Privacy Policy

Privacy Policy

INTRODUCTION

Kydon Holdings Pte Ltd (the “Company”) takes the protection of the privacy of individuals including each of its job applicants, employees, former employees, referees, and beneficiaries of employees and former employees, contractors and contingent workers, (collectively, known as “Employees”), and customers or their employees (collectively, known as “Customers”) very seriously. The Company collects and processes personal data relating to each of its Employees and Customers in compliance with the Personal Data Protection Act (Act 26 of 2012).

This Privacy Policy describes the personal data that the Company collects from or about each of its Employees and Customers, and how the Company uses and to whom the Company discloses that personal data. This Policy applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of Employees personal data by Company.

1. DEFINITIONS

1.1       For the purposes of this Privacy Policy, each of the defined terms in the introduction has the meaning assigned to it in the introduction and each of the following words and expressions has the following meaning:

“Communications System” means any or all of the Company’s communications systems and Devices made available to an Employee from time to time for the purpose of communicating with another person, including but not limited to telephone, fax, email, internet access, instant messaging, desktop computers, laptops, and mobile Devices.
“Company Device” means a Device owned by or under the control of the Company.
“Company’s Personal Data” means any Personal Data collected, stored, or under the control of the Company.
“Data Protection Policy” means each policy implemented by the Company pursuant to the PDPA, as may be amended from time to time.
“Device” means any electrical, electronic, magnetic, optical, or other object designed to view, store, delete, access, or modify information, and includes compact discs, floppy disks, magnetic tapes, flash drives, phones, smartphones, tablet computers, computers, and other similar equipment.
“DPO” means the “Data Protection Officer”, who is such person appointed by the Company in compliance with its obligation under Section 11(3) of the PDPA.
“Officer” has the meaning set out in Section 52(5) of the PDPA.
“PDPA” means the Personal Data Protection Act 2012 (No. 26 of 2012) and all subsidiary legislation enacted thereunder, guidelines, circulars, rules, notices, practice directions, and other clarificatory information released by the PDPC or other relevant body or organisation.
“PDPC” means the Personal Data Protection Commission.
“person” includes an organisation or company related to the Company or the staff and employees thereof.
“Personal Data” has the meaning set out in the PDPA.
“Unauthorised Person” means any Person whom the Company has not designated as a Person allowed to access, Process, use, or otherwise deal with the Company’s Personal Data.

1.2       Each reference to a unit of time is, unless the context requires otherwise, a reference to a calendar unit of time.

1.3       Where appropriate, each word importing the singular number only includes the plural number and vice versa.

1.4       Where appropriate, each word importing the masculine gender only includes the feminine and neuter genders and vice versa.

1.5       Each reference to a statutory provision is a reference to that provision as amended, consolidated or re-enacted; or as its application is modified by other provisions from time to time; and includes any provision of which there are consolidations or re-enactments for the time being in force (whether with or without modifications).

1.6       Each heading used in this section is inserted for convenient reference only and will not affect the construction or interpretation of any provision of this section.

1.7       This section includes examples but is not intended to be restricted in its application to such examples, therefore where the word ‘including’ is used, it shall mean ‘including without limitation.

1.8       This section does not create or confer upon any Employee or Customer any rights, or impose upon the Company any rights or obligations outside of, or in addition to, any rights or obligations imposed by the privacy laws applicable to the personal data of each of the Employees and Customers. Should there be, in a specific case, any inconsistency between this section and such privacy laws, this section shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.

2. WHAT IS PERSONAL DATA?

2.1       This paragraph is not meant to be an exhaustive explanation of what personal data is. In essence, personal data is any information about an identifiable individual, other than the person’s business title or business contact information when used or disclosed for the purpose of business communications. Personal data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual).

2.2       Personal data includes information such as name, home address, telephone, personal email address, date of birth, employee identification number, marital status, personal data of family members or character referees and any other information necessary to the Company’s business purposes, which is voluntarily disclosed in the course of an Employee’s application for and employment with the Company and any Customer’s interaction with the Company.

3. HOW THE COMPANY COLLECTS PERSONAL DATA?

3.1       As a general rule, the Company collects personal data directly from each of its Employees and Customers. In most circumstances where the personal data that the Company collects about an Employee or Customer is held by a third party, the Company will obtain the permission of the Employee or Customer respectively before it seeks out this information from such sources. Such permission may be given directly by the Employee or Customer respectively, or implied from his actions.

3.2       The Company collects the personal data of a Customer or Employee through the following (which are not exhaustive):

  • When an Employee or Customer submits a form to the Company;
  • Through the Company’s website or intranet (the “Website”);
  • Through direct contact with the Employee or Customer;
  • Through submission of the personal data of the Employee or Customer for any other reason on his own initiative;
  • When an image of the Customer or Employee is captured by the Company via CCTV cameras when he is within the Company’s premises or when he has his image captured during events of the Company; and
  • Through the response of the Customer or Employee to the Company’s request.

4. WHY DOES THE COMPANY COLLECT PERSONAL DATA?

4.1       The personal data collected is used and disclosed for the Company’s business purposes, including establishing, managing or terminating an Employee’s employment relationship with the Company or a Customer’s relationship with the Company. Such uses include:

Employees

  • Determining eligibility for initial employment, including the verification of references and qualifications;
  • Administering pay, insurance and benefits;
  • Processing any work-related claim by any Employee (e.g. worker compensation, insurance claims, etc.)
  • Conducting training;
  • Establishing one or both of training and development requirements for any Employee;
  • Conducting research, surveys, and interviews ;
  • Conducting performance reviews and determining performance requirements;
  • Conducting salary reviews and promotion exercises;
  • Assessing qualifications for a particular job or task;
  • Arranging visits or work-related travel and applying for visas/work permits;
  • Tax filing purposes;
  • Conducting investigations into complaints or allegations of misconduct of any Employee;
  • Establishing a contact point in the event of an emergency (such as next of kin);
  • Complying with applicable laws;
  • Compiling directories;
  • Responding to requests from any Employee;
  • Reviewing and improving the Company’s human resource processes and policies;
  • Creating and maintaining each Employee’s profile in the Company’s system for internal records and reference and filling of potential job openings in the Company;
  • Keeping any Employee updated on the Company’s events;
  • Taking any photographs or videos of any Employee for internal dissemination within the Company and generating publicity materials for the Company’s services or recruitment actions;
  • Ensuring the security of Company-held information; and
  • Such other purposes as are reasonably required by the Company.

Customers

  • Collection of the particulars of (i) the employees, (ii) the customers, (iii) the business partners, (iv) the suppliers or (v) the contractors of Customers for the purpose of provision of services for Customers;
  • Communication with Customers, including providing Customers with updates on changes to services, including any additions, expansions, suspensions of services and the terms and conditions;
  • Processing any Customer’s requests, complaints, or queries;
  • Informing any Customer of services of the Company;
  • Administering the relationship with any Customer;
  • Conducting performance reviews and determining performance requirements;
  • Conducting investigations into complaints or allegations by any Customer of misconduct of any Employee;
  • Establishing a contact point in the event of an emergency (such as next of kin);
  • Complying with applicable laws;
  • Compiling directories;
  • Creating and maintaining any Customer’s profile in the Company’s system for internal records and reference in the Company;
  • Keeping any Customer updated on the Company’s events;
  • Taking any photographs or videos of any Customer for internal dissemination within the Company and generating publicity materials for the Company’s services or recruitment actions;
  • Ensuring the security of Company-held information; and
  • Such other purposes as are reasonably required by the Company.

5. HOW DOES THE COMPANY USE PERSONAL DATA?

5.1       The Company may use the personal data:

  • For the purposes described in this section; or
  • For any additional purpose that the Company may advise the Employees or Customers of and for which the Company has obtained the consent of the Employees or Customers respectively or where such consent is required by law

5.2       The Company may use the personal data of the Employees or Customers without their knowledge or consent where the Company is permitted or required by applicable law or regulatory requirements to do so.

6. WHEN DOES THE COMPANY DISCLOSE PERSONAL DATA?

6.1       The Company may share the personal data of the Employees or Customers with its Employees, agents, contractors, data intermediaries, consultants, and third party service providers who provide services including servicing, delivery and collection, repair and maintenance services, telecommunications, mailing, information technology, payment, payroll, data processing, training, research, carding, storage and archival to the Company, who require such information to assist the Company with establishing, managing or terminating its employment and customer relationships with the Employees and Customers respectively. When the Company shares personal data with such parties, the Company typically requires that they only use or disclose such personal data in a manner consistent with the use and disclosure provisions of this section on Personal Data.

6.2       In addition, personal data may be disclosed or transferred to another party in the event of a change in ownership of, or a grant of a security interest in, all or a part of the Company through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose the personal data of the Employees and Customers in a manner consistent with the use and disclosure provisions of this section, unless the Employees and Customers agree otherwise.

6.3       Further, the personal data of the Employees and Customers may be disclosed:

  • As permitted or required by applicable law or regulatory requirements. In such a case, the Company will endeavor to not disclose more personal data than is required under the circumstances;
  • To comply with valid legal processes such as search warrants, subpoenas or court orders;
  • As part of Company’s regular reporting activities to any relevant authorities;
  • To protect the rights and property of the Company;
  • During emergency situations or where necessary to protect the safety of a person or group of persons;
  • Where the personal data is publicly available; or
  • With the consent of the Employees or Customers where such consent is required by law.

6.4       The Company does not sell, rent, share, trade or disclose any personal data it keeps relating to the Employees or Customers to any other parties without the prior written consent of the Employees or Customers respectively, and any suppliers or vendors which the Company has engaged to provide services and are involved in the processing of the personal data on the Company’s behalf.

7. NOTIFICATION AND CONSENT

7.1       The Company will seek consent from the Employees and Customers before using their personal data for any purpose other than those stated in this section, with the exception of purposes for which the Company is required or allowed without the consent of the Employees and Customers to process data by any legislative or regulatory requirement or exemption.

7.2       The Company will assume, unless the Employees or Customers advise otherwise, that they have consented to the Company collecting, using and disclosing their personal data for the purposes stated above (including any other purposes stated or reasonably implied at the time such personal data was provided to the Company).

7.3       Where the consent of the Employees or Customers is required for the Company’s collection, use or disclosure of their personal data, the Employees or Customers may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw their consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the DPO.

8. HOW IS PERSONAL DATA PROTECTED?

8.1       The Company endeavors to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal data in question. These safeguards are designed to prevent the Employees’ personal data from loss and unauthorized access, copying, use, modification or disclosure.

8.2       Paragraphs 9 to 15 set out in detail the obligations of Employees in relation to Personal Data, the consequences of breach and termination of employment in relation to personal data.

9. THE EMPLOYEE’S OBLIGATIONS

9.1       Each Employee who is in the employment of the Company shall:

  • Comply with the Data Protection Policy at all times, especially when collecting or handling the Company’s Personal Data;
  • Inform his manager, superior, supervisor, the DPO, or such other officer as from time to time the Company may designate, of any breach or suspected breach of the PDPA or the Data Protection Policy as soon as possible;
  • Only access, process, use, copy, disclose, and erase any of the Company’s Personal Data when required by his duties to the Company, and never for any other person, organisation, or his own private use; and
  • Not take any action that may cause or causes the Company or DPO to breach the PDPA.
  • The provisions of Paragraph 9.1 shall continue for a term of three years after the Employee has left the Company’s employ.

10. UPDATING PERSONAL DATA

10.1     It is important that the information contained in the Company’s records is both accurate and current. If any Employee’s personal data happens to change during the course of his employment, he is required to keep the Company informed of such changes by informing the HR person and the DPO. The Company will also, where an Employee has requested that it correct an error or omission in the personal data about him, correct such data as soon as practicable and send the corrected personal data to every organisation to which the personal data was sent before it had been corrected, unless that organisation does not need the corrected personal data for any legal or business purpose.

11. COMMUNICATIONS SYSTEMS

11.1     Each Employee shall not use any Communications System for the sending or receiving of any material which is obscene, defamatory, infringing copyright, harassing, malicious, or otherwise illegal, liable to damage the good name of the Company, lay the Company open to unauthorised contractual obligations, civil actions in the courts, or investigation by the PDPC or any other relevant authority.

11.2     Each Employee shall not use any Communications System to carry out any business or commercial activity other than the business or commercial activity of the Company, unless expressly authorised by an Officer to do so.

11.3     Each Employee shall not use any Communications System for his own private use or for any other purpose than the Company’s lawful business purposes.

12. COMPANY’S PERSONAL DATA PROTECTION

12.1     Each Employee at all times shall ensure the safety and physical and virtual security of all of the Company’s Personal Data, and amongst other things not:

  • Leave any document or Device containing the Company’s Personal Data where an Unauthorised Person may access it;
  • View any document containing the Company’s Personal Data, or use any Device to view or access the Company’s Personal Data, in any area where any Unauthorised Person may be able to view the Company’s Personal Data, such as on public transport, in public venues, at meeting places, or at home when and where any Unauthorised Person is present;
  • Discuss, share, talk, mention, write, type or otherwise communicate the Company’s Personal Data to any Unauthorised Person, which includes posting, sharing, or uploading any such information on any website, social media, app, or blog;
  • Copy or transfer any data or software on any Company Device to another Device, or cloud storage on a server not under the control of the Company, unless expressly authorised by an Officer in writing to do so; and
  • Download, upload, load, run, or execute any non-Company approved data or software on any Company Device unless expressly authorised to do so by an Officer in writing.

12.2     Each Employee shall not access or store the Company’s Personal Data through any Device not expressly issued to him by the Company for that purpose without first obtaining the Company’s written consent for such Device to be used. If such consent is granted, the provisions in Paragraph 12.1 will apply mutatis mutandis to the use of such Device whenever it is accessing, amending, or storing the Company’s Personal Data, or otherwise used for the Company’s business purpose or commercial activity, and the Employee also shall:

  • Install or permit the installation of such software, and implement and take such reasonable measures, which the Company may require for the purposes of ensuring the safety of the Company’s Personal Data while accessed or stored on such Device;
  • Upon the Company’s request submit such Device to the Company, or such person designated by the Company, for inspections or checks for the purposes of ensuring compliance with this section, provided that such request is issued not more than once every month;
  • Before disposing of any Device which was at any time used to access or store the Company’s Personal Data, destroy or delete all of the Company’s Personal Data stored on such Device, and submit such Device to the Company or such person which the Company may designate for inspection and checks for the purposes of ensuring compliance with this section; and
  • Consent to the Company accessing and viewing any of his Personal Data in the course of such inspections and checks, and retaining any of his Personal Data for the purposes of the Company’s records.

12.3     The Employee shall, whenever working off the Company’s premises on any Device:

  • Advise the Company and obtain the Company’s consent on where the Device will be kept when off the Company’s premises, how it is to be transported there, and what security arrangements he shall take to safeguard the Device off the Company’s premises;
  • Strictly comply with and enforce at all times such security arrangements as may be approved by the Company;
  • Ensure the safety and security of the Device and the information contained therein by, amongst other things:
  • Not parting with the Device;
  • Not allowing any Unauthorised Person to use the Device;
  • Ensuring that the Device has a passcode, password, or other means of restricting access to the Device enabled in compliance with the Data Protection Policy;
  • Turning off or logging out of the Device when not in use if he leaves the Device unattended; and
  • Refraining from using the Device to view or access the Company’s Personal Data in areas where any Unauthorised Person may be able to view the Company’s Personal Data, such as on public transport, in public venues, at meeting places, or at home when any Unauthorised Person is present.

12.4     Each Employee shall not bring any document containing any of the Company’s Personal Data outside the Company’s premises except as necessary for carrying out the Company’s business or commercial activity, or with the express consent of his manager, superior, or supervisor. If any Employee brings any document containing any of the Company’s Personal Data outside the Company’s premises, the provisions of Paragraph 12.1 shall, where relevant, apply mutatis mutandis to such documents.

12.5     If an Employee at any time knows or has reason to suspect that a Company Device, any Device that has been used to access the Company’s Personal Data, any data or software on such Devices, or any document containing the Company’s Personal Data may have been or have been lost, stolen, damaged, hacked into, used by any Unauthorised Person, or in any other way compromised, he shall as soon as possible inform his manager, superior, supervisor, the DPO, or such other officer as from time to time the Company may designate.

13. CONSENT FOR USE OF PERSONAL DATA

13.1     As a condition of employment, each Employee consents to the Company collecting, retaining, and using his Personal Data to the Company for the purposes of the Employee’s employment with the Company. These purposes include:

  • Employment records and assessing the Employee’s performance and promotion prospects;
  • Communicating with the Employee on work-related matters, events, or other Company matters;
  • Ensuring the Employee’s compliance with all the Company’s policies and agreements the Employee may enter into with the Company;
  • Determining and making payment of salary, bonuses, incentives, stock options, or other related incentives;
  • Making tax calculations, contributions to CPF, compulsory savings, or retirement plans on the Employee’s behalf;
  • Disclosing the data to third parties for the purpose of marketing, advertisements, publicity, or such other use related to the Company’s business or commercial activity, provided that such data disclosed is limited to what is reasonable to be disclosed under the circumstances; and
  • Disclosing or transferring the data to a third party for the purposes of insurance coverage, medical coverage, union membership, professional membership, audit, reporting of income, or any transfer that may be required by any applicable law or regulation.

13.2     The Company shall take reasonable steps to ensure:

  • The accuracy of each Employee’s Personal Data, including allowing an Employee reasonable opportunities to inspect such data held by the Company, and making such reasonable corrections or amendments requested by the Employee to ensure the accuracy of such data;
  • The safety and security of the such data, including that that the data is not unnecessarily given, viewed, or accessed by third parties; and
  • That the Personal Data is used for employment-related purposes only and not otherwise.

13.3     If at any time an Employee withdraws his consent for his Personal Data to be collected, retained, or used by the Company for the purposes of such Employee’s employment with the Company, such notice of withdrawal of consent shall, unless otherwise consented to by the Company, be considered a notice of termination of employment with the same date as the notice of withdrawal.

14. TERMINATION OF EMPLOYMENT

14.1     Before an Employee leaves the employment of the Company, he shall:

  • Destroy or return to the Company all of the Company’s Personal Data he may be in physical possession of or have physical control over;
  • Return all Communications Systems and other Company Devices to the Company;
  • Submit all Devices in his possession that had at any time been used to access the Company’s Personal Data to the Company, or such person as the Company may designate, for inspection and checks for the purposes of ensuring compliance with this section; and

14.2     Sign a declaration in an approved form stating that he:

  • Has complied with all the requirements of this Paragraph to the best of his knowledge and belief;
  • Has complied with the provisions of Paragraph 9 of this section to the best of his knowledge and belief;
  • Is not aware of any outstanding or unrectified breach of the PDPA by the Company regarding his Personal Data;
  • Undertakes to take all reasonable steps to notify the Company if he discovers any of the Company’s Personal Data to be still in his possession or under his control after the termination of his employment, and destroy or return such Personal Data as may be directed by the Company; and
  • Consents to the Company retaining such personal data as may be necessary for business or regulatory compliance purposes, including for the purposes of verifying his employment and standard of conduct at the Company with third parties.

15. CONSEQUENCES OF BREACH

15.1     If the Company suffers any loss, fine, penalty, or faces any civil action as a result of a breach of the PDPA due to an Employee’s breach, negligent or otherwise, of the terms of this section, the Data Protection Policy, or any other policy which the Company may put in place:

  • Such Employee shall fully indemnify, keep indemnified, and hold harmless the Company for such loss, fine, penalty, or civil action, including paying any legal costs on an indemnity basis that the Company may expend in dealing with any investigation, or in defending or appealing such action;
  • Such Employee shall fully cooperate and give his fullest aid and assistance to the Company in dealing with any investigation, or defending or appealing such action; and
  • The Company may terminate the employment of such Employee without notice, or subject such Employee to such disciplinary action as permitted under Company policy.

15.2     The provisions of this section shall continue notwithstanding that such Employee may have left the employment of the Company before such breach was discovered.

16. HOW LONG IS PERSONAL DATA RETAINED?

16.1     Except as otherwise permitted or required by applicable law or regulatory requirements, the Company endeavors to retain the personal data of each of its Customers and Employees only for as long as it believes is necessary to fulfill the purposes for which the personal data was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). The Company may, instead of destroying or erasing the personal data of any Customer or Employee, make it anonymous such that it cannot be associated with or tracked back to such Employee or Customer.

17. ACCESS TO PERSONAL DATA

17.1     Each of the Employees or Customers can ask to see the personal data that the Company holds about them. If any Employee or Customer wants to review, verify or correct his personal data, he can contact the DPO using the contact information set out below. Please note that any such communication must be in writing.

17.2     The Company may however choose not to provide any Employee or Customer with access to or correct such information, in accordance with the exceptions under the PDPA. In addition, the personal data may have been destroyed, erased or made anonymous in accordance with the Company’s record retention obligations and practices

18. REVISIONS TO THIS SECTION

18.1     The Company may from time to time make changes to this section to reflect changes in its legal or regulatory obligations or in the manner in which the Company deals with the personal data of any Employee or Customer. The Company will communicate any revised version of this section to Employees. Any changes to this section will be effective from the time they are communicated, provided that any change that relates to why the Company collects, uses or discloses the Employees’ personal data will not apply to the Employees, where their consent is required to such collection, use or disclosure, until the Company has obtained the Employees’ consent to such change. This section was last reviewed on 2nd January 2020.

19. Queries

19.1     If anyone has any questions or concerns regarding this section, please contact the DPO at 6870 9281.