Effective: October 2018
"Personal data" means data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which we have or are likely to have access.
Collection and use of personal data
We collect and use personal data in the following ways:
- Employees: We collect personal details relating to employees such as (a) name or alias, gender, NRIC/FIN or passport number, date of birth, nationality, and country and city of birth; (b) mailing address, telephone numbers, email address and other contact details; (c) employment and training history; (d) salary information and bank account details; (e) details of employee next-of-kin, spouse and other family members; (f) work-related health issues and disabilities; (g) records on leave of absence from work; (h) photographs and other audio-visual information; and (i) performance assessments and disciplinary records. We use this personal data to conduct our business, evaluate performance, provide employee benefits, meet our legal obligations as an employer and otherwise manage and administer our employment relationship with our employees, including payment of remuneration and tax.
- Job applicants: We collect personal data provided by job applicants, their referees and via background checks to be used in connection with assessing the suitability of an applicant for an employment opportunity and verifying the applicant's identity.
- Customers, supplier and service provider contacts: We collect contact details of individuals within customer, supplier and service provider organisations so that we can communicate with them about our business activities together.
- Trade promotion entrants: We collect details from individuals who have entered a contest, competition or other trade promotion we are conducting so that we can run the trade promotion according to its terms.
Disclosure of Personal Data
We may share personal data with the following categories of recipients:
- Related entities: We may share personal data with our related entities in order to conduct our business activities. For example, we may host employee data in a central location outside Singapore.
- Customers, suppliers and service providers: We share contact details of our relevant employees with customers, suppliers and service providers in order to conduct our business activities and receive supplies and services necessary for those activities such as IT support. We may also share employee details with providers of employee benefits such as medical benefits to enable the service provider to identify the employee.
- Financial institutions: We share personal data with financial institutions in connection with invoicing of our customers and payments and other benefits to be made to our suppliers and service providers as well as employees and workers.
- Mandatory and permitted disclosures: We share personal data where required under law such as to comply with our obligations as an employer or a legally enforceable demand. We may also share personal data where permitted to under law. We may share personal data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
- Trade promotion entrants: We may publish details of winners of trade promotions where required by law. We may also disclose names of winners, entries and images relating to the trade promotion as specified in the terms for the trade promotion.
Accuracy, Access and Correction
We generally rely on personal data provided by you (or your authorised representative) to ensure that your provided personal data is current, complete and accurate.
You may request access to or correction of your personal data that we hold. To request access or correction please see the Contact us section below.
We will endeavour to respond to your request promptly. However, in certain circumstances, we may refuse your request where the law allows us to do so. For security reasons, we reserve the right to take steps to authenticate the identity of the requesting party before responding to your query or request.
We have implemented technical and organisational measures in an effort to safeguard the personal data in our custody and control. Such measures include:
- restricting access to personal data within our organisation to a need-to-know basis;
- deploying physical and technological safeguards to restrict access; and
- policies to cease retaining personal data when there is no longer a legal or business reason to do so.
Retention of personal data
We may retain your personal data for as long as it is necessary to fulfil the purposes for which the data was collected, or as required or permitted by applicable laws.
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.
Cross-border data transfers
We may transfer certain personal data to countries outside of Singapore namely Malaysia . However, if we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the Personal Data Protection Act.