ABL Data Protection Policy
ABL Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality. It also defines how ABL manages Personal Data which is subject to the personal data protection principles under the Singapore Personal Data Protection Act (No. 26 of 2012) (“the Act”).
We may collect and hold personal data of persons/entities including but not limited to:
· job applications and employees;
· service providers: and
· other people who we may come into contact.
Examples of such personal data include biodata, contact details, queries, requests and feedback.
The ways in which we may collect your personal data include (but are not limited to) collecting directly or indirectly from you or your authorized representatives in the course of:
· you applying for a job with us;
· you using our products or services;
· you contacting us with your queries, requests or feedback;
· our conducting or completing of transactions;
· our conducting interviews.
In general, we may use your personal data for the following purposes:
· providing customer service (e.g. responding to queries and requests; informing you about service status and product updates);
· complying with applicable laws, regulations and other requirements (e.g. providing assistance to law enforcement agencies, regulatory authorities and other governmental agencies; performing internal audits);
· performing evaluations (e.g. assessing suitability of employees)
We will only use, disclose and/or transfer your personal data for the purposes you have been notified of and consented to or which are permitted under applicable laws and regulations.
We will not sell, rent or give away personal data to third parties for commercial purposes without your consent.
Depending on the product or service concerned, personal data may be disclosed or transferred to:
· other divisions or organizations within ABL;
· our joint venture / alliance partners;
· our service providers and specialist advisers/institutions who have been contracted to provide administrative, financial, legal, accounting, information technology, research or other services;
· other insurers, credit providers, courts, tribunals, law enforcement agencies, regulatory authorities and other governmental agencies as agreed or authorized by law;
· credit reporting or reference agencies or insurance investigators;
· anyone authorized by an individual, as specified by that individual or the contract.
Where personal data is disclosed or transferred to organizations outside of ABL who handle or obtain personal data as service providers to ABL, we require such organizations to acknowledge the confidentiality of such personal data, undertake to respect any individual's right to privacy and comply with the Act and this Policy and use such personal data only for our purposes and otherwise follow our reasonable directions with respect to this data.
In addition, where personal data is transferred overseas and we may need to process or deal with your personal data outside Singapore, we will ensure that such transfer is in compliance with the Act and this Policy or is permitted under applicable data protection and privacy laws and regulations.
We have appointed Data Protection Officers (“DPOs”) to oversee our management of personal data in accordance with the Act.
We regard breaches of your privacy very seriously and we have implemented measures to secure and protect your information, such as training our employees who handle your personal data to respect the confidentiality of such personal data and your privacy, storing personal data in a combination of secure computer storage facilities and paper based files and other records, taking steps to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control. These include but not limited to cyber-attacks, such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your personal data arising from such risks.
The Act also requires us not to store personal data longer than necessary. We will cease to retain your personal data when we no longer require such personal data for the purposes we originally notified you of or for any business or legal needs.
You may request to access and/or correct the Personal Data currently in our possession, or have the option to withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by submitting a written request to our PDPA Contact Person (See Below).
We may also be charging you a reasonable fee for the handling and processing of your request to access and/or correct your Personal Data. You will be notified in advance of such cost, and we will provide you with a written estimate of the fee we will be charging.
If you have any feedback regarding how we handle your Personal Data or about our compliance with the PDPA, you are welcome to contact us with your complaint or feedback. Kindly contact ABL’s Data Protection Officer at email@example.com. To assist us in dealing with your feedback, please provide the following:
· Full name and NRIC or Passport number of the person lodging the complaint;
· Contact details;
· Name of the officer, employee (and his/her division) by whom the Personal Data was collected;
· Details of the feedback;
· Time frame over which the suspected wrongdoing occurred; and
· Documentary evidence in support of the feedback.
Upon receiving your feedback, ABL’s Data Protection Officer(s) will confirm that your feedback will be investigated and provide you with an estimate of how long you should expect to wait to receive a full response. While ABL endeavors to respond as promptly as possible, response times will vary depending on the nature of the feedback.
ABL’s Data Protection Officers will liaise with the relevant departments to investigate your feedback. You will be notified of the investigation outcome in writing within reasonable time and any action(s) taken if your feedback has been upheld, or your right of appeal where your feedback has been rejected.
As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will be reviewing our policies, procedures and processes from time to time.
We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. You may request for the latest version of the Data Protection Policy at any time.
Last Updated: 1 June 2018
Last Updated: 1 June 2018