Purpose
This policy outlines the organization’s commitment to comply with the Personal Data Protection Act (PDPA) and ensure responsible handling, protection, and use of personal data.
1. Registration and Data Protection Officers (DPOs)
While registration under the PDPA is not required, our organization encourages voluntary registration of DPOs with the Commission.
Our appointed DPO, whose business contact information is publicly accessible, is responsible for overseeing compliance with the PDPA. In cases where the DPO delegates responsibilities, the designated persons will receive appropriate training to uphold data protection standards.
Our DPO is readily contactable during Singapore business hours, using local contact details. Failure to cooperate with any PDPA investigation may result in penalties, including fines or imprisonment as specified by the Act.
2. Data Collection and Processing
Consent: Personal data collection, use, and disclosure will only occur with express or deemed consent from the individual, consistent with the purposes disclosed at the time of data collection. Where exclusions under the Act apply, data collection may proceed without explicit consent.
Purpose and Scope: Data is collected solely for reasonable, notified purposes. We maintain transparency through clear data protection notices.
Retention and Accuracy: Personal data is stored only for necessary business or legal purposes and will be anonymized or deleted when no longer needed. Data accuracy is ensured for all relevant purposes, especially for decisions impacting individuals.
Rights of Individuals: Individuals may withdraw consent at any time, and we will process requests for data access, correction, or portability as mandated by the Act.
3. Data Intermediaries
Data intermediaries acting on our behalf must comply with retention and protection obligations. These third parties are contractually bound to uphold PDPA standards.
Data Transfer Policy
Objective
To regulate the disclosure and transfer of personal data to ensure compliance with PDPA’s cross-border data transfer requirements.
1. Onshore Data Transfer
Consent: We will secure the individual’s deemed or express consent for onshore data transfer if this was not initially obtained.
Contracts: Written agreements with data intermediaries detail obligations for safeguarding data throughout the transfer process.
2. Offshore Data Transfer
Comparable Protection: When transferring data outside Singapore, we ensure comparable protection to PDPA standards via data transfer agreements, individual consent, or other regulatory conditions.
Exemptions: Applications for exemption from transfer requirements are managed per the Commission’s conditions and only with a demonstrable business need.
3. Data Portability
Upon request, eligible individuals may have specific electronic data transferred to another organization, with such requests processed under established data portability guidelines.