1. ABOUT THIS POLICY
1.1 This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This policy may be updated from time to time.
1.2 By visiting this website or becoming a member or employee of our society, you are accepting and consenting to the practices described in this policy.
1.3 Our Data Protection Officer is responsible for ensuring compliance with the Personal Data Protection Act 2012 of Singapore (the “Act”) and with this policy. A reference to the Act in this policy includes a reference to any subsidiary legislation made thereunder. Please contact our Data Protection Officer at [insert email address] if you have any questions about the operation of this policy or any concerns that the policy has not been followed. Definition of data protection terms
1.4 Data is information which is stored electronically, on a computer, or in certain paper based filing systems.
1.5 Data subjects for the purpose of this policy include all living individuals about whom we hold personal data.
1.6 Personal data refers to any data and/or information about you from which you can be identified by, either (a) from that data; or (b) from that data and other information to which we have or is likely to have access and includes the data described in the Schedule.
1.7 Data users are those of our employees whose work involves processing personal data. Data users must protect the data they handle in accordance with this data protection policy and any applicable data security procedures at all times.
1.8 Data intermediaries include any person or organisation that is not a data user that processes personal data on our behalf and on our instructions. Our employees are excluded from this definition but it could include suppliers which handle personal data
on our behalf.
1.9 Processing means the carrying out of any operation or set of operations in relation to personal data, and includes recording, holding, organising, adapting, altering, retrieving, combining, transmitting, erasure or deleting.
2. DATA PROTECTION PRINCIPLES
Anyone processing personal data must comply with the following principles of good practice. These provide that personal data must be:
(a) Processed fairly and lawfully.
(b) Processed for limited purposes and in an appropriate way.
(d) Not kept longer than necessary for the purpose.
(e) Processed in line with data subjects’ rights.
(g) Not transferred to people or organisations situated in countries without adequate protection.
3. FAIR AND LAWFUL PROCESSING
3.1 The Act is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.
3.2 For personal data to be processed lawfully, they must be processed on the basis of one of the legal grounds set out in the Act. When processing personal data in the course of our activities, we will ensure that those requirements are met.
4. PROCESSING FOR LIMITED PURPOSES
4.1 In the course of our activities, we may collect and process the personal data set out in the Schedule. This may include data we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
4.2 We will only process personal data for the specific purposes set out in the Schedule or for any other purposes specifically permitted by the Act. We will notify those purposes to the data subject when we first collect the data or as soon as possible thereafter.
5. ACCURATE DATA
We will take reasonable efforts to ensure that personal data we hold is accurate and kept up to date, if it is likely to be used by us to make a decision that affects the individual to whom the personal data relates, or is likely to be disclosed by us to another organisation.
6. TIMELY PROCESSING
We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected, and retention is no longer necessary for legal or business purposes. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
7. PROCESSING IN LINE WITH DATA SUBJECT’S RIGHTS
We will process all personal data in line with data subjects’ rights, in particular their right to:
(a) Request access to any data held about them by us (see also clause 12).
(b) Ask to have inaccurate data amended (see also clause 5).
8. DATA SECURITY
8.1 We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
8.2 We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data intermediary if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
8.3 We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
(a) Confidentiality means that only people who are authorised to use the data can access it.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes.
8.4 Security procedures include:
(a) Entry controls. Any stranger seen in entry-controlled areas should be reported.
(b) Secure lockable desks and cupboards. Desks and cupboards should be kept locked if they hold confidential information of any kind.
(c) Methods of disposal. Paper documents should be shredded. Digital storage devices should be securely erased or destroyed when they are no longer
(d) Equipment. Data users must ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC
when it is left unattended.
9. TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE SINGAPORE
9.1 In the course of conducting the society’s operations and activities, we may disclose your personal data to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether in Singapore or outside of Singapore, for the purposes in the Schedule.
9.2 We may transfer any personal data we hold to a country outside Singapore in compliance with the Act. We will take appropriate steps to ascertain that the foreign recipient is bound by legally enforceable obligations to provide to the transferred personal data a level of protection comparable to the protection under the Act. This may include us entering into an appropriate contract with the foreign recipient or permitting the personal data transfer without such a contract if the Act or law permits us to do so.
9.3 Personal data we hold may also be processed by staff operating inside or outside Singapore who work for us or for one of our suppliers or service providers. That staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
10. CONSENT FOR THE COLLECTION AND USE OF YOUR PERSONAL DATA
10.1 You consent to the collection, use, and disclosure of your personal data for the purposes mentioned in the Schedule and agree to be bound by the obligations it imposes on you, when you accept this policy.
10.2 You accept this policy when you continue to browse our website, become a member or employee of the society, or when the policy is incorporated in the course of our dealings with you.
10.3 You shall ensure that all personal data submitted to us is complete, accurate, true and correct at the time of submission. Failure on your part to do so may result in our inability to provide you with the relevant services.
11. DISCLOSURE AND SHARING OF PERSONAL INFORMATION
11.1 We may share personal data we hold with the employees or officers of the society, the affiliated company – EG Forum Limited and [INSERT ANY RELEVANT ORGANISATIONS EG AFFILIATED ENTITIES OF THE SOCIETY].
11.2 We may also disclose personal data we hold to third parties:
(a) In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such
business or assets.
(b) If we or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets.
11.3 If we are under a duty to disclose or share a data subject’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
11.4 We may also share personal data we hold with selected third parties for the purposes set out in the Schedule.
12. DEALING WITH SUBJECT ACCESS REQUESTS
12.1 Data subjects must make a formal request for information we hold about them. This must be made in writing. Employees who receive a written request should forward it to their line manager immediately.
12.2 When receiving telephone enquiries, we will only disclose personal data we hold on our systems if the following conditions are met:
(a) We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
(b) We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.
12.3 Our employees will refer a request to their line manager for assistance in difficult situations. Employees should not be bullied into disclosing personal information.
13. COOKIES AND PERSONAL DATA
When you visit our website, we may collect or analyse anonymised information from which individuals cannot be identified. The information collected may include the number of users and the amount of time they stay on our website, which countries they are from, their online preferences and what mode of device they are currently using to view our website, as well as domain information that helps us to learn our client’s profile, the frequency of viewing. We use this information to improve our website’s content and navigation.
14. CHANGES TO THIS POLICY
We reserve the right to change this policy at any time.
Types of personal data
Examples of personal data that we may collect from you include:
1. Full name.
2. NRIC/ID/Passport numbers (or part thereof) and copies, to the extent required or permitted by law.
3. Next of Kin, family or emergency contact information.
4. Date of Birth.
5. Business and/or residential addresses.
6. Business and/or personal email addresses.
7. Employment history and/or education background.
8. Mobile and business telephone numbers.
9. Bank account details or other payment information.
10. Educational history and qualifications.
11. Photos and videos, if applicable.
12. Information about your usage of and interaction with our website and/ or services including computer and connection information, device capability, bandwidth, statistics on page views and traffic to and from our website.
13. Any other information relating to you which you have provided in any forms which you may have submitted to us or in any interaction with us.
How personal data may be collected
We may collect your personal data through the following ways:
1. When you provide personal data by filling in online or hardcopy forms when applying for membership to our society, or making enquiries or feedback, requests and other submissions to us.
2. If you contact us (i.e. telephone calls, online chat programmes, social media, faxes and emails), we may keep a record of that correspondence.
3. When you access our websites or perform an online transaction including, but not limited to, cookies, location data, weblogs and other communication data, that you access.
4. When you ask to be included in an email or other mailing list.
5. When you fill up online and hardcopy job application forms to apply for a job with us.
6. If you enter into any contract with us.
7. If you participate in any exhibition, event, seminar, forum or workshop organised by us or where we are a participant.
8. When you respond to our request for additional personal data.
9. When you request that we contact you.
10. When personal data is exchanged during an accident or incident reporting.
11. When you submit personal data to us for any other reason.
Purposes for the collection, use and disclosure of your personal data
We may use the personal data we collect from you for any of the following purposes:
1. To manage your membership including application, processing and termination of your membership.
2. For recruitment and evaluation purposes if you apply for a job with us, including applying for employee work visas.
3. To administer and update your records in our databases.
4. To process your enquiries and for any administrative purposes related to the society.
5. To provide you with membership benefits and services.
6. To provide you with information about, and to facilitate participation in, our activities.
7. To process payment administration, such as your membership fees or any other fees/payment
8. To perform or carry out our contractual obligations.
9. To enable our subcontractors, third party agents and service providers to fulfil any obligations or services.
10. To enable the society’s officers to facilitate the management of the society, including any activities or events.
11. To keep you updated on any exhibition, event, seminar, forum or workshop, and to facilitate your participation in the same.
12. To conduct research, surveys, data analysis, and obtain feedback.
13. For accident and insurance reporting and assessment purposes.
14. For debt collection.
15. For security, safety surveillance and monitoring purposes.
16. For internal reporting and/or accounting purposes.
17. To comply with applicable laws and regulations.