Ailyst Intelligence Pte Ltd (and its related companies, collectively known as “the organisation”) respects the privacy and confidentiality of our clients’ personal data. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Privacy & Data Protection Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data with regards to our services rendered to you.
COLLECTION OF PERSONAL DATA
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified
- from that data; or
- from that data and other information to which the organisation has or is likely to have access.” We collect the personal data of our prospective employees and clients through the following methods/channels:
- When you wish to preview a service
- When you leave your contact details online
- When you indicate you wish to have follow-up from our Director/Manager
- When you submit an application form, data collection form etc.
- When you sign up for a service
- When you make payment
- When you send in your job application form
Protecting information assets is not simply limited to safeguarding of information (electronic data or paper records) that the Organisation maintains. It also addresses how the information is being used and the procedures in place to manage the information.
Our key focus on protecting the data is to ensure Confidentiality, Integrity and Availability.
TYPES OF PERSONAL DATA COLLECTED
The types of personal data we collect about you may include:
- Family Background & Details
- Education & Professional Qualifications
- Personal Contact Information
- Employment Details & History
- Criminal Background / Past Offences
- Personal Details
- Academic History
- Financial Information
USE OF PERSONAL DATA
We may use the personal data we have collected about you for one or more of the following purposes:
- Provide updates on changes / notifications
- Conduct credit checks, screenings or due diligence checks as may be required under applicable laws / regulations
- Provide information to regulators / affiliates / associates where required or necessary
- Determine financial status
- Provide accounting, corporate secretarial and taxation services
- Provide financial and advisory services
- Provide any other consultancy services
- Customer care and account management
- Recruitment & personnel management
- Detect and protect again potential error, fraud or other criminal activities
- Process applications, registrations or enquiries
- Update records in our database
- Enforce obligations, terms and conditions, where applicable
DISCLOSURE OF PERSONAL DATA
Upon approval from you, we may disclose some of your personal data to the following parties:
- Banks & Finance Companies (Opening of new Bank Accounts, Mortgage Referrals, etc)
- Various Law Enforcement Agencies for Security, Customs and Immigration Purposes
- Regulatory Authorities, i.e. MAS, MOM, ICA, IRAS, ACRA etc.
- Delivery, Freight and Courier Services
- Outsourced vendors
- Other Contracted Service Providers
- Business Partners
- Auditors, lawyers, tax agents etc.
MANAGEMENT OF PERSONAL DATA COLLECTED
- OBTAINING CONSENT
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so.
We will then obtain written confirmation from you on your expressed consent. As far as possible, we will not collect more personal data than necessary for the stated purpose.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you enter into a service agreement with us etc.
- THIRD-PARTY CONSENT
If you have a one-on-one meeting with us or do a transaction with us on behalf of another individual, you must first obtain consent from that individual in order for us to collect, use or disclose his / her personal data.
- WITHDRAWAL OF CONSENT
If you wish to withdraw consent, you should give us advance notice of not less than 5 working days. You have to be aware, though, of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future updates or that the quality of our service may be impacted.
Your request for withdrawal of consent can take the form of an email or letter to us.
ACCESS AND CORRECTION OF PERSONAL DATA
You may write in to us, based on reasonable grounds, to find out how we have been using or disclosing your personal data. We are obligated under the PDPA to allow you access to your personal data of the past one year, and to make any correction if there is any error or omission.
Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request within 30 days. and will give you an estimate of how long it is going to take to retrieve all the relevant data. A nominal fee may be charged for processing the request.
ACCURACY OF PERSONAL DATA
We will take reasonable precautions and verification checks to ensure that the personal data we have collected from you is reasonably accurate, complete and up-to-date.
From time to time, we will do a verification exercise for you to update us on any changes to your personal data. If you are a client or customer, it is important that you update us if there are any changes in your personal information such as your passport number, home address, contact details etc.
PROTECTION OF PERSONAL DATA
We will take the necessary security arrangements to protect your personal data that is under our charge or control to prevent unauthorised access, collection, use, disclosure, or similar risks. All our employees and representatives will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons, upon your approval or on a ‘need to know’ basis.
External data intermediaries who process and maintain your personal data on our behalf will be bound by contractual data security arrangements we have with them.
RETENTION OF PERSONAL DATA
We will not retain any of your personal data under our charge or control when it is no longer necessary for any business or legal purposes. We have a Retention and Disposal of Personal Data Guide (Appendix A) which outlines how long each type of confidential document or personal data is to be retained.
Certain retention periods are based on statutory or regulatory requirements.
We will ensure that your personal data that no longer has any business or legal use will be destroyed or disposed of in a secure manner. This applies to both paper documents and electronic data stored in databases.
TRANSFER OF PERSONAL DATA
If there is a need for us to transfer your personal data to another country, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
Please note that your personal data may be transferred to, and maintained on, computers located outside Singapore where the data protection laws may differ from those in your state, province, country or other governmental jurisdiction.
For referral cases, we will ensure that consent has been obtained from the client (via the referrer) before we collect, use or disclose the client’s personal data.
COMPLIANCE WITH LAWS
Where required to do so by law, we will disclose your personal data to the relevant authorities or to law enforcement agencies upon their requests.
CHANGES TO THIS DATA PRIVACY & DATA PROTECTION POLICY
We may update our Data Privacy & Data Protection Policy from time to time or as it is deemed appropriate.
If you have any questions about our collection, use and/or disclosure of your personal data; feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our data protection officer:
Email Address: firstname.lastname@example.org
Any query or complaint should include, at least, the following details:
- Full name and contact information of the data subject
- Brief description of the query or complaint.
We treat all queries and complaints seriously and will deal with them confidentially and within a reasonable time.
REVIEW AND REVISION
This policy will be reviewed annually or whenever deemed appropriate, by the senior management of the organisation.
RETENTION & DISPOSAL OF PERSONAL DATA GUIDE
Storage of data / information
- Client data will be stored if the client is active or where there are ongoing business or legal requirement to do so.
- If the client has terminated their relationship with us, the client’s data will be backed up and archived for 5 years. After the 5-year period, the data will be destroyed.
Retention of physical files and documents
- All client files, contracts, business documents and accounting records will be retrained for 5 years.
- Records that have passed the retention period of 5 years will be destroyed.
- Physical files or documents that does not need to be retained, will be shredded and disposed of.
Courier of physical files and documents
- The organisation will be using its own designated courier services when collecting or returning documents / files to clients.
- The organisation will forward hard copy mailers (received) to clients, unless otherwise advised to either dispose or scan a digital copy to clients.