Personal Data Protection Policy
Your Personal Data Is Important To Us
We, United E&P respect the privacy and confidentiality of the personal data of our Employees, Clients, Business Partners and others who have business dealings with us. The PDPA policy outline how we manage the Personal Data we hold in compliance with Singapore Personal Data Protection Act in Singapore (PDPA) 2012. The Policy applies to all divisions and organizations across all United E&P Group of companies.
The PDPA is designed to protect the confidentiality of data and the privacy of individuals by regulating the way in which Personal Data is managed. Please read this Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
Under S12 of the PDPA, an organization shall:
- develop and implement policies and practices that are necessary for the organization to meet the obligations of the organization under the Act
- develop a process to receive and respond to complaints that may arise with respect to the application of the act;
- communicate to its staff information about the organization’s policies and practices referred to in paragraph (a); and
- make information available on request about –
- the policies and practices referred to in paragraph (a);
- the complaint process referred to in paragraph (b).
Under the PDPA, United E&P has the following 9 obligations with regards to personal data:
The 9 Main PDPA obligations outlined below
Obligation 1. Consent
- Before collecting, use or disclosure of personal data, The Company has to ensure that consent of the individual has been given or deemed or not required as authorized under this Act or any other written law.
- Individual can withdraw their consent, with reasonable notice, and the Company should inform the individual of the consequences of withdrawal. The reasonable notice established the Company is within 30 days of the request.
- Upon withdrawal, and depending on the withdrawal request, the Company must cease to collect, use or disclose individual’s personal data.
- Organization obtaining personal data from third party sources should exercise appropriate due diligence to check and/or ensure that third party source can validly give consent or has obtained consent and in the case of telemarketing, obtained clear and unambiguous in written or other accessible form.
- Second, Third, and Fourth Schedules of the Personal Data Protection Act (2012) are exceptions to consent obligation, e.g. an emergency, publicly available data, for the purpose of contacting the next of kin or friend of any injured, ill or deceased individual.
Obligation 2. Purpose Limitation
- The Company may collect, use or disclose personal data about an individual for the purpose for which the individual has given consent other than those exceptions in Second, Third and Fourth Schedules.
- The Company may not, as a condition of providing a product or a service, require the individual to consent to the collection, use or disclosure of individual’s
Obligation 3. Notification
- The Company has the duty to notify individuals of the purposes for the collection, use or disclosure of individual’s personal data on or before such collection, use or disclosure.
Obligation 4. Access and Correction
- Upon the request of an individual, the personal data of the individual and information about the ways in which his/her personal data may have been used or disclosed in the past 1 year, should be provided as accurately and completely as necessary and reasonably possible, which is determined as within 30 days upon the receipt of the written request for the Company.
- The Company will correct any error or omission in an individual’s personal data upon his/her request. After the correction, the Company may notify other organization that the personal data was disclosed to, unless consent is obtained from the individual to limit to specific organization, within a year before the date the correction was made.
Obligation 5. Accuracy
- The Company will ensure that all personal data collected by or on behalf of the Company is reasonably accurate and complete. This will be done before the personal data is to be used by the Company or disclosed to any third parties.
- Independent supporting documents should be collected to verify the accuracy personal data provided by individuals whenever possible.
Obligation 6. Protection
- Security arrangement is made to protect the personal data that the Company possesses or control to prevent unauthorized access, collection, use, disclosure, or similar risk.
- All personal data collected by or on behalf of the company will be classified as confidential to prevent unauthorized use or disclosure.
Obligation 7. Retention Limitation
- The Company will cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purposes.
Obligation 8. Transfer Limitation
- The Company can transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA.
Obligation 9. Openness
- The Company will make the information about the Company’s data protection policies, practices and complaints process available on request.
- Designate at least one individual to implement personal data protection policies within the Company.
- The business contact information of the Data Protection Officers (DPO) will also be made available to the public.
Types of Personal Data Do We Collect?
|The types of personal data we collect about employees may include:
The types of personal data we collect about customers may include:
We shall notify you of the purpose of the collection.
Collection of Personal Data
We collect your personal data in the following ways:
- When you submit CV and job application form to us in response to our recruitment advertisement through various recruitment channels such as
- Job Portals
- Newspaper Advertisement
- Job fairs
- Recruitment agencies
- Any other recruitment channels
- When you provide your personal contact information to us when making enquiries, giving feedback or lodging complaints
- When you provide your personal particulars to us for the sale/lease transaction of properties developed
- When you provide your personal contact information in the visitors’ or contractors’ log books in entering our/our clients’ premises
- Shareholders of our company
Use of Personal Data
We use your personal data we had collected for one or more of the following purposes:
- Process job applications
- Follow-up on your enquiry, feedback or complaint
- Process applications and registrations
- Process sale/lease transaction of properties developed and marketed by us
- Provide services for property and facilities management
- Record of your entry to our/our client’s premises for security purposes
If we need to use your personal data for any purpose other than the above, we will first obtain your consent.
If a transfer of data outside of Singapore is necessary, we will take steps to ensure that the appropriate levels of protection necessary to maintain the security and integrity of the data.
Disclosure of Personal Data
We disclose some of the personal data we have collected about you to the following parties or organisations:
- Insurance companies/ Broker
- Government Agencies
If we need to disclose your personal data to any third parties other than the above, we will first obtain your consent.
Management of Personal Data
United E&P has a Data Protection Officer to oversee our management of personal data in accordance with the Act.
We have implemented measures to secure and protect your information, such as training our employees who handle your personal data to respect the confidentiality of such personal data and your privacy, storing personal data in a combination of secure computer storage facilities and paper based files and other records, taking steps to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
However, you will appreciate that it is not for us to perfectly secure your personal data from cyber-attacks, such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your personal data arising from such risks. The Act also requires us not to store personal data longer than necessary. We will cease to retain your personal data when we no longer require such personal data for the purposes, we originally notified you of or for any business or legal needs
Withdrawal of Access & Correction of Personal Data Process
We ensure that your personal data we hold is accurate and up-to-date. We realise that such personal data changes frequently with changes of address and other personal circumstances. You have the right to correct your personal data held by us and we encourage you to contact us as soon as possible in order to update any personal data we hold about you. Please complete the Personal Data Correction Form and send to us.
You may request to withdraw your consent by writing using the Withdrawal of Consent Form and send to DPO of United E&P.
Retention of Personal Data
We will not retain any of your personal data under our charge when it is no longer necessary for any business or legal purposes. We will ensure that your personal data that are no longer needed by us will be destroyed or disposed of in a secure manner.
Access the Personal Data
To make a request to access the personal data we hold about you, please contact DPO of United E&P in writing using the Request To Access Personal Data Form We will require you to verify your identity and to specify what data you require.
Third Party Website
You can contact our Data Protection Officers/Team/Management at firstname.lastname@example.org