2. ISO is committed to protecting your privacy and the security of your personal data.
4. For the purposes of the PDPA, "Personal Data" when used below means, data, whether true or not, about an individual who can be identified 'from that data' or 'from that data and other information to which the organisation has or is likely to have access'. (Section 2(1) of the PDPA)
Data Protection Officer
6. To find out more about our privacy practices, you may contact us via email at firstname.lastname@example.org
7. Our Data Protection Officer's role is to ensure our ISO's compliance with the PDPA.
8. If you have any complaints regarding our collection, use or disclosure of your Personal Data, please send our Data Protection Officer an email detailing your complaint.
9. We will investigate the matter and provide you with a satisfactory reply within 30 days.
Collection, Use or Disclosure of Personal Data
10. The types of Personal Data we may collect from you in the course of using our Site and services include, but are not limited to, your -
a. Name, date of birth, gender, nationality, race, NRIC or equivalent, email, contact number and home address;
b. Credit card details;
c. Designated address of place where work is to be performed;
d. IP address and IP domain;
e. Company name (For contractors or suppliers);
f. UEN (For contractors or suppliers);
g. Office address (For contractors or suppliers);
h. Corporate bank account (For contractors or suppliers); and
i. Any Personal Data as we deem essential or appropriate from time to time to fulfil your commercial relationship with us.
11. Purposes which your Personal Data might be used for include, but are not limited to, the following -
a. To record, monitor and fulfil customer orders;
b. For credit assessments and background checks if deemed necessary;
c. To facilitate transactions;
d. For marketing, communication, administrative, research and analysis purposes;
e. For customer service;
f. To fulfil any legal requirements and relevant regulatory guidelines;
g. To inform you of certain promotions; and
h. To customise your online experience.
12. We will obtain your consent before collecting, using or disclosing your Personal Data.
13. You will be informed of the purposes for which we collect, use or disclose your Personal Data before we obtain your consent.
14. You would be deemed to have consented ("Deemed Consent" under the PDPA) if you have requested for services which can only be fulfilled upon providing your Personal Data.
15. If we should need to use and disclose your Personal Data for any other purposes that we failed to mention during the collection of your Personal Data, we will obtain your permission before using it.
16. We will not collect, use or disclose any Personal Data beyond what is reasonable for us to provide the product or service to you.
17. The type of Personal Data we collect will be reasonable in relation to the purposes it was collected for.
18. We may collect, use or disclose your Personal Data without your consent if the circumstances fall under the Second, Third and Fourth Schedule of the PDPA respectively.
19. If your Personal Data was given to us by a third party, we shall assume that your consent has already been given. If you did not provide your consent, we will halt all collection, use and disclosure of your Personal Data and destroy all soft and hard copies of your Personal Data in our possession once we have been notified of your disagreement and inform any relevant third parties we might have transferred your Personal Data to take similar action. In return, you agree that you shall not take any legal action or exercise any legal remedy you may have against ISO unless you have first notified ISO and given ISO sufficient opportunity to stop all collection, use and disclosure of your Personal Data and remove or anonymise all hard and soft copies of your Personal Data in our possession.
Transfer of Personal Data to Third Parties
20. Certain services require your Personal Data to be transferred to third parties.
21. We will only transfer your Personal Data to third parties to the extent that it is reasonable for us to provide the service to you.
22. Examples of circumstances where we may require your Personal Data to be transferred to third parties include but are not limited to -
a. Fulfilling your transaction request; and
b. Checking for fraud.
23. Examples of third parties that we may need to transfer your Personal Data to include but are not limited to -
c. Credit card processing companies;
d. Data Intermediaries;
e. Logistic service providers; and
f. Marketing agencies.
24. We will make all reasonable efforts to ensure that no unnecessary transfer of Personal Data to third parties takes place.
25. Though we h4ly encourage all third parties we work with to comply with the Personal Data protection requirements under the PDPA and other relevant laws, we exclude liability for any third party's infringement of the PDPA and other relevant laws.
Correction of Personal Data
26. If you should wish to correct any Personal Data submitted that cannot be corrected online through your user account settings, please send an email with your full name and details of the relevant corrections to the Data Protection Officer at email@example.com
27. We will respond to such requests within 30 days, subject to the "Exceptions from Correction Requirement" found in the Sixth Schedule of the PDPA.
Access of Personal Data
28. If you should wish to access any Personal Data that is in the possession or under the control of our company, please send an email with your full name and request to the Data Protection Officer at firstname.lastname@example.org
29. We will then send you the relevant Personal Data and the ways which it has been used for the past year.
30. We charge a minimal fee of SGD$5.00 for our efforts.
Retention of Personal Data
31. We will only retain your Personal Data so long as one or more of the purposes for which it was collected remains valid and, on a case-by-case basis, so long as it is necessary to comply with our legal obligations, resolve disputes and enforce our agreements. After which we will either anonymise the Personal Data or destroy all soft and hard copies of your Personal Data.
32. An annual review will be carried out by our Data Protection Officer to ensure that the company does not retain any Personal Data which no longer serve any purpose.
33. We are committed to ensuring maximum security for your Personal Data and have and will continue implementing appropriate administrative, physical and technical security measures to protect your Personal Data.
34. Our security measures include but are not limited to -
a. Having a secure computer network;
b. Implementing corporate security policies and procedures;
c. Restricting access to your Personal Data to authorised employees on a strictly need to know basis;
d. Requiring our staff to be bound by strict confidentiality obligations; and
e. Clearly marking confidential documents to restrict unauthorised access.
35. Contingent plans and remedial measures have also been put in place in case of a potential security breach.
36. All of our employees have been briefed and trained to meet the regulations required under the PDPA.
37. We exclude liability for any potential security breach caused by external reasons outside of our control, such as in cases involving a deliberate hack into our online system or a security breach caused by data transmission over the Internet or any wireless network.
Transfer of Personal Data Overseas
38. If there is a need to transfer your Personal Data overseas, we will ensure that the overseas organisation legally warrants to have a similar protection of Personal Data as under the PDPA.
39. We will only transfer your Personal Data overseas if it is required for us to provide the requested service to you.
Withdrawal of Consent
40. If you wish to withdraw your consent for our collection, use and disclosure of your Personal Data, be it in full or in part, please write in to our Data Protection Officer at email@example.com
41. We will inform you of the consequences of withdrawing consent based on your usage of our Site and should you wish to proceed, we will delete or anonymise all your relevant Personal Data from our database within 30 days.
43. As not all cookies collect Personal Data, we will only require your consent for cookies usage if the specific cookies used collect Personal Data from you.
44. Under the PDPA guidelines, if you engage in activities or transactions on our Site which cannot take place without cookies that collect, use or disclose Personal Data, you would have provided your Deemed Consent if you had voluntarily provided the Personal Data for that activity or transaction, and it is reasonable that you would do so.
47. You hereby agree to submit to the non-exclusive jurisdiction of the Singapore courts.