Black Dot Research Pte Ltd (the “Company”) – Personal Data Protection Policy
- The Company is committed to the protection of your personal data. The Company collects, uses, discloses and retains your personal data in accordance with the Personal Data Protection Act 2012 (“PDPA”) and its own policies and procedures.
- The objectives of this policy are to:-
- Provide a set of personal data protection standards that govern our procedures and protect the privacy of your personal data.
- Demonstrate our on-going commitment to protecting your personal data and addressing any privacy concerns that you might have.
- Describe the ways in which we collect, use, disclose and retain your personal data.
- Ensure that we comply with the PDPA.
- Facilitate our compliance with any further developments in the protection of personal data.
A. Consent Obligation
Consent Required
- The Company shall not collect, use or disclose your personal data unless:-
- You give, or are deemed to give, consent to the collection, use or disclosure of your personal data; or
- The collection, use or disclosure of your personal data without your consent is required or authorised under the PDPA or such other written law.
Provision of Consent
- The Company shall not, as a condition of providing a product or service to a client, require you to consent to the collection, use or disclosure of your personal data beyond what is reasonable or necessary in order for the Company to provide the product or service to you.
- The Company shall not use false or deceptive means to elicit personal data from you.
Deemed Consent
- You are deemed to consent to the collection, use or disclosure of your personal data for a purpose if:
- You voluntarily provide your personal data to the Company for that purpose, albeit without actually expressly providing your consent; and
- It is reasonable that you would voluntarily provide the data.
- If you give, or are deemed to give, consent to the disclosure of your personal data by the Company to another organisation for a particular purpose, then you are deemed to consent to the collection, use or disclosure of your personal data for that particular purpose by such other organisation.
Withdrawal of Consent
- On providing reasonable notice to the Company, you may at any time withdraw any consent given, or deemed to be given, in respect of the Company’s collection, use or disclosure of your personal data for any purpose.
- You may submit the withdrawal of consent via mail, email or by completing the Withdrawal of Consent Form (enclosed together with this policy) and submit to the Company’s Data Protection Officer (“DPO”).
- On receipt of such notice, the Company shall inform you of the likely consequences of withdrawing your consent.
- Please allow up to 30 days for the Company to process and update your request. You may continue to receive marketing messages and other product information from the Company within these 30 days.
- The Company shall not prohibit you from withdrawing your consent to the collection, use or disclosure of your personal data.
- If you withdraw your consent, then the Company shall cease (and cause its data intermediaries and agents to cease) collecting, using or disclosing your personal data unless otherwise required under the PDPA or other written law.
- Although you may have withdrawn consent for the collection, use or disclosure of your personal data, the Company may retain your personal data for purpose of administering your records with the Company.
B. Purpose Limitation Obligation
Limitation of Purpose
- The Company shall collect, use or disclose your personal data only for purposes:
- That a reasonable person would consider appropriate in the circumstances; and
- Where you have been informed in accordance to s/no. 4 and 5 of this Policy, to the extent applicable.
Notification of Purpose
- The Company shall provide you with the following information whenever we seek to obtain your consent to the collection, use or disclosure of your personal data, except under circumstances where your consent is deemed or is not required:
- The purpose(s) for the collection, use or disclosure of your personal data, on or before collecting your personal data;
- Any other purpose(s) for the use of your personal data of which you have not been informed under this Policy, before the use or disclosure of your personal data for that purpose; and
- On request by you, the contact details of the DPO who can answer your questions about collection, use or disclosure of your personal data.
C. Access and Correction Obligation
Access to Your Personal Data
- On your request, and subject to the restrictions set forth in the PDPA, The Company shall, as soon as reasonably possible, provide you with:
- Your personal data that is in The Company’s possession or control; and
- Information about the ways in which your personal data has or may have been used or disclosed by The Company within a year before the request.
- The Company may charge you a minimum fee for access to your personal data to offset the administrative costs in complying with such requests.
Correction of Your Personal Data
- You may request the Company to correct an error or omission in your personal data that is under the Company’s control or possession. Unless the Company is satisfied on reasonable grounds that a correction should not be made or the law states otherwise, the Company shall:
- Correct your personal data as soon as practicable; and
- Send your corrected personal data to every organisation to which your personal data was disclosed by The Company within a year before the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
- The Company is not required to correct or alter an opinion, including professional or an expert opinion.
D. Accuracy Obligation
- The Company shall make reasonable efforts to accurately record your personal data as given by you or your representatives and make reasonable efforts to ensure that your personal data is accurate and complete, if the personal data:
- is likely to be used by the Company to make a decision that affects you; or
- is likely to be disclosed by the Company to another organisation.
E. Protection Obligation
- The Company shall protect personal data in its possession or control by making reasonable security managements to prevent unauthorised access, collection, use, disclosing, copying, modification, disposal or any other similar risks.
F. Retention Limitation
- The Company shall cease to retain documents containing your personal data, or remove the means by which your personal data can be associated with you, as soon as it is reasonable to assume that:
- the purpose for which your personal data was collected is no longer being served by retention of your personal data; and
- retention is no longer necessary for legal or business purpose.
G. Transfer Limitation Obligation
- The Company shall not transfer your personal data outside of Singapore except in accordance with the requirements of the PDPA.
H. Do Not Call Provisions
- The Company shall not, and shall ensure that its agents shall not, send a specified message to a Singapore telephone number without first checking with the Do Not Call Registry established by the Personal Data Protection Commission (“PDPC”) and receiving confirmation from the PDPC that such Singapore telephone number is not listed on the Do Not Call Registers.
- The Company shall not, and shall ensure that its agents shall not, send a specified message to a Singapore telephone number, unless the specified message includes clear and accurate information identifying the person sending the specified message and/or The Company, and such person’s and/or The Company’s contact information.
- The prescribed duration within which The Company must check with the Do Not Call Registry before sending a specified message to a Singapore telephone number will be 30 days.
- You may continue to receive marketing messages and other product information from The Company within the prescribed validity period.
- The Company shall not make, cause or authorise a voice call addressed to Singapore telephone number that conceals or withholds, or that has the effect of concealing or withholding, the calling line from the recipient.
- The Company shall not require a subscriber or user of a Singapore telephone number to consent to the sending of a specified message beyond what is reasonable for The Company to provide its goods and services. The Company shall not obtain or attempt to obtain such consent by:
- providing false or misleading information; and
- using deceptive or misleading practices.
- If a subscriber or user of a Singapore telephone number gives notice withdrawing consent for the sending of a specified message to that number, then The Company shall cease (and cause its agents to cease) sending specified messages to that number.
I. Complaint Handling Procedure
- Should you be unhappy with our treatment of your personal data or you believe there has been a breach of this Policy, please contact The Company’s Data Protection Officer (details below) and clearly set out the nature of your concern.
- Complaints may be initially made orally, or in writing. Where a complaint is made orally, you must confirm the complaint in writing as soon as possible. If you require assistance in lodging your complaint, please contact us.
- Your complaint will be reviewed and you will be provided with a written response within fourteen (14) working days.
J. Compliance with This Policy
- The Company implements this Policy through the use of proper procedures and staff training to ensure compliance with this Policy.
- We ensure that our employees and any representatives who deal with personal data are aware of the standards of this Policy.
- The Company requires that all of its employees and representatives with access to personal data maintain confidentiality concerning that personal data. We implement that requirement through appropriate contractual terms and internal policies.
- Our procedures for handling personal data are developed to implement the standards of this Policy. The Company trains its employees in the proper conduct of those procedures that are relevant to their duties.
K. Reviewing the Policy
- The Company ensures that this Policy remains current and continues to fulfil its objectives. This is achieved through periodic reviews, having regards to:-
- The need to actively consider privacy and data protection issues as new products and services are developed or offered;
- Any guidance issued in relation to the PDPA; and
- Any changes to the PDPA.
L. Contacting the Data Protection Officer
- For further information about this Policy or to access our complaint handling procedures, please address your correspondence to:-
The Data Protection Officer
237 Alexandra Road
#06-12, The Alexcier
Singapore 159929
E-mail: feedback@blackdotresearch.sg