The Company takes data privacy seriously, and this policy sets out the Company’s commitment to treat information of employees, clients, stakeholders and any interested parties with care and confidentiality. This is to ensure that the Company gathers, stores and handles data fairly, transparently and with respect towards individual rights.
Scope
The policy refers to all parties (employees, clients, suppliers, etc.) who provide any amount of data to the Company. Employees of the Company must follow this policy. Contractors, consultants, partners, clients, and anyone who collaborates with or acts on behalf of the Company and may need occasional access to data are also covered by this policy.
The Company is committed to comply with the Singapore Personal Data Protection Act (Act 26 of 2012) (“PDPA”) and other applicable data protection laws, including the European Union (“EU”) General Data Protection Regulation (“GDPR”) Law where applicable.
Policy Elements
As part of the Company’s operations, personal data will be obtained and processed. This data includes any offline or online data that makes a person identifiable such as names, addresses, passport number or other identification number, telephone number(s) and any other information.
The Company collects the data in a transparent way and only with the full cooperation and knowledge of interested parties. Once such data is made available to the Company, the following rules apply.
The Company’s data will be:
-
Accurate and kept up to date.
-
Collected fairly and for lawful purposes only.
-
Processed by the Company within its legal and moral boundaries.
-
Protected against any unauthorised or illegal access by internal or external parties.
The Company’s data will not be:
-
Communicated informally.
-
Stored for more than a specified amount of time.
-
Transferred to organizations, states or countries that do not have adequate data protection policies.
-
Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling the data the Company has direct obligations towards people to whom the data belongs. Specifically, the Company must:
-
Let people know which of their information is collected.
-
Inform people about how the Company will process their data.
-
Inform people about who has access to their data.
-
Have provisions in cases of lost, corrupted, or compromised data.
-
Allow people to request that we modify, erase, reduce or correct data contained in our databases.
Security of Information
The Company will make reasonable efforts to secure data stored or transmitted electronically from unauthorised parties to such data. Some of such efforts are:
-
Requiring employees and contractors to enter into confidentiality agreements.
-
Securing hard copy document storage (i.e. storing hard copy documents in locked filing cabinets).
-
Security measures for access to computer systems to protect information from unauthorised access, modification or disclosure and loss, misuse, and interference.
-
Password protected data storage devices such as laptops, tablets, and smart phones.
-
Providing a discreet environment for confidential discussions.
-
Access control for our premises and measures for securing the premises when unattended.
Accuracy of Information
The Company will ensure that all data collected, used, or disclosed are accurate, complete and up to date. Please contact the People and Culture Director or Office and HR Manager if any of such data does not meet this objective.
Employees should promptly inform the Company when changes occur with their personal data which have been provided, so that accuracy of data can be properly maintained. The Company may maintain personal information previously submitted in archives.