Personal Data Protection Policy
This Personal Data Protection Policy (“Policy”) applies to Prostruct Consulting Private Limited and its Singapore subsidiaries (collectively, “Prostruct Consulting”, “we”, “us” or “our”). It seeks to inform you of how we manage Personal Data in compliance with the Personal Data Protection Act in Singapore (“PDPA”). Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
By submitting information to us, engaging our services, using our products or otherwise interacting with us, you agree and consent to us collecting, using and disclosing your Personal Data in accordance with the terms of this Policy. This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data. Your consent, pursuant to this Policy or otherwise, is in addition to any other rights which we may have at law to collect, use and disclose your Personal Data.
In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name, identification numbers/ documents such as NRIC, FIN, work permit and birth certificate, residential address, email address, telephone number, nationality, gender, date of birth, marital status, employment information and financial information.
1. How We Collect Personal Data
1.1 We may collect Personal Data in various ways including:
(a) in the course of your engaging our products or services, or your providing documentation or information to us;
(b) when you communicate or interact with us via telephone calls (which may be recorded), letters, fax, face-to-face meetings, our websites, email or other modes of contact;
(c) when you visit our websites;
(d) when you contact us or request that we contact you;
(e) when you respond to our request for additional Personal Data;
(f) when you respond to our initiatives or market research or surveys;
(g) CCTV recordings while you are within our premises;
(h) when you participate in events organised by us;
(i) when you request that you be included in an email or other mailing list, alerts or newsletters;
(j) when you submit application(s) for employment or any other appointment with us (including scholarships, internships and attachments) or provide documents or information to us such as your resume, including from recruitment agencies, and employment references;
(k) in the course of conducting interviews;
(l) from public information sources, search services and other third parties; and
(m) when you submit your Personal Data to us for any other reason.
1.2 If you provide third party Personal Data to us such as the Personal Data of your family members, by doing so, you confirm and represent that you have obtained their respective consents to the collection, use and disclosure of their Personal Data on these terms.
i A “cookie” is a small amount of data transferred to your browser and read by the web server that placed it there. It works as a sort of identification card, recording your preferences and previously entered information. By using cookies, the information you previously provided can be retrieved on your next visit to the website so that your navigation time is reduced and your use of the website is simplified. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie. Web beacons may be used to deliver the cookie and to compile the statistics about our website, such as how many people visited a particular page or clicked on certain links.
You can set your browser to decline cookies if you prefer. If you do so, you may not be able to get the benefit of some of the features of Prostruct Consulting websites that you visit.
2. Purposes for which we collect, use and disclose Personal Data
2.1 The purposes for which we collect, use and disclose Personal Data include:
(a) to communicate or interact with you, to respond to, handle, and process queries, requests, applications, complaints, and feedback from you;
(b) to manage your relationship with us;
(c) to process payment or credit transactions;
(d) to comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(e) to provide you with our products or services or provide customer support;
(f) to verify your identity and conduct background checks;
(g) to help us manage the delivery of and improve our products and services, including conducting market research or surveys, performing market analysis and identifying customer needs, and developing new products and services;
(h) to compile, manage and track the profile of our clients and vendors in our database;
(i) to contact you or provide you with information about our products and services or in relation to matters concerning Prostruct Consulting or which we believe may be of interest to you, including sending you alerts, newsletters and marketing materials;
(j) to handle claims and disputes, conduct and facilitate investigations and proceedings, and to protect and enforce our contractual and legal rights and obligations;
(k) to prevent, detect and investigate crime, including fraud and money-laundering, and to analyse and manage other commercial risks;
(l) to manage the administrative and business operations of Prostruct Consulting and to comply with internal policies and procedures;
(m) to facilitate business asset transactions, including mergers, acquisitions or asset sales, involving Prostruct Consulting;
(n) to facilitate attendance at events organised by us or that which we are involved in;
(o) to submit incident reports to authorities, insurance companies or for internal investigations;
(p) to submit CVs of persons for tender bids and interview purposes;
(q) to register for CORENET;
(r) to facilitate implementing and use of the SafeEntry system and other safe management measures at premises occupied or managed by us, COVID-19 contact tracing and other response measures;
(s) to register for COVID-19 and/or other testing;
(t) to pay vendors, contractors and sub-contractors for the provision of services;
(u) to register for AUDIENCE (a proprietary tool used by site supervisors for site data collection and inspections);
(v) to manage the security and other aspects of premises, facilities and technology infrastructure, including carrying out CCTV surveillance and conducting security clearances; and/or
(w) any other purpose relating to any of the above.
2.2 In addition, if you are seeking employment or any other appointment with us (including scholarships, internships or attachments) or are an existing employee, the purposes for which we collect, use and disclose your Personal Data include:
(a) to evaluate, administer and process your application and suitability;
(b) to conduct background checks, verify your credentials and qualifications, and obtain references;
(c) to manage our talent pool, including compiling and maintaining an information database on job, scholarship, internship or attachment applicants and existing employees;
(d) to manage or terminate your employment relationship with us;
(e) to facilitate the business operations of Prostruct Consulting, including compiling and maintaining an employee resume/CV database for purposes of project tender submissions and providing products and services to clients;
(f) to organize staff training and development programs;
(g) to assess and evaluate your performance;
(h) to administer benefits and payroll processing;
(i) to provide you with tools and/or facilities to enable or facilitate the performance of your duties;
(j) to communicate with you to comply with our policies and processes, including for business continuity purposes, compiling and publishing internal directories and contact lists;
(k) to conduct analysis and survey for human resource planning and management; and/or
(l) any other purpose relating to any of the above.
2.3 In relation to particular products and services, or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
2.4 The purposes listed in the above paragraphs may continue to apply even in situations where your relationship with us (for example, pursuant to your employment contract should you be hired) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
2.5 Personal Data may be disclosed to various parties including:
(a) entities within the Prostruct Consulting group or related companies and affiliates of Prostruct Consulting;
(b) our joint venture or alliance partners;
(c) our clients, vendors, sub-contractors and business partners;
(d) our agents, contractors, third party service providers and specialist advisers who provide operational, administrative, financial, research or other services, such as courier services, telecommunications, information technology, payment, payroll, processing, training, event organizing, market research, storage, archival, and client support services;
(e) our professional advisers such as our lawyers and auditors;
(f) insurers or insurance investigators and credit providers;
(g) any investor, assignee or transferee (actual or prospective) to facilitate business asset transactions, including mergers, acquisitions or asset sales, involving Prostruct Consulting;
(h) any relevant authorities, including regulatory bodies and/or law enforcement agencies, whether local or overseas;
(i) to the extent necessary to comply with any laws, regulations, rules, directions, guidelines and other similar requirements;
(j) anyone to whom we transfer or may transfer our rights and obligations; and
(k) any other party as may be consented to by you.
2.6 We require that parties to whom we disclose Personal Data implement adequate levels of protection in order to protect Personal Data, and to only process Personal Data strictly for our intended purpose.
3. Disclosing your Personal Data
3.1 You will appreciate that we may not be able to perfectly secure your Personal Data from cyber-attacks, such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your Personal Data arising from such risks.
4. Keeping your Personal Data accurate and up-to-date
4.1 We endeavour to ensure that the Personal Data we have about you is accurate and up-to-date. We realise that Personal Data changes frequently with changes of address and other personal circumstances. We encourage you to contact us as soon as possible to enable us to update any Personal Data we have about you.
5. Withdrawal of consent, access and correction of your Personal Data, and contacting us
5.1 The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing by post or via email to our Data Protection Officer at the contact details provided below.
5.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
5.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our products or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.
5.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.
5.5 If you wish to make (a) an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data; or (b) a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing by post or via email to our Data Protection Officer at the contact details provided in this Policy.
5.6 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
5.7 We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
6. Updates to this Policy
6.1 This Policy will be reviewed from time to time to take into account new laws and technology, changes to our operations and practices and the changing business environment. If you are unsure whether you are reading the most current version, please contact us.
7. Transfer of Personal Data outside of Singapore
7.1 Subject to what is stated below, we generally do not transfer your Personal Data to countries outside of Singapore. However, if we do so, we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
7.2 If you engage us for any work outside of Singapore or use our products and services outside of Singapore, you further acknowledge and agree that your Personal Data may be transferred outside of Singapore for those work, products or services to be provided, and you consent to our so transferring your Personal Data outside Singapore. If you are a job/ scholarship/ internship/ attachment applicant or an existing employee with us, you further acknowledge and agree that your Personal Data may be transferred outside of Singapore via our information database for purposes of managing our talent pool, and you consent to our so transferring your Personal Data outside Singapore. If you are an existing employee with us or with our vendor/ sub-contractor/ business partner, you further acknowledge and agree that your Personal Data may be transferred outside of Singapore to our overseas clients for purposes of providing our products and services to such clients, and you consent to our so transferring your Personal Data outside Singapore.
8. Questions or feedback about your Personal Data or our Policy
8.1 If you:
(a) have any questions or feedback relating to your Personal Data or our Policy;
(b) would like to withdraw your consent to any collection, use or disclosure of your Personal Data as set out in this Policy; or
(c) would like to obtain access or make corrections to your Personal Data,