APPLICATION OF THIS POLICY
1. As used in this Policy: “customer” means an individual or entity who (i) has contacted us through any means to find out more about any goods or services we provide, including the use of or access to our websites, (ii) may enter, or has, or had entered into a contract with us for the supply of any goods or services by us, and/or (iii) is acting for or on behalf of an entity which is a customer (as referred to in clause 1(i) or 1(ii) in the foregoing) and whose personal data is provided to us by or on behalf of such entity in connection with a relationship with us;
“Data subjects” means employees, directors, officers, representatives, shareholders or agents of a customer or other individual, and whose personal data is or has been provided to or received by us in in relation to or connection with a customer or our business relationship with such customer; and where the customer is an individual then “Data subject” shall include such customer.
In this Policy customer and Data subjects are also referred to as “you” or “your” where appropriate.
“personal data” means data or information, whether true or not, about a customer or Data subject who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
2. (a) Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
(b) All headings in this Policy are for convenience only and are not intended to affect the interpretation of clauses or provisions.
(c) Words in plural form include the singular and vice versa.
COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
3. From time to time our organisation and our group organisation may collect or receive from customer or Data subjects or any person authorised by such customer or Data subjects, or from third parties and/or public sources personal data including, without limitation the following:
Your name and identification information such as NRIC, passport or FIN number or other identifiers, signatures, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs, images and other audio-visual information or record, employment information and financial information such as credit card numbers, debit card numbers or bank account information, background such as career, education and family, answers to questions intended for security verification, personal data collected when a Data subject participates in any seminar, function, meeting, or program organised or hosted by our organisation or our group organisation or personal data from cookies or other technologies deployed for analysis in relation to our websites.
4. A customer or Data subject, by providing personal data and/or by permitting an authorised representative to provide, personal data to us, agrees and consents to us handling their personal data in the manner set forth in this Policy. This Policy may be revised, updated or modified from time to time without prior or any notice and a copy is available on our website or on request to us. You agree to be bound by the prevailing terms of the Policy as revised, updated or modified. In addition, your continued use of our services constitutes your acknowledgement and acceptance of such changes.
5. Where you, a customer or any person authorised by such customer provide(s) to us personal data belonging to a Data subject, you, such customer and/or person authorised by such customer hereby warrant(s) and represent(s) to us that appropriate consent from such Data subject (in accordance with the requirements of the PDPA) have been obtained to make disclosure to us after such Data subject has been notified of the purposes of the collection, use, disclosure, transfer and processing of their personal data as set out in this Policy.
6. Personal data may be collected, stored, used, disclosed, transferred or processed in and to any country where our or our group organisation considers appropriate and in accordance with local practices and laws. We will endeavour to ensure that (i) any third party which receives personal data from us shall treat such personal data with confidence and in compliance with relevant local laws and (ii) your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
PURPOSES WHICH PERSONAL MAY BE COLLECTED, USED, STORED, DISCLOSED, TRANSFERRED OR PROCESSED
7. We may collect, use, store, disclose, transfer or otherwise process your personal data for any or all of the following purposes:
(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you or the organisation you represent;
(b) verifying your identity;
(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
(d) managing your relationship with us;
(e) processing payment or credit transactions;
(f) sending marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, membership and other promotions;
(g) complying or facilitating our compliance with any applicable laws, regulations, customs, codes of practice, guidelines, or rules, orders, notice, direction or request issued by any government, quasi-government, statutory, regulatory, judicial, arbitral and/or similar authority or to assist in law enforcement and investigations conducted by any governmental, statutory, regulatory and/or other authority;
(h) surveillance or recording activities, including but not limited to, monitoring communication (in electronic and non-electronic form), for quality, training, investigation and fraud prevention purposes;
(i) transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes;
(j) operations and management of records, data, IT, communication and other systems including storage, server and data processing;
(k) as reasonably required for the provision or receipt of third-party services, including but not limited to professional services;
(l) compliance (and assessing compliance thereof) with internal and group policies, legal and compliance functions within the group organisation;
(m) protection and enforcement of our rights and obligations and/or in connection with any contract, investigation or complaint;
(n) in connection with any potential or actual dispute, litigation, arbitration, interlocutory or other legal process including preparation and conduct thereof;(
o) otherwise in the course of our organisation’s business, operations and/or relations or as required or permitted by law, and/or to enable us to maintain operations and deal with any emergency, crisis or other exceptional circumstances;
(p) facilitating any proposed or confirmed merger, acquisition or business asset transaction, reorganisation, sale or disposal, involving any part of our organisation or business or corporate restructuring process; and
(q) for or in connection with any program, outreach or corporate social responsibility activities engaged in by our organisation whether in conjunction with other bodies or otherwise;
(r) with your express consent;
(s) any other purposes for which you have provided any personal data or any information; and
(t) any other incidental business purposes related to or in connection with the above or any reasonable or permitted purposes.
FURTHER DISCLOSURE AND TRANSFER OF PERSONAL DATA
8. Without prejudice to clause 7 above, we may disclose and transfer personal data for the purpose specified in this Policy or as permitted or required by applicable law, to the following entities:
(a) an agent, contractor or third-party service provider to our or our group organisation;
(b) any entity within our group organisation including branches, subsidiaries, related corporations, affiliates and representative offices;
(c) any person or entity under duty to keep personal data confidential;
(e) any actual or prospective purchaser of all or any part of the business of the group organisation or in the case of a merger, amalgamation, acquisition, corporate reorganisation or reconstruction or public offering process;
(f) third parties to whom our or our group organisation is required to disclose or transfer personal date by law or regulatory requirement;
(g) a regulatory, supervisory, statutory or governmental body with oversight over any function of the organisation;(h) a third party in connection with potential or actual dispute, litigation, mediation arbitration or other legal process or proceeding involving our or our group organisation;
(i) any professional advisers such as auditors and lawyers etc, and/or
(j) any person or entity for the purposes set out in clause 7.
9. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract or relationship with you).
10. We will not sell personal data to a third party to use for direct marketing purposes without your prior consent.
WITHDRAWING YOUR CONSENT
11. The consent that you provide for the processing of your personal data will remain valid until we receive from you written notice of withdrawal of your consent. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
12. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you or any party) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) business days of receiving it.
13. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 11 above.
14. Please note that withdrawing of your consent does not affect our right to continue to collect, use, store, disclose, transfer and otherwise process personal data where such collection, use, storage, disclosure, transfer and processing without consent is permitted or required under applicable laws.
ACCESS TO AND CORRECTION OF PERSONAL DATA
15. Subject to relevant legislation and certain exemptions, you may make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, in which event you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
16. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
17. We will respond to your request as soon as reasonably practicable.
18. Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In such a case, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.
PROTECTION OF PERSONAL DATA
19. We will use reasonable means to safeguard your personal data from unauthorised access.
20. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure.
ACCURACY OF PERSONAL DATA
21. We generally rely on personal data provided by you (or your authorised representative). You are responsible for ensuring that any personal data that you (or your authorised representative) provide to us are correct, complete, current, accurate and true, and for updating us in a timely manner if there are changes to such personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
RETENTION OF PERSONAL DATA
22. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
23. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
24. We may at our discretion provide links to another party’s website. We shall not be responsible for the privacy practices or policy of third parties and websites operated by any third party.
DATA PROTECTION OFFICER
25. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
DPO: Mr Ronnie Wong
EFFECT OF POLICY
26. This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
27. Nothing herein shall affect our rights under applicable law to collect, use, disclose, transfer or process personal data that may be permitted or authorised under such law.
28. This Policy shall be governed by and construed in accordance with the laws of Singapore.
Effective date : I July 2019