Data Protection Policy
This statement sets out the Data Protection Policy (“DPP”) and practices of Heng Lee Seng LLP (“Company Name”) that will be followed with respect to the collection, storage, processing, disclosure, accessing, reviewing, and/or use of your personal data. This statement is provided in accordance with the Singapore Personal Data Protection Act (Act 26 of 2012) (the “PDPA”).
We are aware of the revised Advisory Guidelines on the PDPA for NRIC and other National Identification Numbers that the Personal Data Protection Commission (PDPC) issued on 31 August 2018, and we will adhere to these guidelines.
Any data collected on behalf of any public agency by Heng Lee Seng LLP for the purpose required by the public agency will be exempted from the PDPA.
Please note that this DPP complements, and does not limit or replace, the purposes for which you provide Heng Lee Seng LLP with your personal data which may be expressly stated in any form for submission of personal data to Heng Lee Seng LLP. Heng Lee Seng LLP reserves the right to update this DPP from time to time to ensure that it reflects our current practices and remains consistent with the requirements imposed by law. This DPP was last updated on 22 November 2018.
- What kind of Data will this DPP Apply to
This DPP applies to “personal data” and in line with PDPA, refers to any data, whether true or not, about an individual (i.e. the data subject) who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access to, including data in our records as may be updated from time to time.
The exact type of personal data that may apply will vary depending on how you have interacted with us. Examples of such personal data provided to us include (depending on the nature of your interaction with us) name, NRIC, passport or other identification number, nationality, gender, date of birth, marital status, telephone number(s), mailing address, email address, photographs and other audio-visual information, employment information, financial information and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
- What is not Personal Data
Personal data does not include data about a data subject which has been anonymised. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual. Techniques can include pseudonymisation1, aggregation, replacement, data reduction2, data suppression3, data shuffling4, or masking5.
1 Replacing identifiers with other references. For example, replacing an individual’s name with a tag or reference number.
2 Removing values that are not required for the purpose. For example, removing ‘Ethnicity’ from a data set of individuals’ attributes.
3 Banding or hiding the value within a given range. For example, replacing age ‘43’ with the range ‘40-50’.
4 Mixing up or replacing values with those of the same type so that the information looks similar but is unrelated to the actual details. For example, the surnames in a customer database could be sanitised by replacing them with those drawn from another database.
5 Removing certain details while preserving the look and feel of the data. For example, representing a full string of numbers on a credit card as 4346 XXXX XXXX 5379 instead of ‘4346 6454 0020 5379’.
- Collection, Use and Disclosure of Personal Data
In providing Heng Lee Seng LLP with your personal data (either directly or through a third party), you hereby agree that Heng Lee Seng LLP may collect, store, process, disclose, access, review and/or use personal data (including sensitive personal data) about you, whether obtained from you or from other sources (such as our Approved Training Organisations), for the purposes set out below and/or any other administrative or operational purposes and/or the purpose of managing your relationship with Heng Lee Seng LLP:
- providing services to you in relation to your transactions with Heng Lee Seng LLP;
- verification and identification purposes, including verifying your identity when you attend the assessments conducted by Heng Lee Seng LLP;
- enabling the Police Licensing Regulatory Department to carry out the necessary licensing for the private security industry;
- assisting you with your job placement and security clearances when you engage our Business & Employment Services Division;
- processing your request for a loan or fixed deposit when you approach our Financial Services Division;
- enabling your use of the services which Heng Lee Seng LLP provides, including, where necessary, contacting you (whether by SMS, email or otherwise);
- evaluative purposes, including processing your job application pursuant to Heng Lee Seng LLP’s recruitment activities;
- enabling your participation in our lucky draws/contests;
- processing your payment/interest/reservation of retail items with us;
- dealing with enquiries made by you;
- maintenance and updating of the data;
- administrative or operational purposes;
- tax filing preparation;
- processing credit notes and processing refunds;
- collection of fees, charges and expenses for services provided;
- facilitating the making and payment of claims, including payments by cheque, bank transfers or other means;
- carrying out billing, accounting, auditing and the maintenance of proper book-keeping to explain Heng Lee Seng LLP operations and business;
- the disclosure of the relevant books, documents, records and information (in hard or soft copy) to the auditors for the preparation of financial reports; and/or
- the disclosure of the relevant books, documents, records and information (in hard or soft copy) to the relevant government authorities pursuant to any written law.
You further agree to be bound by the prevailing terms of this DPP as updated from time to time.
a. Consent Required
Heng Lee Seng LLP will not collect, use or disclose your personal data unless:
- you give, or are deemed to give, consent to the collection, use or disclosure of your personal data; or
- the collection, use or disclosure of your personal data without your consent is required or authorized under the PDPA or other written law.
If you disclose the personal data of third parties to Heng Lee Seng LLP, you represent that you have obtained the consent of the relevant third parties to have their personal data collected, used and/or disclosed by Heng Lee Seng LLP for the applicable purposes listed in clause 1.
b. Provision of Consent
Heng Lee Seng LLP will not obtain or attempt to obtain your consent for collecting, using or disclosing personal data by providing false or misleading information with respect to the collection, use or disclosure of your personal data.
c. Withdrawal of Consent
- You may at any time withdraw your consent for any of the purposes which you have previously consented to by providing us with notice through a request submitted to the Data Protection Officer in writing or via the email at the content details provided below.
- Please be aware that once we receive confirmation that you wish to withdraw your consent, it may take up to ten (10) working days for your withdrawal to be reflected in our systems. During this period of time, your personal data will continue to be collected, used and/or disclosed pursuant to the purposes set out at clause 3 above.
- On receipt of such notice, Heng Lee Seng LLP will inform you of the likely consequences of withdrawing your consent and we may no longer be in a position to continue to provide our services to you. Such a withdrawal may therefore result in the termination of any relationship that you may have with us.
- At the same time, it should be noted that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies, or undertaking any steps as we may be entitled to by law).
- The withdrawal of consent in itself may not result in the deletion or destroying of your personal data. Any retention of data will be based on Heng Lee Seng LLP’s business needs as deemed legitimate under the PDPA provisions.
- Data Quality
Heng Lee Seng LLP will take reasonable steps to make sure that the personal data it collects, uses or discloses is accurate, complete and up to date.
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are any changes to your personal data by informing our Data Protection Officer in writing or via the email at the content details provided below.
- Data Security & Retention
To safeguard your personal data from unauthorised access, collection, use, copying, modification, disclosure, disposal or similar risks, Heng Lee Seng LLP takes appropriate administrative, physical and technical measures.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Heng Lee Seng LLP will not keep personal data for longer than is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws, and will take reasonable steps to securely dispose of personal data if it is no longer needed.
- Access and Correction
You are entitled to have access to the personal data about you that is in the possession or under the control of Heng Lee Seng LLP and information about the ways in which the personal data has been or may have been used or disclosed within a year before the date of the request. This can be done by you making a written application to our Data Protection Officer or via the email at the content details provided below requesting for any such information. Heng Lee Seng LLP reserves the right to estimate a fee before processing your request (representing its costs in administering your request) for supplying such information and to refuse requests which, in its opinion, occur with unreasonable frequency.
Heng Lee Seng LLP will also, where you have requested that it correct an error or omission in the personal data about you that is kept with Heng Lee Seng LLP, correct such data as soon as practicable and send the corrected personal data to every organisation to which the personal data was sent before it had been corrected, if applicable, unless that organisation does not need the corrected personal data for any legal or business purpose.
Heng Lee Seng LLP will respond to your request as soon as reasonably practicable. Should we not be able to respond to your request within twenty (20) working days after receiving your request, we will inform you in writing within twenty (20) working days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so. Heng Lee Seng LLP may however choose not to provide you with access to or correct such information, in accordance with the exceptions under the PDPA. This would include cases where:
- Heng Lee Seng LLP is satisfied on reasonable grounds that the correction should not be made;
- The request for access is frivolous or vexatious or the information requested is trivial;
- The personal data is related to a prosecution and all the proceedings related to the prosecution have not been completed;
- The personal data, if disclosed, would reveal confidential commercial information that could, in the opinion of a reasonable person, harm the competitive position of the organisation; and
- The personal data was collected, used or disclosed for the purposes of an investigation and associated proceedings and appeals have not been completed.
Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.
- Transborder Data Flows
We generally do not transfer your personal data to countries or territories outside of Singapore. However, if we do so, for instance, if your personal data is required to be transferred for administrative or operational purposes by Heng Lee Seng LLP, we will ensure that the recipients thereof provide a standard of protection to your personal data so transferred that is comparable to that which is provided herein.
- Enquiries and Complaints
Heng Lee Seng LLP has designated a Data Protection Officer who will be responsible for ensuring Heng Lee Seng LLP’s compliance with applicable data protection laws. If you have any queries or requests or wish to make any applications concerning your personal information or data, please contact the Data Protection Officer:
Contact Person: Michael Heng
Address: 331 North Bridge Rd #12-03 Odeon Towers, Singapore 188720
Please note that if your personal data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests.