For the purposes of the General Data Protection Regulation (“GDPR”), and other applicable data protection laws, we are the data controller. Our data protection officer can be contacted at firstname.lastname@example.org.
1. Information collected
1.1 Heros takes the privacy of your information very seriously. We are committed to protecting your personal information in accordance with the Personal Data Protection Act 2012 (“PDPA 2012”).
1.5 If you do not agree, please cease use of the Company Site and/or any other relevant website(s) and/or Company Services and/or any other service(s) and DO NOT provide any personal data to us.
2. Information collected
2.1 We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
2.3 Depending on the nature of your interaction with us, we may collect the following information from you:
2.3.1 personal information such as name, date of birth or other personal identification information;
2.3.2 personal information such as email address, billing address, postal address and telephone number;
2.3.3 payment information such as credit and debit card data (name of cardholder, card number, billing address, validity date, and CVV code), invoice information, bank account number, etc;
2.3.4 information on goods/services such as details about the goods/services that you purchase;
2.3.5 historical information on your purchase, payment and credit acceptance history;
2.3.6 information on the Company Site on the usage, page response times, download errors, entry and exit methods and delivery notices;
2.3.7 device information such as IP address, language settings, browser settings, time zone settings, operating system and platform and screen resolution; and
2.3.8 geographical information.
2.4 Although it is not compulsory to give us this information, if you do not then we may not be able to provide you with the full range of services the Company Services has to offer.
3. Protection of Minors
3.1 If you are under the age of 18 years, you are not eligible to use our Company Services or purchase any products online unless you have consent from a parent or a legal guardian.
3.2 heros does not solicit any personal information from minors, and we request that minors do not submit any personal information to us unless you have consent from a parent or a legal guardian. If you are under the age of 18 years, you may only surf or use the Company Services if you have obtained consent from your parents/legal guardian or if you are under the supervision of your parent or legal guardian.
4. Use of this information
4.1 If you are an EU or Swiss Resident, we are required to disclose the legal basis for processing your data under GDPR and the Swiss Data Protection Act. We are also required to disclose the purposes for processing your data under certain applicable laws, including PDPA 2012.
4.2 If you are based in Singapore, you consent to each of the purposes for processing your data as set out below.
4.3 We may collect and use your personal data for any or all of the following purposes:
4.3.1 verify and confirm your identity, personal and contact details;
4.3.2 administer your accounts with us and/or managing your relationship with us;
4.3.3 performing obligations in the course of or in connection with our provision of the goods and/or services requested by you
4.3.4 processing payment or credit transactions;
4.3.5 prevent misuse of Company Services;
4.3.6 monitor content integrity;
4.3.7 track fraudulent and/or other inappropriate contents or behaviour;
4.3.8 carry out risk analysis and risk management;
4.3.9 carry out customer and marketing analysis;
4.3.10 make general improvements to our Company Services;
4.3.11 comply with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
4.3.12 obtain your views or comments on the services we provide;
4.3.13 responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
4.3.14 send you information about our products and services;
4.3.15 any other purposes for which you have provided the information;
4.3.16 transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
4.3.17 any other incidental business purposes related to or in connection with the above; and
4.3.18 Send you information we think you might find useful or which you have requested from us, including information about our products and services or those of carefully selected third parties provided you have indicated that you are happy to be contacted for these purposes.
4.4 We also use your personal data in the manner as set out above as it is in our legitimate interest to be responsive to you, to provide customised services and marketing, to ensure the success of our business and to ensure the proper functioning of our products, services and organisation.
5. Sharing this information
5.1 We may transfer or share your information with selected third parties.
5.2 We may share with the athlete at which you made your purchase the personal data necessary for the athlete’s performance and administration of your subscription, including and not limited to disputes. The personal data shared with the athlete’s will be subject to the athlete’s privacy policies and practices.
5.3 We may disclose your personal data:
5.3.1 where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or
5.3.2 to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned purposes.
5.4 The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
5.5 We may also share your personal data may be shared with credit reference agencies and providers of identity lookups for the purposes of assessing your credit score upon applying for one of Company’s Services’ payment methods, and for confirming your identity and address information.
5.6 In addition, we may disclose personal information to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. We also reserve the right to share personal information as is necessary to prevent a threat to life, health or securtity of an indivisual or corporate entities. Further, we will disclose personal information, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
5.7 Certain services available by the Company Services are offered in conjunction with one of our collaborators (“Collaborators”).
5.8 The services include and are not limited to technology and consultancy services.
5.9 In order for those services to be provided we provide some necessary details about you to the Collaborators. We tell you about this at the point we collect that information on the Company Services. Please note that certain services may be unavailable if you do not want to disclose the personal information you are asked for.
5.10 We may disclose aggregate statistics about visitors and/or clients of the Company Services, customers and sales in order to describe our services to prospective partners, advertisers or sponsors and other reputable third parties for lawful purposes, but these statistics will contain no personally identifiable information.
5.11 We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected.
5.12 In addition, we may pass your information onto one of our carefully selected Collaborators or to other carefully selected third parties to enable them to send you information which may be of interest to you but only if you have given us permission to do so. You can tell us to stop this at any time by sending an email to email@example.com.
5.13 Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).
6. Information shared with Athletes
6.1 By subscribing, purchasing a membership or offering on heros that is offered by a athlete, or otherwise engaging with or becoming a fan of a athlete, you agree to share personal data with that athlete including:
6.1.1 your user name in your heros’ profile;
6.1.2 your email address;
6.1.3 your other heros’ profile information, including your avatar image;
6.1.4 all information about your subscription, including amount and start date but not your full payment card information; and
6.1.5 some aggregated data about how you use heros, including analytics like post views, video views, and video view duration.
6.2 We may solicit your participation in surveys related to particular athletes on heros. For example, when you subscribe and/or make a purchase on heros or when you cancel a subscription, you may be asked to optionally take a survey about that choice. If you choose to participate in that survey, then you agree that your responses, which, if specified, may include your personal data like full name and email address, will be shared with the associated athlete.
6.3 When you use heros to send a message to another user, including an athlete, the contents of that message will be shared with the recipients you select.
6.5 As part of offering and operating an athlete page and/or membership on heros, an athlete may use one or more third-party services. These third parties may, for example, host creations or help deliver benefits, including shipping packages to fans. Accordingly, athletes may share fan’s personal data with such third-party services and/or enable fans to elect to share personal data with such third-party services in order to receive offerings or membership benefits or otherwise participate in a membership or related event. You should review the privacy policies of these third-party services in order to understand how they collect, use, and share personal data.
7. Deemed Consent by Notification
7.1 We may collect or use your personal data, or disclose existing personal data for secondary purposes that differ from the primary purpose which it had originally collected for pursuant to clauses 2 and 4. If heros intends to rely on deemed consent by notification for such secondary purposes, heros will notify you of the proposed collection, use or disclosure of your personal data through appropriate mode(s) of communication.
7.2 Before relying on deemed consent by notification, heros will assess and determine that the collection, use and disclosure of the personal data will not likely have an adverse effect on you.
7.3 You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your personal data for such purposes.
7.4 After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your personal data in relation to those purposes.
8. Reliance on the Legitimate Interest Exception
8.1 In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of heros or another person. In relying on the legitimate interests exception of the PDPA, heros will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
8.2 In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
8.2.1 Fraud detection and prevention;
8.2.2 Detection and prevention of misuse of services;
8.2.3 Network analysis to prevent fraud and financial crime, and perform credit analysis; and
8.2.4 Collection and use of personal data on company-issued devices to prevent data loss.
8.3 The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
9. Withdrawing your consent
9.1 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
9.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
9.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 4 above.
9.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
10. Information automatically collected from your computer
10.1 Log files/IP addresses: When you visit and/or use the Company Site, our web server automatically records your IP address. This IP address is not linked to any of your personal information. We use IP addresses to help us administer the Company Site and to collect demographic information for aggregation purposes.
10.2 We may also gather other information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.
11.1.1 Necessary session management
managing your login session. This means, for example, that you can move easily from one page to another within the Company Site and your page requests are loaded in a smooth and secure manner without having to re-enter your details on each page;
collecting statistical information about how you use the Company Site so that we can improve the Company Site:
remembering that you have used the Company Site before; this means we can identify the number of unique visitors we receive to different parts of the Company Site:
storing your preferences and selections;
customising elements of the layout and/or content of the pages of the Company Site for you:
enabling our advertising partners and/or Collaborators to gather information about the pages that you visit on the Company Site and other websites you visit, so as to place you in an “interest category”. This information is used to serve advertisements on the Company Site which it is believed will be relevant to your interests.
11.2 Many browsers will automatically accept cookies but you can amend your browser settings to prevent that or to notify you each time a cookie is set.
12. Information about other products and services
12.1 From time to time we may send you information about our other services and products that we think may be of interest to you. You can tell us to stop this at any time by sending an email to firstname.lastname@example.org.
12.2 Also, as mentioned above, we may pass your information onto one of our Collaborators or to other selected third parties to enable them to send you information which may be of interest to you but only if you have given us permission to do so. You can tell us to stop this at any time by sending an email to email@example.com.
13. Access to and Correction of Personal Data
We aim to keep our information about you as accurate as possible. If you would like to review or change the details you have supplied us with, you may do so at any time by contacting us as set out below.
13.1 You can access most of the information we hold about you by contacting us formally through the contact details indicated below. We will require a formal written request from you to our Data Privacy Officer (details below).
13.2 If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
13.3 We may charge an access fee to cover the reasonable cost of retrieving the information and supplying it to you. If so, we will inform you of the fee before processing your request.
13.4 We will respond to your request as soon as reasonably possible. In general, our response will be within twenty (20) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request.
13.5 Access to information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or the request for access is frivolous or vexatious.
13.6 If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so as required by applicable laws (except where we are not required to do so under the PDPA).
14. Protection of Personal Data
14.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures which may include minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one time password(otp) to secure access, and security review and testing performed regularly.
14.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
15. Accuracy of Personal Data
15.1 We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
16. Retention of Personal Data
16.1 We will retain information for as long as it is necessary to fulfil the purposes for which it was collected, the legal or business purposes of heros, or until you request for us to delete the information, or as required by relevant laws.
16.2 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
17. Rights of Users who reside in the EU, UK and Switzerland
17.1 If you are a resident in the EU, UK or Switzerland, you may have certain rights in relation to the personal information we hold about you.
17.2 If you are a resident in the EU, UK or Switzerland, you may have certain rights in relation to the personal information we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights.
17.3 These rights include:
17.3.1 The right of access.
17.3.2 The right of data portability.
17.3.3 The right of rectification.
17.3.4 The right of erasure.
17.3.5 The right to restrict processing.
17.3.6 The right to object.
17.4 Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We will respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances).
17.5 In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable) or to process your request.
17.6 All data privacy requests should be sent to firstname.lastname@example.org. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.
In the event that you wish to make a complaint about how we process your personal information, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to lodge a claim with your data protection authority.
17.8.1 You have the right to know whether we process personal information about you, and if we do, to access personal information we hold about you and certain information about how we use it and who we share it with.
17.8.2 If you require more than one copy of the personal information we hold about you, we may charge an administration fee.
17.8.3 We may not provide you with certain personal information if providing it would interfere with another’s rights (e.g. where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.
17.9.1 You have the right to receive a subset of the personal information we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party.
17.9.2 The relevant subset of personal information is data that you provide us with your consent: How we use your personal information or for the purposes of performing our contract with you
17.9.3 If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or its processing once received by the third party. We also may not provide you with certain personal information if providing it would interfere with another’s rights (e.g. where providing the personal information we hold about you would reveal information about another person).
17.10.1 You have the right to correct any personal information held about you that is inaccurate. Please note that whilst we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
17.10.2 In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable) or to process your request.
17.10.3 requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.
17.10.4 For registered users, you may correct any personal information by logging into your account.
17.11.1 You may request that we erase the personal information we hold about you in the following circumstances:
22.214.171.124 you believe that it is no longer necessary for us to hold the personal information we hold about you;
126.96.36.199 we are processing the personal information we hold about you on the basis of your consent and you wish to withdraw your consent and there is no other ground under which we can process the personal information;
188.8.131.52 we are processing the personal information we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Personal information;
184.108.40.206 you no longer wish us to use the personal information we hold about you in order to send you promotions, special offers and marketing; or
220.127.116.11 you believe the personal information we hold about you is being unlawfully processed by us.
17.11.2 Also note that you may exercise your right to restrict our processing of the personal information whilst we consider your request as described below.
17.11.3 Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the personal information if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the personal information, we may not be able to provide the same level of services to you as we will not be aware of your preferences.
17.11.4 Where you have requested that we erase personal information that we have made public and there are grounds for erasure, we will use reasonable steps to tell others that are displaying the personal information or providing links to the personal information to erase the personal information too.
17.11.5 In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable) or to process your request.
17.11.6 All data privacy requests should be sent to email@example.com. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.
17.11.7 For registered users, you may correct any personal information by logging into your account.
17.12 Restriction of Processing to Storage Only
17.12.1 You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
17.12.2 You may request we stop processing and just store the personal information we hold about you where:
18.104.22.168 you believe the personal information is not accurate, for the period it takes for us to verify whether the personal information is accurate;
22.214.171.124 we wish to erase the personal information for compliance with applicable laws but you want us to just store it instead;
126.96.36.199 we wish to erase the personal information as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
188.8.131.52 you have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information whilst we determine whether there is an overriding interest in us retaining such personal information.
17.13.1 At any time you have the right to object to our processing of personal information about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the personal information for that purpose.
17.13.2 You also have the right to object to our processing of personal information about you and we will consider your request in other circumstances as detailed below.
17.13.3 In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity (including A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable) or to process your request.
17.13.4 All data privacy requests should be sent to firstname.lastname@example.org. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.
17.13.5 You may object where we are processing the personal information we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.
17.13.6 Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the personal information whilst we make the assessment on an overriding interest by indicating this in your request.
18. Use of Reviews or forums
The Company Services may from time to time include reviews, forums, message boards, and/ or news groups on which you can post information. Any information that you post in these areas becomes public information and you should always be careful when deciding to disclose your personal details as part of that information.
19.1 We respect the confidentiality of your information and will make reasonable security arrangements to ensure that all information in our possession or control is kept in a safe and secure manner, and to prevent unauthorized access and use of your information.
19.2 If, however, you do not take reasonable care to ensure the continued confidentiality and accuracy of your information, we will not be liable for any consequential misuse and/or fraud.
20. Linking to third-party websites
20.1 We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Company Site and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
20.2 In addition, if you linked to the Company Site from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
21. Transfers of Personal Data outside of Singapore
21.2 If you are a EU or Swiss resident, where we transfer personal information outside of the EEA and Switzerland, this is done either on the basis that it is necessary for the performance of our obligations to you, or that the transfer is subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e the standard contractual clauses),pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate.
21.3 If you use our services while you are outside Singapore, your information may be transferred outside the Singapore in order to provide you with those services.
22. Resolving Concerns
22.1 If you believe that the privacy of your information has been compromised, please contact us and we will take the relevant steps to address your concerns.
23. Contact us
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by sending an email to our Data Privacy Officer at email@example.com or write to our Data Privacy Officer at 68 Circular Road #02-01 Singapore 049422.
24. Data Protection Officer
24.1 You may contact our Data Protection Officer if you wish to make any request by sending an email to our Data Privacy Officer at firstname.lastname@example.org or write to our Data Privacy Officer at 68 Circular Road #02-01 Singapore 049422.
25. Governing Law
26.1 This Policy Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
26.4 You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
Effective date: 06/03/2023
Last updated: 06/03/2023