World-leading provider of corporate information available in Singapore
FAQs Login Sign Up

CRIF BizInsights

PRIVACY POLICY

LAST UPDATED: 2026-03-30

This Data Protection Notice ("Notice") sets out the basis which CRIF BizInsights Pte. Ltd. ("we", "us", or "our") may collect, use, disclose or otherwise process personal data of our customers, Visitors and 3rd Parties in accordance with the Personal Data Protection Act ("PDPA"). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

CRIF BizInsights Pte. Ltd. takes your privacy seriously and is committed to the responsible management and protection of personal data. This Privacy Policy outlines how we collect, use, disclose, and manage personal data. That’s why we encourage reading our Privacy Policy.

Use of Website and Services

By accessing or using the web pages on which this Notice is posted (the "Websites"), including any features or services such as technical support or communication via contact forms (together, the "Services"), you acknowledge that you have read and understood this Notice.

Where you continue to browse our Websites, you acknowledge that certain personal data (such as IP address, device information, or cookies) may be collected and used for purposes such as website operation, security, and analytics, as described in this Notice.

Where you voluntarily provide personal data to us (e.g. through contact forms or communications), you consent to the collection, use and disclosure of your personal data for the purposes described in this Notice, unless consent is not required or is otherwise permitted under applicable law, including the PDPA.

Account Registration and Express Consent

By creating an account or otherwise using our Services, you acknowledge that you have read and understood this Notice. Where you provide personal data to us in connection with account registration or use of our Services, you consent to the collection, use and disclosure of such personal data for the purposes described in this Notice, unless consent is not required or is otherwise permitted under applicable law.

If you do not agree with this Notice, please refrain from creating an account or using the Services.

We take your privacy seriously and are committed to providing a safe online experience. We believe in being transparent about our practices, which is why we have provided this Privacy Policy to explain how we collect, use and disclose your information.

  1. COLLECTION OF INFORMATION

    We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your "authorised representative") after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

    When you interact with us through the Websites, we may collect Personal Data from you or from other sources. We collect personal data when you provide such information to us, such as when you submit a form to us, contact us with inquiries or provide feedback to us. By providing your personal data to us, whether or not through the Websites, you consent to our collection, use and disclosure of your Personal Data in accordance with this Privacy Policy.

    Personal Data may be information that you directly provide to us, such as personal information you provide when you use the Websites, or information that is passively or automatically collected from you, such as anonymous information collected from your browser or device. The Personal Data that we collect consists of amongst others, personal identifiers, commercial information, Internet / other electronic network activity information, geolocation data, professional or employment-related information, characteristics of protected classifications, and inferences drawn from this information. More specifically, the data we may collect includes, amongst others:
    • Identifiers, such as name, email address, address, phone number and other similar contact data.
    • User credentials, such as username, password to create an account and authenticate users of our Websites.
    • Billing information and address.
    • Device data, such as type of device, operating system and other software installed on the device, device settings, IP address, device identifiers and error reports.
    • Internet or other electronic network activity information, such as the programs and features you access, content you engage with, and the timing, frequency and duration of your interactions through the Services.
    • Location data, such as IP addresses received from your device.
    • Commercial information, such as products or services purchased, obtained or considered or other purchasing or consuming histories or tendencies.
    • Information about your interests and preferences, including inferences drawn from your activity or other data.

    • Communications, such as from the communications you send to us, service requests / inquiries, product reviews and other feedback regarding the services or products received from this Websites.

    If you are providing personal data to us for and on behalf of another individual, you represent and warrant that you have obtained the necessary authority and consent to disclose such personal data to us for the relevant purposes, and that such information is true, complete and accurate.

    Consent and Choice

    Where required under the Personal Data Protection Act 2012 ("PDPA"), we will obtain your consent before collecting, using or disclosing your personal data.

    Consent may be obtained through written, electronic, or other recorded means, including acknowledgement of this Notice.

    You may choose to:
    • provide or not provide your personal data for specific purposes;
    • consent or not consent to the collection, use and disclosure of your personal data for specific purposes; and

    • withdraw your consent at any time in accordance with the procedure set out below.

    Please note that under the PDPA, we may collect, use or disclose personal data without consent where permitted or required by law, including for purposes reasonably necessary for our legitimate business operations or to comply with legal or regulatory requirements. In such cases, your personal data may continue to be processed notwithstanding any withdrawal of consent.

    Consequences of Not Providing Personal Data

    If you do not provide the personal data required for the purposes set out above, we may not be able to:
    • provide you with our products or services;
    • process your requests or transactions;
    • respond to your enquiries; or

    • comply with applicable legal or regulatory requirements.

    This may affect our ability to maintain our relationship with you or fulfil our obligations to you.

    The purposes listed above may continue to apply even in situations where your relationship with us has been terminated or altered, for a reasonable period thereafter, including where necessary to enforce our legal rights.

  2. USE OF INFORMATION

    We collect, use or disclose the Personal Data that we collect to operate our business, including providing, tailoring, and improving our Services and Platforms. Specifically:
    • To create and maintain accounts, as well as to process your registration for our Websites.
    • To fulfil any functions or transactions that you request.
    • To deliver location-based Services and comply with territorial restrictions.
    • To diagnose and fix problems with our products or services rendered from the Websites and providing other customer support services.
    • To enhance and personalise Customer experiences and better understand Customer preferences in respect to our Services and Platforms.
    • To send administrative notices, service updates, and marketing communications (where you have opted-in).
    • For analytical purposes to better understand our Customers and how they use and interact with our Services and Platforms.
    • To allow us to continuously develop, expand and improve our Websites.

    • To prevent fraud, troubleshoot technical issues, and comply with legal or regulatory requirements.

    Use for New Purposes

    Where we intend to use or disclose your personal data for a purpose that has not previously been notified to you, we will notify you of such new purpose and obtain your consent within 30 calendar days where required under the Personal Data Protection Act 2012 (PDPA), unless an exception under the PDPA applies.

    Collection, Use and Disclosure without Consent

    We will collect, use and disclose your personal data for purposes that have been notified to you and with your consent, where required under the Personal Data Protection Act 2012 (PDPA).

    In certain circumstances, we may collect, use or disclose your personal data without your consent where permitted or required under the PDPA or other applicable laws. Such circumstances may include, but are not limited to:
    • where the personal data is publicly available;
    • where the collection, use or disclosure is necessary for evaluative purposes (e.g. employment or service suitability assessments);
    • where it is necessary for any investigation or legal proceedings;
    • where it is necessary to respond to an emergency that threatens the life, health or safety of any individual;
    • where the collection, use or disclosure is required or authorised under written law;
    • where consent is deemed to have been given under the PDPA;

    • where other exceptions under the PDPA apply.

    Where applicable, we will ensure that such collection, use or disclosure is reasonable in the circumstances and consistent with the purposes permitted under the PDPA.

    We will not use or disclose your personal data for purposes other than those notified to you, except where permitted or required under the Personal Data Protection Act 2012 (PDPA).

  3. DISCLOSURE AND TRANSFER OF INFORMATION

    In general, CRIF BizInsights will not disclose any of your personal information except when we have your permission or under special circumstances, such as when we believe in good faith that the law requires it or under the circumstances described below. The following describes some of the ways that your information may be disclosed.

    Business Partners & Sponsors

    CRIF BizInsights may disclose your personal information to business partners or sponsors, but this is specifically described to you prior to data collection or prior to transferring the data. Details of shared use can be found in specific Terms of Service or Use Agreements, and lucky draws and promotions rules. Some or all data collected during an CRIF BizInsights promotion may be shared with a sponsor. If personally identifying data about you will be shared, we will tell you before we collect or transfer the data.

    Many promotions offer opportunities to request additional information from sponsors. By requesting more information, you give CRIF BizInsights permission to transfer your personal information to the sponsor so they can fulfill your request. In many instances, only your email address will be shared. If more information is shared with the sponsor, you will be notified prior to the transfer.

    If you make a purchase from a merchant in an CRIF BizInsights web site, the information obtained during your visit to those stores, and the information you give such as your contact information, are provided to the merchants. This is to enable transactions to take place.

    Merchants listed in CRIF BizInsights site have separate privacy and data collection practices. CRIF BizInsights has no responsibility or liability for these independent policies. For more information regarding the merchant, their store, and their privacy.

    Third Party Data & Data in the Aggregate

    Under confidentiality agreements, CRIF BizInsights may match user information with third party data. Also, CRIF BizInsights discloses aggregated user statistics (for example, 75% of our users are SMEs) in order to describe our services to current and prospective partners, advertisers, and other third parties, and for other lawful purposes.

    Other

    CRIF BizInsights may also disclose account information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating CRIF BizInsights' Terms of Service or may be causing injury to or interference with (either intentionally or unintentionally) CRIF BizInsights' rights or property, other CRIF BizInsights users, or anyone else that could be harmed by such activities. CRIF BizInsights may disclose or access account information when we believe in good faith that the law requires it and for administrative and other purposes that we deem necessary to maintain, service, and improve our products and services.

    We may disclose your personal data to our partners, service providers and affiliates ("Organisations") whom we have engaged to provide our services, to maintain this Site or to protect the security or integrity of this Site and our databases, or who provide us with operational and management support and services. We will use commercially reasonable efforts to ensure that such Organisations do not use your personal data for a purpose other than the purposes for which the personal data were originally given. Where your personal data is transferred to Organisations outside of Singapore, we will take reasonable steps to ensure that such Organisations will be legally bound to comply with the Act.

    We may also disclose and transfer your personal data to our parent, subsidiary or related companies (who may be located in or outside of Singapore) for the purposes of managing, operating, administering and conducting our business as a group.

    Cross-Border Transfers

    If personal data is transferred outside of Singapore, we ensure the receiving party provides a standard of protection comparable to the PDPA.

    In general, CRIF BizInsights does not sell or rent user information to anyone. We will notify you at the time of data collection or transfer if your data will be shared with a third party and you will always have the option of not permitting the transfer.

  4. SECURITY PRECAUTIONS

    Your CRIF BizInsights Account is password-protected so that you and only you have use of and access to the account and the personal information contained therein.

    Except as specifically permitted by this section, you may not disclose your password to any third parties nor share it with any third parties. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately contact us to change your password.

    Remember to sign out of your account and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place.

    As a global company, CRIF BizInsights has international sites and users all over the world. When you give CRIF BizInsights personal information, that information may be sent electronically to servers outside of the country where you originally entered the information. In addition, that information may be used, stored and processed outside of the country where you entered that information. Whenever CRIF BizInsights handles personal information as described above, regardless of where this occurs, CRIF BizInsights takes steps to ensure that your information is treated securely and in accordance with the relevant Terms of Service and this Privacy Policy.

    To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.

    Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, CRIF BizInsights cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we make our best effort to ensure its security on our systems.

  5. COOKIES

    As part of offering and providing customizable and personalized services, CRIF BizInsights may use cookies to store and sometimes track information about you. A cookie is a small amount of data that is sent to your browser from a web server and stored on your computer's hard drive. All sites on CRIF BizInsights where you are prompted to log-in may require that you accept cookies.

    Generally, we would use cookies to:
    • Remind us of who you are and to access your account information (stored on our computers) in order to deliver to you a better and more personalized service. Such cookie is usually set when you register or "Sign In" and is modified when you "Sign Out" of our services.
    • Estimate our audience size. Each browser accessing CRIF BizInsights web sites may be given a unique cookie which is then used to determine the extent of repeat usage, usage by a registered user versus by an unregistered user, and to help target advertisements based on user interests and behavior.
    • Assist merchants to track visits to and business at their stores, and to process the items in your shopping basket. This information collected by cookies is sometimes called "clickstream" or "click trail" and may also describe which pages you have seen in each merchant's store.
    • Track your progress and number of entries in some of our promotions, lucky draws and contests. When an CRIF BizInsights -hosted promotion uses cookies, the information written to the cookie indicates the player's progress through the promotion, and may be used to track entries, submissions, and status in prize drawings.

    • Measure certain traffic patterns, which areas of CRIF BizInsights' network of web sites you might have visited, and your visiting patterns in the aggregate. We would use this research to understand how our users' habits are similar or different from one another so that we can make each new experience on CRIF BizInsights a better one. We may use this information to better personalize the content, banners, and promotions that you and other users will see on our sites.

    Advertising networks that serve ads onto CRIF BizInsights web sites may also use their own cookies.

    CRIF BizInsights also collects IP addresses for system administration and to report aggregate information to our advertisers. In addition, CRIF BizInsights includes IP addresses in outgoing mail message headers.

  6. ACCESS, CORRECTION AND ACCOUNT MANAGEMENT

    You may request access to your personal data or request correction of any personal data that we hold about you, subject to applicable legal requirements.

    Where a correction request is received, we will:
    • Acknowledge receipt of request within five (5) business days
    • Verify your identity by checking identification document and the legitimacy of your request
    • Correct the personal data as soon as practicable, unless we are satisfied on reasonable grounds that the correction should not be made;
    • where appropriate, send the corrected personal data to other organizations to which the personal data was disclosed within one year before the correction was made, unless such organizations do not require the corrected data for any legal or business purpose;

    • inform you of the outcome of your request.

    If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

    We will try to respond to all requests within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

    If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

    Your account may be deleted or deactivated upon request. Please note that doing so may result in you no longer being able to access certain areas or services available to registered users.

    We may retain certain personal data in our records where required for legal or business purposes, in accordance with applicable laws and our data retention practices.

    We do not charge a fee for processing access or correction requests.

  7. WITHDRAWAL OF CONSENT

    You may withdraw your consent for the collection, use or disclosure of your personal data at any time by contacting us using the details provided below (Paragraph 12).

    Please note that upon withdrawal of consent, we will cease processing your personal data for the relevant purposes unless required or authorised under applicable laws. Depending on the nature of your request, we may no longer be able to provide certain services to you.

    Where a withdrawal request is received, we will:
    • Acknowledge receipt of request within five (5) business days
    • Verify your identity by checking identification document and the legitimacy of your request
    • Delete/Anonymize the personal data as soon as practicable, unless we are satisfied on reasonable grounds that the deletion/anonymization should not be made;
    • where appropriate, request the deletion of your personal data to other organizations to which the personal data was disclosed within one year before the correction was made, unless such organizations do not require the corrected data for any legal or business purpose;

    • inform you of the outcome of your request.

    The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

    We will try to respond to all requests within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with the withdrawal requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

    If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

    Please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.

  8. ACCURACY OF PERSONAL DATA

    We take reasonable steps to ensure that personal data we collect is accurate, complete and up to date, particularly where such data is likely to be used to make decisions affecting you or disclosed to other organizations.

    We rely on you to ensure your personal data is accurate and complete. Please update your profile information by sending an e-mail to our DPO at the contact details provided in paragraph 12 below or sending in a request via the Data Protection Request link located in the same section.

  9. RETENTION OF PERSONAL DATA

    We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

    We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.

    We retain personal data for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. We will delete or de-identify personal data when it is no longer needed to fulfil these purposes unless a longer retention period is required to comply with applicable laws.

    There may be technical or other operational reasons where we are unable to fully delete or de-identify your personal data. Where this is the case, we will take reasonable measures as required under applicable laws, which may include preventing further processing your personal data.

  10. GENERAL

    Please keep in mind that whenever you voluntarily disclose personal information online — for example on message boards, through email, or in chat areas — that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.

    Ultimately, you are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you're online.

  11. INCIDENT MANAGEMENT

    We will notify you without undue delay after becoming aware of a Personal Data Breach and provide you with sufficient information to meet any obligations required under Data Protection Laws. Upon your request, we will co-operate with you and take such reasonable steps to assist in the investigation, mitigation, and remediation of each Personal Data Breach. If and to the extent costs are incurred by us in respect to such Remediation Measures, you shall reimburse us in full for all costs (including for internal resources and any third-party costs / expenses) reasonably incurred by us if you had caused or contributed to the Personal Data Breach in question. In all other scenarios, reasonable costs for Remediation Measures shall be mutually agreed between us in advance. Such Remediation Measures shall: (i) start without undue delay, (ii) be completed within a reasonable period after becoming aware of a Personal Data Breach, and (iii) be carried out within the regular business hours of the local office where the Remediation Measures are required to be taken.

  12. DATA PROTECTION OFFICER

    We will collect, use or disclose personal data for reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under applicable laws.

    Please contact dpo.sg@crif.com if you:
    • have any enquiries or feedback on our data protection policies and procedures; or

    • need more information on or access to the data which you have provided to us in the past.

    Or use the following link to contact our DPO: Data Protection Request

    Enquiries and Complaints

    If you have any questions or complaints about our collection, use or disclosure of your personal data, you may contact our Data Protection Officer using the contact details provided above.

    We will respond to your enquiry or complaint as soon as reasonably possible. In general, we aim to respond within thirty (30) days of receiving your request.

    If we are unable to resolve your complaint or if you are dissatisfied with our response, we will inform you of the reasons (where appropriate). You may also refer your complaint to the Personal Data Protection Commission (PDPC) of Singapore.

  13. CHANGES TO THIS PRIVACY POLICY

    We may update this Privacy Policy from time to time. Any changes will be published on this page and, where appropriate, notified to you.

    Your continued use of our services constitutes your acknowledgement of the updated Privacy Policy.