This Policy is based on the Singapore Personal Data Protection Act 2012 and all the associated regulations and guidelines which may from time to time be issued by the Personal Data Protection Commission of Singapore.
This Policy applies to all data in any form about an individual who can be identified from that data which are in our possession or under our control for the purposes of and in connection with our contractual duties and provision of our services.
Under the Singapore Personal Data Protection Act 2012, business contact information (e.g. name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.
Personal data are collected in relation to the provision of our training services, and this includes:
You have choices regarding our collection, use or disclosure of your personal data. You have the right to object to the processing of your personal data and withdraw your consent in a manner described in clause 5 below.
We may collect, disclose or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations:
In general, subject to the applicable exceptions permitted in the Singapore Personal Data Protection Act 2012, before we collect the above personal data from you, we will notify you of the purposes for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes. If you choose not to provide us with the personal data described in this Policy, we may not be able to fulfil our contractual duties towards you or facilitate your request or provide the service to you.
Any Personal Data provided by you to us may be used for the following purposes (where relevant):
All Personal Data held by us will be kept confidential, but we may, where such disclosure is necessary to satisfy the purpose, or a directly-related purpose for which the Personal Data was collected as described in section 3 and 4 above, provide such information to the following parties:
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. Should you wish to withdraw your consent, you may send us the appropriate withdrawal request by filling up the Consent Withdrawal Form below and sending the same to our Data Protection Officer at firstname.lastname@example.org. Please note that we can only process Consent Withdrawal Forms that are properly filled up and may need to contact you for clarification if such forms are deemed to be incomplete or unclear in any way. Please understand that your withdrawal of consent for purposes necessary to Lloyd McGill fulfilling our contractual duties towards you or facilitating your request or providing our services to you may carry consequences. We will review and inform you on the consequences of the withdrawal prior to processing your request. We seek to process your withdrawal request within 10 business days after verification of your identity. Should we require more time, we will inform you of the time by which we can fully address your withdrawal notice.
If you wish to access, update or otherwise change or remove any information that you have provided to us, you may send us your request using the Access Request Form and Correction Form below and sending the same to our Data Protection Officer at email@example.com.
An administration fee may be charged for the handling and processing of your request to access your personal data. If so, we will inform you of the fee beforehand.
We seek to process such access and correction request within 30 calendar days after verification of your identity. Should we require more time, we will inform you of the time by which we can fully address your request.
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date, taking into account its intended use. Where possible, we will validate the Personal Data provided by you using generally accepted practices and guidelines. If we are in an ongoing relationship with you, it is important that you update us of any changes to your business contact information.
We employ appropriate administrative, physical, technical and organizational security measures to help protect your personal data against loss and to guard against unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held. We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your information, and will only share the same with authorised persons on a ‘need to know’ basis.
We will retain your Personal Data only for as long as the purposes for which such data is collected or used (as notified to you) continues, or where necessary, for our legal or business purposes. We will dispose of or destroy/delete documents containing your personal data in a secure manner when the retention limit described in our Retention and Destruction Policy is reached or as soon as it is reasonable to assume that the permitted purpose is no longer being served by their retention.
Any unsolicited personal data received by us will not be retained. If received by email or through our website, these unsolicited personal data will be deleted right away. If received by telephone, these will not be recorded. For any unsolicited personal data that you have provided as part of any document submitted to us, we will mask the unsolicited data before using, disclosing and//or retaining the said document.
Where there is a need to transfer your information to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.
In the event of a breach security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and once assessed that it is a notifiable data breach, we shall report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required.
We reserve the right to modify or change this Policy at any time and will place such amendments on this website.
This Policy applies in conjunction with contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. Your continued use of our services constitutes your acknowledgement and acceptance of this Policy and any such changes.
If you have any questions or feedback regarding this Policy, or would like to know how we manage your personal data or retain and dispose them, you may contact our Data Protection Officer at firstname.lastname@example.org.
If you have any complaint relating to how we manage your personal data or request related to your personal data, you may send it to us via the email address above using the corresponding complaint and/or request forms below.
Effective Date: 15/10/2022