Privacy Policy

Octopus Pays Privacy and Data Policy last updated: 7 February 2020





The purpose of this personal data processing policy (hereinafter – the Policy) is to provide you with information about how OREC PTE. LTD. (further OREC) handles your personal data when providing services.


  1. Ways of obtaining and correlating personal data

1.1. OREC may use company name and respective data, your name, surname, personal code, mobile phone number, e-mail address, bank account number, bank card number, CVC code and expiration date, information on payment amounts to third parties, information provided by you in optional payment description field.

1.2. This policy is meant to inform you that OREC can obtain your personal data in the following ways:

  1. When correlating data that you provide in filling out forms and information fields on the OREC application;
  2. When correlating information that you provide to our employees by phone, E-mail or face-to- face;
  3. When correlating data that have been received from banks and/or bank card processing operators for identification purposes;
  4. When correlating data received from third parties (your service providers) in relation to payments you make to aforementioned service providers by using OREC.


  1. The legal foundation and goal of data processing

2.1. The legal foundation for handling your personal data is The Personal Data Protection Act 2012 (the “Act”) of Singapore as regards to the protection of the physical data of individuals – data processing is based on your contractual obligations and is necessary to conclude a payment service agreement with OREC.

2.2. Your personal data are registered electronically and can be used for the following purposes:

  1. To identify you in the area of contractual obligations and to ensure the implementation of the obligations;
  2. To identify and prevent any fraud, money laundering and other criminal activities;
  3. To contact you to inform you about changes, etc.;
  4. To ensure and improve the quality of our services;
  5. To ensure opportunity to third parties, whose invoices you pay using OREC, to identify your payments and to contact you with respect to such payments.


  1. Processing, transfer and deletion of personal data

3.1. We reveal personal data to our linked companies and partners – those that are involved in the provision of OREC services. This includes institutions that provide payment services, bank card processing operators, as well as IT service providers. In transferring your data, we promise to ensure that the recipient observes the same personal data storage safety rules as we do.

3.2. If your information has changed when a OREC service agreement is being concluded or during the contractual period, or if you have found that your personal data are imprecise, please let us know, and we will change any data that is necessary.

3.3. At your request, we will delete your data from the databases of our contractual third parties if the data are no longer necessary for the initial goal – the implementation of our contractual and legal rights.


  1. Data storage

4.1. Information that you provide to us is stored on secure servers. Data are always encoded for purposes of security.

4.2. Online transfer of data is never totally safe. We cannot guarantee full protection and security for your data, but we do everything possible to protect electronic information that is sent to us. You are responsible for the electronic transfer of any data. OREC services require a password that you will set up during the registration process. You are responsible to ensure the security and confidentiality of your password. OREC has no access to information on your password.


  1. Links to the Websites of third parties

The OREC application may include links to third-party Websites. They have their own usage and personal data protection rules to which you agree and about which you are informed when visiting the relevant Website. We are not responsible for and take no responsibility for third-party Websites. Because we cannot control the content of such Websites, our responsibility only applies to our own Website.


  1. Data Policy

6.1 Log data

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, device information, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics and Google Adwords that collect, monitor and analyze this type of information in order to improve the quality of your experience on our Site.
6.2 Transaction data

We collect and store data of financial transactions related to your use of our Services, including information about your account balances, deposits, withdrawals, types and amounts of transactions as well as information about your entrusted external bank account address.
6.3 Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

You can adjust in your browser’s Settings your preferences regarding allowing, storing, deleting or blocking cookies from sites you visit.
For further information, visit


6.3.1 Use of Cookies

  • Our Company uses cookies in a range of ways to improve your experience on our website, including:
  • Keeping you signed in;
  • Understanding how you use our website;
  • Offer you services of our group companies based on your platform usage metrics;


6.3.2 Types of Cookies

There are a number of different types of cookies, however, our website uses:

  • FUNCTIONALITY – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
  • ADVERTISING – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.


6.4 Pixel tags

Pixel tags are small blocks of code that may be placed on our Site or email correspondence (including but not limited to company update newsletters, offer emails or third-party partner companies’ marketing emails) that are often used to read and place cookies. Pixel tags allow to track website usage, including to determine when emails have been opened and acted upon (e.g. clicks, engagement, unsubscription rate among other data).


6.5 Purpose of collecting data

  • Improving our Site in order to better serve you;
  • Providing the Services you request, for processing transactions and related information such as transaction confirmations, receipts and request for authorizations;
  • Providing Customer Service and administer our Site, system and internal operations, including system bugs, troubleshooting, analysis of data, testing of features, for statistical purposes and to keep the Site and portal safe and secure;
  • Sending you technical reports, notices, security alerts and administrative messages;
  • Communicating about service offers, product promotions, rewards, events, news and other information that is related to our company and would be of interest to you;
  • Creating more personalized promotional offers and advertising campaigns through Google Adwords, Display ads, Facebook Ads, Instagram Ads, Twitter Ads, Mailchimp or other similar services as well as social media channels used by us.
  • Conducting relevant Know-Your-Customer (KYC) procedures, Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) checks;
  • Complying with regulatory requirements;