Personal Data Protection Policy
Objectives
1. The objective of this policy is to provide PDPA Compliance guidelines on the collection, usage and disclosure of personal data to all staff in Temasek Club to integrate into the various relevant processes.
Data Governance Structure
2. Senior Manager, Corporate Services shall be the Club’s Data Protection Officer. He is responsible to oversee the Data Protection governance in Temasek Club and all the related policies & SOPs shall be approved by the GM. The respective data owners are highlighted below:
COLLECTION OF PERSONAL DATA
NOTIFICATION AND PURPOSE:
3. The Club collects, uses and discloses the Personal Data for the following purposes:
a. Members:
(1) To manage membership matters, including recruitment, processing and termination;
(2) Provide membership services and benefits;
(3) Assist Members and Guests with their enquiries;
(4) Process payment for membership or any other members-related transactions;
(5) To improve customer services, such as resolving complaints and handling requests and enquiries;
(6) To conduct research, surveys and interviews;
(7) To keep Members updated on Club’s events & activities; and
(8) To verify identity for the purposes of membership application.
b. Employees:
(1) Assessing potential employees’ suitability for the job;
(2) Verifying potential employees’ information and conducting background & reference checks;
(3) Headcount and payroll planning & execution;
(4) Performance management;
(5) Workforce development, training and certification;
(6) Approving, monitoring and providing employees with benefits and employability services;
(7) General administration and record keeping;
(8) Maintain emergency contact details;
(9) Audit, risk management and security compliance purposes;
(10) Internal investigations and legal proceedings;
(11) To comply with applicable laws and regulations;
(12) To verify identity for the purposes of membership application or employment application.
c. Customers (Sales):
(1) To follow up on any sales enquiries;
(2) To coordinate and facilitate the delivery of events & activities;
(3) Process payment for events & activities conducted;
(4) To improve customer services, such as resolving complaints and handling requests;
(5) To conduct research, surveys and interviews;
(6) To updated on Club’s events & activities, e.g. wedding fair.
4. The Personal Data can be collected from the following means when:
a. MINDEF provides the personal data of its active servicemen for the automatic membership.
b. Potential Members (non-active servicemen) sign up for Club Membership.
c. Members register for Club events, courses or activities.
d. Members or Guests request the Club to contact them.
e. Members or Guests respond to the Club’s promotion.
f. Members or Guests access the Club’s social platforms or perform online transaction.
g. Members or Guests respond to the Club’s request for additional Personal Data.
h. Members or Guests submit their Personal Data to the Club for any reasons.
i. Members submit the Personal Data of their spouse and/or other dependents for membership services on their behalf and with their consent in accordance with this Policy and, in respect of minors (i.e. individuals under 18 years of age) or individuals not legally competent to give consent, in which they were appointed to act for their spouse and/or other dependents, to consent on their behalf to the processing of their Personal Data in accordance with this Policy.
j. Members or Guests browse the Club’s website or related online platform where the Club may collect or analyse information such as number of users and their frequency of use, the number of page views (or page impressions) that occur on the Club’s website for the purpose of improving customer’s experience.
k. Potential employees and/or relevant third parties (e.g. recruitment agencies) provide their personal data to apply for a position in the Club.
5. Unless permitted under the PDPA or any other laws, regulations and guidelines, Temasek Club shall not collect personal data without the consent of the individual.
6. The Club may continue to use the personal data of an individual collected before 2 July 2014 (the effective date of the data protection provisions of the PDPA), for the purposes for which the personal data was collected as stated in para 3 above unless the individual has withdrawn consent.
7. The Club may monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation, identity verification purposes, feedback, respond to Members and Guests’ queries or requests to resolve complaints and other related purposes. Such monitoring or recording will be in accordance with applicable law.
CONSENT:
8. It is important to note that the PDPA does not apply to business contact information. Business contact information refers to individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by him or her solely for his or her personal purposes.
Note: Although the Business Contact Information (BCI) is not included in the PDPA, any individuals who submitted this information on a personal basis will need to be regarded as Personal data. Thus, it depends on the context of the usage of the BCI. If it is a vendor on a B2B context, then it is not included.
9. For the avoidance of doubt, the Club is not required to obtain consent before collecting, using or disclosing any business contact information or comply with any other obligations in the Data Protection Provisions in relation to business contact information.
10. With regards to Disclosure of personal data, we leverage on Deemed consent for Notification, Contractual Necessity and Conduct.
Note: For our employees, the disclosure provision will be indicated in the Employment Notification / Staff Contract, and mainly to government agencies (MOM, CPF, IRAS) and relevant organizations with regards to employment.
MARKETING
11. From time to time, the Club may contact Members or Guests via mail, electronic mail, telephone (call or text), facsimile or social media platforms, to inform them about club-related benefits, services and activities.
12. Members or Guests who do not wish to receive marketing or promotional materials may request to be excluded in the mailing list by informing the Club via membership@temasekclub.org.sg. However, the Club may still call, notify or send non-marketing messages or information such as surveys, customer-service notices and other service related notices or the following:
a. To facilitate, complete or confirm a transaction that the Member or Guest has previously agreed to enter into with the Club;
b. To deliver services that the Member or Guest is entitled to receive under the terms of a transaction that the Club has previously agreed to enter into with the Member or Guest.
c. To provide subscription, membership services or comparable ongoing commercial relationship involving the use of the services offered by the Club.
THIRD PARTY SITES
13. The Club’s website will not provide links to other websites operated by third-parties independent of the Club. The Club is not responsible for the privacy practices of such websites operated by third parties, who may be associated with Temasek Cub directly or indirectly. Members, Guests and Staff are encouraged to learn about the privacy policies of such third-party websites by checking the policy of the respective sites.
WITHDRAWAL OF PERSONAL DATA
14. Members or Guests who wish to withdraw their consent to any use or disclosure of their Personal Data, as set out in this Personal Data Protection Policy, may contact us via membership@temasekclub.org.sg. However, the Members or Guests would be informed that the Club may not guarantee the effective provision of membership or related services.
ACCESS & CORRECTION
15. The Club aims to keep all Personal Data as accurate, complete, not misleading, up-to-date and reliable as possible. It is the Members’ responsibility to inform the Club of any updates of their Personal Data via membership@temasekclub.org.sg. The Club will correct or update the Personal Data found to be inaccurate or incomplete as soon as practicable.
16. Employees who wish to correct or update their Personal Data shall contact the HR Department.
17. The Club may refuse to correct or update personal data as requested if the Club is unable to confirm the Members’ identity or where such refusal is permitted under the PDPA.
Note: For our employees, the disclosure provision will be indicated in the Employment Notification / Staff Contract, and mainly to government agencies (MOM, CPF, IRAS) and relevant organizations with regards to employment.
DATA PORTABILITY:
18. The Data Portability obligation states that at the request of the individual, organisations are required to transmit the individual’s data that is in the organisation’s possession or under its control, to another organisation in a commonly used machine-readable format.
19. The Club shall keep these data of individuals accurate and complete, and convert to machine-readable format to transmit to the designated organisation as requested by the individual, in accordance with the Data Portability Obligation once it is active. The process is similar to Access and Correction; thus we will be using the same procedure and request form to streamline our process.
PROTECTION:
20. The Club shall implement appropriate and reasonable technical, physical, electronic and procedural security measures to ensure the security of the Personal Data against risks of unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, in accordance with applicable laws.
21. All employees’ hardcopy personal files shall be maintained by the HR Department under lock and key.
22. The Club shall regularly review and implement appropriate security measures when processing and retaining personal data.
23. All employees shall handle Personal Data with strict confidentiality, failing which they may be subject to disciplinary action.
24. The Club shall impose compliance with data confidentiality requirements on its agents, third party service providers, consultants and professional advisors in its working relationships and/or agreements with these parties.
RETENTION:
25. For Members and Employees who have left the Club, the Club shall retain the Members’ and Employees’ Personal Data up to 6 years for audit purposes unless otherwise permitted by applicable law or in order to defend legal claims. Where there is no longer any requirements to retain the Personal Data for the purposes stated in this policy unless its further retention is required to satisfy a longer retention period to meet operational, legal, regulatory, tax or accounting requirements, the Club shall then purge or destroy the Personal Data from the Club’s system and records.
26. Retention of Members’ Data. For members who have terminated their membership and inactive for more than 6 years, their information shall be removed from the system and only the following information shall be retained separately for the purpose of determining re-joining membership and its associated fees:
a. Full Name
b. Date of Birth (for verification)
c. Membership Number
d. Date of membership termination
e. Disciplinary and/or outstanding financial records
TRANSFER:
27. We do not have any overseas dealing for our club scope of work, thus we do not transfer any personal data out of Singapore, or have any personal data stored in servers that are outside of Singapore.
DATA BREACH NOTIFICATION:
28. The Club shall follow the Corporate Governance Framework in reporting of any incident on DATA Breach.
DO NOT CALL PROVISION
Definition:
Under the Do Not Call Provision, organisations are not to give specified message (marketing messages) to individuals without their consent. Thus, explicit consent needs to be obtained before telemarketing is conducted.
Policy:
29. Due to the fact that people these days do not answer phone call, the Club will not be using telemarketing, and focus primarily on emailing.
30. If telephone calls are needed, it will only be to staff and Members who have already given consent.
31. Business Contact Information (BCI) is not included under the PDPA and also the DNC Provision, thus staff needs to verify that the phone number is a BCI before calling the organization.
DISPUTE AND RESOLUTION (COMPLAINTS) PROCEDURES
32. Members, guests or employees can write in formally to dpo@temasekclub.org.sg for any questions or complaints relating to the use or disclosure of Personal Data, data protection policies and practices.
Personal Data
Protection Policy
Objectives
1. The objective of this policy is to provide PDPA Compliance guidelines on the collection, usage and disclosure of personal data to all staff in Temasek Club to integrate into the various relevant processes.
Data Governance Structure
2. Senior Manager, Corporate Services shall be the Club’s Data Protection Officer. He is responsible to oversee the Data Protection governance in Temasek Club and all the related policies & SOPs shall be approved by the GM. The respective data owners are highlighted below:
COLLECTION OF PERSONAL DATA
NOTIFICATION AND PURPOSE:
3. The Club collects, uses and discloses the Personal Data for the following purposes:
a. Members:
(1) To manage membership matters, including recruitment, processing and termination;
(2) Provide membership services and benefits;
(3) Assist Members and Guests with their enquiries;
(4) Process payment for membership or any other members-related transactions;
(5) To improve customer services, such as resolving complaints and handling requests and enquiries;
(6) To conduct research, surveys and interviews;
(7) To keep Members updated on Club’s events & activities; and
(8) To verify identity for the purposes of membership application.
b. Employees:
(1) Assessing potential employees’ suitability for the job;
(2) Verifying potential employees’ information and conducting background & reference checks;
(3) Headcount and payroll planning & execution;
(4) Performance management;
(5) Workforce development, training and certification;
(6) Approving, monitoring and providing employees with benefits and employability services;
(7) General administration and record keeping;
(8) Maintain emergency contact details;
(9) Audit, risk management and security compliance purposes;
(10) Internal investigations and legal proceedings;
(11) To comply with applicable laws and regulations;
(12) To verify identity for the purposes of membership application or employment application.
c. Customers (Sales):
(1) To follow up on any sales enquiries;
(2) To coordinate and facilitate the delivery of events & activities;
(3) Process payment for events & activities conducted;
(4) To improve customer services, such as resolving complaints and handling requests;
(5) To conduct research, surveys and interviews;
(6) To updated on Club’s events & activities, e.g. wedding fair.
4. The Personal Data can be collected from the following means when:
a. MINDEF provides the personal data of its active servicemen for the automatic membership.
b. Potential Members (non-active servicemen) sign up for Club Membership.
c. Members register for Club events, courses or activities.
d. Members or Guests request the Club to contact them.
e. Members or Guests respond to the Club’s promotion.
f. Members or Guests access the Club’s social platforms or perform online transaction.
g. Members or Guests respond to the Club’s request for additional Personal Data.
h. Members or Guests submit their Personal Data to the Club for any reasons.
i. Members submit the Personal Data of their spouse and/or other dependents for membership services on their behalf and with their consent in accordance with this Policy and, in respect of minors (i.e. individuals under 18 years of age) or individuals not legally competent to give consent, in which they were appointed to act for their spouse and/or other dependents, to consent on their behalf to the processing of their Personal Data in accordance with this Policy.
j. Members or Guests browse the Club’s website or related online platform where the Club may collect or analyse information such as number of users and their frequency of use, the number of page views (or page impressions) that occur on the Club’s website for the purpose of improving customer’s experience.
k. Potential employees and/or relevant third parties (e.g. recruitment agencies) provide their personal data to apply for a position in the Club.
5. Unless permitted under the PDPA or any other laws, regulations and guidelines, Temasek Club shall not collect personal data without the consent of the individual.
6. The Club may continue to use the personal data of an individual collected before 2 July 2014 (the effective date of the data protection provisions of the PDPA), for the purposes for which the personal data was collected as stated in para 3 above unless the individual has withdrawn consent.
7. The Club may monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation, identity verification purposes, feedback, respond to Members and Guests’ queries or requests to resolve complaints and other related purposes. Such monitoring or recording will be in accordance with applicable law.
CONSENT:
8. It is important to note that the PDPA does not apply to business contact information. Business contact information refers to individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by him or her solely for his or her personal purposes.
Note: Although the Business Contact Information (BCI) is not included in the PDPA, any individuals who submitted this information on a personal basis will need to be regarded as Personal data. Thus, it depends on the context of the usage of the BCI. If it is a vendor on a B2B context, then it is not included.
9. For the avoidance of doubt, the Club is not required to obtain consent before collecting, using or disclosing any business contact information or comply with any other obligations in the Data Protection Provisions in relation to business contact information.
10. With regards to Disclosure of personal data, we leverage on Deemed consent for Notification, Contractual Necessity and Conduct.
Note: For our employees, the disclosure provision will be indicated in the Employment Notification / Staff Contract, and mainly to government agencies (MOM, CPF, IRAS) and relevant organizations with regards to employment.
MARKETING
11. From time to time, the Club may contact Members or Guests via mail, electronic mail, telephone (call or text), facsimile or social media platforms, to inform them about club-related benefits, services and activities.
12. Members or Guests who do not wish to receive marketing or promotional materials may request to be excluded in the mailing list by informing the Club via membership@temasekclub.org.sg. However, the Club may still call, notify or send non-marketing messages or information such as surveys, customer-service notices and other service related notices or the following:
a. To facilitate, complete or confirm a transaction that the Member or Guest has previously agreed to enter into with the Club;
b. To deliver services that the Member or Guest is entitled to receive under the terms of a transaction that the Club has previously agreed to enter into with the Member or Guest.
c. To provide subscription, membership services or comparable ongoing commercial relationship involving the use of the services offered by the Club.
THIRD PARTY SITES
13. The Club’s website will not provide links to other websites operated by third-parties independent of the Club. The Club is not responsible for the privacy practices of such websites operated by third parties, who may be associated with Temasek Cub directly or indirectly. Members, Guests and Staff are encouraged to learn about the privacy policies of such third-party websites by checking the policy of the respective sites.
WITHDRAWAL OF PERSONAL DATA
14. Members or Guests who wish to withdraw their consent to any use or disclosure of their Personal Data, as set out in this Personal Data Protection Policy, may contact us via membership@temasekclub.org.sg. However, the Members or Guests would be informed that the Club may not guarantee the effective provision of membership or related services.
ACCESS & CORRECTION
15. The Club aims to keep all Personal Data as accurate, complete, not misleading, up-to-date and reliable as possible. It is the Members’ responsibility to inform the Club of any updates of their Personal Data via membership@temasekclub.org.sg. The Club will correct or update the Personal Data found to be inaccurate or incomplete as soon as practicable.
16. Employees who wish to correct or update their Personal Data shall contact the HR Department.
17. The Club may refuse to correct or update personal data as requested if the Club is unable to confirm the Members’ identity or where such refusal is permitted under the PDPA.
Note: For our employees, the disclosure provision will be indicated in the Employment Notification / Staff Contract, and mainly to government agencies (MOM, CPF, IRAS) and relevant organizations with regards to employment.
DATA PORTABILITY:
18. The Data Portability obligation states that at the request of the individual, organisations are required to transmit the individual’s data that is in the organisation’s possession or under its control, to another organisation in a commonly used machine-readable format.
19. The Club shall keep these data of individuals accurate and complete, and convert to machine-readable format to transmit to the designated organisation as requested by the individual, in accordance with the Data Portability Obligation once it is active. The process is similar to Access and Correction; thus we will be using the same procedure and request form to streamline our process.
PROTECTION:
20. The Club shall implement appropriate and reasonable technical, physical, electronic and procedural security measures to ensure the security of the Personal Data against risks of unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, in accordance with applicable laws.
21. All employees’ hardcopy personal files shall be maintained by the HR Department under lock and key.
22. The Club shall regularly review and implement appropriate security measures when processing and retaining personal data.
23. All employees shall handle Personal Data with strict confidentiality, failing which they may be subject to disciplinary action.
24. The Club shall impose compliance with data confidentiality requirements on its agents, third party service providers, consultants and professional advisors in its working relationships and/or agreements with these parties.
RETENTION:
25. For Members and Employees who have left the Club, the Club shall retain the Members’ and Employees’ Personal Data up to 6 years for audit purposes unless otherwise permitted by applicable law or in order to defend legal claims. Where there is no longer any requirements to retain the Personal Data for the purposes stated in this policy unless its further retention is required to satisfy a longer retention period to meet operational, legal, regulatory, tax or accounting requirements, the Club shall then purge or destroy the Personal Data from the Club’s system and records.
26. Retention of Members’ Data. For members who have terminated their membership and inactive for more than 6 years, their information shall be removed from the system and only the following information shall be retained separately for the purpose of determining re-joining membership and its associated fees:
a. Full Name
b. Date of Birth (for verification)
c. Membership Number
d. Date of membership termination
e. Disciplinary and/or outstanding financial records
TRANSFER:
27. We do not have any overseas dealing for our club scope of work, thus we do not transfer any personal data out of Singapore, or have any personal data stored in servers that are outside of Singapore.
DATA BREACH NOTIFICATION:
28. The Club shall follow the Corporate Governance Framework in reporting of any incident on DATA Breach.
DO NOT CALL PROVISION
Definition:
Under the Do Not Call Provision, organisations are not to give specified message (marketing messages) to individuals without their consent. Thus, explicit consent needs to be obtained before telemarketing is conducted.
Policy:
29. Due to the fact that people these days do not answer phone call, the Club will not be using telemarketing, and focus primarily on emailing.
30. If telephone calls are needed, it will only be to staff and Members who have already given consent.
31. Business Contact Information (BCI) is not included under the PDPA and also the DNC Provision, thus staff needs to verify that the phone number is a BCI before calling the organization.
DISPUTE AND RESOLUTION (COMPLAINTS) PROCEDURES
32. Members, guests or employees can write in formally to dpo@temasekclub.org.sg for any questions or complaints relating to the use or disclosure of Personal Data, data protection policies and practices.
