This Privacy Policy explains how Voya Global Pte Ltd handles your personal data in accordance with the Personal Data Protection Act 2012 (Singapore) (the PDPA). It sets out the categories of personal data we may collect about you, the purposes for which we use it, the steps we take to protect it, and your rights in relation to the personal data we hold.
01
About this Policy
Voya Global Pte Ltd (UEN 202620509W) is a private limited company incorporated in the Republic of Singapore, with its registered office at 8 Temasek Boulevard, #17-02A Suntec Tower Three, Singapore 038988 (Voya, we, us, our). For the purposes of the PDPA, Voya is the organisation that determines how your personal data is collected, used and disclosed in connection with our services.
This Policy applies to personal data we collect through:
- the Voya mobile applications (iOS and Android) and any related software;
- the Voya website at voya.global (the Site);
- our marketing channels, email communications and social accounts; and
- any other interaction you have with us, including when you apply to join Voya as a creator or brand partner.
By providing personal data to Voya, or by using our services, you consent to the handling of your personal data as described in this Policy.
02
What we mean by "personal data"
"Personal data" has the meaning given in the PDPA — broadly, data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
03
The personal data we collect
The categories of personal data we collect depend on how you interact with Voya.
Creators
If you apply to join, or use, Voya as a creator, we may collect:
- your name, date of birth, gender, nationality and country of residence;
- your email address, phone number and, where relevant, postal address;
- social media handles, follower counts, audience demographics, content samples and engagement metrics;
- your declared travel intent — including planned destinations, dates and trip purpose;
- identity verification material (for example, a government-issued photo ID and a selfie) where required to confirm you are who you say you are;
- payment or remittance details where a campaign involves a paid component;
- information about your collaborations and performance on the platform; and
- any other information you choose to provide in your profile, applications or messages.
Brand partners
If you represent a hospitality, travel or lifestyle brand engaging with Voya, we may collect:
- your name, position, work email, work phone number and the name of your organisation;
- billing details and tax information necessary to invoice and pay for the service;
- campaign briefs, property information, offer details, target audiences and creative assets you upload;
- messages and decisions exchanged with creators through the platform; and
- information about your use of the brand dashboard.
Website visitors and prospective users
When you visit our Site, subscribe to our newsletter, fill out a contact or waitlist form, or interact with our marketing, we may collect:
- your name and email address;
- information about your interest in Voya (for example, whether you are a creator or brand);
- device, browser and IP information, pages viewed, referring URLs and approximate location derived from your IP address; and
- cookie and analytics identifiers, as described in section 9.
04
How we collect personal data
Wherever it is reasonable and practicable, we collect personal data directly from you — when you create an account, complete an application, send us a message, attend an event, or otherwise engage with our team.
We may also collect personal data from third parties where you have consented or where collection is permitted under the PDPA or other applicable law, including from:
- publicly available sources (for example, public social media profiles);
- identity verification providers;
- brand partners or creators who refer you to the platform; and
- analytics, advertising and email service providers.
05
Purposes for which we use and disclose personal data
Under the PDPA, we are required to inform you of the purposes for which we collect, use and disclose your personal data. We collect, use and disclose personal data for the following purposes:
- to assess applications to join Voya and to verify identity, authenticity and platform fit;
- to operate the Voya platform — including matching creators with brand opportunities, facilitating offers, messaging and gifting/payment workflows;
- to communicate with you about your account, applications, campaigns and customer support enquiries;
- to administer billing, invoicing and reconciliation with brand partners;
- to maintain the security and integrity of our platform, prevent fraud and enforce our terms;
- to improve our products and services, including through analytics and product research;
- to comply with our legal and regulatory obligations and respond to lawful requests; and
- for direct marketing, where permitted (see section 10).
We may also collect, use or disclose personal data for purposes that are deemed consented under the PDPA, or where collection, use or disclosure is otherwise required or permitted by law.
06
Consent and withdrawal of consent
We rely on your consent to collect, use and disclose your personal data for the purposes set out in this Policy, except where collection, use or disclosure is required or permitted under the PDPA or other applicable law without consent.
We will not, as a condition of providing a product or service, require you to consent to the collection, use or disclosure of personal data beyond what is reasonable to provide that product or service.
You may withdraw any consent given, or deemed to have been given, in respect of our collection, use or disclosure of your personal data at any time, by giving us reasonable notice in writing using the contact details in section 18. On receiving your request, we will inform you of the likely consequences of withdrawal — which may include our inability to continue providing some or all of our services to you.
07
Sensitive categories of personal data
While the PDPA does not formally classify personal data into "sensitive" and "non-sensitive" categories, we treat certain categories of personal data — including information about health, dietary requirements, accessibility needs, government-issued identifiers and financial information — with additional care. We collect this data only where it is reasonably necessary for the relevant service and where you have provided consent.
08
Disclosure to third parties
We may disclose your personal data to third parties in connection with the purposes set out above, including to:
| Recipient | Purpose |
|---|---|
| Brand partners (where you are a creator) | To enable applications, offers and campaign delivery you have applied for or accepted |
| Creators (where you are a brand) | To enable creators to evaluate and respond to your campaigns |
| Cloud hosting and infrastructure providers | To host the platform, our databases and our communications |
| Analytics and product telemetry providers | To understand product usage and improve the service |
| Identity verification providers | To confirm the identity of creators and brand contacts |
| Payment, invoicing and tax providers | To process payments and meet financial reporting obligations |
| Email, messaging and CRM providers | To send transactional and marketing communications |
| Professional advisers (legal, accounting, insurance) | To obtain advice and meet our regulatory obligations |
| Government, regulators and law enforcement | Where required or permitted by law |
| Acquirers or successors | In connection with a corporate transaction (sale, merger, restructure) |
Where we engage third parties to process personal data on our behalf, we put in place contractual arrangements requiring those parties to handle personal data in accordance with the PDPA and this Policy.
09
Cookies, analytics and tracking
The Site and our applications use cookies, pixels, software development kits and similar technologies to operate, secure and improve our services. These technologies may collect information about your device, your activity on the Site, and your interaction with our emails.
We use both first-party and third-party tools, which may include providers such as analytics, attribution, advertising and email platforms based in Singapore or overseas. You can manage cookies through your browser settings; however, disabling some cookies may affect how the Site or our applications operate.
10
Direct marketing and your choices
Where permitted, we may use your contact details to send you information about Voya, including new partners, product updates, events and editorial content. You can opt out of marketing at any time by:
- using the unsubscribe link at the foot of any marketing email;
- updating your notification preferences in the Voya app; or
- contacting us using the details in section 18.
We will comply with the Do Not Call provisions of the PDPA. If you have registered a Singapore telephone number with the Do Not Call Registry, we will not send marketing voice calls, text messages or fax messages to that number unless you have given us clear and unambiguous consent or an exemption under the PDPA applies. We do not sell personal data to third parties for their own direct marketing purposes.
11
Transfers of personal data outside Singapore
Voya operates across the Asia–Pacific region and uses service providers in multiple countries. As a result, your personal data may be transferred outside Singapore — including (without limitation) to providers located in Australia, the United States, the United Kingdom, the European Union and other jurisdictions where our service providers operate.
Before transferring your personal data outside Singapore, we take steps to ensure that the overseas recipient is bound by legally enforceable obligations to provide a standard of protection that is comparable to that required under the PDPA. This may include contractual clauses, binding corporate rules, or transfers to jurisdictions and recipients otherwise permitted under the PDPA.
12
Accuracy and security of personal data
We take reasonable steps to ensure that the personal data we collect, hold, use and disclose is accurate and complete, particularly where the personal data is likely to be used by us to make a decision that affects you, or is likely to be disclosed to another organisation. You can help us by keeping your account details current.
We protect personal data using reasonable security arrangements appropriate to the sensitivity of the data, including encryption in transit, access controls, authentication, secure cloud infrastructure, vendor due diligence and staff training. No system is completely secure; if you believe your account or personal data has been compromised, please contact us immediately.
13
Retention
We will cease to retain your personal data, or remove the means by which it can be associated with you, as soon as it is reasonable to assume that the purposes for which we collected the data are no longer being served by retention, and retention is no longer necessary for legal or business purposes. Some personal data may be retained for longer where we are required to do so for tax, accounting, regulatory, dispute-resolution or platform-integrity reasons.
14
Accessing and correcting your personal data
You may request access to the personal data we hold about you, and information about how that personal data has been or may have been used or disclosed by us in the year preceding your request. You may also request that we correct any error or omission in your personal data.
We will respond to your request as soon as reasonably possible, and within 30 days where reasonably practicable. Where we are unable to respond within 30 days, we will inform you of the time by which we will be able to respond. A reasonable fee may be charged for processing an access request, in line with the PDPA; if a fee applies, we will provide an estimate before proceeding.
You can also update much of your account information directly within the Voya app.
15
Data breach notification
We maintain policies and procedures to manage data breaches. Where a data breach is assessed to be a notifiable data breach under the PDPA — meaning that it results, or is likely to result, in significant harm to affected individuals, or is of significant scale — we will notify the Personal Data Protection Commission (PDPC) and, where required, the affected individuals as soon as practicable and within the time periods prescribed by law.
16
Complaints
If you believe we have breached the PDPA or otherwise mishandled your personal data, please contact our Data Protection Officer using the details in section 18. We will acknowledge your complaint promptly and aim to provide a substantive response within 30 days.
If you are not satisfied with our response, you may refer your complaint to the Personal Data Protection Commission (PDPC):
Personal Data Protection Commission
460 Alexandra Road, #10-02 PSA Building, Singapore 119963
Phone: +65 6377 3131
Web: pdpc.gov.sg
17
Other applicable privacy laws
Voya operates internationally, and we comply with applicable privacy and data protection laws in other jurisdictions in addition to the PDPA, including:
- the Privacy Act 1988 (Cth) and the Australian Privacy Principles, where we collect personal information of individuals located in Australia or otherwise carry on business in Australia; and
- the EU and UK General Data Protection Regulation (GDPR), where we collect personal data of individuals located in the European Economic Area or the United Kingdom.
Where the protections of another applicable law are more stringent than those under the PDPA in any particular respect, we will apply the more stringent standard.
18
Contact us — Data Protection Officer
For any questions about this Policy or the personal data we hold about you, or to submit an access, correction or consent-withdrawal request, please contact our Data Protection Officer:
Data Protection Officer — Voya Global
Voya Global Pte Ltd (UEN 202620509W)
8 Temasek Boulevard, #17-02A Suntec Tower Three, Singapore 038988
Email: privacy@voya.global
Children
Voya is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors, and we do not direct our services to anyone under 18. If we become aware that we have collected personal data from a minor, we will take steps to delete that data and terminate the relevant account. If you believe a minor has provided us with personal data, please contact us.
19
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The current version will always be available on the Site, with the "Last updated" date at the top. Where changes are material, we will take reasonable steps to notify you — for example, by email or through the app.