DATA PROTECTION NOTICE
This Data Protection Notice (“Notice”) sets out the basis which Benefit Solutions Pte Ltd (“Benefit Solutions”, “we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of persons in accordance with the applicable personal data protection laws and regulations. This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or otherwise process personal data for our purposes.
Personal Data
1.As used in this Notice:
“person” means an individual who (a) has contacted us through
any means to find out more about any goods or services we
provide, or (b) may enter or has entered into a contract with
us for the supply of any products or services by us, or (c)
has submitted a job or internship application with us; and
“personal data” means data, whether true or not, about an
individual who can be identified: (a) from that data; or (b)
from that data and other information to which we have or are
likely to have access.
2.Under the Singapore Personal Data Protection Act (PDPA),
Business Contact Information (e.g., name, company address,
company telephone number) is not considered as personal data
so long as it is used strictly for business-to-business (B2B)
transactions.
3.Depending on the nature of your interaction with us, some
examples of personal data which we may collect from you
include your name, contact information such as your address,
email address or telephone number, nationality, gender, date
of birth, marital status, photographs and other audio-visual
information, employment information, education background, and
information about your usage of and interaction with our
website.
4.Other terms used in this Notice shall have the meanings
given to them in the Singapore Personal Data Protection Act
(where the context so permits).
Collection, Use and Disclosure of Personal Data
5.We may collect personal data from our customers, business
partners, contractors, employees and other individuals such as
job applicants. We would only collect, use and disclose data
that (a) has been provided to us voluntarily by you directly
or via a third party who has been duly authorised by you to
disclose your personal data to us (your “authorised
representative”) after (i) you (or your authorised
representative) have been notified of the purposes for which
the data is collected, and (ii) you (or your authorised
representative) have provided written consent to the
collection and usage of your personal data for those purposes,
or (b) collection and use of personal data without consent is
permitted or required by the PDPA or other laws. We shall seek
your consent before collecting any additional personal data
and before using your personal data for a purpose which has
not been notified to you (except where permitted or authorised
by law).
6.These personal data may be furnished to us in forms filled
out by you, face to face meetings, email messages, or
telephone conversations. We may also keep a record of any
contact you have with us. These data would be collected only
for business purposes or for the purpose(s) stated by us when
we gather the personal data from you.
7.The personal data collected may be used for any or all of
the following purposes:
to provide our services and/or products to you;
as part of our business operations;
for job application and recruitment purposes;
for billing and reporting, such as for invoicing and account
management purposes;
for follow-up action regarding any complaints, feedback,
queries or requests received via our website or any other
communication channels; and
assisting in law enforcement and investigations conducted by
any governmental and/or regulatory authority.
8.We may collect, disclose or use your personal data pursuant
to an exception under the Personal Data Protection Act or
other written law such as during the following situations:
To respond to an emergency that threatens your life, health
and safety or of another individual; and
Necessary in the national interest, for any investigation or
proceedings.
9.We may disclose your personal data:
with your consent, where such disclosure is required for
performing obligations in the course of or in connection with
our provision of the goods or services requested by you;
to comply with any applicable laws, regulations, codes of
practice, guidelines or rules (e.g. in an emergency or when we
receive a subpoena to disclose your personal data); or
with your consent, to third party service providers, agents
and other organisations we have engaged to perform any of the
functions listed in paragraph 7 above for us. Any third
parties engaged by us will be contractually bound to keep all
personal data confidential.
10.You have the right of choice regarding the collection,
usage and/or disclosure of your personal data. If you choose
not to provide us with the personal data described in this
notice, we may not be able to perform our obligations as
stated in this notice. You have the right to object to the
processing of your personal data and withdraw your consent in
the manner described below.
11.If you choose not to provide us with your personal data for
the purposes listed in paragraphs 7 and 8, you may submit a
request in writing or via email to our Data Protection Officer
at the contact details provided below or indicate in the
personal data collection form submitted to us (if any). By
choosing not to provide us with your personal data, depending
on our relationship, we may not be able to provide services to
you or process your job application. Depending on the
complexity of the request and its impact to our relationship
with you, we will not collect or, within 30 days of our
receipt of your request, cease using and/or disclosing your
personal data in accordance with your request.
12.The purposes listed in paragraph 7 may continue to apply
even in situations where your relationship with us (for
example, pursuant to a contract) has been terminated or
altered in any way, for a reasonable period thereafter
(including, where applicable, a period to enable us to enforce
our rights under any contract with you).
13.In the case where we receive unsolicited personal data via
email or any other communication channels, the unsolicited
personal data will not be retained and will be securely
disposed of immediately.
Withdrawal of Consent
14.The consent that you provide for the collection, use and
disclosure of your personal data will remain valid until such
time it is withdrawn by you in writing. You may withdraw your
consent and request us to stop using and/or disclosing your
personal data for any or all of the purposes listed above by
submitting your request in writing or via email to our Data
Protection Officer.
15.Upon receipt of your written request to withdraw your
consent, we may require reasonable time (depending on the
complexity of the request and its impact on our relationship
with you) for your request to be processed and for us to
notify you of the consequences of us acceding to the same,
including any legal consequences which may affect your rights
and liabilities to us. In general, we shall seek to process
your request within ten (10) business days of receiving.
Should we require more time to give effect to a withdrawal
notice, we will inform you of the time frame by which the
withdrawal of consent will take effect.
16.Whilst we respect your decision to withdraw your consent,
please note that depending on the nature and scope of your
request, we may not be in a position to continue providing our
goods or services to you and we shall, in such circumstances,
notify you before completing the processing of your request.
Should you decide to cancel your withdrawal of consent, please
inform us in writing in the manner described in paragraph 14
above.
17.Please note that withdrawing consent does not affect our
right to continue to collect, use and disclose personal data
where such collection, use and disclose without consent is
permitted or required under applicable laws.
Access to and Correction of Personal Data
18.If you wish to make (a) an access request for access to a
copy of the personal data which we hold about you or
information about the ways in which we use or disclose your
personal data, or (b) a correction request to correct or
update any of your personal data which we hold about you, you
may submit your request in writing or via email to our Data
Protection Officer at the contact details provided below.
19.We will respond to your request as soon as reasonably
possible. Before we accede to your access or correction
request, we may need to verify your identity by checking
identification document, and the legitimacy of your request.
Should we not be able to respond to your request within thirty
(30) days after receiving your request in writing (including
both electronic and non-electronic methods), we will inform
you in writing within thirty (30) days of the time by which we
will be able to respond to your request. If we are unable to
provide you with any personal data or to make a correction
requested by you, we shall generally inform you of the reasons
why we are unable to do so (except where we are not required
to do so under the PDPA).
20.If your request relates to personal data which we are
processing on behalf of another organisation, we will instead
forward your request to the relevant organisation for their
necessary action.
21.Please note that a reasonable fee may be charged for an
access request. If so, we will inform you of the fee before
processing your request.
Protection of Personal Data
22.To safeguard your personal data from unauthorised access,
collection, use, disclosure, copying, modification, disposal
or similar risks, we have introduced appropriate
administrative, physical and technical measures such as
up-to-date antivirus protection, encryption and the use of
privacy filters to secure all storage and transmission of
personal data by us, and disclosing personal data both
internally and to authorised third parties and agents only on
a need-to-know basis.
23.If there is a need to disclose your Personal Data to third
parties in line with the purposes mentioned in paragraph 9, we
will ensure that they provide sufficient guarantees to us to
have implemented the necessary security measures to protect
your Personal Data.
24.However, no method of transmission over the Internet or
method of electronic storage is completely secure. While
security cannot be guaranteed, we strive to protect the
security of your personal data and are constantly reviewing
and enhancing our information security measures. In the event
of a personal data breach, we will endeavour to notify the
affected parties no later than within 3 calendar days from
when we become aware of the breach.
Accuracy of Personal Data
25.We will make every reasonable effort to ensure that
personal data collected by us or on our behalf is accurate and
complete.
26.We generally rely on personal data provided by you (or your
authorised representative). In order to ensure that your
personal data is current, complete, and accurate, please
update us if there are changes to your personal data by
informing our Data Protection Officers at the contact details
provided in paragraph 32 below.
Retention of Personal Data
27.We may retain your personal data for as long as it is
necessary to fulfil the purpose(s) for which it was collected,
or as required or permitted by applicable laws.
28.We dispose of or destroy such documents containing your
personal data in a secure manner when the retention limit is
reached and it is reasonable to assume that the permitted
purpose is no longer being served by their retention.
Cross-border Transfers of Personal Data
29.Unless for business-related needs, we generally do not
transfer your personal data to other jurisdictions. However,
if we do so, we will obtain your consent for the transfer to
be made and we will take steps to ensure that your personal
data continues to receive a standard of protection that is at
least comparable to that provided under the PDPA, including
entering into an agreement with the receiving party to accord
similar levels of data protection as those in Singapore.
Data Breach Notification
30.In the event a breach of security leading to accidental or
unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to, personal data, we shall promptly
assess the impact and if appropriate, report this breach
within 3 calendar days to the Personal Data Protection
Commission (PDPC). We will notify you when the data breach is
likely to result in significant harm to you after our
notification to PDPC. We may also notify other relevant
regulatory agencies, where required. If we are a Data
Intermediary, we shall inform the Data Controller immediately
of any data breach so they can promptly assess the impact and
comply with their data breach notification obligation.
Data Protection Officer
31.You may contact our Data Protection Officer if you have any
enquiry, feedback or complaint regarding our personal data
protection policies and procedures, if you wish to make any
request, or if you believe that information we hold about you
is incorrect or out-dated.
32.You may contact our Data Protection Officer via email at
[email protected]
Modifications
33.We may revise this Notice at any time without any prior
notice. Your continued use of our services and/or products
constitutes your acknowledgement and acceptance of such
changes.