services you have requested for or signed up to use.
Who do we share your information with?
We share your data with our third party service providers, to the extent necessary for them to provide their services, such as payment processors. We use these third parties’ services solely to process or store your information for the purposes described in this policy.
Where do we process your information?
Our primary servers are located in Singapore. Our staff are located in our offices around the world. We will only transfer your personal data to that country in accordance with the applicable data protection laws, including where applicable, if such country ensures an adequate level of protection of your rights and freedoms, or you have given us your consent, or that transfer is subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2021/914 of 4 June 2021 and as amended and updated from time to time.
How long do we keep hold of your information?
We retain your information for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by applicable laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed.
What are my rights?
Non-EU and Non-Swiss Data Subject Rights
If you are not a resident in the EU (Switzerland excluded), you may have certain rights in relation to the Customer Data we hold about you, which include:
Access
You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.
Where permitted by law, we reserve the right to charge a reasonable administrative fee for this service. In exceptional circumstances, we reserve the right to deny you access to your Customer Data and may provide an explanation as required by applicable laws.
Exceptional circumstances include (to the extent allowable under applicable law) where:
- an investigating authority or government institution objects to us complying with a customer’s request;
- the information may, in the exercise of our reasonable discretion and/or assessment, affect the life or security of an individual; and
- data is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities or contravention of law.
Correction
You have the right to correct any Customer Data held about you that is inaccurate.
Feedback and complaints
If you have any concerns, feedback or complaints about the use and/or sharing of your Customer Data, we are open to receiving your feedback or complaints.
EU Data and Swiss Subject Rights
If you are a resident in the EU, the UK or Switzerland, you may have certain rights to the Customer Data we hold about you which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights.
These rights include:
- The right of access
- The right of data portability
- The right of rectification
- The right of erasure
- The right to restrict processing
- The right to object
Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We will respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances).
Complaints
In the event that you wish to make a complaint about how we process your Customer Data, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to lodge a claim with your data protection authority.
Access
You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the Customer Data we hold about you, we may charge an administration fee.
We may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person) or where another exemption applies.
Portability
You have the right to receive a subset of the Customer Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Customer Data to another party.
If you wish for us to transfer the Customer Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Customer Data or its processing once received by the third party. We also may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person).
Correction
You have the right to correct any Customer Data held about you that is inaccurate. Please note that whilst we assess whether the Customer Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
Erasure
You may request that we erase the Customer Data we hold about you in the following circumstances:
- you believe that it is no longer necessary for us to hold the Customer Data we hold about you;
- we are processing the Customer Data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the Customer Data;
- we are processing the Customer Data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with details as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Customer Data;
- you believe the Customer Data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing of the Customer Data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Customer Data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Customer Data, we may not be able to provide the same level of services to you as we will not be aware of your preferences.
Where you have requested that we erase Customer Data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.
Restriction of Processing to Storage Only
You have a right to require us to stop processing the Customer Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Customer Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the Customer Data we hold about you where:
- you believe the Customer Data is not accurate, for the period it takes for us to verify whether the Customer Data is accurate;
- we wish to erase the Customer Data for compliance with applicable laws but you want us to just store it instead;
- we wish to erase the Customer Data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
- you have objected to us processing Customer Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Customer Data whilst we determine whether there is an overriding interest in us retaining such Customer Data.
Objection
You also have the right to object to our processing of Customer Data about you and we will consider your request.
You may object where we are processing the Customer Data we hold about you on the basis of our legitimate interest and you object to such processing on that basis.
Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the Customer Data whilst we make the assessment on an overriding interest.
If you are a resident in Australia or New Zealand, you may have certain rights to the Customer Data we hold about you.
Australia Data Subject Rights
The Privacy Act 1988 (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.
The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.
For more information regarding the APPs and the Privacy Act, see the Australian Government website at www.oaic.gov.au/privacy/the-privacy-act.
New Zealand Data Subject Rights
The Privacy Act 2020 (Privacy Act) was introduced to promote and protect individual privacy by:
(a) providing a framework for protecting an individual’s right to privacy of personal information, including the right of an individual to access their personal information, while recognising that other rights and interests may at times also need to be taken into account; and
(b) giving effect to internationally recognised privacy obligations and standards in relation to the privacy of personal information, including the OECD Guidelines and the International Covenant on Civil and Political Rights.
For more information regarding the New Zealand Privacy Act visit the Parliamentary Counsel Office website at https://www.legislation.govt.nz.
How can I exercise my rights over my information?
For the purposes of data protection legislation, Singapore Airlines is the data controller.
To exercise any of your data subject rights, or if you have any questions about our privacy policy, or if you wish to make a complaint about the use of your personal data, please contact our Privacy Officer (privacy@tem.com.au) to ensure we can assist you.
Complaints and Disputes
To make a complaint please contact our Privacy Officer (privacy@tem.com.au) or to initiate a Dispute please contact our Compliance Manager at (compliance@tem.com.au).
How will we notify you of changes?
We will amend this Privacy Policy from time to time and the updated versions will be posted on our website and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice including by displaying a banner on our website.