top of page

Privacy Policy

Updated 5 Jun 2020

1.1     Welcome to (collectively, the “Site“) run by Amosa Group BV, its related entities, affiliates, and subsidiaries (individually and collectively, “Amosa Group“, “we“, “us” or “our“). For European Union (“EU”) residents visiting our Site, please refer to the GDPR Addendum for your rights under the EU General Data Protection Regulation (GDPR). For our Singapore Residents, Amosa Group takes its responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA“) seriously and is committed to respecting the privacy rights and concerns of all users of our Site (we refer to the Site and the services we provide as described in our Site collectively as the “Services”). We recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data. This Privacy Policy (“Privacy Policy” or “Policy”) is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us and/or that we possess about you, whether now or in the future, as well as to assist you in making an informed decision before providing us with any of your personal data. Please read this Privacy Policy carefully. If you have any questions regarding this information or our privacy practices, please see the section entitled “Questions, Concerns or Complaints? Contact Us” at the end of this Privacy Policy.

1.2     By using the Services, registering for an account with us, visiting our Site, or accessing the Services, you acknowledge and agree that you accept the practices, requirements, and/or policies outlined in this Privacy Policy, and you hereby consent to us collecting, using, disclosing and/or processing your personal data as described herein. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES OR ACCESS OUR WEBSITE. If we change our Privacy Policy, we will post those changes or the amended Privacy Policy on our website. We reserve the right to amend this Privacy Policy at any time.



2.1     “Personal Data” or “personal data” is defined under the GDPR  and PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organization has or is likely to have access. Common examples of personal data could include name, identification number, contact information.

2.2     We will/may collect personal data about you: 

  • (a) when you register and/or use our Services or Site, or open an account with us.

  • (b) when you submit any form, including but not limited to application forms or other forms relating to any of our products and services, whether online or by way of a physical form.

  • (c) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our products and services.

  • (d) when you interact with us, such as via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails. 

  • (e) when you use our electronic services or interact with us via our website or use the Services on our website. This includes through cookies and/or other similar technologies which we may deploy when you interact with our website.

  • (f) when you carry out transactions through our website or Services.

  • (g) when you provide us with feedback or complaints.

  • (h) when you submit your personal data to us for any reason.

The above does not purport to be exhaustive and sets out some common instances of when personal data about you may be collected.

2.3     When you visit, use or interact with the Site, we may collect certain information by automated or passive means using a variety of technologies, which technologies may be downloaded to your device and may set or modify settings on your device. The information we collect may include your Internet Protocol (IP) address, computer operating system and browser type, the address of a referring web site (if any), and the pages you visit on our website, and the times of visit. We may collect, use disclose and/or process this information for the Purposes (defined below).

2.4     Such personal data collected includes but is not limited to:

  • name.

  • email address.

  • billing address.

  • telephone number. 

  • company name.

  • occupation.

  • country.

  • any other information about the user when the user signs up to use our Services or website, and when the user uses the Services or website, as well as information related to how the user uses our Services or website; and

  • aggregate data on content the user engages with.

2.5       If you do not want us to collect the aforementioned information or personal data, you may opt out at any time by notifying our Data Protection Officer in writing about it. Further information on opting out can be found in the section entitled “Opting Out and Withdrawing Consent” below. Note, however, that opting out of us collecting your personal data or withdrawing your consent for us to collect, use or process your personal data may affect your use of the Services.



To use certain functionalities of the Services, you will have to create a user account which requires you to submit certain personal data. When you register and create an account, we require you to provide us your name and email address as well as a username that you select. Upon activating an account, you will select a username and password. Your username and password will be used so you can securely access and maintain your account.



As with most web sites, your computer sends information, which may include personal data about you that gets logged by a web server when you browse our Site. This typically includes without limitation your computer’s IP address, operating system, browser name/version, the referring web page, requested page, date/time, and sometimes a “cookie” (which can be disabled using your browser preferences) to help the site remember your last visit. If you are logged in, this information is associated with your personal account. The information is also included in anonymous statistics to allow us to understand how visitors use our site.



5.1     We may from time to time implement “cookies” and/or similar technologies to allow us or third parties to collect or share information that will help us improve our Site and the Services we offer or help us offer new services and features. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognise your computer or device and tell us how and when the Services or website are used or visited, by how many people and to track movements within our website. We may link cookie information to personal data. Cookies also link to information regarding what items you have selected for purchase, pages you have viewed. This information is used to keep track of your shopping cart, for example. Cookies are also used to deliver content specific to your interest and to monitor website usage. Cookies allow the website to remember important information that will make your use of our Site more convenient.


5.1.1 Our company is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall.

5.2     You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our Site or the Services, which may limit your browsing experience.



As with browsing web pages, when you watch content and advertising and other software on our Site or through the Services, most of the same information is sent to us (including, IP Address, operating system, etc.); but, instead of page views, your computer sends us information on the content, or advertisement viewed or installed by the Services and the website and time.



We provide customer service support through email and feedback forms. To provide customer support, we will ask for your email address and phone number. Aside from this information, we do not ask for any personal data to provide customer support. We only use information received from customer support requests, including email addresses, for customer support services and we do not transfer or share this information with any third parties.



From time-to-time, we request information from users via surveys. Participation in these surveys is completely voluntary and you therefore have a choice whether to disclose this information. Information requested may include contact information which will be used for purposes of monitoring or improving the use and satisfaction of the Services and will not be transferred to third parties.



9.1     We may collect, use, disclose and/or process your personal data for one or more of the following purposes:

  • (a) to consider and/or process your application/transaction with us.

  • (b) to manage, operate, provide, and / or administer your use of and/or access to our Services and our website, as well as your relationship and user account with us.

  • (c) to manage, operate, administer, and provide you with as well as to facilitate our provision of, our Services, including remembering your preferences.

  • (d) to respond to, process, deal with or complete a transaction and/or to fulfil your requests for certain products and services and notify you of service issues and unusual account actions.

  • (e) to enforce our Terms of Service or any applicable Amosa Group end user license agreement.

  • (f) to protect personal safety and the rights, property, or safety of others.

  • (g) for identification and/or verification.

  • (h) to maintain and administer any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Services. 

  • (i) to deal with or facilitate customer service, carry out your instructions, deal with or respond to any enquiries given by (or purported to be given by) you or on your behalf.

  • (j) to contact you or communicate with you via phone/voice call, text message and/or fax message, email and/or postal mail or otherwise for the purposes of administering and/or managing your relationship with us or your use of our Services, such as but not limited to communicating administrative information to you related to our Services. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages.

  • (k) to conduct research, analysis and development activities (including but not limited to data analytics, surveys, product and service development and/or profiling), to analyse how you use our Services, to improve our Services or products and/or to enhance your customer experience.

  • (l) to allow for advertising and other audits, and surveys to, among other things, understand its experience with the Amosa Group client and service

  • (m) for marketing and in this regard, to send you by various modes of communication such as email, postal mail, location based services or otherwise, marketing and promotional information and materials relating to products and/or services (including products and/or services of third parties whom Amosa Group may collaborate or tie up with) that Amosa Group (and/or its affiliates or related corporations) may be selling, marketing or promoting, whether such products or services exist now or are created in the future. In the case of the sending of marketing or promotional information to you by voice call, SMS/MMS or fax to your Singapore telephone number, we will not do so unless we have complied with the requirements of the PDPA in relation to use of such latter modes of communication in sending you marketing information or you have expressly consented to the same.

  • (n) to respond to legal processes or to comply with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on Amosa Group or on its related corporations or affiliates.

  • (o) to produce statistics and research for internal and statutory reporting and/or record-keeping requirements.

  • (p) to carry out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us.

  • (q) to audit our Services or Amosa Group ‘s business.

  • (r) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether relating to your use of our Services or any other matter arising from your relationship with us, and whether or not there is any suspicion of the aforementioned.

  • (s) to store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Europe or Singapore

  • (t) to deal with and/or facilitate a business asset transaction or a potential business asset transaction, where such transaction involves Amosa Group as a participant or involves only a related corporation or affiliate of Amosa Group as a participant or involves Amosa Group and/or any one or more of Amosa Group ‘s related corporations or affiliates as participant(s), and there may be other third party organizations who are participants in such transaction. A “business asset transaction” refers to the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organization or a portion of an organization or of any of the business or assets of an organization; and

  • (u) any other purposes which we notify you of at the time of obtaining your consent. (collectively, the “Purposes”).

9.2     As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the GDRP or PDPA or by law.



We implement a variety of security measures to ensure the security of your personal data on our systems. User personal data is contained behind secured networks and is only accessible by a limited number of employees who have special access rights to such systems. We will retain personal data in accordance with the GDRP or PDPA and/or applicable law. That is, we will destroy or anonymize your personal data as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any legal or business purposes. If you cease using the Site, or your permission to use the Site and/or the Services is terminated, we may continue storing, using and/or disclosing your personal data in accordance with this Privacy Policy and our obligations under the GDRP or PDPA. Subject to applicable law, we may securely dispose of your personal data without prior notice to you.



11.1   In conducting our business, we will/may need to disclose your personal data to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties, whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third-party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes. Such third parties include:

  • (a) our subsidiaries, affiliates, and related corporations.

  • (b) contractors, agents, service providers and other third parties we use to support our business. These include but are not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centers.

  • (c) a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Amosa Group’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Amosa Group about our Services users is among the assets transferred; or to a counterparty to a business asset transaction that Amosa Group or any of its affiliates or related corporations is involved in; and

  • (d) third parties to whom disclosure by us is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.

11.2   For the avoidance of doubt, in the event that Singapore personal data protection law or other applicable law permits an organization such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply.

11.3    This Privacy Policy is not a promise that your personal data will never be disclosed except as described in this Privacy Policy. For example, third parties may unlawfully intercept, or access personal data transmitted to or contained on the site, technologies may malfunction or not work as anticipated, or someone might access, abuse or misuse information, through no fault of ours. We will nevertheless deploy reasonable security arrangements to protect your personal data as required by the GDPR or PDPA; however there can inevitably be no guarantee of absolute security such as but not limited to when unauthorized disclosure arises from malicious and sophisticated hacking by malcontents through no fault of ours.



12.1   Our Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the Site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

12.2   We, and third parties, may from time to time make software applications available for your use on or through the Services. These applications may separately access, and allow a third party to view, your identifiable information, such as your name, your user ID, your computer’s IP Address or other information, and any cookies that you may previously have installed or that were installed for you by a third party software application or website. Additionally, these applications may ask you to provide additional information directly to third parties. Third party products or services provided through these applications are not owned or controlled by Amosa Group. You are encouraged to read the terms and other policies published by such third parties on their websites or otherwise. 



13.1   WE DO NOT GUARANTEE THE SECURITY OF PERSONAL DATA AND/OR OTHER INFORMATION THAT YOU PROVIDE ON THIRD PARTY SITES. We do implement a variety of security measures to maintain the safety of your personal data that is in our possession or under our control. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the personal data confidential. When you place orders or access your personal data, we offer the use of a secure server. All personal data or sensitive information you supply is encrypted into our databases to be only accessed as stated above.

13.2      We therefore have no responsibility or liability for the content, security arrangements (or lack thereof) and activities of these linked sites. These linked sites are only for your convenience and you therefore access them at your own risk. Nonetheless, we seek to protect the integrity of our Site and the links placed upon each of them and therefore welcome any feedback about these linked sites (including if a specific link does not work).



If you are visiting or accessing our website or purchasing products from outside of Europe or Singapore or otherwise contacting us from outside of Europe or Singapore, please be aware that your personal data and/or information may be transferred to, stored or processed in where our servers are located and our central database is operated. The data protection law and other laws of Singapore and other countries might not be as comprehensive as those in your country. By using our Site or purchasing our products or Services, you acknowledge that your personal data and/or information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.



15.1   Opting Out and Withdrawing Consent

  • (a) To modify your email subscriptions, please let us know by sending an email to our Personal Data Protection Officer at the address listed below. Please note that due to email production schedules, you may still receive emails that are already in production.

  • (b) You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by sending an email to our Personal Data Protection Officer at the address listed below.

  • (c) Once we have your clear withdrawal instructions and verified your identity, we will process your request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request. If we are unable to verify your identity or understand your instructions, we will liaise with you to understand your request.

  • (d) However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue providing the Services to you, we may need to terminate your existing relationship with us, the contract you have with us will have to be terminated, etc., as the case may be, which we will inform you of.

15.2   Requesting Access and/or Correction of Personal Data

  • (a) If you have an account with us, you may personally access and/or correct your personal data currently in our possession or control through the Account Settings page on the Site. If you do not have an account with us, you may request to access and/or correct your personal data currently in our possession or control by submitting a written request to us. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Hence, please submit your written request by sending an email to our Personal Data Protection Officer at the address listed below.

  • (b) For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the GDPR or PDPA exempts certain types of personal data from being subject to your access request.

  • (c) For a request to correct personal data, once we have sufficient information from you to deal with the request, we will:

    • (i) correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request; and

    • (ii) we will send the corrected personal data to every other organization to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organization does not need the corrected personal data for any legal or business purpose.

  • (d) Notwithstanding sub-paragraph (b) immediately above, we may, if you so consent, send the corrected personal data only to specific organizations to which the personal data was disclosed by us within a year before the date the correction was made.

  • (e) We will/may also be charging you a reasonable fee for the handling and processing of your requests to access your personal data. If we so choose to charge, we will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.

  • (f) We reserve the right to refuse to correct your personal data in accordance with the provisions as set out in PDPA, which require and/or entitle an organization to refuse to correct personal data in stated circumstances.



16.1   If you have any questions or concerns about our privacy practices or your dealings with the Services, please do not hesitate to contact:

16.2   If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.

Please contact us through email with your complaint or grievance:

E-mail: and Attention it to the “Personal Data Protection Officer”.

16.3   Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a GDPR or PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organization to handle. For example, you could insert the subject header as “PDPA Complaint” or “GDPR Complaint”.

We will certainly strive to deal with any complaint or grievance that you may have fairly and as soon as possible.



This Privacy Policy is governed by the laws of the Netherlands.



Please also read the Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of the Site and the Services.


EU General Data Protection Regulation (GDPR)

This GDPR Addendum, including any future modifications (the “Addendum“), forms a material part of the Amosa Group’s Privacy Policy and applies to any “personal data” (as defined under the GDPR) that we may “process” (as defined under the GDPR) through your use of our Site and Services, whether as a guest or as a registered user. While Amosa Group is a Singaporean company that is subject to Singaporean law, Amosa Group will attempt to give effect to the GDPR for its EU users that are entitled to enforce rights under the GDPR to the extent commercially reasonable and to the extent that the GDPR’s requirements do not conflict with the requirements of Singaporean law.  The purpose of this Addendum is to briefly describe: 1) rights under the GDPR; 2) the legal bases that support Amosa Group ‘s processing activities; and 3) whether any automated processing methods are used for processing your personal data.

It is important that you read this policy in addition to our Privacy Policy or with any other policy notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your personal data. This policy supplements our Privacy Policy and other notices and is not intended to override them.





1.1 General

The GDPR provides a number of rights to you related to data privacy. We are responsible for ensuring that you can exercise certain privacy rights. Amosa Group is considered to be a “data controller” under the GDPR with respect to its processing of your personal data. A data controller is essentially a person or organization that can determine how and why your personal data is processed. The data controller responsible for ensuring that you can exercise certain privacy rights. Although your personal data may be shared with Amosa Group’s affiliates as described in this Privacy Policy, we will always be the data controller in respect to such processing. If you wish to exercise any of the rights detailed below, please send an e-mail sufficiently detailing such request to the email stated in Section 16 of our Privacy Policy. Please note that if we receive a request from you to exercise your rights, we have the right to have you take reasonable steps to confirm your identity, including your residency within the EU. We are not obligated to, and will not, provide any individualized information or give effect to your rights unless we can reasonably confirm your identity.

1.2 Right to access basic information

You have the right to obtain confirmation from Amosa Group as to how your personal data are being processed, including the following information:

  • (a) Confirmation of whether, where, and by whom your personal data are being processed.

  • (b) Purpose(s) for the processing.

  • (c) Categories of personal data being processed.

  • (d) Categories of recipients with whom the data may be shared.

  • (e) The period for which the data will be stored (or the criteria used to determine that period).

  • (f) The source of the data (where you were not the source); and

  • (g) Information about the existence of, and an explanation of the logic involved in, any automated decision-making that has a significant effect on you.

1.3 Right to confirmation on processing of personal data

Right to obtain from Amosa Group confirmation as to whether or not personal data concerning you is being processed, and where that is the case, to request access to the personal data. This access to information includes, inter alia, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed to.

1.4 Right to rectification

Depending on the purposes of the processing, you have the right to have incomplete/inaccurate personal data completed, including by means of providing us with a written supplementary statement.

1.5 Right to be forgotten/erasure

Right to erasure of personal data concerning you in certain circumstances if:

  • (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  • (b) you withdraw consent to consent-based processing.

  • (c) you object to the processing under certain rules of applicable data protection law.

  • (d) the processing is for direct marketing purposes; and

  • (e) the personal data have been unlawfully processed.

  • (f) However, there are exclusions to the right to erasure. The general exclusions include where processing is necessary:

    • (i) for exercising the right of freedom of expression and information.

    • (ii) for compliance with a legal obligation.

    • (iii) for the establishment, exercise, or defense of legal claims.

1.6 Right to restrict processing

Those circumstances include:

  • (a) you are contesting the accuracy of the personal data.

  • (b) processing is unlawful, but you oppose erasure.

  • (c) we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defense of legal claims; and

  • (d) you have objected to processing, pending the verification of that objection.

  • (e) Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it:

    • (i) with your consent.

    • (ii) for the establishment, exercise of defence of legal claims.

    • (iii) for the protection of the rights of another natural or legal person; or

    • (iv) for reasons of important public interest.

1.7 Right to data portability

Right to transfer your personal data between controllers and more specifically, you have the right to:

  • (a) Receive a copy of your personal data in a structured, commonly used, machine-readable format.

  • (b) Transfer your personal data from one organization to another, where technically feasible.

  • (c) Store your personal data for further personal use on a private device; and

  • (d) Have your personal data transmitted directly between organizations without hindrance.

1.8 Right to object to processing of personal data

Right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data, but only to the extent that the legal basis for the processing is that the processing is necessary for:

  • the performance of a task carried out in the public interest or in the exercise of any official authority vested in us.

  • the purposes of receiving direct marketing from Amosa Group.

  • scientific and historical research purposes or statistical purposes; or

  • the purposes of the legitimate interests pursued by us or by a third-party.

If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us, unless we can demonstrate compelling legitimate grounds for the processing which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

Exercising this right will not incur any costs. However, such a right to object may not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

1.9 Right to not be evaluated solely on the basis of automated decision-making processes

We do not utilize any automated decision-making processes. However, please see below for your rights to the same.

Subject to certain exceptions detailed below, you generally have the right to not have any decisions made about you that are based solely on “automated decision-making” processes.

An automated decision-making process involves using automated processing activities (activities that do not use human intervention) to make a decision about you that will materially affect you (i.e., a decision that would produce “legal effects” or otherwise have a similar “significant effect“).

A legal effect is something that will affect your legal rights, such as your freedom to associate with others, vote in an election, or take legal action. A legal effect could also be something that affects your legal status or rights under a contract, e.g., something that could lead to cancellation of a contract.

For data processing to have a significant effect, the effects of the processing must be sufficiently great or important to be worthy of attention. In other words, the decision must have the potential to: significantly affect your circumstances, behaviour, or choices; have a prolonged or permanent impact; or at its most extreme, lead to exclusion or discrimination.

Automated decision-making can include “profiling” activities whereby automated processing is used to evaluate certain personal characteristics to analyze or predict your preferences, behavior, performance, reliability, location, or movements.

Please note that if a human being reviews and takes other factors into account in making a final decision, that decision is not considered to be “based solely” on automated processing.

In general, the use of automated decision-making processes is permitted where:

  • (a) it is necessary for a data controller to enter into or perform a contract with you.

  • (b) it is authorized by law. or

  • (c) you have explicitly consented, and appropriate safeguards are in place.

If a data controller is making decisions based on any automated decision-making processes, you are entitled to a description of what portions of the decision-making will be automated, reasons why automation is logical, and the significance and consequences behind the decision to automate the processing. Amosa Group ‘s automated decision-making processes include:

  • (a) Determining eligibility to receive offers: Amosa Group utilizes automated decision-making processes in order to determine whether you are eligible for certain offers from Amosa Group and/or its business partners. In utilizing automated decision-making processes, we are able to quickly and efficiently identify those persons that are eligible to receive certain offers in relation to the Services.

  • (b) Determining what portions of the services you may access: Amosa Group utilizes automated decision-making processes in order to determine your access rights to use the Services. In visiting, registering, and/or subscribing to the Services, you are given different levels of access to Amosa Group ‘s products and services. We use this information in order to inform the Services what product, services, and/or content you should be able to access.

  • (c) Subscription cancellation for non-payment: Amosa Group utilizes automated decision-making processes to identify and cancel access to the Services where it has not received the payments that it is properly owed.

1.10 Right to objection of processing of personal data

Right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest. 

1.11 If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your residence, your place of work or the place of the alleged infringement.

1.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent 

1.13 We may process any of your personal data identified in this Privacy Policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interest, namely the protection and assertion of our legal right, your legal rights and the legal rights of others.

1.14 We may process and of your personal data identified in this Privacy Policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this is our legitimate interests, namely the proper protection of our business against risks.

1.15 In addition to the specific purposes for which we may process your personal data set out in the Privacy Policy above, we may also process your personal data where it is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.



2.1 Amosa Group is permitted to process your personal data to the extent the processing is necessary:

  • For the performance of a contract between you and Amosa Group (e.g., to comply with the Terms of Use for our Services and/or any subsequent agreement Amosa Group enters into with you).

  • To respond to your request to access your personal data; or

  • For the conclusion or performance of a contract between Amosa Group and a third party where it is in your interest for the processing to occur.

2.2 In order for you to be able to access the Services, it is critical that Amosa Group be able to process your personal data, particularly because many of Amosa Group’s Services are based on a subscription model. Without being able to process your personal data, including your payment information, Amosa Group would be unable to provide the Services to you.



Amosa Group is permitted to process your personal data where it has a binding legal or regulatory obligation to perform the processing to stay in compliance with applicable laws or regulations (e.g., tax reporting purposes). Other examples could include where Amosa Group or one of its affiliates is required to respond to a court order, subpoena, or law enforcement agency request, to prevent fraud or abuse, or to protect the safety of individuals. Were Amosa Group not able to process your personal data for such purposes, Amosa Group could be subject to fines, penalties, and/or civil or criminal liability.



4.1 Amosa Group is permitted to process your personal data to the extent the processing is necessary for the purposes of legitimate interests pursued by Amosa Group or a third party (“legitimate interests“). The exception is when those legitimate interests are overridden by your interests, fundamental rights, or freedoms. You have the right to object to Amosa Group’s processing of your personal data on the basis of legitimate interests; if you wish to raise such an objection, please send an email detailing your specific objection(s) to the email stated in Section 16 of our Privacy Policy. Amosa Group’s identified legitimate interests for processing your personal data include:

  • (a) Organizational Interests: As Amosa Group is part of a larger group of related companies, it is often necessary for Amosa Group to transmit your personal data within the organizational group. This allows for data to be shared amongst our affiliates so that each entity can carry out their legal, regulatory, and/or contractual responsibilities and/or coordinate/implement business plans, logistics, and/or operations. This is especially true because Amosa Group’s affiliated entities may perform critical services for Amosa Group, such as services related to: accounting, compliance, human resources, information technology and security, legal, management, etc.

  • (b) Operational Interests: To facilitate day-to-day operations and business planning for strategic growth. This includes: managing our relationship with you, our employees, other users/clients, vendors, business partners, and/or others; sharing intelligence with internal stakeholders; implementing training procedures; planning and allocating resources and budgets; performing data modelling; facilitating internal reporting; analyzing growth strategies; aggregating analytics; and/or processing personal information to create anonymized data (e.g., for product improvement, analytics, etc.).

  • (c) Logistical Interests: To enable Amosa Group’s business operations to run more efficiently, e.g., establishing how to allocate resources or to predict future demand.

  • (d) Research & Development Interests: To deliver and/or improve our products and services. It allows us to determine whether a product or service is working as intended, monitoring usage and conduct, and identifying and troubleshooting issues.

  • (e) Market Intelligence & Analytical Interests: Amosa Group has a legitimate need to conduct market intelligence so that we can better promote our products and services by creating a better understanding of our users’ and/or customers’ preferences. This could include using diagnostic analytics to optimize products, services, and/or marketing campaigns by assessing/monitoring users’ usage of the products or services and/or conduct while using the products or services. Common metrics for evaluation could include monitoring pages and links accessed, ad performance and conversion tracking, number of posts, number of page views, patterns of navigation, time at a page, devices used, user reviews, where users are coming from, hardware used, operating system version, advertising identifiers, unique application identifiers, unique device identifiers, browser types, languages, wireless or mobile network information, etc. These metrics could be used to: personalize services and communications; determine which users should receive specialized communications based on how they use the product or service; create aggregate trend reports; determine the most effective advertising channels and messaging; and/or measure the audience for a certain communication.

  • (f) Personalization Interests: To enhance and personalize the “consumer experience” we offer our current and/or prospective users/customers in our products and services.

  • (g) Monitoring Interests: To identify recurring problems and/or analyze the patterns of behavior of users and/or customers, it is necessary for Amosa Group to monitor your performance/behavior on our Services.

  • (h) Direct Marketing Interests: For direct marketing purposes to occasionally update users on the Services, including occasional communications regarding updates to our activities, products, services, and/or events.

  • (i) Business-to-Business Marketing & Sales Interests: For marketing our products and services to other businesses, e.g., processing the information of a business contact in order to market our products and/or services to the affected data subject’s employer.

  • (j) Due Diligence Interests: For purposes of conducting due diligence. This could include, for example, monitoring official watch-lists, sanction lists and “do-not-do-business-with” lists published by governments and other official bodies globally. This could also include keyword searches of industry and reputable publications to determine if companies and individuals have been involved in or convicted of relevant offenses, such as fraud, bribery, and/or corruption.

  • (k) Fraud Detection & Prevention Interests: To help detect and prevent fraud, e.g., verifying that the registered address of the cardholder for a particular credit or debit card is the same as the cardholder’s normal place of residence or work.

  • (l) Updating Customer Details & Preferences: Processing your personal data is necessary to verify the accuracy of your user data and to create a better understanding of our past, present, and/or prospective users.

  • (m) Network & Information Security: For ensuring our network and information security, e.g., monitoring users’ access to our network for the purpose of preventing cyber-attacks, inappropriate use of data, corporate espionage, hacking, system breaches, etc. This could include preventing unauthorized access to electronic communications networks and malicious code distribution and stopping “denial of service” attacks and damage to computer and electronic communication systems.

  • (n) Business Continuity & Disaster Planning Interests: To allow for the backup and protection of your information (e.g., utilizing cloud-based services to archive/protect data) in order to ensure that such information is not improperly lost or modified. Such processing is also necessary to archive/protect data in accordance with legal, regulatory, organizational, and/or contractual obligations.

  • (o) Artificial Intelligence Interests: Amosa Group may process your data utilizing an algorithm that helps to streamline organizational processes, e.g., our customer service department putting in place an algorithm that helps to manage customer service requests by routing customer contacts to the most appropriate part of the organization.

  • (p) Compliance with Laws and Regulations: Amosa Group is subject to binding legal or regulatory obligations and needs to process your personal data in order to comply with such laws or regulations. Examples include: complying with reporting obligations; complying with screening obligations; responding to law enforcement requests; and/or responding to judicial/regulatory agency requests.

  • (q) Reporting Potential Threats to Public Security & Safety: Amosa Group has a legitimate interest in reporting possible criminal acts or threats to public security/safety that we identify as part of our processing activities to a competent authority.



5.1 If you access the Services from the Singapore, you are voluntarily transmitting your personal data to the EU  so that Amosa Group can conduct certain processing activities as identified in the Privacy Policy and/or in this Addendum. Your data will also be processed by certain third-party data processors located in Europe (including Amosa Group’s affiliated entities, business partners, and service providers).

5.2 Amosa Group shall ensure that any transfers made between itself and any data processors are made with appropriate safeguards in place to protect the information from unauthorized uses or disclosures to the extent reasonably possible.

5.3 For processors that process your personal data on Amosa Group’s behalf, and will then transfer data to Singapore or another jurisdiction that is not deemed to have adequate safeguards, Amosa Group shall ensure that appropriate safeguards (e.g., “Standard Contractual Clauses“), are in place between the Amosa Group and the processor. Standard Contractual Clauses are a set of standard data protection clauses approved by the European Commission (“EC“) as an appropriate safeguard for protecting personal data when personal data are transferred internationally. The applicable Standard Contractual Clauses may be found at

bottom of page