MiChat Privacy Policy

At MICHAT PTE. LIMITED (UEN 201809553H) (“MiChat”, “our”, “we”, or “us”),  we respect your privacy. We are controller of your personal data, and we are committed to protecting and respecting your privacy.

By using our website and products or agreeing to this privacy policy, you are deemed to have given your consent for us to collect, use and/or disclose your personal data according to this privacy policy. Personal data refers to information relating to an identified or identifiable natural person and an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Therefore, if you do not agree to this privacy policy, please cease using our website and/or products immediately. In the event that you have disclosed your personal data to us, please exercise your right to withdraw your consent as detailed herein.

Certain products and/or services may have supplemental privacy polic(ies) applying to them. These policies do not replace this privacy policy in its entirety unless expressly provided for therein. However, if any terms therein conflict with the terms herein, those terms shall prevail to the extent of any inconsistency.

Unless expressly set out, please note that this policy does not apply to any personal data collected, used or disclosed by any third parties through you accessing their products or services via our products or services. Please review their privacy policies before you access their products or services. We shall not be liable for any misprocessing of your Personal Data by these third parties, and you shall not bring any or you shall waive all claims that you may have against us imposed by law.

This privacy policy also applies to those collected by affiliated companies of MiChat who do not have their own privacy policy or in respect of products and/or services provided by them which are not covered by any existing privacy policy.

The topics of this privacy policy are:
1. What data do we collect and use?
2. How do we collect your data?
3. How will we use your data?
4. How will we disclose your data?
5. How do we retain your data?
6. How do we protect your data?
7. Transferring your personal data abroad.
8. How do we ensure your data is accurate?
9. What are your data protection rights?
10. What and how do we use cookies?
11. How to manage your cookies?
12. Privacy policies of other websites or products or services.
13. Changes to our privacy policy.
14. Contacting the Data Protection Officer.
15. Policy towards minors.

1. What data do we collect?

1.1 We collect the following types of information about you:

a. account and profile information that you provide when you sign up and register for an account, such as your mobile phone number, so as to create a MiChat account, name, MiChat ID, gender, region, profile picture, hobbies and other information, as indicated on “My Profile” page of the MiChat application. Depending on our other products or services (if applicable), it could be other personal identification information such as your full name and email address, or user credentials of applicable Third Party Service Providers where we allow you to register for an account using these information (collectively, “Account Data”);

b. If you create an account or log in using the credentials of applicable social media or third party service providers (collectively, Third Party Service Providers), information that you had provided to the Third Party Service Providers and which are provided to us under the terms of their privacy policy and subject to your permission. This includes your first name, last name, social media / third party user ID, email address (optional), gender, location, your time zone, birthday and profile picture (collectively, “Third Party Log-in Data”). You can control the information that we receive from these Third Party Service Providers using the privacy and data settings in your social media account. In the case of Third Party Log-in Data disclosed to us from Google, you can request for their deletion by writing to us at “support@michat.sg”. But if any Third Party Log-in Data is incorporated and becomes part of your account profile data, you would need to log into your MiChat account and replace these data as we require these fields to be filled for continuous use of your MiChat account. In the case of Third Party Log-in Data disclosed to us from Apple and if you have chosen to anonymise your user data as part of Sign In with Apple, you hereby consent for us to link such anonymised data with information that identifies you. 

c. information about your access and use of our website, products and/or services, for example your browser & mobile device information (such as IP address, GPS location if activated on the mobile device that you are using, device unique identifiers, mobile or browser type, cookies (see Section 10 for further details) and similar data collection technologies, mobile network information, clickstream to, through, and from our website, crash reports, content you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods to browse away from the page, information you upload or contribute to the website, products and/or services as part of your access or use of our website, products and/or services (such as your picture, videos, comments and information on whom you communicate or share content), information about your social media or public forum accounts if you link, share or embed the website, products and/or services on their websites, if applicable (collectively, “Usage Data”).

d. installed application information on your device. Settings of communication, marketing and other preferences that you set or when you participate in any questionnaire or survey that we send you (collectively, “Preference Data”);

e. information you provide through contact, feedback, support or report channels, for example when you report an infringing account, report problem to us or interact with our support team, including any contact information such as email address, documentation or screenshots (collectively, “Support Data”);

f. your connections to the other people in your mobile contact book, including those not using our products or services. In the case of their contact numbers and email addresses, and only if you have authorised and instructed us to, we may notify them that you are using our products or services and you would like them to join you in using our products or services. By authorising and instructing us, you represent and warrant that you have the consent from your connections to disclose their contact details to us. If you do not have obtained the necessary consent, please do not authorise us to access your mobile address book (collectively, “Connection Data”).

g. As we are a communication application, we inevitable have to collect and process your communication content with other users. However, they are highly encrypted and protected. Also, we delete them after a much shorter period, unless local laws require otherwise. Generally, we do not discern personal information found in private chats between you and any other users, unless such information was submitted to us as part of Support Data, for example when the data subject is being reported for possible infringements.

h. Where you use our MiChat AI Chatbot (“AI Chatbot”), the content and data you provide are collected may be used by MiChat and/or Google. You will need to refer to Google’s policies should you require any further clarifications.

i. Purchase transaction information if you purchase any goods/services or subscriptions (collectively, “Transaction Information”). However, if you make the purchase through Apple Store or Google Play, you provide these payment service providers with sensitive financial information, such as debit or credit card number and related information. We do not collect this information from the third party payment platform.

1.2 Save for Transaction Information, which is subject to the below, we do not wish to collect sensitive data or special category data about you such as your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or sexual orientation. Please therefore do not provide them to us directly or indirectly, such as including this information as part of your Account Data. In the case of Transaction Information, we do not collect payment card details if you complete the transactions through Apple Store or Google Play.

2. How do we collect your data?

2.1 You directly provide us with most of the data we collect. We collect and process data when you:

1. register for an account and create a profile.
2. use our products and services.
3. set your mobile device settings to allow us permission to access the various Usage Data.
4. use or view our website via your browser’s cookies.
5. provide feedback to us via email or other contact means.

2.2 We may also receive information about you from other sources, including:

1. other users whom you have given your personal information to or may be communicating with privately;
2. our group companies that provide marketing services.
3. social media or third party service providers whose log in credentials are used by you to create an account with us or to log into your account; 
4. third party payment service providers whose accounts are used by you to make purchases from us.

3. How will we use your data?

3.1 We will use your personal data for the following purposes:

a. providing our products and services, such as our MiChat mobile application, customer support and etc, for your use or otherwise to perform obligations in the course of or in connection with our provision of the aforesaid and operation of our website. This includes making content recommendations to you as decided by algorithms based on your activities on the application and personal data provided to us. Content recommendations include other users to add, videos and etc. This also includes completing any payment transactions initiated by you.

b. verifying your identity, such as through sending you a verifying mobile message (as the case maybe).

c. improving and protecting the service, safety and security of our website, products and services, including developing new product features and understanding the effectiveness of advertising on or through our website, products or services;

d. responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;

e. managing your relationship with us, including notifying you about any changes to our website, products and/or services, terms and conditions or to generally communicate with you;

f. sending you marketing information about our website, goods or services including notifying you of our, if any, marketing events, initiatives and promotions, lucky draws, membership and rewards schemes;

g. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority, local or foreign;

h. any other purposes for which you have provided the information;

i. any other incidental business purposes related to or in connection with the above.

3.2 The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

4. How will we disclose your data?

4.1 To fulfil the purposes under Section 3, as the case maybe, we will disclose your personal data to any member or affiliate of our group, which includes our subsidiaries, our ultimate holding company and its subsidiaries, and companies that we control, are controlled or under common control, any unaffiliated third parties including our third party service providers, agents and other organisations whom we have engaged, and to relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for example when we respond to claims, legal processes, law enforcement, or national security requests.

4.2 If needed, we share information with third parties that help us operate, provide, support, improve, and market our products and services, for example third-party service providers who provide website and application development, data storage and backup, infrastructure, customer support, business analytics, payment service providers and other services.

4.3 Third-party service providers have access to your personal data only for the purpose of performing their services and in compliance with applicable laws and regulations. We require these third-party service providers that are data intermediaries to maintain confidentiality and security of all personal data that they process on our behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity and availability of your personal data.

4.4 We take reasonable steps to confirm that all third-party service providers that we engage process personal data in the manner that provides at least the same level of protection as is provided under this policy. Where any third-party provider is unable to satisfy our requirements, we will require them to notify us immediately and we will take reasonable steps to prevent or stop non-compliant processing.

4.5 As much as possible, we will share personal data on aggregated or de-identified basis with third-party service providers, especially if it is only for research and analysis, profiling, and similar purposes to help us improve our products and services.

4.6 If on your own volition, you use any third-party software or service in connection with our products or services, for example any third-party software that our website, products or services integrate with, you might be giving the third-party service provider access to your account and information. Policies and procedures of third-party service providers are not controlled by us, and this policy does not cover how your information is collected, used or disclosed by these third-party service providers. We encourage you to review the privacy policies of third-party service providers before you use third-party software or services.

4.7 Our website, products or services may contain links to third-party websites or products over which we have no control. If you follow a link to any of these websites or products or submit information to them, your personal data will be governed by their policies. We strongly encourage you to review the privacy policies of third-party websites before you submit information to them.

4.8 If we buy or are acquired by a third party as a result of a merger, acquisition or business transfer or we buy or sell any business or asset, your personal data may be disclosed and/or transferred to a third party in connection with such transaction.

4.9 We will also share your personal data to our business partners so that we or they can select and offer or advertise to you special offers via our website, products or services. We will not however share your contact details with our business partners so that they will not contact you outside of our products directly to market their products or services.

4.10 We utilise Ironsource as one of our third party service providers. You may refer to their privacy policy at https://www.is.com/privacy-policy/.

5. How do we retain your data?

5.1 We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

5.2 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes. We endeavour to periodically review the basis and appropriateness of our data retention policy.

6. How do we protect your data?

6.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we endeavour to implement appropriate administrative, physical and technical measures such as:

a. up-to-date antivirus protection;
b. encryption such as TLS/SSL technology;
c. privacy filters;
d. restriction of access to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality and the obligation to protect your personal data to a standard no less than that under Singapore law;
e. logging and auditing systems; and
f. reviewing our information collection, storage, and processing practices regularly;

6.2 We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6.3 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. We therefore shall not be liable to you for any loss or damage, direct consequential or otherwise, that you may suffer related to the aforesaid.

7. Transferring your personal data abroad

7.1 We use data hosting service providers based in Singapore to host the information we collect. Depending on where you use our website, products or services, we therefore transfer your personal data from your location to Singapore. As personal data are entered by you, they are deemed to be verified for the purposes of transferring to foreign country.

7.2 Where we are sharing personal data to other parties under Section 4, we may need to transfer personal data to where they are located, such as the People’s Republic of China, for data processing. Some of these locations may not have the privacy and data protection laws that are comparable to Singapore. In such a scenario, we will make use of written contractual clauses in the case of unrelated parties, corporate rules, and other appropriate mechanisms to safeguard and protect the information being transferred to a standard that is at least comparable to that provided under Singapore’s laws. By using our website, products or services, you are agreeing to such a transfer to these other countries so that we may fulfil the relevant purposes.

8. How do we ensure your data is accurate?

8.1 We rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided in this policy.

9. What are your data protection rights?

9.1 As part of respecting your privacy, we would like to make sure you are fully aware of all of your data protection rights.

9.2 The right to access- You have the right to request for copies of your personal data.

9.3 The right to correction- You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.

9.4 The right to withdraw your consent-

a. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above.

b. Upon receipt of your written request to withdraw your consent, we may notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.

c. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. An example of this would be the deletion (deactivation) of your account altogether.

d. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

e. If you wish to delete your Third Party Log-in Data, you can do so through the data settings in your Third Party Service Provider account. In the case of Third Party Log-in Data disclosed to us from Google, you can request for their deletion by writing to us at “support@michat.sg”. But if any Third Party Log-in Data is incorporated and becomes part of your account profile data, you would need to log into your MiChat account and replace these data as we require these fields to be filled for continuous use of your MiChat account. 

f. If you wish to delete your account altogether, you may do so from the Account and Security page within your Settings page.

9.5 The right to be notified if a notifiable data breach has occurred- Unless directed otherwise by the authorities, you have the right to be notified of a notifiable data breach if it is likely to result in significant harm to you.

9.6 If you wish to exercise any of your rights above, you may submit your request in writing via email to our Data Protection Officer at the contact details provided in this policy. Kindly be clear in the nature and scope of the rights that you are exercising. We will only act on legitimate requests raised in accordance with this policy.

9.7 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request. We will respond to your request as soon as reasonably possible.

9.8 If we are unable to respond to your request within thirty (30) days after receiving your request (especially, if your request or the impact thereof is particularly complex or if you have made a number of requests), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request.

9.9 If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under applicable law).

9.10 If we become aware that your personal data has been compromised and is, or likely to result in significant harm to you, we will notify you so that possible steps to protect yourself from further potential harm can be taken.

10. What and how do we use cookies?

10.1 Cookies are small text files that are placed on your device by a web server when you access our website. We use cookies to improve your experience on our website by identify your access and monitor usage and web traffic on our website to customise and improve our products and services. For further information, visit allaboutcookies.org.

10.2 We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our website or a partner website that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).

10.3 We may use the following types of cookies:

a. Strictly necessary cookies – these are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

b. Analytical/performance cookies – these allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are easily finding what they are looking for.

c. Targeting cookies – these cookies record your visit to our website, the pages you have visited, and the links you have followed. We sometimes share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

11. How to manage your cookies.

11.1 You can block cookies by activating the setting on your browser that allows you to refuse the use of all or some cookies. However, if you do so, you may not be able to access all or parts of our website.

12. Privacy policies of other websites, products or services

12.1 As mentioned earlier, our website and products contain links to other websites or products over which we absolutely have no control. This privacy policy applies only to our website, products or services and those as described by this policy, so if you click on a link to excluded website, products or services, you should read their privacy policy.

13. Changes to our privacy policy

13.1 We may amend this policy from time to time by posting the updated policy on our website and without prior notice to you (unless local regulations require notice to be given to you). You may determine if any such revision has taken place by referring to the date at the start of this document on which this policy was last updated. Your continued use of our website, products or services constitutes your acknowledgement and acceptance of such changes.

14. Contacting the Data Protection Officer

14.1 You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Via email, stating clearly the nature of the email in the subject header.

Data Protection Officer
data.protection.officer@michat.sg
We will endeavour to reply to you as soon as we can.

15. Policy towards minors
15.1 Our products and services are not directed to individuals under 21, though we allow user above 13 but under 21 to use them subject to conditions. In all cases, we do not knowingly collect personal data from individuals under 21 without consent of the individual’s parent or legal guardian. If we become aware that an individual under 21 has provided us with personal data without consent of their parent or legal guardian, we will take steps to delete such information. Please contact our Data Protection Officer if you believe or are aware that we have mistakenly or unintentionally collected information from an individual under 21 without the consent of their parent or individual.