Personal Data Protection Act
1.1 This Policy is designed to assist you in understanding how the company collect, maintain, use, disclose and/or process the personal data you have provided to us, as well as assist you in making an information decision before providing us with any of your personal data.
This Policy also provides you with information when collecting personal data of their employee(s) from our clients, sub-contractors or suppliers for business activities.
If you, at any time have any queries on this policy or any other queries in relation to how the company may manage, protect, store and/or process your personal data, please do not hesitate to contact the company appointed Data Protection Officer (DPO) via email at :- email@example.com
2 INTRODUCTION TO THE ACT
The Personal Data Protection Act 2012 (the “PDPA”) is intended to be a baseline law for the protection of personal data in Singapore. The Personal Data Protection Commission (“PDPC”) was established on 2 January 2013 to administer and enforce the PDPA. The PDPA is applicable to the company and the company must comply with it.
You may visit these web-sites for more information.
2.1.1 Personal Data
‘Personal Data’ is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from the data, or from that data and other information to which an organization has or is likely to access. Below is the list of personal data that the company collected, but is not limited to the following:
- a. Name
- b. NRIC / Work Pass / Birth certificate number
- c. Contact details
- d. Credit Card details
- e. Financial information
- f. Medical / Education Records
- g. Photograph(s)
- h. Video recording(s)
The company will collect your personal data in accordance with the PDPA. We will notify you of the purposes for which your personal data may be collected, maintained, used, disclosed and/or process, as well as obtain your consent for collection, use, disclosure and/or processing of your data for intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent
The personal data which we collected from you may be used, stored, disclosed and/or processed for various proposes, but not limited to the list below:
- a. Employment purposes
- b. Insurance / Medical cover
- c. Training / Event registration
- d. VISA / Work Passes / Permit application
- e. Booking of air-tickets
- f. Transferring to any affiliated companies
- g. To third party for business activities
2.1.2 Third Party Data
‘Third Party Data’ refers to personal data provided by clients, sub-contractors or suppliers on behalf of his employee(s) to us for the purpose of business activities. These personal data collected is Business Contact Information (BCI). The clients, sub-contractors, suppliers, therefore need to seek consent from his staff to collect, use, and disclose.
Staffs are not to use this Personal Data collected for any other activities other than related to business.
List of personal data that the company collected from third party, but is not limited to the following:
- a. Name
- b. NRIC / Work Pass number
- c. Contact details
- d. Photograph(s)
3 REQUESTS FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
3.1 You may access and/or correct your personal data currently in our possession or control via the HRM system.
3.2 The company will deem the personal data stored in the HRM as current as it is your responsibility to provide the company with the latest accurate personal data.
4. ADMINISTRATIVE AND MANAGEMENT OF PERSONAL DATA
4.1 The company will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by the Company to make decision that affects you, or disclosed to another orgainsation. However, this means that you must also update the company of any changes via the HRM system. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you had initially provided us with.
4.2 The company will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, the company cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
4.3 The company will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymous as soon as it is reasonable to assume that:-
- the purpose for which that personal data was collected is no longer being served by the retention of such personal data and
- retention is no longer necessary for any legal or employment purposes.
4.4 In the event that your personal data is to be transferred out of Singapore, the company will comply with the PDPA in doing so. This may include us entering into an appropriate contract with the foreign recipient organization dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits us to do so.
5 UPDATE ON PERSONAL DATA PROTECTION POLICY
5.1 As part of the company’s effort to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time to meet the PDPA Obligations.
5.2 The company shall amend this policy from time to time, in compliance with updates/amendments to the PDPA if any. Any amendment to this policy will be posted on the outlook/public folder/SECOM Employee Handbook and at company’s website www.secom.com.sg.