Skip to content

Privacy

1. Introduction

We at CardUp Pte Ltd respect the privacy and confidentiality of personal data in our possession or under our control. We have implemented policies and practices to safeguard the collection, use, disclosure, storage and other processing of personal data provided to us.


If you are interested in applying for a job with us or if you are our employee, sections 2 to 4 and section 6 of this Privacy Policy do not apply to you; see section 11 instead.

2. Collecting personal data about you

If you use the CardUp service available through our website at https://cardup.co we collect the following personal data about you when you enter it through forms on the website.


2.1 Registering to use the CardUp service
If you decide to register with us so that you can use the CardUp service, whether for personal purposes or business purposes, we collect from you the email address and password you want to use for that purpose.


2.2 Nominating a payment method to use the CardUp service
To enable you to use the CardUp service, we ask you to provide a payment method or methods to us. By going to https://cardup.co and logging into your account you can:

  • provide a payment method(s) to us at any time before scheduling a payment you want us to make using that payment method and
  • delete a payment method or methods at any time

When you choose to provide one or more payment methods, we ask you for the name on the card(s), card number(s), expiry date(s), CVV2(s) and billing address(es). Please note, that CardUp does not access or store the full credit card number but it is passed to our fully PCI (Payment Card Industry Data Security Standard) compliant payment processor.


2.3 Personal use of the CardUp service
If you want to use the CardUp service for your own personal purposes, we ask you to provide us with the following personal data before you schedule your first payment:

  • your mobile number to enable us:
    1. to send you a ‘one-time-password’ (OTP) so that we can verify your mobile number and
    2. to contact you in connection with a payment if we have any queries or otherwise need to clarify a detail in connection with that payment and
  • your first and last name and NRIC number to:
    1. facilitate identifying you if the recipient of a payment contacts us about that payment – for example, so the recipient can be sure to match the payment with your account with, or obligation to, the recipient if the reference provided with the payment is insufficient and
    2. ensure that when you make a payment using the CardUp service we may be able to positively identify you as both the individual who registered with us to use the CardUp service and the individual who is obliged to make such payment and

if you want to be able to use the CardUp service to make a payment for your spouse and/or any children under the age of 18, evidence of that relationship

We may also ask you to provide other information that is required to process the payment and to fulfil any Know-Your-Customer (KYC) or Anti-Money Laundering (AML) regulatory requirements or standards set by our payment partners.


2.4 Personal use of the CardUp service – your ‘About Me’ profile
In addition to providing the personal data that we need before you schedule your first payment, you may voluntarily (at any time) complete an ‘About Me’ page with your:

  • nationality
  • whether you are a home owner and since when
  • whether you have signed a lease for where you live and when it will end
  • the number of bedrooms in the place where you live, the property type
  • whether you live with your family, with flatmates or alone and
  • your occupation

If you choose to provide such personal data, we may use it to build a profile of you for marketing purposes – for example, so that we can make offers to you that we think will be of interest to you. We will not disclose either that profile or any of the personal data described in this section 2.4 to anyone.

 

2.5 Business use of the CardUp service
If you use the CardUp service for business purposes, we ask you to provide us with the following personal data before you schedule your first payment:

  • your mobile number to enable us to send you an OTP so that we can verify it and
  • first and last name, your job title, office phone number, email address and business name

for the purpose of:

  • contacting the company / business if and when we consider it prudent to do so to confirm that you are an employee of the company / business with the authority to give instructions to us to make payments using the CardUp service for the business / company and
  • so we can contact you when you use the CardUp service to make a payment for the company / business and we have any queries or otherwise need to clarify a detail in connection with that payment

If the business authorises another employee or other employees to use the CardUp service for its payments we collect their first and last name, job title, office phone number and business name too. You (or another authorised user of the CardUp account of the company / business) can add the additional person or people to “My Account“ for the company / business on our website at https://cardup.co. In doing so, you (or, as the case requires, the other authorised user) confirm that you have their permission to do so.

We may also ask you to provide other information on the business that is required to process the payment and to fulfil any Know-Your-Customer (KYC) or Anti-Money Laundering (AML) regulatory requirements or standards set by our payment partners. Additional documents and information we may require are the Accounting and Corporate Regulatory Authority (ACRA) statement, passport copies of major shareholder in the companies, additional information on the nature of the business, and transaction sizes. We may also require similar information on the recipient of the payment.

 

2.6 If you receive a payment through the CardUp service
A personal user or a business user of the CardUp service may decide to use that service to make a payment to you. If so, we collect from such user the information we need in order to be able to make the payment to you. This includes:

  • your name
  • your bank account details, including the name of your bank, your account number and the name(s) of the account holder and
  • depending on the nature of the payment, we may collect documents to verify the proposed transaction and those documents may include additional personal data (for example, if you are a user’s landlord we collect a copy of the relevant tenancy agreement or stamp duty certificate and it may contain additional information about you, such as your address and contact details)

We may collect additional information to verify your identity – for example:

  • if you are registered with the ACRA, a copy of your profile as provided by ACRA and/or
  • if it appears to us that you will receive the payment in your personal capacity, your mobile phone number in the instance the funds are being settled to your account via mobile payment methods

 

 

3. How we use and disclose personal data about you

In general, we use your personal data to process your payments and to complete any payment-related services to you, to comply with any regulatory and legal obligations, as well as to provide more customized marketing and advertising based on what we think might be most suitable to your interests.


3.1 Payment transactions made by you
If you use the CardUp service we, our remittance partner, or in the case of details of your payment method, our third party payment processor, will on our behalf use the following personal data to make payments in accordance with your instructions:

  • your name
  • the details of your payment method that you have asked us to use for the transaction
  • the personal data and other information that you voluntarily provide to us by entering it on our website at https://cardup.co when you schedule a payment using the CardUp service
  • your recipient information such as name, address and bank account information, in order to process your payment and conduct compliance and verification checks. By providing us with such information, you warrant that you have obtained the consent of the relevant Recipient or third party to the provision of their personal data to CardUp, and to CardUp collecting, using and storing such personal data for the purpose of processing Payments and conducting compliance or verification checks

and, consequently, we, our remittance partner, or our third party payment processor on our behalf disclose

  • your name and details sufficient to identify the transaction to our bank, the payee’s bank and the payee and
  • if requested by the payee in order to reconcile the payment (for example, where the reference number is insufficient), additional details such as your NRIC number

 

3.2 Payments received by you
If you receive payments through the CardUp service we use the following personal data to send the payment to you:

  • your name
  • your bank account details and
  • any other personal data and information that the user of the CardUp service provides to us for the purpose of us sending the payment to you

and disclose it to our third party payment processor or our bank

 

3.3 When you decide to take advantage of one of our promotions
From time to time, we offer various promotions to users of the CardUp service. For example, a partner of CardUp for the purpose of a promotion may offer a bonus, discount or other reward to individuals that decide to take advantage of the promotion.
If you decide to do so, we may disclose to the relevant partner of CardUp:

  • your name and
  • if required by the relevant partner, so that it is able to identify you in its records, your NRIC number,

when you indicate that you will take advantage of the promotion by entering the relevant promotion code at the appropriate place on our website at https://cardup.co and clicking on ‘enter’ to provide your consent to provide such personal data to such partner


3.4 When we send useful tips and guides to you
If you use the CardUp service for either personal and/or business purposes, or have provided us your email address, you are opted in to our marketing communications, we use your name and email address to send you useful tips and guides about how to get the most out of your credit cards. You can opt out of receiving them at any time by updating your communication preference on any marketing email received.

 


4. Obtaining consent to collecting, using and disclosing personal data about you

4.1 Personal data about users of the CardUp service

If you decide to register with us so that you can use the CardUp service we tell you as part of the first registration step that by registering you agree to this Privacy Policy. It notifies you of the purposes for which we collect, use and disclose personal data about you. When you subsequently provide personal data about yourself to us, we consider that you have given us express consent to collect, use and disclose it for the purposes set out in this Privacy Policy.

In any event, when you voluntarily provide personal data about yourself to us for a purpose and it is reasonable that you do so, we may rely on you being deemed to have consented to us collecting, using and disclosing that personal data for that purpose.


4.2 Personal data about recipients of payments through the CardUp service
If a user of the CardUp service wants to use it to make a payment to you, any personal data we have collected about you will have been provided to us by that user of the CardUp service.

When you voluntarily provide personal data about yourself (such as your bank account details) to an individual so that they can use it to make a payment to you, we may rely on you being deemed to have consented to:

  • the user disclosing such personal data as is reasonably necessary for the purpose of making that payment through a payment channel and
  • the operator of the payment channel chosen by the individual collecting, using and disclosing such personal data for that purpose and

consequently, we may rely on your being deemed to have consented to an individual who is a user (or potential user) of the CardUp service disclosing it to us for the purpose of the payment being made to you

 


5. Withdrawing your consent to collecting, using or disclosing personal data about you

You may withdraw your consent to us collecting, using and disclosing personal data about you at any time. Please give us reasonable advance notice of your withdrawal of consent. We will notify you of the likely consequences of your withdrawal of consent. Your withdrawal of consent can take the form of an email to hello@cardup.co or letter to us. We may require you to verify your identity.


6. Accessing and correcting personal data about you

6.1 Users of the CardUp service
If you are a user of the CardUp service you are entitled to:

  • get access to the personal data that we hold about you – unless and except to the extent that you have deleted it from ‘My Account’ on https://cardup.co or you have closed your account with us, you can see this personal data by logging into that website and selecting ‘My account’ – and
  • get access to the personal data that we hold about you and that you have deleted from ‘My Account’ on https://cardup.co or get access to personal data after you have closed your account with us by sending us a request by email to hello@cardup.co or by sending a letter to us
  • get information about how we may have used and/or disclosed it within the previous year – you can see the transactions for which we have used and disclosed personal data by logging into our website and navigating to your dashboard but if you have closed your CardUp account and/or if you would like information about use and/or disclosure of your personal data in connection with promotions and/or for any other purpose, please send us a request by email to hello@cardup.co or by sending us a letter.

Where you send us a request by email or letter, we will require you to verify your identity before we disclose information to you.

You are also entitled to get us to correct an error or omission in the personal data we hold about you. The easiest way for you to make such a correction is by logging into our website and selecting ‘My Account’, where you can change any personal data except your email address. If you have closed your CardUp account, please send us a request by email to hello@cardup.co or by sending a letter to us. We will require you to verify your identity before we correct the error or omission.

If you change your email address you can set up a new account with us using the new email address and providing a payment method for the new account. Then, if you want to continue to have access to information about your past transactions, please call us and ask us to move the past transactions into your new account. We will require you to verify your identity before we do so.


6.2 Recipients of payments through the CardUp service
If you are the recipient or potential recipient of a payment made through the CardUp service you are entitled to get access to the personal data (if any) that we hold about you and information about how we may have used or disclosed it within a year before the date of your request. You may make a request for such access and information by sending us a request by email to hello@cardup.co or by sending a letter to us. We will respond to your request as soon as reasonably possible and, in any event, within 30 days after receiving your request. We may charge a fee for processing your request, but we will let you know the amount of the fee before you incur it.

You may also ask us to correct an error or omission in the personal data we hold about you. Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable.

When you make either an access request or a correction request we will require you to verify your identity.

 

7. Accuracy of personal data about you

We take reasonable precautions and make reasonable verification checks to ensure that the personal data we hold is accurate and complete.

From time to time, we may do a verification exercise for you to update us on any changes to the personal data we hold about you. If you are or intend to continue using CardUp on an ongoing basis, it is important that you update us if there are any changes in the personal data we hold about you.


8. Retention of personal data

You can delete the personal data we hold about you in ‘My Account’ on https://cardup.co at at any time. However, we will retain it in our records for our audit and verification purposes (for example, where there is any subsequent dispute about a payment made using the CardUp).

We will cease to retain such personal data and any documents (either paper or electronic) containing personal data as soon as it is reasonable to assume that the purpose for which we collected the personal data is no longer being served by retention of it and retention is no longer necessary for legal or business purposes.

We have a Document Retention Policy that spells out when we must cease to retain personal data and that requires documents and personal data to be destroyed (paper documents) or deleted (electronic documents and data stored in databases) securely.


9. Transfer of personal data outside of Singapore

We are a company with offices and customers in more than one country. Hence, personal data may be processed in other countries that we have business operations, and data is stored in the Cloud with providers that operate data centers outside of Singapore.

When transferring data outside of Singapore we only do so to:

  • disclose certain personal data to organisations outside of Singapore that we have engaged, to process it on our behalf in order for us to provide the CardUp service to you and with whom we enter into strict contractual obligations, including confidentiality obligations and (where applicable) verify, that they are in compliance with the European Union’s strict General Data Protection Regulation (GDPR).
  • enable our employees, who are under strict confidentiality obligations, to access personal data from around the world when they are travelling and/or if they are located in a country outside Singapore in which we have operations,


10. Cookies, other tracking, etc.

When you visit our website at https://cardup.co, we collect certain transaction information automatically, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons.

For example, when you visit our website, we place cookies on your computer. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customised experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available.

We collect many different types of information from cookies and other technologies. For example, we may collect information from the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the IP address assigned to the device you use to connected while browsing our website. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to our website and the website you visit after you leave our site.

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to personal data. For example, we use information we collect about all website users to optimise our websites and to understand website traffic patterns.

In some cases, we do associate the information we collect using cookies and other technology with your personal data. This Privacy Policy applies to the information when we associate it with your personal data.


11. Job applicants and employees

11.1 Job applicants
If you apply for a job with us we will collect from you only the personal data you include in the curriculum vitae (CV) that you choose to send to us and, if we interview you, any personal data that you choose to provide to us during that interview. We will use such personal data only for the purpose of deciding whether or not to hire you.

We will rely on you being deemed to have consented to us collecting and using the personal data described above for such purpose. If your job application is unsuccessful, we will not retain such personal data on a ‘keep in view’ basis without obtaining your consent to do so.


11.2 Employees
If you accept an offer of employment with us, we will ask you to provide us with personal data in addition to the personal data referred to in section 11.1 to the extent that we need it for the purpose of managing and terminating the employment relationship between you and us.

We will use and disclose both the personal data referred to in section 11.1 and such additional personal data for the purpose of managing and terminating the employment relationship between you and us.


12. Contacting us

If you have any comments or questions about this Privacy Policy and/or about how we collect, use and disclose personal data please contact our data protection officer via the ‘Contact Us’ link on https://cardup.co or via hello@cardup.co.

Or, you may write to us at 1 Keong Saik Road, Singapore 089109.