KIM YEW INTEGRATED PTE LTD

Personal Data Protection Policy (“POLICY”)

1. Introduction

1.1. Purpose of policy

KIM YEW INTEGRATED PTE LTD (KYI) is committed to safeguarding the personal data entrusted to it by the individuals. This Policy sets out how KYI uses, collects and disclose personal data about you so that we can serve you better. It also sets out how you can update us or request to be unsubscribed from our records.

1.2. Definitions

Personal data

Personal data generally refers to data about an individual who can be identified from that data, in whatever form. It includes information such as individual’s name, identification number, address, mobile phone number, email addresses and photos and video images of the person (including CCTV images). Employee data of KYI such as salaries, medical records and educational records is also recognized as personal data and is subject to all the obligations of the PDPA.

 

2. Policy Statement

KYI will:

i. comply with regulatory requirements as stated in the PDPA 2012;

ii. respect individual rights;

iii. be transparent and honest to the individuals whose data are held by us;

iv. provide training and support for staff who handle personal data, so that they may confidently comply with this policy

v. properly documented and protected by appropriate security and keep with trusted and authorized parties;

vi. kept for no longer than necessary.

 

3. Data Collection, usage and disclosure

3.1 Purpose for Information Collection

Personal data collected by KYI is mainly to help us understand your needs so as to enable us to serve you better.

These purposes include the following:

i. To provide services;

ii. To comply with legal process or legal requirements of any government agencies;

iii. Any other purpose relevant to KYI objectives of which you will be notified and we will ask for your consent.

 3.2 How do we acquire your personal data

Personal data is to be collected by fair, transparent and lawful means, without misleading or deceiving individuals as to the purposes for collection of personal data about them. KYI may collect personal data from a number of channels, but are not limited to:

i. Job application form (s) apply for a job position in KYI;

ii. Images and videos taken by representatives during KYI events or from our CCTV cameras within our premises;

iii. We collect information such as your name, email address, telephone number when you visit our KYI office.  

3.3. Consent

KYI shall always seek consent from the individual to collect, use or disclose the individual’s personal data, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law.

KYI may not be able to fulfill certain services if individuals are unwilling to provide consent to the collection, use or disclosure of certain personal data.

3.4. Deemed Consent

KYI may assume the individual has consented to collection, usage and disclosure of their personal data in situations where the individual provided information for obvious purposes.

KYI may deem individual’s consent were obtained for personal data collected prior to this policy for the purpose of which the personal data was collected. The consent may include for KYI usage and where applicable include disclosure.

KYI need not seek consent from staff (including part-time workers) for purposes related to the staff’s work in KYI. However, staff’s consent shall be obtained if such purpose is unrelated to their work. Staff shall be informed that their personal data may be disclosed to public and arrangements may be made to limit such disclosure with mutual agreement.

3.5 Consent withdrawal

Any individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for KYI to fulfill its legal obligations. KYI shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between the individual and KYI. KYI may cease such services or arrangements as a result of the withdrawal.

3.6. Notification obligation

KYI shall collect this personal data directly from the individuals.

Prior or during collecting personal data, KYI shall make known to the individual the purpose for which the personal data was collected, except when such personal data is provided by an individual for an obvious purpose (E.g., individual provided personal data to register for an event, as such the purpose is for that event participation).

3.7. Accuracy obligation

KYI shall make every reasonable effort to ensure that individuals’ information it keeps are accurate and complete. KYI relies on individuals’ self-notification of any changes to their personal data that is relevant to KYI.

3.8. Data disclosure and Transfer of personal data in and outside Singapore

KYI may disclose individual personal data to internal/external/overseas organizations for necessary and appropriate purposes. Such transfer shall be done in a manner that is secure and appropriate align with PDPA requirements.

 

4. Security and storage

4.1. Protection of Personal data

All personal data held must be secured and protected against unauthorized access and theft.

KYI shall ensure that:

i. Restriction of personal data access within the organization;

ii. Provide physical security to personal data records and files;

iii. Personal computers and other computing devices that may access to personal data are password protected. Passwords are managed in accordance with industry best practices;

iv. Personnel and other files that contains sensitive or confidential personal data are secured and only made available to staff with authorized access.

4.2. Storage of Personal Data

KYI shall take reasonable and appropriate security measures to protect the storage of personal data such as:

i. Making confidential on documents with personal records clearly and prominently;

ii. Storing hardcopies of documents with personal records in locked file cabinet systems;

iii. Storing electronic files that contains personal data in secured folders.

4.3. Retention Limitation Obligation

KYI shall retain individual’s personal data only for as long as it is reasonable to fulfill the purposes for which the information was collected for or as required by law.

 

5. Access and correction of personal data

We can provide and help you access your own personal data:

i. Request for personal copy – A nominal administrative fee will be charged;

ii. For update or correction.

Request for personal data access or correction by individuals, including any enquires and complaints shall be submitted to KYI in writing to the Data Protection Officer at the following address and contact information:

Attention: Data Protection Officer

KIM YEW INTEGRATED PTE LTD

134 TAGORE LANE, Singapore 787557

Email: pdpa@kimyew.com.sg

We may refute your access in cases if and when such related personal data is under legal proceeding, no proper identification or request is carried out with suspected fraudulent intent.

 

6. Openness Obligation

KYI shall develop and publish data protection policy statements to inform staff, including part-time staff declaring the manner that their personal data are collected, used and disclosed. The data protection policy statements are made available to staff and the public in our website.

 

7. CCTV, video recording and photography

CCTV, video footage and photos may constitute personal data if an identifiable individual is captured.

i. Appropriate notices shall be put up to inform that the premises are covered by CCTV video surveillance.

ii. Notices shall be put up to inform visitors and volunteers that photographs and videos taken may be used by KYI for communication and publicity purposes in print or electronic media.

 

8. Policy review

The Personal Data Protection Policy shall be maintained and updated by the Data Protection Officer, reviewed and approved by the Management in a timely manner but shall review at least bi-yearly.