Data Protection Policy — IPOS International

This document (“Data Protection Policy”) outlines how IPOS International Pte. Ltd., manages your Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 12 of 2012) ("PDPA"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By your interacting with us, submitting information to us, or through your continuing employment relationship with us, you agree and consent to IPOS International Pte. Ltd., its affiliates, related organisations, representatives and/or agents (collectively referred to herein as “II”, “us”, “we” or “our”) collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the our authorised service providers and relevant third parties in the manner and for any of the purposes set forth in this Data Protection Policy. In addition, this Data Protection Policy will also provide you more information on the basis upon which we collect, use and/or disclose your Personal Data without your consent, where permitted by applicable law.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to IPOS-I in respect of your Personal Data, and your consents herein are cumulative and additional to any rights which IPOS-I may have at law to collect, use or disclose your Personal Data. This Data Protection Policy does not affect any rights which we may have at law in connection with the collection, use or disclosure of your Personal Data.

IPOS-I may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements.

We may send you notification of modifications or revisions to this Data Protection Policy in such form as we deem appropriate, including by publishing the modified or revised Policy, and where required by applicable law, by posting a notice, or reaching you via other forms of communication (e.g. sending you an SMS message or email) according to such contact particulars that we may have of you in our records from time to time. You may also contact our Data Protection Officer in the manner disclosed in this Data Protection Policy to learn about our handling or processing of your Personal Data.

Subject to your rights at law, you agree to be bound by the prevailing terms of this Data Protection Policy as updated from time to time on our website, and/or as you may be notified. If you are unsure whether you are reading the most current version, please contact our Data Protection Officer. Please check back regularly for updated information on the handling of your Personal Data

I. Personal Data

In this Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, bank account, family emergency contact information, medical records detailing health conditions, credit card details when making reimbursement claims, CPF, annual declarations of property and debt etc., and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.

II. Collection of Personal Data

3. Generally, we collect Personal Data in the following ways:

when you submit your resumes and/or CVs to us;
when you submit your Personal Data in any forms, applications, agreements, contracts or emails;
when you submit your Personal Data on any system or application, online surveys and other cloud-based applications;
when you submit queries, requests, complaints or feedback to us;
when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
when you respond to our request for additional Personal Data;
when you ask to be included in an email or other mailing list;
when a recruitment agency refers your resume to us;
when you respond to our initiatives;
when you browse our intranet or other websites; and/or
when you submit your Personal Data to us for any other reasons.

4. If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent and warrant to us that the collection, use and disclosure of that Personal Data to us, as well as the further processing of that Personal Data by us for the purposes set out below, is lawful, and you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

5. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. If there is a change to your personal particulars such as your residential/mailing address, email address or telephone number, please promptly update the HR Department. This ensures that you will continue to receive communications from us without disruption or delay. Failure on your part to do so may result in our inability to fulfil your requests and/or applications.

III. Purposes for the Collection, Use and Disclosure of Your Personal Data

6. Generally, IPOS-I collects, uses and discloses your Personal Data for the following purposes:

managing or terminating your employment relationship or appointment;
verifying your identity;
responding to your queries, feedback, complaints and requests;
conducting due diligence and background checks on you as an employee;
facilitating your enrolment as an employee including applying for work permits and employment passes;
providing remuneration and processing payroll as well as reviewing salary, bonuses, incentives, allowances and payments and administering and processing benefits, claims, compensation and benefits (including but not limited to processing expense claims, medical / health insurance and security bond applications);
conducting evaluation and staff appraisals to determine your continuing suitability, eligibility or qualification for your job and considering you for promotion, training, secondment, transfer or succession planning;
manpower, logistical management (including but not limited to procuring office supplies, issuing premise access security passes and car park arrangements, tax compliance, granting you the necessary access rights to various websites and online services, making travel arrangements whether local or overseas and leave administration);
providing you with tools to facilitate or as required for you to perform your duties and responsibilities, including granting and managing your access rights to IPOS-I’s IT systems and monitoring your use of the same to ensure your ongoing compliance with IPOS-I’s internal policies:
managing IPOS-I’s relationship with its business partners and other organisations;
recognising and awarding individuals who have delivered service excellence;
administering the activities of any trade union which you may be a member of;
administering any recreation activities organised by IPOS-I for its employees;
preventing, detecting and investigating crime and managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance, voice recordings and conducting security clearances);
monitoring compliance with internal rules and policies of IPOS-I (including taking steps to manage human resources and take investigative or disciplinary action);
managing and preparing reports on incidents and accidents and managing internal directories and emergency contact lists for business continuity;
facilitating training, learning and talent development including employment development schemes such as the granting of study grants and scholarships;
planning and organising corporate events;
in order to inform you of IPOS-I’s policies and to send you information from time to time which you are entitled to receive as an employee of IPOS-I;
administering termination or cessation processes;
conducting analytics, internal audits and research for human resource planning and management, and for us to review, develop, optimise and improve work-related practices, environment and productivity;
records management, business continuity management and/or succession planning;
legal purposes (including drafting and reviewing documents, obtaining legal advice and facilitating dispute resolution) and protecting and enforcing our contractual and legal rights and obligations;
conducting audits, reviews and analysis of our internal processes, action planning and managing commercial risks, including fraud prevention and money-laundering;
facilitating business asset transactions (which may extend to any mergers, acquisitions and debt or asset sale);
health and safety management, including workplace safe management measures, social distancing, disease control and prevention, quarantine arrangements, contact tracing and other response measures;
meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on IPOS-I or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation); and/or
any other purpose which is related to or reasonably necessary for the aforesaid.

IV. Disclosure of Personal Data

7. IPOS-I will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed by IPOS-I, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:

entities within the IPOS-I corporate group (for the avoidance of doubt, including without limitation the affiliates and related corporations of IPOS International Pte. Ltd.);
insurance companies and brokers in connection with staff insurance;
education and training establishments or examining bodies, such as certification authorities, commercial training providers, tertiary institutions and/or schools;
healthcare, social and welfare advisors or practitioners, such as clinics, hospitals and/or medical practitioners;
media organisations, including without limitation providers of digital media or newspapers;
voluntary, charitable and/or non-profit organisations;
recruitment agencies;
property developers;
agents, associates, subsidiaries, partners, contractors or third-party service providers who provide operational services to IPOS-I, such as courier, telecommunications, information technology, cloud, webhosting, legal, advertising, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to IPOS-I;
any business partner, investor, assignee, or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any mergers, acquisitions and debt or asset sale);
local and overseas banks and their respective service providers;
our professional advisers such as our consultants, auditors and lawyers;
trade unions;
business and charity partners in relation to events planning;
service providers conducting and/or organising recreational activities for IPOS-I’s employees;
relevant government regulators, government ministries, statutory boards, embassies, or authorities and/or law enforcement agencies, whether local or overseas, including without limitation the Building and Construction Authority, Ministry of Health, Housing Development Board for purchase of HDB Flats, Inland Revenue Authority of Singapore, the Central Provident Fund Board, Singapore Police Force and Ministry of Manpower to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them;
other organisations which may request that we provide them with your Personal Data for evaluative purposes;
relatives, guardians and/or other persons associated with you, such as your next-of-kin or spouse; and/or
any other party to whom you authorise us to disclose your Personal Data.

V. Deemed Consent

8. In addition to the matters set forth above, subject to and in accordance with applicable law, you shall be deemed to have consented to us collecting, using, disclosing and sharing amongst ourselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties:

where in response to a request for your Personal Data in connection with identified purposes, you voluntarily provide such Personal Data to us for such purpose(s) and it is reasonable that you would voluntarily provide such Personal Data; or
where the collection, use or disclosure of your Personal Data is reasonably necessary for the conclusion and/or performance of a contract between you and us or us any other organisation entered into at your request, which may include recipients of your Personal Data not indicated in this Data Protection Policy.

VI. Other Bases for Handling or Processing Your Personal Data

9. In addition to and without limiting the consents you have provided to our collection, use and disclosure of your Personal Data for the purposes set out elsewhere in this Data Protection Policy, where permitted by applicable law, we may also in accordance the requirements thereof also collect, use and/or disclose your Personal Data as further detailed below without consent, where we meet the requirements of applicable law:

for our legitimate interests or the legitimate interests of any other person, including but not limited to the purposes expressly set forth in this Data Protection Policy; and
for improving our existing or developing new products, services, methods, processes or business, learning and understanding the preferences and personalising the experiences and recommendations of you or another individual, based on your Personal Data records with us.

VII. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data

10. If you:

have any questions or feedback relating to your Personal Data or our Data Protection Policy, including without limitation our reliance on legitimate interests and/or deemed consent bases of collecting, using and/or disclosing your Personal Data as described in this Data Protection Policy;
would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
would like to obtain access and make corrections to your Personal Data records (for which we may charge a fee to cover the cost of verifying the application and locating, retrieving and copying any material requested), you can contact our Data Protection Officer by sending an email to the following e-mail address: dpo@iposinternational.com.

11. Please note that if your Personal Data has been provided to us by a third party (e.g. recruitment agency or a headhunter), you should contact such party directly to make any queries, feedback, and access and correction requests to IPOS-I on your behalf.

12. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, IPOS-I may not be in a position to administer any contractual relationship in place. This may also result in the termination of your employment with IPOS-I and you being in breach of your contractual obligations or undertakings. IPOS-I’s legal rights and remedies in such event are expressly reserved.