1. Introduction
1.1 SGListCos (“SGListCos” or “we” or “our” or “us”) takes its
responsibilities under Singapore’s Personal Data Protection Act
2012 (the “PDPA”) seriously. We also recognize the importance of
the personal data you have entrusted to us and believe that it is
our responsibility to properly manage, protect and process your
personal data, and we are committed to protecting your personal
data. Please read this policy to understand what personal data is
collected or processed by us, and what purposes it is used and/or
disclosed for.
1.2 “Personal data” means data, whether true or not, about a
living individual who can be identified from that data, or from
that data and other information to which an organisation has or is
likely to have access. Personal data can be factual (such as a
name, address or date of birth) or it can be an opinion (such as a
performance appraisal).
1.3 The purpose of this policy is to inform you and provide you
with an understanding of how we handle, collect, use, disclose and
process personal data about you that you give us, that we receive
through third parties or that is in our possession.
1.4 By providing your personal data to us, you acknowledge and
agree that you have fully read and understood this policy, and are
consenting to the collection, use, processing and disclosure of
your personal data as described in this policy.
1.5 Without prejudice to any of the foregoing, if you provide the
personal data of any other third party to us, you warrant and
agree that such third party has fully read and understood this
policy and has consented to you disclosing his/her personal data to
us for the collection, use and disclosure by us as described in
this policy.
Definition of Data Protection Terms
-
Data is recorded
information whether stored electronically, on a computer, or in
certain paper-based filing systems.
-
Data processors include
any person who processes personal data on behalf of a data
controller. Employees of data controllers are excluded from this
definition, but it could include suppliers which handle personal
data on behalf of the Company.
-
Personal data means any
data relating to a living individual who can be identified from
that data. Personal data can be factual (such as a name, address
or date of birth) or it can be an opinion (such as a course
feedback). It can even include a simple e-mail address. It is
important that the information has the data subject as its focus
and affects the individual's privacy in some way.
-
Processing is any
activity that involves use of the data. It includes obtaining,
recording, or holding the data, or carrying out any operation or
set of operations on the data including organising, amending,
retrieving, using, disclosing, erasing, or destroying it.
Processing also includes transferring personal data to third
parties.
2. Types of Personal Data We Collect
2.1 SGListCos collects information about you when you use our
website(s), website/IT portal(s), forms, surveys, and/or other
channels and throughout other interactions, communications, and
services you have with us.
2.2 Personal data which we may collect include but are not limited
to:
-
(a) your personal information such as your name,
NRIC/FIN/Passport number, date of birth, marital status, gender;
-
(b) your contact information such as postal addresses, email
addresses, telephone, mobile phone and fax numbers;
-
(c) your past and present employment information such as
organisation name, organisation type, industry sector, job
function and responsibilities, designation, business telephone
and fax numbers, business email addresses;
-
(d) your past and present academic qualifications such as
schools attended, courses of study, period of study and academic
results;
-
(e) your professional qualifications and memberships with other
professional bodies; and/or
-
(f) your billing and payment information, including name of the
credit/debit cardholder, credit/debit card number, security code
and expiry date.
2.3 Other information collected may include professional interest
and subscription preferences, training records, details of
complaints, disciplinary or criminal records, medical certificates,
proof of income and financial details, photographs, videos and/or
audio recordings taken by us or our representatives at our events.
2.4 We will collect your personal data in accordance with the
PDPA.
2.5 We may collect and store certain information automatically when
you visit our website(s) or use our website(s)/IT portal(s).
Examples include the internet protocol (IP) address used to
connect your computer or device to the Internet, connection
information such as browser type and version, your operating system
and platform, a unique reference number linked to the data you
enter on our system, login details, the full URL clickstream to,
through and from the website(s) or website/IT portal(s) (including
date and time), cookie identifier and your activity on our
website(s) or website/IT portal(s), including the pages you
visited, the searches you made and, if relevant, the services you
purchase.
2.6 We may receive information about you from third parties if you
use any websites or social media platforms operated by third
parties (for example, Facebook, Instagram, Twitter, Tiktok etc.)
and, if such functionality is available, you have chosen to link
your profile on our website(s) or website/IT portal(s) with your
profile on those other websites or social media platforms.
3. Cookies
3.1 We use cookies on our website(s) or website/IT portal(s).
3.2 A cookie is a small file of letters and numbers that we store
on your browser or the hard drive of your computer or device.
3.3 You can block or deactivate cookies in your browser settings.
3.4 We use log-in cookies to remember you when you have logged in
for a seamless experience.
3.5 We use session cookies to track your movements from page to
page and in order to store your selected inputs so you are not
constantly asked for the same information.
3.6 By continuing to use our website(s) or website/IT portal(s),
you are agreeing to the use of cookies on the site as outlined
above. However, please note that we have no control over the
cookies used by third parties.
3.7 For further information on types of cookies and how they work,
visit
www.allaboutcookies.org.
4. Purposes for which the Personal Data is Collected, Used and
Disclosed
4.1 We will/may collect, use, disclose and/or process your
personal data for one or more of the following purposes:
- (a) To consider and/or process your application to be our member
-
(b) To facilitate, process, deal with and/or administer your
candidature/membership and/or account with us;
-
(c) To review and process your exemptions assessment for the
qualification /certification programme that you have registered
with us;
-
(d) To deal with, process and/or administer your registration
for and/or payment of any training courses, events, seminars,
workshops, examinations, certification programme, qualification
and/or conferences, including to facilitate, administer,
process, deal with and/or manage your application for and/or
involvement in any events, seminars, information sessions,
committees and/or your interest or participation in any events,
seminars, information sessions, committees and/or other
opportunities that we may make available from time to time;
-
(e) For the supply of any goods and/or services which we may
offer to you or that you may request, obtain or purchase from
us;
-
(f) To deal with, process and/or administer your use of the
online services at any of our website(s), website/IT portal(s)
and/or through other digital or telecommunication channels;
-
(g) For identification and verification purposes in connection
with any of the goods and/or services that may be supplied to
you by us or that you may request from us;
-
(h) To carry out your instructions, respond to any enquiry or
deal with any feedback given by (or purported to be given by)
you or on your behalf, including contacting you via phone/voice
call, text message and/or fax, email and/or postal mail
regarding your instructions, enquiries and/or feedback;
-
(i) To conduct research, analysis and development activities
(including but not limited to data analytics, surveys, focus
groups and/or profiling) to improve our services and facilities
for your benefit, or to improve any of our programmes or events;
-
(j) To deal with, process and/or administer your donation(s) or
participation/involvement in the provision of the same, or your
participation or involvement in any charitable cause, event or
project, or in any charity;
-
(k) To perform, deal with, facilitate and/or administer fund
raising activities, and/or to solicit donations (if applicable)
from you, and this may entail contacting you and sending you
relevant information via various modes of communication
including voice/phone calls, emails, SMS and postal mails;
-
(l) To deal with, process and/or administer contests and lucky
draws conducted by us or on our behalf (if any) which you have
participated in;
-
(m) To contact you or communicate with you via various modes of
communication such as phone/voice call, text message and/or fax
message, forms, email and/or postal mail for the purposes of
administering, dealing with and/or managing your application for
candidature/membership with us, your candidature/membership with
us, your account with us, or any other applications (including
applications for training courses, events, seminars, workshops,
examinations, certification programme, qualification and/or
conferences) you make with/through SGListCos. You acknowledge
and agree that such communication by us could be by way of the
mailing of correspondence, documents or notices to you, which
could involve disclosure of certain personal data about you to
bring about delivery of the same as well as on the external
cover of envelopes/mail packages;
-
(n) To process and issue certificates after the completion of the
course(s)/certification programme(s)/qualification(s) that you
have registered with us;
-
(o) To carry out due diligence or other screening activities
(including security and background checks) in accordance with
legal or regulatory obligations or our risk management
procedures that may be required by law or that may have been put
in place by us;
-
(p) To prevent or investigate any fraud, unlawful activity or
omission or misconduct, whether or not there is any suspicion of
the aforementioned; dealing with conflict of interests or dealing
with and/or investigating complaints;
-
(q) To comply with or as required by any applicable law,
governmental or regulatory requirements of any jurisdiction
applicable to us or our affiliates/associated companies,
including meeting the requirements to make disclosure under the
requirements of any law binding on us or our affiliates/associated
companies, and/or for the purposes of any guidelines issued by
regulatory or other authorities (whether of Singapore or
elsewhere), with which we or our affiliates/associated companies
are expected to comply;
-
(r) To comply with or as required by any request or direction of
any governmental authority; or respond to requests for information
from hospitals, embassies, public agencies, ministries, statutory
boards or other similar authorities (including but not limited to
the Ministry of Defence, Ministry of Trade and Industry, Ministry
of Education, Immigration and Checkpoints Authority, Ministry of
Health, Ministry of Home Affairs, Ministry of Manpower, Ministry
of Foreign Affairs, Ministry of Social & Family Development and
Central Provident Fund Board);
-
(s) For marketing purpose where we send you news, information,
materials and/or updates about events, marketing campaigns,
products and/or services that we and/or our business partners
provide, or on our behalf. In this regard, we will be doing so
by way of postal mail and/or electronic transmission to your
email address(es). You may unsubscribe from this service in the
manner set out in Clause 7 below;
-
(t) To facilitate and/or deal with payment for goods and/or
services provided by us, and/or a third party on our behalf
including verification of credit card details with third parties
and additionally, using the personal data you provide to conduct
matching procedures against databases of known fraudulent
transactions (maintained by us or third parties);
-
(u) To deal with, handle and/or conduct disciplinary, security
and quality assurance processes, matters and/or arrangements.
Without prejudice to the generality of the aforesaid, we wish to
bring to your attention that there are surveillance cameras
installed throughout the premises of SGListCos for security
reasons and you acknowledge that your personal data will be
collected by such cameras and processed by us consequently;
-
(v) To perform internal administrative, operational and
technology tasks to facilitate, administer or manage your
candidature/membership with us;
-
(w) To produce statistics and research for internal and/or
statutory reporting and/or record-keeping requirements and
performing SGListCos policy/process reviews;
-
(x) To disclose to a third party to comply with any law, legal
requirements, orders, directions or requests from any court,
authority, or government body of any jurisdiction, which may be
within or outside Singapore.
- (y) To help us improve our services to you; and/or
-
(z) To store, host, back up (whether for disaster recovery or
otherwise) of your personal data, whether within or outside
Singapore.
(collectively, referred to as the “Purposes”)
4.2 We may/will need to disclose your personal data to third
parties, including to banks, payment service providers and/or
other payment gateways, whether located within or outside
Singapore, for one or more of the above Purposes, as such third
parties, would be processing your personal data for one or more of
the above Purposes. In this regard, you hereby acknowledge, agree
and consent that we may/are permitted to disclose your personal
data to such third parties (whether located within or outside
Singapore) for one or more of the above Purposes and for the said
third parties to subsequently collect, use, disclose and/or
process your personal data for or more of the above Purposes.
Without limiting the generality of the foregoing, such third
parties include:
- (a) our associated/affiliated organisations or related corporations;
-
(b) any of our collaborative partners, agents, contractors, or
third-party service providers that process or will be processing
your personal data on our behalf including but not limited to
those which provide administrative or other services to us such
as mailing houses, telecommunication companies, information
technology companies and data centres; and
-
(c) third parties to whom disclosure by SGListCos is for one or
more of the Purposes and such third parties would in turn be
collecting and processing your personal data for one or more of
the Purposes.
4.3 We may share your information with any member of our group
(which means our subsidiaries, our ultimate holding company, and
its subsidiaries from time to time for one or more of the
Purposes.
4.4 You may withdraw your consent for the collection, use and/or
disclosure of your personal data in our possession or under our
control by contacting our secretariat. However, your withdrawal of
consent could result in certain legal consequences arising from
such withdrawal, including us being unable to perform the
transactions requested by you on our website(s) or website/IT
portal(s).
Do note that your withdrawal of consent will not affect our ability
to collect, use or disclose your personal data for a specific
purpose without your consent, if the PDPA or a provision in
applicable law permits us to.
4.5 We may collect, use, disclose or process your personal data
for other purposes that do not appear above. However, we will
notify you of such other purpose at the time of obtaining your
consent, unless processing of your personal data without your
consent is permitted by the PDPA or by law.
4.6 We may/will also be collecting from sources other than
yourself, personal data about you, for one or more of the above
Purposes, and thereafter using, disclosing and/or processing such
personal data for one or more of the above Purposes. We may combine
information we receive from other sources with information you give
to us and information we collect about you. We may use this
information and the combined information for the Purposes set out
above (depending on the types of information we receive).
5. Storage of Personal Data
5.1 Security of your personal data is important to us. We take
appropriate action to protect personal data from loss, misuse,
unauthorised access or disclosure, alteration or destruction using
the same safeguards as we use for our own proprietary information.
All information you provide to us is stored on secure servers and
any payment transactions will be encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which
enables you to access certain parts of our website(s) or website/IT
portal(s), you are responsible for keeping this password
confidential. We ask you not to share a password with anyone.
5.2 We will put in place measures such that your personal data in
our possession or under our control is destroyed and/or anonymized
as soon as it is reasonable to assume that (a) the purpose for which
that personal data was collected is no longer being served by the
retention of such personal data; and (b) retention is no longer
necessary for any other legal or business purposes.
6. Link to other websites
6.1 SGListCos website(s), website/IT portal(s) and other digital
and telecommunication channels may contain links to other sites
that are operated by third party companies with different privacy
practices. You should remain alert and read the privacy statements
of other sites. We have no control over personal data that you
submit to or receive from these third parties.
7. Withdrawal of Consent for Marketing Purposes
7.1 You have the right to ask us not to use your personal data for
marketing purpose. If you no longer wish to receive marketing
messages from us, you may request to withdraw your consent by
submitting a request to
secretariat@sglistcos.com.
7.2 SGListCos members and participants of SGListCos courses,
seminars, workshop, and events may also request to withdraw your
consent for such marketing purpose by following the clause in 7.1.
8. Data Access and Correction
8.1 You have the right to access and/or correct any personal data
that we hold about you, subject to the requirements of the PDPA. If
you would like to request for a copy of your personal data being
held by us (such right being subject to applicable exemptions), or
to update and/or correct the personal data which you have
previously provided to us, please write to:
Secretariat
SGListCos Limited
600 North Bridge Road,#23-01
Parkview Square
Singapore 188778
Email:
secretariat@sglistcos.com
8.2 We will need enough information from you in order to ascertain
your identity as well as the nature of your request, so as to be
able to deal with your request. We reserve the right, or may,
charge a reasonable fee for the processing of any data access
request.
8.3 For a request to access personal data, once we have sufficient
information from you to deal with the request, we will seek to
provide you with the relevant personal data within 30 days. Where
we are unable to respond to you within the said 30 days, we will
notify you of the soonest possible time within which we can provide
you with the information requested.
8.4 For a request to correct personal data, once we have sufficient
information from you to deal with the request, we will correct your
personal data within 30 days. Where we are unable to do so within
the said 30 days, we will notify you of the soonest practicable time
within which we can make the correction. Note that the PDPA
exempts certain types of personal data from being subject to your
correction request as well as provides for situation(s) when
correction need not be made by us despite your request. We will
send the corrected personal data to every other organisation to
which the personal data was disclosed by us within a year before
the date the correction was made unless that other organisation
does not need the corrected personal data for any legal or
business purpose.
8.5 SGListCos members and course participants agree and acknowledge
that they are responsible for ensuring the accuracy of their
personal data.
9. Complaint Process
9.1 If you have any complaint or grievance regarding about how we
are handling your personal data or about how we are complying with
the PDPA, we welcome you to contact us with your complaint or
grievance by writing to:
Secretariat
SGListCos Limited
600 North Bridge Road, #23-01
Parkview Square
Singapore 188778
Email:
secretariat@sglistcos.com
9.2 Where you are sending an email in which you are submitting a
complaint, your indication at the subject header that it is a PDPA
complaint would assist us in attending to your complaint speedily
by passing it on to the relevant staff in our organisation to
handle. For example, you could insert the subject header as “PDPA
Complaint”.
9.3 We will certainly strive to deal with any complaint or
grievance that you may have speedily and fairly.
10. General
10.1 Your consent that is given pursuant to this Privacy Policy is
additional to and does not supersede any other consents that you
had provided to SGListCos with regard to processing of your
personal data.
10.2 For the avoidance of doubt, if Singapore personal data
protection law permits an organisation such as us to collect, use
or disclose your personal data without your consent, such
permission granted by the law shall continue to apply.
11. Enquiries
11.1 For any enquiries on our privacy policy, please write to:
Secretariat
SGListCos Limited
600 North Bridge Road, #23-01
Parkview Square
Singapore 188778
Email:
secretariat@sglistcos.com
IMPORTANT
SGListCos reserves the right to change this policy with or without
notice. Any changes to this policy will be posted on and can be
viewed at
https://www.sglistcos.com.
Latest version as of 6 February 2024.