Data Protection Policy at aAdvantage Consulting Group
Updated as of July 2017
This Data Protection Policy describes how we manage Personal Data in compliance with the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (“Act”). We are bound by the prevailing terms of this Data Protection Policy, which may be updated periodically. We reserve the right to modify or amend this Policy at any time.
We encourage you to read this Data Protection Policy so that you understand our data protection policy, which governs how we collect, use, and disclose personal data.
aAdvantage Consulting’s data protection policy thus applies to the following groups of people:
Employees of aAdvantage
Associates, contractors, partners, and any other external entities who work with aAdvantage
Any other person who collaborates with or acts on behalf of aAdvantage, and may need occasional access to data
The definition of personal data is according to that of PDPA, which includes, but is not limited to information such as the full name, NRIC, passport number, contact details, and visual identification of an individual, all of which are not easily available to the public.
Collection of Personal Data
We collect personal data from our clients, employees, and customers of our clients, as well as third parties such as associates, contractors, partners, and individuals. These data may be collected through emails, face-to-face interactions, phone conversations, survey forms, websites, or files provided to us for
our services (e.g. focus group discussions, training/workshops, conduct of surveys, data analysis and reporting)
other business-related purposes (e.g. HR recruitment, marketing initiatives, payroll)
The purpose of data collection will be made known upfront to the data provider prior to, or during the data collection period. All personal data would be obtained with reasonable consent from the data provider in accordance with PDPA regulations, for which the data would be used for. Adequate effort shall be undertaken to ensure that all data collected are as accurate and complete as possible.
As such, external parties will undertake the responsibility of ensuring that all data provided to us have been obtained with reasonable consent from the individuals who possess the data, which are also accurate and complete. The external party shall also undertake the responsibility of notifying these individuals upfront of the distribution of their personal data to another party, as well as the data protection policy they are subjected to.
Access, Correction, and Withdrawal of Personal Data
aAdvantage shall inform the data provider of their rights to access, correct, and withdraw consent. Upon reasonable notice being given by an individual of his withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his personal data, we will inform the individual of the likely consequences of withdrawing his consent. We will instruct all employees, associates, contractors, partners, and any other person who collaborates with or acts on behalf of aAdvantage to cease collecting, using, or disclosing the personal data unless it is required or authorised under applicable laws.
If the data provider wishes to access, correct, or withdraw the relevant data, the individual or organisation shall contact our Data Protection Officers at email@example.com to do so.
Use of Personal Data
We use personal data for the following functions:
Focus group discussions
Training and workshops
A non-exhaustive list of specific purposes is given below:
to recruit participants for focus groups, surveys, and training/workshops;
to verify focus groups, surveys, and training/workshops participation;
to verify survey responses;
for internal reporting purposes;
to send information, promotions, updates, and marketing and advertising materials in relation to our goods and services, and to carry out contests and lucky draws;
to manage, develop and improve our business and operations for excellent service delivery;
to monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
to manage recruitment, payment, billing, accounts processing, credit checks and debt-recovery matters;
to respond and deal with enquiries, complaints, and other customer service matters;
to conduct investigations or audits or carry out crime and fraud prevention and risk management activities;
to enforce our legal rights and obligations;
for other purposes for which we have obtained the data provider’s consent; and
for any other purposes reasonably necessary, ancillary, or related to the above specified purposes.
Storage and Security of Personal Data
We endeavour to protect personal data in our possession against risks of unauthorised access, collection, use, disclosure, copying, modification, disposal or destruction, through reasonable and appropriate security measures. To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data collected.
Electronic data are stored in our secured network and laptops issued by our company. All our employees are only allowed to work on laptops issued by the company. These laptops are secured with personal passwords.
All hardcopy records of data are filed upon submission, secured in our premises and are not accessible to external parties.
Sharing of Personal Data
Access to personal data will be limited to the following stakeholders:
• Owners of respective internal processes (e.g. HR, Marketing)
• Respective aAdvantage project teams, which typically consists of a Project Director, Manager/Lead, Analyst, and Operations Team
• Associates and interns employed for the specific project
• Client project team
All our employees, associates, contractors, partners, and any other person who collaborates with or acts on behalf of aAdvantage would sign a contract which requires strict compliance to our data protection policy. Processes are put in place to prevent unauthorised access and disclosure of personal data.
In general, all personal data collected will not be transferred out of Singapore. However, there are exceptions where personal data may be transferred outside of Singapore (e.g.when the data transfer is necessary for an authorised contractual performance, when consent is obtained from the data provider, or when the individual is legally required to transfer personal data overseas). Should data be transferred out of Singapore, we will make all reasonable efforts to protect these data in accordance with regulations comparable to PDPA.
Retention and Disposal of Personal Data
All personal data will not be kept longer than necessary if it does not serve any business or legal purposes. For electronic data, our Data Protection Officers will ensure that all personal data are irretrievably deleted from our online databases and laptops. For non-electronic data, hard copy records will be shredded or destroyed completely. The disposal time frames will vary according to clients’ and aAdvantage’s business needs, and will not be beyond what is necessary for business or legal purposes. Managerial procedures have been implemented to include periodic audits of personal data stored, to ensure the timely disposal of personal data.
Our employees at aAdvantage are committed to the protection of personal data. For further information about our data protection policies and practices, or the submission of any complaints request, do contact our Data Protection Officers at firstname.lastname@example.org. The latest data protection policy is made available on our website.