DATA PROTECTION POLICY
VANKOR INDIA PTE LTD. (“VIPL”, “Company” or “We”)

 

GENERAL
The Data Protection Policy is intended to give guidelines and consistency in the collection, storage, usage, disclosures, retention and deletion of personal data of individuals who engages with the Company.


WHAT IS PERSONAL DATA PROTECTION ACT?
The Personal Data Protection Act (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.


WHAT IS PERSONAL DATA?
Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).
The following Personal Data (PD) types are covered:

  • Full name (including alias);
  • National Registration Identity Card (NRIC) Number or Foreign Identification Number (FIN) and Passport Number;
  • Photographs or video images of an individual;
  • Personal residential/mobile telephone number;
  • Personal email/residential address;
  • DNA profile;
  • Thumbprint;
  • Iris image;
  • Voice recording of an individual.

The PDPA takes into account the following concepts:

  • Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
  • Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
  • Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.


APPLICATION OF THE PERSONAL DATA PROTECTION ACT
The PDPA covers personal data stored in electronic and non-electronic forms.
The data protection provisions in the PDPA (parts III to VI) generally do not apply to:

  • Any individual acting in a personal or domestic basis.
  • Any employee acting in the course of his or her employment with an organisation.
  • Any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
  • Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.
  • These rules are intended to be the baseline law which operates as part of the law of Singapore. It does not supersede existing statutes, but will work in conjunction with them and the common law.


OVERVIEW OF POLICY
This data protection policy applies to VIPL which is established in Singapore. This policy governs the collection, use and disclosure of personal data submitted to VIPL including through www.vankor.com.sg, and explains how we collect and handle personal data of individuals and comply with the requirements of the Personal Data Protection Act 2012 of Singapore and its regulation(s) (“PDPA”). In this policy, “personal data” shall have the meaning ascribed to it in the PDPA.
VIPL shall comply with the requirements of the policy. This policy overrides the data protection requirements in any other VIPL’s policies (based on functional requirements) protecting Personal Data Protection to the extent this policy imposes additional requirements or requires a higher standard of protection of personal data. For the avoidance of doubt, nothing herein shall require VIPL to act in breach of applicable Singapore laws.


MAIN DATA PROTECTION POLICY
VIPL will collect, use or disclose personal data for reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. VIPL may also collect, use or disclose personal data if it is required or authorised under applicable laws.


COLLECTION OF PERSONAL DATA
VIPL may collect personal data from business contacts, partners, employees, contractors and other individuals. Such personal data may be provided to VIPL in forms filled out by individuals, face to face meetings, online meetings, emails, telephone conversations, through VIPL’s website or provided by third parties. If any individuals contact VIPL, then we may keep a record of that contact.
VIPL will collect these personal data when it is necessary for business purposes or to meet the purposes for which the individuals have submitted their personal information.
VIPL will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this policy. If any party is acting as an intermediary or otherwise on behalf of a third party individual or supplying VIPL with information regarding a third party individual (such as a business contact, recruiter, an employee etc.), such intermediary party undertakes that they are an authorised representative or agent of such third party individual and that they have obtained all necessary consents from such third party individual to the collection, processing, use and disclosure by VIPL of their personal data. While VIPL are collecting the third party individual’s data from intermediary, it is the responsibility of VIPL to make the intermediary aware of all matters listed in this policy preferably by distributing a copy of this policy to them or by referring them to VIPL’s website: www.vankor.com.sg


USE OF PERSONAL DATA
VIPL may use personal data for the following purposes:

  • maintain regulatory requirements
  • provision of services
  • respond to the request for the purposes for which personal data was provided at the time of collection
  • maintain contact with business and/or other contacts
  • general management and reporting purposes, such as invoicing and account management
  • recruitment and employment of our employees purposes
  • Any other purposes related to VIPL’s business

Any individual may choose to unsubscribe from VIPL’s contact lists by contacting VIPL’s Data Protection Officer (DPO). Such requests will usually be processed within 10 working days.


DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We will not disclose personal data to third parties except when required by law, when VIPL have the individual’s consent or deemed consent or in cases where we have engaged third parties such as data intermediaries or subcontractors specifically to assist with VIPL’s business. Any such third parties whom we engage will be bound contractually to keep all information confidential.


ACCESS TO AND CORRECTION OF PERSONAL DATA
Upon request, we will provide the individual with access to their personal data or other appropriate information on their personal data in accordance with the requirements of the PDPA.
Upon request, we will correct an error or omission in the individual’s personal data that is in VIPL’s possession or control in accordance with the requirements of the PDPA.


WITHDRAWAL OF CONSENT
Upon reasonable notice being given by an individual of his/her withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his/her personal data, we will inform the individual of the likely consequences of withdrawing his/her consent. We will stop (and inform any intermediaries and agents to stop) collecting, using or disclosing the personal data unless it is required or authorised under applicable laws.


ACCURACY OF PERSONAL DATA
VIPL will make a reasonable effort to ensure that personal data collected by VIPL or on its behalf is accurate and complete.
SECURITY AND PROTECTION OF PERSONAL DATA
VIPL have in place operational security to protect the personal data in its possession or under its control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Only authorised VIPL employee(s) and/or intermediaries are provided access to personally identifiable information and these personnel will have agreed to ensure confidentiality of this information.


RETENTION OF PERSONAL DATA
VIPL will remove (delete) any personal data collected when it is outdated, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, upon request by the individual and such retention is not required further for legal or business purposes.
TRANSFER OF PERSONAL DATA OUTSIDE OF SINGAPORE
VIPL will ensure that any transfers of personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.


DATA PROTECTION OFFICER
If an individual believes that information we hold about him/her is incorrect or out of date, or have concern on about how his/her personal data is handled, or any problem or complaint about such matters, please contact VIPL’s Data Protection Officer as listed –
Email: dpo@vankor.com.sg
Phone: +65 6532 2902
Address: 300 Beach Road, #18-05, The Concourse, Singapore 199555

 

View and download a copy of VIPL’s Personal Data Protection Act Consent Form