Internal Privacy Policy

Overview

1. Introduction
2. Objective
3. Scope
4. General Principles for Collecting, Processing, and Retaining of Personal Data
5. Disclosure of Personal Data
6. Rights of the Data Subject
7. Procedural Rules
8. Definitions  
 
This Privacy Policy (the “Policy”) applies to the collection, use, disclosure and overseas transferral of Personal Data (hereinafter defined) by KSC Consultants Pte Ltd (“KSCHR”).
 

1. Introduction

1.1 KSCHR strives to properly address applicable data protection and privacy legal requirements relating to the Personal Data it collects, processes and discloses in the normal course of conducting business and providing employment. This data may relate to employees, contractors, consultants, partners, customers, customer clients, sales prospects, vendors and others, who engage KSCHR for business purposes (“data subjects”).

1.2 In relation to employees of KSCHR, employees may provide, or KSCHR may receive on their behalf, Personal Data which is necessary to conduct business and administer employees’ employment and benefits. KSCHR maintains security measures to protect its employees Personal Data and the Personal Data of others entrusted to KSCHR. In addition, KSCHR expects its employees, contractors, consultants, partners and agents to follow this Policy and other applicable KSCHR policies and legal requirements relating to Personal Data of others that they collect, process and distribute in the course of their work with KSCHR.

This Privacy Policy (the “Policy”) applies to the collection, use, disclosure and overseas transferral of Personal Data (hereinafter defined) by KSC Consultants Pte Ltd (“KSCHR”).
 

2. Objective

2.1 This Policy has the objective of defining security standards for collecting, processing, storing, and disclosing Personal Data within KSCHR in order to ensure adequate protection of the personal rights of the affected data subjects. Complying with This Policy is a requirement of the free exchange of Personal Data within KSCHR.

 3. Scope

3.1 This Policy statement provides information on the obligations and policies of KSCHR in respect of Personal Data. This Corporate Directive governs all data privacy issues. It applies to the collection, processing and disclosure of the Personal Data of any data subject whose personal data are processed within KSCHR. The data protection and data security standards of this Policy are binding upon all KSCHR entities.

 3.2 KSCHR undertakes to use reasonable efforts in applying, where practicable, those principles and the processes set out herein to its operations.

3.3 KSCHR’s officers, management, and members of staff shall use reasonable endeavours to respect the confidentiality of and keep safe any and all Personal Data collected and/or stored and/or disclosed and/or used for, or on behalf of, KSCHR. KSCHR shall use reasonable endeavours to ensure all collection and/or storage and/or disclosure and/or usage of Personal Data by KSCHR shall be done in an appropriate manner and in accordance to the Act and this Policy.

4. General Principles for Collecting, Processing, and Retaining of Personal Data

Consent Obligation

4.1 The collection, processing, and retention of Personal Data is permitted only if the individual has consented thereto or if permissible under the Act. The permissibility of processing Personal Data is a prerequisite for the disclosure of Personal Data.

 4.2 Consent of a data subject shall be declared in writing or by other legally permissible means, whereby the individual must be informed in advance about the purpose of such collection and processing of Personal Data and the possible disclosure of Personal Data to third parties. The declaration of consent must be distinct when included as part of other statements so as to be clear to the individual.

Types of Personal Data Collected:

4.3 As part of its day to day activities, KSCHR may collect from data subjects, through various means, including via its websites, smart phone applications, marketing events such as road shows and any forms used by KSCHR from time to time, the following Personal Data:

  • Name (first and surname);
  • Postal Address;
  • Phone number (including mobile);
  • Office number;
  • Fax number;
  • Email address;
  • Bank account/credit card details;
  • Gender;
  • Personal Data of your emergency contacts;
  • IP addresses; and
  • Photographs and images.

 Purpose of Collection of Personal Data

4.4 Personal Data, as described in Clause 4.1 above, may only be collected for specified, explicit and legitimate purposes and may not be further processed contrary to such intended purpose. Changes of purpose are only permissible with the consent of the data subject or if permitted by law. For KSCHR’s clients such purposes may include making sure that KSCHR’s clients are eligible for discounts, privileges or benefits or other related purposes; to conduct market research and analysis; for direct marketing through voice calls; text messages; email; direct mail and facsimile messages; for payment and/or credit control purposes; to notify clients of any changes of KSCHRs’ policies or services which may affect the client; to respond to queries and feedback; and informing KSCHR’s clients of new developments, services, promotions of KSCHR and other third parties which we are associated with.

4.5 With regard to employees, KSCHR may hold (physically and/or digitally), where appropriate and permitted by law, employees’ Personal Data which may include the employee’s name, contact details, family and personal details (including government identifiers), employment history, performance appraisals and reviews, educational background, personal financial information, benefits-related information, information held for employment-law and health and safety purposes, management or organizational assessments and additional personal data such as race, ethnicity, health and sickness.

4.6 KSCHR holds and may in the future collect Personal Data about its employees to fulfil the following purposes, amongst others: normal business practices related to the employee’s role and function in KSCHR, employee management and administration generally evaluating performances, conducting disciplinary proceedings, addressing labour relations issues, processing health insurance claims, and maintaining and monitoring usage of internal networks and IT systems. KSCHR may be required under relevant laws to maintain records that can include Personal Data, such as government identifiers, information relating to sickness, maternity or parental leave, pension and retirement.

Processing of Personal Data

4.7 The processing of Personal Data is permitted only if the data subject has consented thereto or if permissible under the Act. Consent shall be declared in writing or by other legally permissible means, whereby the data subject must be informed in advance about the purpose of such processing of Personal Data and the possible transfer of Personal Data to third parties. The declaration of consent must be highlighted when included as part of other statements so as to be clear to the data subject.

4.8 Only authorized staff, who have undertaken to observe data secrecy requirements, are allowed to be involved in the processing of Personal Data. It is prohibited for them to use such data for their own private purposes or to make it accessible to any unauthorized entity. Unauthorized in this context also means the use of Personal Data by employees who do not need access to such data to fulfill their employment duties. The confidentiality obligation survives termination of employment

Accuracy of Personal Data

4.9 Personal Data must be factually correct and, as far as necessary, up-to-date. Appropriate and reasonable measures should be undertaken to correct or delete incorrect or incomplete data.

4.10 Employees have the responsibility of informing KSCHR of any change of their personal details (e.g. marital status, education, home address, home telephone number, mobile telephone number, emergency contact details, next of kin, professional qualifications, etc.). Should the employee do not inform KSCHR of the employee's new home address, any correspondence sent by KSCHR to the employee’s last home address will be deemed to have been duly received by the employee.

Protection of Personal Data

4.11 KSCHR uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your Personal Data and will not knowingly allow access to this data to anyone outside KSCHR, other than to you or as described in this Policy. However, KSCHR cannot ensure or warrant the security of any information you transmit to KSCHR and you do so entirely at your own risk. In particular, KSCHR does not warrant that such information may not be accessed, altered, collected, copied, destroyed, disposed of, disclosed or modified by breach of any of KSCHR’s physical, technical, or managerial safeguards

4.12 Every employee must take reasonable and appropriate measures to maintain the confidentiality and integrity of Personal Data of data subjects that is entrusted to them or accessed by them in the course of their job function and to prevent the unauthorized use or disclosure of this Personal Data.

4.13 It is the duty and responsibility of each employee to follow KSCHR’s confidential information policies and this Policy, and to take appropriate safeguards to protect Personal Data of data subjects. Employees are to prevent unauthorized use or disclosure of Personal Data, sharing it only within the scope of their employment duties with authorized persons in accordance with the Act and only (a) to those authorized individuals who have a need to know such Personal Data in order to facilitate KSCHR’s contractual obligation with the data subject, (b) to facilitate KSCHR’s management and administration or (c) to allow KSCHR to carry out its legal obligations.

Retention of Personal Data

4.14 KSCHR will delete, as reasonably possible, or otherwise anonymise any Personal Data in the event that the Personal Data is not required for any reasonable business or legal purposes of KSCHR and where the Personal Data is deleted from KSCHR’s electronic, manual, and other filing systems in accordance with KSCHR’s internal procedures and/or other agreements.

5. Disclosure of Personal Data

5.1 In order to carry out the functions described above, KSCHR may, from time to time, disclose Personal Data between KSCHR’s companies.

5.2 Without derogating from any of the above, KSCHR may also disclose the data subject’s Personal Data to the following third parties:

  • Regulators and law enforcement officials;
  • Lawyers;
  • Auditors;
  • Third party service providers and consultants;
  • Credit, debit and charge card companies, banks and other entities processing payment;
  • Potential buyers or investors of KSCHR or any of KSCHR’s companies;and
  • Any agent or subcontractor acting on KSCHR’s behalf for the provision of KSCHR’s services

5.3 KSCHR may disclose data subject’s Personal Data to the abovementioned parties also in the occurrence of any of the following events

  • To the extent that KSCHR is required to do so by the law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise or defend KSCHR’s legal rights;
  • To the purchaser (or prospective purchaser) of any business or asset which KSCHR is (or is contemplating) selling;
  • To any person and/or entity for the purpose of processing such information on KSCHR’s behalf;
  • To third parties who provide services to KSCHR or on its behalf;
  • To any third party that purchases KSCHR or KSCHR’s business or any part of KSCHR or KSCHR’s business;
  • With your consent; and
  • For the purposes of disaster recovery.

 5.4 With regard to employees, KSCHR may from time to time, contract with service providers or other third parties for the purpose of providing KSCHR’s employees various benefits and promotions for the benefit of KSCHR’s employees. Unless informed otherwise by the employee, KSCHR will permit all such vendors and service providers to contact the employee by all means of communication provided by the employees including by telephone voice calls, SMS, MMS, fax, email and any other means of communication for the above-mentioned purposes.

Transfer of Personal Data Overseas

Personal Data may be processed by KSCHR, its affiliates, agents and third parties providing services to KSCHR, in jurisdictions outside of Singapore. In this event KSCHR will comply with the terms of the Act

6. Rights of the Data Subject

Access and Correction of Personal Data

 6.1 Data subjects have the right to:

  1. check whether KSCHR holds any Personal Data relating to them and, if so, obtain copies of such data; and
  2. require KSCHR to correct any Personal Data relating to them which is inaccurate for the purpose for which it is being used

6.2 Data subjects are responsible for providing only correct Personal Data to the respective entity.

6.3 KSCHR reserves the right to charge a reasonable administrative fee in order to meet the data subject’s request under Clause 6.1.

Right to Information

6.4 Each data subject has the right to demand information about the type of Personal Data concerning him/her that is processed by a KSCHR entity. If the data subject wishes to verify the details he/she has submitted to KSCHR, or if the data subject wishes to check on the manner in which KSCHR uses and processes his/her personal data, for security reasons, KSCHR may request proof of identity before it reveals such information. This proof of identity may take the form of a request of his/her full name, membership number and NRIC/Passport/Fin number.

6.5 The data subject may address any such application for information, as specified in Clause 7.3 above, to KSCHR’s Data Protection Officer (see also Section 7.3)..

Rejection of Request for Information or Correction

If the request for information or correction is rejected, the data subject will be informed the reason for such rejection

Deletion

6.6 If the data subject demonstrates that the purpose for which the Personal Data is processed is no longer permissible, necessary or reasonable under the circumstances, the respective Personal Data will be deleted (see also Clause 4.14).

Withdrawal of Consent

6.7 Data subject has a general right to object to the processing of his/her data. If the data subject has provided KSCHR with Personal Data and wishes to withdraw his/her consent to its retention, use or disclosure, the data subject should contact KSCHR’s Data Protection Officer as described in Clause 7 below.

6.8 The data subject may withdraw his/her consent, subject to legal or contractual restrictions and reasonable notice. If the data subject withdraws his/her consent to certain uses of his/her Personal Data, KSCHR may no longer be able to provide certain of its products or services. Where KSCHR have provided or is providing services to the Data Subject, the consent will be valid for so long as necessary to fulfil the purposes described in this Privacy Policy or otherwise at the time of collection, and you may not be permitted to withdraw consent to certain necessary uses and disclosures

7. Procedural Rules

Implementation within KSCHR

7.1 KSCHR companies, as data controllers, must ensure compliance with the principles embodied in this Policy. In this respect, the managerial employees of KSCHR entities shall ensure that this Policy is implemented, which includes in particular providing information to the employees. Should additional training be required, the Data Protection Officer should be approached.

The Data Protection Officer

7.2 A Data Protection Officer will be appointed by the Board of Management of KSCHR to monitor compliance with this Policy. If necessary, the Data Protection Officer will be supported by additional supporting team, who are responsible for ensuring data protection in the legal entities and shall also inform the Data Protection Officer in case of complaints

7.3 Such supporting team shall follow the instructions of the Data Protection Officer. In their duties as defined in this Policy, the Data Protection Officer and his/her supporting team are not bound by instructions from the management. The managerial employees of KSCHR are obligated to support the Data Protection Officer and his/her supporting team in the exercise of their duties

7.4 If you have any questions please contact the Data Protection Officer at: This email address is being protected from spambots. You need JavaScript enabled to view it.

Questions and Complaints/Remedies

7.5 Data subjects may contact the Data Protection Officer or his/her supporting team at any time with any questions and complaints regarding their Personal Data. Such questions and complaints will be treated and dealt with confidentially

7.6 Any complaint from a data subject in connection with his/her Personal Data held by KSCHR should be forwarded immediately to the Data Protection Officer at the email address mentioned in Clause 7.4 above

7.7 Any complaint should include, at least, the following details:

  • Full name of the data subject;
  • Summary of the complaint;
  • Contact information through which the data subject can be contacted. 

 Any complaint filed will be addressed by the Data Protection Officer or his/her supporting team within reasonable time.

Amendment of this Policy

7.8 KSCHR reserves the right to amend this Policy as necessary, for instance to comply with changes to statutes, regulations, requirements of the Personal Data Protection Commission (“PDPC”) or internal KSCHR procedures

Should this Policy become invalid, irrespective of the reasons or causes for such invalidity, all KSCHR entities are bound by this Policy with respect to Personal Data transferred prior to the date of such invalidity, unless this Policy has been replaced by a new regulation.

Publicity

7.10 The current version of this Policy shall be made available to all KSCHR’s employees, contractors, consultants and partners in a suitable manner, e.g. via the Intranet or Internet

Relationship to other company regulations

7.11 Should other KSCHR regulations conflict with this Policy, this Policy shall take precedence.

8. Governing Law

8.1 This Policy is governed by and shall be construed in accordance with the laws of Singapore. You hereby submit to the non-exclusive jurisdiction of the Singapore courts.

9. Definitions

This Policy is governed by and shall be construed in accordance with the laws of Singapore. You hereby submit to the non-exclusive jurisdiction of the Singapore courts.

Anonymisation - is the changing of personal data such that this can no longer identify a certain individual.

 

Consent - is any freely given, informed declaration by the data subject that he/she accepts the processing of his/her personal data.

 

Contract data processor - is the individual or legal entity that processes Personal Data on behalf of a data controller.

 

Data controller - is the legally independent KSCHR entity that decides the purposes and means of processing Personal Data.

 

Data protection/privacy - is the sum of all actions taken to protect the personal rights of data subjects when handling their Personal Data.

 

Data subjects - are all individuals whose personal data are processed within KSCHR, including current, future and former employees, customers, suppliers and other contractual partners and interested persons.

 

Data Protection Officer - is the person officially named to monitor internal data protection in KSCHR.

 

Personal Data - mean data, in line with the provisions under the Act, whether true or not, about an individual customer who can be identified —from that data; or from that data and other information to which an organisation has or is likely to have access. Such Personal Data shall also refer to that which is already in the possession of KSCHR or that which shall be collected by KSCHR in the future.

 

             The Act - the Singapore Personal Data Protection Act 2012 (No. 26 of 2012).