I.POISE PTE LTD PRIVACY (“POLICY”)
This Policy sets out the manner in which i.Poise Pte Ltd (“IP“) collects, uses, manages and protects Personal Data (as defined below) in compliance with the provisions of the Personal Data Protection Act 2012 (“PDPA“).
This Policy applies to all Individuals (as defined below) who provide IP with Personal Data or whose Personal Data is otherwise collected, used and/or disclosed by IP in connection with and/or for the purposes of its operations.
This Policy supplements but does not supersede or replace any previous consent which an Individual may have provided to IP, nor does it affect any rights that IP may have at law in connection with the collection, use and/or disclosure of any Individual’s Personal Data. Subject to that, IP will not collect any Personal Data from an Individual unless the Individual has voluntarily chosen to provide us with the Personal Data or as required for the purposes of providing services to the Individual or by law.
IP may from time to time update this Policy to ensure it is consistent with its future developments or business purposes or to accommodate future changes to applicable legal or regulatory requirements. All updates to this Policy will be provided upon request and appropriate notifications of any material revisions will be published at www.ipoisedesign.com (“IP Website“) and may be issued separately to relevant persons such as may be determined by IP. Subject to an Individual’s rights at law, the prevailing terms of the Policy from time to time shall apply. By continuing their relationship with IP after any amendments have been introduced and published on the IP Website, Individuals shall be deemed to have accepted the Policy as amended.
For the avoidance of doubt, this Policy forms part of the terms and conditions, if any, governing an Individual’s specific relationship with IP (“Terms and Conditions”) and should be read in conjunction with such Terms and Conditions. In the event of any conflict or inconsistency between the provisions of this Policy and the Terms and Conditions, the provisions of the Terms and Conditions shall prevail to the fullest extent permissible by law.
For purposes of this Policy:
“Individual” means a natural person, whether living or deceased and “Individuals” shall be construed accordingly;
“CCTV” means Closed-circuit Television;
Personal Data means data that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to IP;
“Personnel” means any Individual engaged under a contract of service with IP, a contract for service with IP, permanent or temporary employees as well as trainees and interns engaged by IP from time to time; and
“Potential Personnel” means any Individual who has submitted an application to be engaged by IP as Personnel.
2. Personal Data collected by IP
IP will only collect, use or disclose Personal Data about an Individual which it reasonably considers necessary for the relevant purposes underlying such collection, use or disclosure. Depending on the specific nature of an Individual’s interaction with IP, Personal Data which IP collects, uses or discloses concerning an Individual may variously include but is not limited to the following:
- the Individual’s name, gender and contact particulars, including telephone number(s), residential/mailing address(es) and email address;
- details of the Individual’s identification documents (such as, NRIC or passport numbers), and applicable visa or permits (such as employment pass, work permit, permanent residency status);
- details of the Individual’s employment history and academic qualifications;
- the name and contact particulars of the Individual’s next-of-kin;
- the Individual’s network usage data and other information gathered automatically by our computer systems, including the Individual’s computer IP address, links visited and other activities conducted online or using our computer systems;
- photographs and video or CCTV recordings of the Individual; and
- other information which the Individual may provide to IP, from time to time, in the course of such Individual’s interaction with IP.
3. How IP collects Personal Data
Generally, IP may collect Personal Data from an Individual in one or more of the following ways or circumstances:
- when the Individual interacts with IP’s staff via telephone calls, emails, other correspondence and/or face-to-face meetings;
- when the Individual visits IP’s premises;
- when the Individual specifically requests that IP contact him or her or requests to be included in an email or any mailing list maintained by IP;
- when the Individual responds to any request by IP for the provision of Personal Data;
- when IP receives references or referrals from its business partners or other third parties;
- when the Individual attends or participates in any event organised by IP;
- when the Individual submits his or her Personal Data to IP pursuant to a job application;
- when the Individual subscribes to IP’s publication(s); and/or
- when the Individual submits his or her Personal Data to IP for any other reason related to IP’s ordinary course of business operations.
4. Purposes of collection, use and disclosure of Personal Data
Generally, IP collects, uses and/or discloses Personal Data from Individuals for one or more of the following purposes:
Provision of services
- administering and managing the Individual’s relationship with IP;
- providing the Individual with information about IP’s services and/or the services of any external vendor that is providing services or products in partnership or collaboration with IP;
- responding to the Individual’s complaints, queries and/or requests;
- facilitating and/or organising events;
- informing the Individual of changes and/or updates to IP’s policies, terms and conditions and/or other administrative information;
- verifying the Individual’s identity or monitoring the Individual’s activities, including without limitation via CCTV observation and/or recording;
- preventing, detecting and investigating fraud, misconduct, any unlawful action, omission or dispute, and whether or not there is any suspicion of the aforementioned;
- General business operations of IP
- staff training, quality assurance and performance evaluation;
- legal purposes (including but not limited to the Individual obtaining legal advice and dispute resolution);
- meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines which are binding on IP (including but not limited to responding to regulatory complaints, disclosure to regulatory bodies and conducting audit checks, due diligence and investigations);
- administering, managing and/or terminating IP’s relationship with Personnel;
- evaluating the performance of Personnel;
- undertaking staff training and quality assurance activities;
- providing Personnel with services, facilities and/or other benefits being offered or made available by IP to such Personnel as well as information about such services, facilities and benefits;
Managing Potential Personnel
- administering and managing IP’s relationship with Potential Personnel;
- evaluating the suitability and eligibility of Potential Personnel to be engaged by IP;
- where IP circulates IP’s publications or marketing information to an Individual or to any person which may be disseminated to and individual relating to services offered by IP (whether by IP or IP’s business partners) which IP thinks is or may be of benefit or interest to him/her via postal mail, electronic transmission to his or her or any email address(es), and/or voice call or phone call and/or fax to his or her or any telephone number(s);
- for promotional and publicity purposes, including recording or taking photographs of participants at events or functions organised, hosted or participated by IP;
- for transfer to third party data intermediaries to facilitate any of the aforesaid purposes;
- for any purposes reasonably related to any of the above purposes; and
- for any other purposes in relation to which IP has specifically obtained the Individual’s consent.
Unless otherwise authorised under the PDPA or any other applicable law, IP will not collect, use or disclose an Individual’s Personal Data without his or her consent.IP will take reasonable steps to highlight the purposes relevant to an Individual, by appropriate means, at the point or time of collection of the Personal Data from such Individual, including:
- via express provisions in contracts, application forms and/or registration forms to be signed with or submitted to IP;
- via notifications on IP’s websites;
- in the course of verbal communications;
Where feasible, IP will inform the Individual of purposes that are intrinsic to the relationship between IP or to the provision of services to such Individual, as well as purposes that are optional.
In so far as any purpose(s) are intrinsic to the relationship or provision of services, IP reserves the right to decline to engage in the relevant relationship or to provide the relevant services to the Individual if he or she does not consent to IP’s collection, use or disclosure of his or her Personal Data for such purpose.
- voluntarily provide their Personal Data to IP for the specified purposes;
- use or access IP’s website(s) or computer network;
- enter IP’s premises or using any of the facilities thereon; and/or
- attend or participate in events or programmes organised by IP.
An Individual who provides IP with Personal Data relating to a third party (e.g. information of his or her spouse or children) for any particular purpose, represents to IP that he/she has obtained the consent of the relevant third party to IP collecting, using or disclosing such Personal Data for the relevant purpose.
In so far as IP collects Personal Data of an Individual from any third party(ies), IP will take reasonable steps to inform the relevant third party(ies) of IP’s purposes for collecting the Personal Data and to verify that consent from the Individual has been obtained by the relevant third party(ies) to such disclosure for the intended purpose.
6. Disclosure of Personal Data
In carrying out one or more of the above Purposes, IP may need to disclose Individuals’ Personal Data to the following third parties for one or more of the above Purposes:
- to IP’s third party service providers or agents;
- any external vendor that is providing services or products in partnership or collaboration with IP;
- to IP’s auditors and professional advisors;
- any person to whom disclosure is permitted or required by any statutory provision or law;
- any permitted assigns; and/or
- to any local or foreign regulatory body, government agency, statutory board, ministry, department or other government body and/or its officials.
7. Withdrawal of Consent
Any Individual who wishes to withdraw his or her consent to any use or disclosure of his or her Personal Data by IP as set out in this Policy may do so by contacting IP’s Data Protection Officer at email@example.com.
Depending on the extent to which an Individual withdraws consent to the use or disclosure of his or her Personal Data by IP, such withdrawal of consent may result in IP’s inability to provide services to the Individual and may be considered as a termination by the Individual of any agreement between IP and the Individual. IP’s legal rights and remedies are expressly reserved in such event.
8. Verification of Personal Data & Notification of Changes
Where feasible, IP will take reasonable steps to verify the accuracy of Personal Data received at the point of collection but Individuals remain primarily responsible and liable to ensure that all Personal Data submitted by them to IP is complete and accurate. Information voluntarily provided by an Individual to IP shall prima facie be deemed complete and accurate.
IP will also take reasonable steps to periodically verify Personal Data in its possession, taking into account the exigencies of its operations, but Individuals are nonetheless responsible for notifying IP, from time to time, of any applicable changes to such Personal Data.
IP shall not be held liable for any inability on its part to provide services to an Individual who fails to ensure that his or her Personal Data submitted to IP is complete and accurate or who fails to notify IP of any relevant changes to such Personal Data.
9. Activities undertaken prior to 2 July 2014
IP may continue to use Personal Data of an Individual that was collected before 2 July 2014 for purposes for which the Personal Data was collected unless consent is withdrawn by that Individual. Individuals who wish to withdraw their consent to IP’s use of their Personal Data may contact IP’s Data Protection Officer at firstname.lastname@example.org.
10. Protection of Personal Data
IP shall make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to Personal Data in its possession.
If IP transfers Personal Data outside Singapore, IP will take reasonable steps to ensure that such Personal Data transferred receives a standard of protection comparable to the protection received under the PDPA and such transfer shall be subject to this Policy.
IP will ensure that third parties who receive Personal Data from IP protect such Personal Data in a manner consistent with this Policy and not use such Personal Data for any purposes other than those specified by IP, by incorporating appropriate contractual terms in its written agreements with these third parties.
IP is not responsible in any way for the security and/or management of Personal Data shared by Individuals with third party websites accessible via links on IP’s website.
11. Contacting IP-Access and Correction of Personal Data
Any Individual who:
- has questions or feedback relating to this Policy;
- would like to obtain access to his or her Personal Data held by IP;
- would like to obtain information about the ways in which his or her Personal Data held by IP has been or may have been used or disclosed by IP in the year preceding the request; and/or
- would like to update or make corrections to his or her Personal Data held by IP,
should contact IP’s Data Protection Officer at email@example.com.
Individuals should note that IP is not required, under the PDPA, to provide access and correction to Personal Data in certain exempted situations as set out in the PDPA.
The PDPA allows and IP reserves the right to charge a reasonable fee for the handling and/or processing of access requests by an Individual pursuant to paragraphs (b) or (c) above.
12. Governing Law
This Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.