Privacy Policy


Grass Roots Asia Pacific Pte. Ltd is firmly committed to protecting the privacy and confidentiality of personal data in compliance with the Singapore Personal Data Protection Act 2012 and its underlying regulations (the “PDPA”). We maintain robust physical, electronic and procedural safeguards to protect personal data in our care.

By providing your personal data to us and/or by using our website(s), you consent to us collecting, using and disclosing your personal data for the purposes of:

  • providing you with our products or services;
    administering, improving and personalizing our products and services for you;
    identifying you;
    managing and administering our products and services;
    processing payments, delivering orders, managing promotions, providing refunds and discounts, verifying your identity, communicating with you including direct marketing, conducting product and market research, maintaining and updating our records, dealing with enquiries from you, and working with our service providers;
    protecting against fraud (or suspected fraud);
    to facilitate transaction investigation.

Using your personal data, we endeavour to improve our understanding of your interests, suitability and behaviour in relation to products, services and offers including conducting risk assessments for financial products.

The personal data we may collect from you may include:

  • your name, address and other contact details;
    date of birth;
    email address;
    payment and transaction details and history;
    records of your communications and interactions with us,
    details and history of your preferences;
    your interests and behaviours relating to transactions, products, services and activity with our products and services; and
    such other information that is considered reasonably necessary.

Where possible, we will collect the personal data directly from you. In some circumstances, however, we may need to collect this information from a third party. For example, we may collect information from the provider of a payments platform where your transactions are stored, information about the transactions you undertake. We may also collect information from other participants in the payments system and other financial institutions in order to resolve disputes or errors.

If you do not provide some or all of the information requested, we may be unable to provide you with the requested products and services if we are not in a position to reasonably do so without that information.

Providing your personal data to others

We may provide your personal data:

  • to related entities;
  • to any outsourced service providers;
  • to regulatory bodies, government agencies, law enforcement bodies and courts;
  • to other parties as is authorised or required by law; or
  • to participants in the payments system and other financial institutions for the purpose of resolving disputes, errors or other matters arising out of your use of a prepaid card or third parties using your prepaid card or information stored on your prepaid card.

For the purposes mentioned in this Privacy Statement, your personal data and transaction details may be sent to countries other than Singapore. As at the date of this document, these countries are likely to include the United States of America, Canada, the United Kingdom and Australia. You hereby consent to our transferring of your personal data to these jurisdictions from Singapore. If we engage in such transfer, we will take appropriate steps to protect that personal data to a standard comparable to the protection under the PDPA, for example, by imposing (where it is practicable for us to do so) appropriate contractual obligations of security and confidentiality on the recipient of that data.

You may withdraw your consent to us collecting, using and/or disclosing your personal data at any time by contacting our Data Protection Officer using the contact details set out in the Contact Information section of this Privacy Statement. If you do so, we will inform you of the likely consequences of that withdrawal, which may include our inability to continue providing certain products or services to you.

Digital services

We provide information and services through a range of digital and online services including websites, apps, email, online advertisements, and social media. These services may be operated by us or other group companies to provide you with a personalised use of each of those products and services and provide targeted marketing.

We may use “cookies”. A cookie allows our servers to identify and interact more effectively with you and your device(s). The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return.

Our systems record a variety of information relating to interactions with our website. This information may include the software versions used, device identifiers (e.g. IP addresses), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity, such as links clicked.

In some cases third parties may use cookies and other technologies such as those described above. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics and email campaign management. The services we may use from time to time include Google Analytics, Google Display Network, Google AdSense, DoubleClick, Yahoo, Adobe, Campaign Manager and Microsoft. You can find more details in the privacy policies for those services, including information on how to opt-out of certain conduct. You may need to opt-out separately from each service.

You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal data.

Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.

Accessing your personal data

Subject to the provisions of the PDPA, you may inquire as to the nature of any of the personal data we hold about you, as well as information about how we may have used or disclosed your personal data to others in the past twelve months (save where we are not required to do so by law), by emailing us or writing to us using the contact details set out in the Contact Information section of this Privacy Statement. We will respond to your request within a reasonable time.
We may charge you a reasonable administrative fee for access to your personal data, and will inform you about this fee before processing your request. We may decide to reject your request if we have determined that the burden or expense of providing it would be unreasonable to us or disproportionate to your interests, if your request concerns information that is trivial, does not exist or cannot be found or is otherwise frivolous or vexatious, or for other reasons allowed under law. If we decide to reject your request, we will provide you with a written reason for such rejection.

Subject to applicable law, if you can show that information about you is not accurate, complete and up to date, we will take reasonable steps to ensure it is corrected at your request so that it is accurate, complete and up to date.

Protection and retention of your personal data

We are committed to taking appropriate technical, physical and organizational security measure to protect your personal data against unauthorized access, collection, use, disclosure, unlawful processing, and unauthorized or accidental loss, copying, modification, damage, destruction or similar risks.

However, we cannot guarantee the security of any personal data you provide to us and you accept the inherent risks of online correspondence and Internet commerce.

We will only retain your personal data for as long as the purposes for which it was collected are still being served by retention of the personal data or retention is necessary for legal or business purposes.

Contact Information

To make an enquiry about how to access and correct the personal data we hold about you, or to make a complaint, please contact us using the details set out below:

Address: Grass Roots Asia Pacific Pte. Ltd
#03-01, 50 Scotts Road, Singapore 228242
Attention: Data Protection Officer


If you wish to make a complaint about the way we have handled your personal data (including if you think we have breached the PDPA in that regard) you may do so by contacting us in writing, by mail or email to the address or email address set out in the Contact Information section of this Privacy Statement. If a complaint is made, please include contact details such as email address, name, address and telephone number and clearly describe the complaint. We will investigate the complaint and respond promptly.


Where it is lawful and practicable, we will provide you with the option to deal with us and use our services without identifying yourself.

Changes to this Privacy Statement

We are constantly developing and enhancing our use of online technologies, and make reasonable efforts to ensure we keep this Privacy Statement and related documents up to date in this regard. Please check back when you return to use our online services to ensure you are familiar with our current practices.

We reserve the right to change this Privacy Statement at any time and, should this occur, we will endeavor to inform you of any material changes to this Privacy Statement. However, we recommend that you check this Privacy Statement periodically to ensure that you review the latest version. All subsequent versions of this Privacy Statement will be posted on our website.

This Privacy Statement was last updated on 1 May, 2017.