[NOTICE] Be Aware of Scammers Posing as Anchanto Staff | Learn More

Data Protection Policy

Summary

We will collect, use or disclose personal data for reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under applicable laws.

Collection of Personal Data

We collect personal data from clients, customers, business contacts, partners, personnel, contractors and other individuals. Such personal data may be provided to us in forms filled out by individuals, face to face meetings, email messages, telephone conversations, through our websites or provided by third parties. If you contact us, we may keep a record of that contact.

We collect these personal data when it is necessary for business purposes or to meet the purposes for which you have submitted the information.

We will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this policy. If you are acting as an intermediary or otherwise on behalf of a third party or supply us with information regarding a third party (such as a friend, a colleague, an employee etc), you undertake that you are an authorised representative or agent of such third party and that you have obtained all necessary consents from such third party to the collection, processing, use and disclosure by us of their personal data. Because we are collecting the third party’s data from you, you undertake to make the third party aware of all matters listed in this policy preferably by distributing a copy of this policy to them or by referring them to our website.

Use of Personal Data

We use personal data for the following purposes:

  • To Provide Our Services.
  • To Respond To The Individual’s Request Or For The Purposes For Which It Was Provided To Us As Stated At The Time Of The Collection (Or As Is Obvious From The Context Of Collection).
  • To Maintain Contact With Clients And Other Contacts.
  • To Keep Clients And Other Contacts Informed Of The Services We Offer, Industry Developments, Service Offerings, Seminars And Other Events We Are Holding, That May Be Of Interest To Them.
  • For General Management And Reporting Purposes, Such As Invoicing And Account Management.
  • For Recruitment Purposes.
  • For Purposes Related To The Employment Of Our Personnel And Providing Internal Services To Our Personnel.
  • All Other Purposes Related To Our Business.
  • You may choose to unsubscribe from mailing lists, registrations, or elect not to receive further marketing information from us by contacting our Data Protection Officer, Julien Juttet, at julien.juttet@anchanto.com.

You may choose to unsubscribe from mailing lists, registrations, or elect not to receive further marketing information from us by contacting our Data Protection Officer, Julien Juttet, at julien.juttet@anchanto.com.

Disclosure of Personal Data to Third Parties

We do not disclose personal data to third parties except when required by law, when we have your consent or deemed consent or in cases where we have engaged the third party such as data intermediaries or subcontractors specifically to assist with our firm’s activities. Any such third parties whom we engage will be bound contractually to keep all information confidential.

Access to and Correction of Personal Data

Upon request, we will provide the individual with access to their personal data or other appropriate information on their personal data in accordance with the requirements of the PDPA.

Upon request, we will correct an error or omission in the individual’s personal data that is in our possession or control in accordance with the requirements of the PDPA.

We may charge for a request for access in accordance with the requirements of the PDPA.

Withdrawal of Consent

Upon reasonable notice being given by an individual of his withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his personal data, we will inform the individual of the likely consequences of withdrawing his consent. We will cease (and cause any of our data intermediaries and agents to cease) collecting, using or disclosing the personal data unless it is required or authorised under applicable laws.

Accuracy of Personal Data

We will make a reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete.

Security and Protection of Personal Data

We have implemented generally accepted standards of technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Retention of Personal Data

We will cease to retain personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.

User is requested to please refer to the attached Data Archival and Retention Policy (Annexure-A) to understand the other terms and conditions associated with this Policy. The Annexure-A will be read in consonance and is an integral supplement to this Policy.

Transfer of Personal Data outside of Singapore

We will ensure that any transfers of personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.

Privacy on Our Web Sites

This Policy also applies to any personal data we collect via our websites.

Because we want your website experience to be as informative and resourceful as possible, we may provide a number of links to third party websites. We assume no responsibility for the information practices of these third party websites that you are able to access through ours. When a visitor to our website links to these third party websites, our privacy practices no longer apply. We encourage you to review each website’s privacy policy before disclosing any data.

Phishing and Cyber Fraud

“Phishing” is the most common type of cyber-attack that affects organizations like Anchanto. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Although we maintain controls to help protect our networks and computers from cyber threats, we rely on everyone to be the first line of defence. At Anchanto we have outlined a few different types of phishing attacks to watch out for:

Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.

Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to Anchanto in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.

Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or COO, and ask you for sensitive information (including usernames and passwords).

Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing site like SharePoint alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.

To avoid these phishing schemes, please observe the following best practices:

Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.

Do not provide sensitive personal information (like usernames and passwords) over email.

Watch for email senders that use suspicious or misleading domain names

Inspect URLs carefully to make sure they are legitimate and not imposter sites.

Do not try to open any shared document that you are not expecting to receive.

If you cannot tell if an email is legitimate or not, please contact your Customer Success Manager or other direct point of contact at Anchanto.

Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.

Data Protection Officer

If you believe that information we hold about you is incorrect or out of date, or if you have concerns or further queries about how we are handling your personal data, or any problem or complaint about such matters, please contact our Data Protection Officer Julien Juttet, at julien.juttet@anchanto.com.

Governing Law

This agreement shall be governed in all respects, including validity, interpretation and enforcement, by the Laws of Singapore. Any dispute between the Parties regarding this agreement shall be submitted to the exclusive jurisdiction of the competent courts of Singapore.

Modifications

We reserve the right to modify or amend this Policy at any time. The effective date will be displayed at the beginning of this Policy. To keep you informed, we will notify changes to this Policy by prominently identifying the alteration for a period of not less than two weeks on our home page.


Annexure A
Anchanto OMS & WMS Data Retention and Archival Policy

Hello User,

Personal data can only be retained beyond the retention period outlined in this policy with the written approval of our Data Protection Officer (DPO) in line with the General Data Protection Regulation (GDPR), Personal Data Protection Act 2012 of Singapore, Information Technology (Reasonable Security Practices And Procedures and Sensitive Personal Data or Information)Rules, 2011 (“Privacy Rules”) issued under the Information Technology Act,2000, India and other applicable data protection legislations.

We’d like to inform all our users that Anchanto is undergoing a data policy change. We are implementing certain changes in our applications and it may impact your historical order data accessibility. We would like to notify you that all the historical order data beyond 1 year will not be available directly on the OMS & WMS product UI.

Henceforth, we will keep past 12 months of order data online on the product UI in the current year of usage and any older order data up to 7 years from the current year of usage will be available via offline reports. In case you need to have access to any historical order data prior to twelve (12) months of current usage, a report can be exported from the system that will generate historical order data including following attributes.

  • Inventory
  • Catalogues
  • Product Information
  • Order Information (With Some Limitations)

It should be noted that the aforementioned historical order data will have specific limitations concerning the data that can be retrieved and shared. It will only contain the following information

  • Shipping Label
  • Shipping Addresses
  • Order Documents
  • Picking Lists

Reasons for Data Retention and Archival, Anchanto retains only that data that is necessary to effectively conduct required measures, fulfil its mission and comply with applicable laws and regulations. Reasons for data retention include:

  • Providing An Ongoing Service To The Data Subject
  • Compliance With Applicable Laws And Regulations
  • Other Regulatory Requirements
  • Security Incident Or Other Investigation
  • Intellectual Property Preservation
  • Litigation

Anchanto shall destroy data which is older than 7 years from data of actual retention. Data destruction ensures that Anchanto manages the data it controls and processes it in an efficient and responsible manner. When the retention period or archival period for the data as outlined above (7 years) expires, Anchanto will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by Anchanto’s DPO. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the archival, retention or destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the archival, retention or destruction of data subject to the hold.

Under GDPR and applicable data protection legislations, we can process personal data for archiving purposes beyond the stated retention period if doing so is in the public interest, or for historical, scientific or statistical purposes. We ensure that archiving does not contravene the rights and freedoms of data subjects and that appropriate technical and organisational safeguards are in place, such as data minimisation, pseudonymisation or encryption.

If a user is found to have breached this policy, they may be subject to our disciplinary procedure. If a criminal offence is considered to have been committed, further action may be taken to assist in the prosecution of the offender(s). If you do not understand the implications of this document and how it may apply to you, seek advice at help@anchanto.com.

For any queries regarding the same, you can reach out to us at help@anchanto.com