fbpx

PRIVACY POLICY

NOTES AND INSTRUCTIONS FOR USE OF THIS POLICY

  1. An organisation should ensure that the policies and processes described are aligned with its own internal policies and processes.
  2. Do review the policy and confirm it meets the organisation’s requirements and whether any additional or alternative clauses may be required.
  3. The notice is crafted broadly for general use and purposes, but may be adapted by the organisation to suit a more specific use and purpose, such as for publication on its website policies.
  4. Use of the notice does not mean that an organisation will be in compliance with the Personal Data Protection Act 2012 (“PDPA”) (or any other law). An organisation is encouraged to seek professional legal advice if it is uncertain of its obligations under the PDPA or if it requires assistance with the drafting of such a Notice for its particular purposes and context.
  5. Please refer to the advisory guidelines published by the PDPC at www.pdpc.gov.sg for more information about the PDPA and its requirements.

Definition

This is the Privacy Policy (“Policy”) of TalentX AI Pte. Ltd. (“TA” or the “Company”). In this Policy, when we use “we”, “us” or “our”, we refer to the company which is collecting, using and disclosing your personal data.Our Data Protection Policy applies to all personal data provided to us directly from you, from your authorized representatives (i.e. persons who you have authorized and persons who have been validly identified as being you or your authorized representative) from third parties, or from publicly available sources. The Company aims to help you understand how we collect, use, disclose and safeguard your personal data in accordance with Singapore’s Personal Data Protection Act 2012 (“PDPA”) as there may be changed from time to time.

Your Consent

By providing us with your personal data and/or signing up for Services offered by us, you shall be deemed to have agreed to all the terms, conditions and notices in this Policy.

1. Personal Data Collection

As used in this Policy,
Personal data” means data (whether true or not), about an employee or a customer who can be identified through that data or that data and other information to which we have or likely to have access to.Depending on the nature of interaction with us, following are examples of personal data we may collect. This includes, but is not limited to:

1.1 Personal Data Collection

  1. Name;
  2. Partial / Full NRIC;
  3. Contact Phone Number;
  4. Residential Address;
  5. Nationality;
  6. Gender; and
  7. Date of Birth.

1.2 Ways we collect your personal data:

  1. When you submit an application relating to employment opportunity with the Company;
  2. When you purchase and/or use any of our products and/or services;
  3. When you enter into an agreement with us or you express your interest in respect to any of our products and/or services;
  4. When you meet our staff personally or contact them through any means or request us to contact you;
  5. When you participate and/or respond to any of our competitions, lucky draws, surveys, promotions and/or other programmes;
  6. When you visit our websites and/or use our mobile applications;
  7. When you submit your personal data for any other reasons and/or; and
  8. When we seek information about you and receive in accordance with the Act and other applicable laws and regulations your personal data in relation to your relationship with us including in respect to products and/or services from other parties including related companies, business associates and other third parties either situated in Singapore or outside.

2. Purposes For The Personal Data Use And Disclosure

The personal data collected may be collected, used, disclosed and/or processed by us for the purposes which are permitted by the Act, applicable laws and regulations and for other purposes which depend on circumstances requiring us to do so or for other purpose which we may notify you at the time of obtaining your consent which shall include, but is not limited to:

2.1 Provisioning and administration of services:

  1. To respond, handle, and to resolve your feedback, complaints, queries and requests;
  2. Managing your relationship with the Company;
  3. For the creation, activation and/or termination of accounts;
  4. Enable us to process sponsorship payments and payments of cash rebates;
  5. Facilitate the drafting of agreements for the supply of products or services;
  6. Facilitate the process and collection of deposits/payment instructions, tax, GIRO, refunds, and/or the transfer of accounts;
  7. Facilitate our third-party service providers to process certain aspects of services provided by us;
  8. Facilitate any proposed or confirmed merger, acquisition or business asset transaction involving any part of the Company restructuring process; and
  9. Administer and process any related insurance claims and payments arising under the respective policies;

2.2 Disclosure of Personal Data:

  1. When we offer rewards and promotions, share promotional benefits and loyalty programmes;
  2. When we provide updates, offers, invitation to events, deliver relevant advertising, including phone calls/through SMSs as permitted under the laws and regulations;
  3. When the Company needs to comply with legal obligations and/or industry requirements. This includes disclosure to legal, regulatory, governmental, tax and law enforcement authorities;
  4. For recovery of debts management (including legal means);
  5. Conduct checks against money laundering and related risks; and
  6. When the Company engages professional third parties providing services relating to insurance, operational, audit and consultancy services to us;

2.3 Provision relating to Do Not Call (DNC):

  1. Unless we are allowed to do so under the Act, applicable laws and regulations or you have given us your consent, we will not text you marketing messages or calls.

3. Retention

We may retain your personal data for as long as is necessary for us to fulfill the purpose for which it was collected, and/or as required by the applicable laws. As soon as it is reasonable to assume that such retention no longer serves its purpose, and it is no longer necessary for legal or business purposes, we will cease to retain your personal data, by physical destruction and electronic destruction.

3.1 Legal & Regulatory requirements

  1. Under a legal obligation to disclose including providing assistance to law enforcement, judicial and other government agencies.
  2. To protect the rights, property, security or safety of the company.

3.2 Related purposes:

  1. Purposes which are reasonably related to the above stated purposes or for purposes which we have notified you and obtained your expressed consent.
  2. We will not use your personal data for purpose other than stated or of which you have been informed, or which we are permitted under the applicable laws and regulations.
  3. We will retain your personal data for only as long as the purpose for which it is collected is still being served and if the retention is necessary for any other legal or business purposes.

4. Accuracy Of Data, Storage Of Data, Information Security And Applicability To Third Parties

We strongly believe in protecting your personal data. We will take all reasonable steps to ensure that any person or organization, to whom your personal data was used or disclosed, uses that personal data only for the purposes of performing any of the functions listed above for us.’
We may transfer, store, process and/or deal with your personal data outside Singapore. In doing so, we will comply with the PDPA and other applicable data protection and privacy laws. We will make reasonable effort to ensure that the third parties receiving the personal information is bound by legally enforcement obligations to provide the transferred Personal Data a standard of protection that is comparable to the protection under the PDPA 2012 Act.
  1. We respect the confidentiality of your personal data, we will ensure your personal information in our possession or control is accurate. You must also inform us of any change in your personal data for us to update the data.
  2. The data collected from you may be processed and stored at our premises in Singapore.
  3. As we are required to work with related companies, business associates, service providers, agents and other third parties either situated in Singapore or outside it (collectively “third parties”) for smooth provision of our products and services and for one or more of the purposes, they may process your personal data on our behalf or otherwise. Where personal data is disclosed to third parties, we will employ our best efforts to require the said third parties to protect your personal data.

4.1 Update or Change of Personal Information

Question, Application for Access/Correction and Withdrawal of Consent
  1. If you wish to update or make any changes to the information you have provided;
  2. If you have any questions, comments or suggestions regarding this Policy or apply for access or correction or withdraw consent, you can contact our Data Compliance Officer at dp@nladfk.com.

5. Use Of Cookies

A cookie is a small text that is stored in your computer electronic device when you visit some websites. We may use a cookie when you visit our website. The cookie can be read only by us and it cannot access, read or modify any data in your computer or electronic device.

5.1 We use cookies on our website for following purpose:

  1. To recognise you whenever you re-visit our website by enabling us to remember your personal data including your user-id;
  2. To collect service preferences for purposes like gathering information of how you and other visitors use our website;
  3. To gather more usage statistic to improve our website efficiency in provisions of our services and products.

5.2 Type of Cookies Used:

  1. Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site, use a shopping cart or make use of e-billing services.
  2. Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
  3. Functionality cookies. These are used to recognize you when you return to our site. This enables us to personalize our content for you, greet you by your name and remember your preferences (for example, your choice of language or region).
  4. Targeting cookies. These cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site and the advertising displayed on it is more relevant to your interests. We may also share this information with third parties for this purpose.
You can control and/or delete cookies as you wish—for details, see www.aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

6. And Correction Of Your Personal Data And Withdrawal Of Consent

6.1 Your Rights

  1. At your request, we would provide access to your personal data within the reasonable time frame and your access may be subjected to fees to meet our costs.
  2. You can request to correct any errors or omissions in your personal data which are in our possession or control. The contact details are:
    Attentian to:Data Protection officer of TA
    Email:dp@nladfk.com
    Contact:6222 0289
    Mail:143 Cecil Street #17-03 GB Building Singapore 069542
  3. We may also decline your request that you may make if the law does not permit us to do so.

6.2 Withdrawal of Consent

  1. You may also withdraw your consent to our collection, use, disclosure and processing of personal data but in such an event we may not be able to provide our services and products.
  2. From time to time we may review our policies, procedures and processes to better manage, protect and process your personal data. We may therefore amend this Policy at any time by giving you notice on our website.

7. Safeguard Your Personal Data (Security)

The Company have policies in place to protect the personal data in our possession from unauthorized access, collection, use, disclosure, copying and modification. We will destroy and/or anonymize as soon as is reasonable to assume that the purpose for which that personal data was collected is no longer necessary for any other legal, government regulatory or business purposes.

8. Governing Law

This Data Protection Policy and your use of this website shall be governed by and construed in accordance with the Singapore Law. You have agreed to submit to the exclusive jurisdiction of Courts of Singapore in any dispute relating to this Policy.

9. Amendments Of TA Privacy Policy

This Policy may be amended in accordance with the PDPA legislated requirements from time to time and the updated policy shall be make available on our website.

STANDARD OPERATING PROCEDURE (SOP) FOR HANDLING PERSONAL DATA

1. Introduction

This Standard Operating Procedure (SOP) provides a framework for the implementation of data protection management throughout the Company. This SOP provides all employees with information and clear guidance on the correct use of the personal data held and sets out what is required from all employees when processing personal data of individuals.
Data protection policies are designed to protect personal data important to the Company, its employees, customers, suppliers and any other individuals. They also help to comply with data protection legislation and regulations. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).

2. Processes for Data Protection of External Stakeholders

The following data protection procedures must be adhered to when processing personal data of external stakeholders.

2.1 Obtaining consent

  1. The Company must obtain the consent in writing of the individual before collecting, using or disclosing the individual personal data for a purpose. The details of the individual obtained should be recorded in the Personal Data Inventory.
  2. The Company must inform the individual of the purposes for which it is collecting, using or disclosing the individual personal data on or before collecting the data.
  3. The Company must allow an individual to withdraw consent and inform him/her of the likely consequences of withdrawal if it has been given notice to do so.
  4. The Company must ensure that the person providing consent on behalf of an individual is validly acting on behalf of that individual.
  5. Where applicable, the Company must ensure that third party sources which the Company obtained personal data from had obtained valid written consent from the individual.

2.2 Purpose for Collection, Use or Disclosure

  1. The Company should collect, use or disclose personal data for reasonable purposes that the individual had been informed and had consented to. The details of the individual should be recorded in the Consent Register.
  2. The Company should review regularly (eg annually) that the purposes for which personal data is collected, used or disclosed is consistent with its original purposes.

2.3 Notifying Individuals

  1. The Company should inform the individual of the purposes for collecting, using or disclosing the individual personal data on or before collecting the data. The Company may refer the individual to the Company’s Data Protection Notice on the Company’s website.
  2. The Company should highlight purposes of information that may be of particular concern to the individual which includes disclosure of the information to third parties for certain purposes.

2.4 Access and Correction of Personal Data

  1. The Company must respond to access request by the individual to provide the individual with his/her personal data in the Company’s possession or under its control, as well as how the personal data has been used or disclosed during the past year as soon as reasonably possible.
  2. The Company must ensure access request is submitted in writing and sent to the Data Protection Officer at the provided business contact, including the Company’s email address and website.
  3. The Company must verify the identity of the individual making the access request, determining the time taken to process and respond to the individual on his/her access request.
  4. The Company must inform the individual making the access request of any fee (eg cost of producing a physical copy of the personal data requested) associated with processing the access request.
  5. The Company must provide the individual with a written estimate of the fee. The fee should accurately reflect the time and effort required to respond to the access request.
  6. The Company must inform the individual in writing of the higher estimate if a fee higher than the original written estimate is charged.
  7. The Company should provide access only if the individual agrees to pay the fee.
  8. The Company should not impose a charge for the correction of personal data.
  9. The Company must respond to requests by the individual for access or correction of personal data within 30 calendar days.
  10. If the Company is unable to provide access or correct the information within 30 calendar days, the Company must inform the individual in writing as to when he/she can receive or correct the information.
  11. The Company must verify the identity of the individual by asking the individual a set of questions to verify his/her identity.
  12. The Company must ensure that the third party is legally authorised to act on the individual’s behalf if the third party is making access or correction request on behalf of the individual.
  13. The Company must ensure there is documentary evidence of the verification to demonstrate that it is in compliance with the PDPA and to minimise potential disputes.

2.5 Accuracy and Completeness of Personal Data

  1. The Company must ensure that the personal data collected by or on behalf of the Company is accurate and complete.
  2. The Company must ensure that the personal data collected is to be used by the Company to make a decision that affects the individual to whom the personal data relates to.
  3. The Company must request the individual to make a written declaration that the personal data provided is accurate and complete.

2.6 Security Measures

  1. The Company must make security arrangements to protect personal data in the Company’s possession or under its control in order to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
  2. The Company should encrypt personal data to prevent unauthorised access.
  3. The Company should conduct regular security audits, scans and tests on IT and operational systems to detect vulnerabilities and non-compliance with the Company standards.
  4. The Company must install software such as anti-virus, anti-spyware, and firewall on computers and keep them updated and perform scans regularly.
  5. The Company should activate self-locking mechanisms for the computer screen if the computer is left unattended for a certain period.
  6. The Company must update computer software or conduct regular patching to minimise vulnerabilities.
  7. The Company should store confidential documents in locked file cabinets.
  8. The Company should restrict employee access to documents with personal data and confidential material to a need-to-know basis.
  9. The Company must dispose documents properly with personal data and confidential information that are no longer needed through shredding or similar means.
  10. The Company should require employees to be bound by confidentiality obligations in their employment agreements.
  11. The Company should conduct regular training sessions for staff to cultivate good practices in handling personal data and strengthen data protection awareness.
  12. The Company must ensure that all staff receive regular training so that they are well appraised and updated on the proper procedures for processing and sending personal data.
  13. The Company must acquire a clear understanding of the solution of using ready-made software.
  14. The Company must understand the features and limitations of the ready-made software (including plug-ins) processing personal data, before putting it into use.
  15. The Company must ensure that its service agreement with data intermediaries, if applicable, impose sufficient obligations to ensure the data intermediaries’ own compliance with the PDPA.

2.7 Retention Policies

  1. The Company must stop retaining documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that:
    1. the purpose for which the personal data was collected is no longer being served by the retention of the personal data and
    2. retention is no longer necessary for legal or business purposes.
  2. The Company must document the retention periods for the personal data and the rationale for needing to keep the personal data in the Personal Data Inventory.
  3. The Company must review or housekeep personal data regularly to determine if the personal data is needed or if it can be disposed.
  4. The appropriate data disposal methods are as follows:
    1. Physical Destruction
      • Shredding: cuts paper in a way that makes it reasonably difficult, or even impossible, to reassemble the pieces in order to reconstruct (a substantial part of) the information, but allows for the paper to be recycled as long as the pieces are not too small
      • Incineration (or burning): reduces paper to ashes;
      • Pulping: paper is mixed with water and chemicals to break down the paper fibres before it is processed into recycled paper.
    2. Electronic Destruction
      • Use dedicated software that can overwrite selected files or the entire storage drive.
      • Use specialised hardware appliances that cater for the destruction (e.g. a degausser machine produces a strong electromagnetic field that can destroy magnetically recorded data).
      • Physically destroy the storage device by crushing, drilling or shredding it.
      Alternatively, the Company may anonymise the personal data and keep it for further uses, provided it has taken sufficient steps to address re-identification risks.

2.8 Transferring Data Overseas

Particular care must be taken when personal data is transferred to a country or territory other than the country where either:
  1. The data subject from which it was collected is resident; or
  2. The Company that collected it is established
  1. The Company must ensure that the overseas recipient, if applicable, will comply with Data Protection Provisions in respect of the transferred personal data while under its possession or control, and if the overseas recipient is bound by legally enforceable obligations (eg any law, binding corporate rules, contractual agreements) to provide a comparable standard of data protection to that under the PDPA.
  2. The Company must ensure the individual is informed about how his/her personal data will be protected and provides consent to transfer his/her personal data to overseas recipient.
  3. The Company must ensure that there is contractual agreement with overseas recipient which the personal data may be transferred to.

2.9 Sharing Data Outside of the Company

Personal data should only be disclosed outside the Company where there is a legitimate business need, an overarching legal justification to do this or where a customer consents to such disclosure (whether as set out within a contract or otherwise in writing). Disclosure must be made on a strictly limited ‘need to know’ basis where there is clear justification for transferring personal data – either because the data subject has consented to the transfer or because it is for a legitimate business need.
Where personal data is transmitted outside the Company, for example to a service provider, a secure medium must be used to transmit such data and written agreements (containing the required level of security standards) should be in place with each such third party. In each case, data subjects must be aware that the transfer or disclosure is likely to take place to a third party. This should normally be achieved through the use of our End User Privacy Notice or Employee Privacy Notice (or other forms of privacy notice), except where the transfer or disclosure is clearly understood by the data subject as a necessary part of a function of the Company. Assurances should also be sought from the third party recipient that they will only use the personal data for legitimate / authorised purposes and keep it secure.
If a particular disclosure is required to meet a legal obligation (for example to a government agency or police force/security service) or in connection with legal proceedings, the personal data may be provided so long as the disclosure is limited to that which is legally required.

2.10 Communication to Stakeholders

  1. The Company must appoint at least one Data Protection Officer (DPO) to be responsible for ensuring that it complies with the PDPA.
  2. The Company must ensure the DPO business contact information is made available to the public (eg on the Company’s website).
  3. The DPO must ensure compliance with PDPA when developing, implementing, monitoring and reviewing policies and processes for handling personal data.
  4. The DPO should foster a personal data protection culture among employees and communicate personal data protection policies to stakeholders.
  5. The DPO must manage personal data protection related queries and complaints.
  6. The DPO must alert management to any risks that might arise with regard to personal data.
  7. The DPO must liaise with the PDPC on data protection matters, if necessary.
  8. The Company must communicate policies and practices to staff and other relevant third parties (i.e. sub-contractors, business partners, vendors, etc.) that deal with the personal data.
  9. The Company must ensure that there are policies and practices to respond to queries and complaints related to personal data protection.
  10. The Company must review and investigate queries or complaints relating to potential inadequate personal protection measures as well as the related policies and practices to address any personal data breaches.

3. Data Protection Impact Assessments

The Company should conduct a Data Protection Impact Assessments (“DPIAs”) to assess the risks to the personal data they possess or under its control to determine appropriate security to control or mitigate these risks.
Examples of when a DPIA may be required are provided below:
  1. a new IT system for storing and accessing personal data
  2. the migration of an existing system holding large volumes of personal data into the cloud
  3. the conducting of an employee investigation involving the monitoring of employee communications
  4. using existing personal data for new and unexpected, or more intrusive, purposes
  5. new Bids
  6. Mergers and Acquisitions
  7. new surveillance system (especially one which monitors members of the public)
The data protection risks are evaluated based on its likelihood and impact. For each risk framework, the Company should establish the specific level of likelihood and impact using the Risk Assessment Table. Based on the risks identified, the Company should create an action plan to mitigate the risk and document accordingly in the DPIA template.

4. Personal Data Breaches

The Company’s employees must exercise good personal data handling practices as the Company is accountable towards individuals by preventing data breaches.
When the Company’s employee identify a personal data breach, he/she must follow the Company’s Data Management Breach Plan by taking the following 4 steps:
  1. Containing the data breach
    When a data breach is identified, the employee must immediately report to the DPO of the incident. The DPO must conduct an initial assessment of the data breach to determine the cause of the breach, the number of individuals affected, the type of personal data disclosed, the systems affected, and severity of the data breach. Details of the breach and response must be recorded in the Breach Incident Record Log.
  2. Assessing the data breach
    The Company should carry out an in-depth assessment of the extent of the data breach and whether it is likely to result in a significant impact on the affected individuals, and whether it is necessary to notify the affected individuals and the Personal Data Protection Commission (“PDPC”).
    The Company should carry out an assessment within 30 days from the identification of the potential data breach.
  3. Reporting the data breach
    The Company should take the initiative to notify the affected individuals and the PDPC within the next 72 hours if the data breach is assessed to result in a significant impact on more than 500 individuals.
  4. Evaluating the response
    The Company should review the gaps resulting in the data breach incident and implement remedial actions to improve personal data handling practices and prevent the reoccurrence of similar data breaches.
    The Company should review the plan continuously so that it remains effective and relevant.

5. Processes for Data Protection of Internal Stakeholders

The following data protection procedures must be adhered to when processing personal data of internal stakeholders.

5.1 Employee Data

  1. The Company should collect, use and disclose the job applicant’s personal data only for the purpose of processing the job application.
  2. The Company must ensure the employee sign a consent clause in the Company’s Data Protection Policy for Employees to give consent to the Company to use the personal data for the purpose of maintaining the employment relationship. If the Company wishes to use the personal data for other purposes, the Company must obtain consent from the employee.
  3. The Company must allow employees at any point in time to submit an access or correction form to gain access or to correct their personal data held by the Company.
  4. The Company must dispose personal data collected from job applicants who are not subsequently employed within a reasonable time (eg 30 days).
  5. The Company should dispose personal data of former employees within a reasonable time (eg 6 months) once the personal data no longer serve any business or legal purposes.
  6. The Company must securely keep employment records containing personal data and disclose only to authorised personnel with access for business purposes. The Company should keep physical copies of employment records locked in file cabinets. All electronically stored files must be secured with password encryption.

5.2 Bring Your Own Device Policy

  1. The Company must ensure that employees using their own device have anti-virus software installed on their personal devices. Employees should be advised not to use cloud-based applications that allows company-related data to be transferred to unsecure parties. The Company should ensure that the personal devices of employees are not shared with family and friends.
  2. The Company must ensure that employees protect their personal devices from loss, damage or theft. The Company should inform the employees that they must immediately notify management in the event their personal devices are lost, stolen or damaged.
  3. The Company must remove all company and personal data on the personal devices of employees who have resigned.

5.3 Data Protection Training

  1. All employees shall receive training in regard to the SOP and have a basic understanding of the regulatory requirements. Whenever an SOP shall be revised, training on revised SOP shall also be carried out.
  2. Induction training shall be provided by the Company to all new joiners.
  3. Whenever a data breach is discovered, the employee shall receive re-training immediately. In the event that multiple retraining is required for the same issue, the SOP will be reviewed for change. When it is determined that an SOP should be reviewed for change, the review will occur at the soonest possible.

DATA PROTECTION NOTICE FOR CUSTOMERS

NOTES AND INSTRUCTIONS FOR USE OF THIS NOTICE

  1. An organisation should ensure that the policies and processes described are aligned with its own internal policies and processes.
  2. Do review the notice and confirm it meets the organisation’s requirements and whether any additional or alternative clauses may be required.
  3. The notice is crafted broadly for general use and purposes, but may be adapted by the organisation to suit a more specific use and purpose, such as for publication on its website policies, or as part of its website, mobile application or pro forma invoice.
  4. Use of the notice does not mean that an organisation will be in compliance with the Personal Data Protection Act 2012 (“PDPA”) (or any other law). An organisation is encouraged to seek professional legal advice if it is uncertain of its obligations under the PDPA or if it requires assistance with the drafting of such a Notice for its particular purposes and context.
  5. Please refer to the advisory guidelines published by the PDPC at www.pdpc.gov.sg for more information about the PDPA and its requirements.

Data Protection Notice for Customers

This Data Protection Notice (“Notice”) sets out the basis which TalentX AI Pte. Ltd. (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

Personal Data

  1. As used in this Notice,
    customer” means an individual who
    1. has contacted us through any means to find out more about any goods or services we provide, or
    2. may, or has, entered into a contract with us for the supply of any goods or services by us; and
    personal data” means data, whether true or not, about a customer who can be identified:
    1. from that data; or
    2. from that data and other information to which we have or are likely to have access.
  2. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include name, email address, telephone number, nationality, gender, date of birth, marital status, employment information, current, expected and offer compensation details (e.g. salaries, allowances, bonus, stocks), internal salary range, position details (e.g. job title, skills requirements, work location, years of experience requirement) and other basic information (e.g. current employment status, any offer on hand, interviewer opinion, culture fit, technical/cognitive skills match, career & learning opportunities, employer branding, overall benefits, and workplace flexibility.
  3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

Collection, Use and Disclosure of Personal Data

  1. We generally do not collect your personal data unless
    1. it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative” after
      1. you (or your authorised representative) have been notified of the purposes for which the data is collected, and
      2. you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or
    2. collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
  2. We may collect and use your personal data for any or all of the following purposes:
    1. performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
    2. any other purposes for which you have provided the information; and
    3. any other incidental business purposes related to or in connection with the above (including but not limited to consolidated data to create analytical trend data, databases and intellectual capital to improve the quality of our products for the benefit of all clients, provided that no particular client or individual shall be identifiable).
  3. We may disclose your personal data where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you.
  4. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).

Withdrawing Consent

  1. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
  2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
  3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 8 above.
  4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Access to and Correction of Personal Data

  1. If you wish to make
    1. an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
    2. a correction request to correct or update any of your personal data which we hold about you,
    you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
  2. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
  3. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Protection of Personal Data

  1. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, use of privacy filters, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need- to-know basis.
  2. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy of Personal Data

  1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

Retention of Personal Data

  1. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
  2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

Transfers of Personal Data Outside of Singapore

  1. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Data Protection Officer

  1. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner::
    Attentian to:Data Protection officer of TA
    Email:dp@nladfk.com
    Contact:6222 0289
    Mail:143 Cecil Street #17-03 GB Building Singapore 069542

Effect of Notice and Changes to Notice

  1. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
  2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

DATA PROTECTION NOTICE FOR EMPLOYEES

NOTES AND INSTRUCTIONS FOR USE OF THIS NOTICE

  1. An organisation should ensure that the policies and processes described are aligned with its own internal policies and processes.
  2. Do review the notice and confirm it meets the organisation’s requirements and whether any additional or alternative clauses may be required.
  3. The notice is crafted broadly for general use and purposes, but may be adapted by the organisation to suit a more specific use and purpose, such as for publication on its letter of appointment or employee handbook.
  4. Use of the notice does not mean that an organisation will be in compliance with the Personal Data Protection Act 2012 (“PDPA”) (or any other law). An organisation is encouraged to seek professional legal advice if it is uncertain of its obligations under the PDPA or if it requires assistance with the drafting of such a Notice for its particular purposes and context.
  5. Please refer to the advisory guidelines published by the PDPC at www.pdpc.gov.sg for more information about the PDPA and its requirements.

Data Protection Notice for Employees

This Data Protection Notice (“Notice”) sets out the basis which TalentX AI Pte. Ltd. (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of employees in accordance with the Personal Data Protection Act (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

Application of This Notice

  1. This Notice applies to all persons engaged in a contract of service with us (whether on a part-time, temporary or full-time basis) and interns and trainees working at or attached to us (collectively referred to as “employees”), and all references to “employment” shall apply equally to internships and traineeships (as may be applicable).

Personal Data

  1. As used in this Notice, “personal data” means data, whether true or not, about an employee or a job applicant who can be identified:
    1. from that data; or
    2. from that data and other information to which we have or are likely to have access.
  2. Personal data which we may collect in the context of your employment with us includes, without limitation, your:
    1. Salary information;
    2. Employees’ current compensation details (e.g. salaries, allowances, bonus, stocks);
    3. Position details (e.g. job title, skills requirements, work location, years of experience requirement); and
    4. salary information;
    5. photographs; and
    6. Any additional information provided to us by you as a job applicant (that is, prior to being engaged as an employee).
  3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

Collection, Use and Disclosure of Personal Data

  1. We generally collect personal data that
    1. you knowingly and voluntarily provide in the course of or in connection with your employment or job application with us, or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”, which may include your job placement agent), after
      1. you (or your authorised representative) have been notified of the purposes for which the data is collected, and
      2. you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or
    2. collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
  2. Your personal data will be collected and used by us for the following purposes and we may disclose your personal data to third parties where necessary for the following purposes:
    1. performing obligations under or in connection with the provision of our goods or services to our clients.
    2. any other purposes/incidental business purposes related to or in connection with the above (including but not limited to consolidated data to create analytical trend data, databases and intellectual capital to improve the quality of our products for the benefit of all clients, provided that no particular client or individual shall be identifiable).
  3. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

Withdrawing Consent

  1. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
  2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

Access to and Correction of Personal Data

  1. If you wish to make
    1. an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
    2. a correction request to correct or update any of your personal data
    which we hold, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
  2. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
  3. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
  4. Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.

Protection of Personal Data

  1. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, use of privacy filters, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
  2. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy of Personal Data

  1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

Retention of Personal Data

  1. We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable laws.
  2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.

Transfers of Personal Data Outside of Singapore

  1. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Data Protection Officer

  1. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner::
    Attentian to:Loo Soo Ling (Angeline)
    Email:dp@nladfk.com
    Contact:6222 0289
    Mail:143 Cecil Street #17-03 GB Building Singapore 069542

Effect of Notice and Changes to Notice

  1. This Notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
  2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued employment and participation in our recruitment process constitute your acknowledgement and acceptance of such changes.

DATA PROTECTION NOTICE FOR JOB APPLICANTS​

NOTES AND INSTRUCTIONS FOR USE OF THIS NOTICE

  1. An organisation should ensure that the policies and processes described are aligned with its own internal policies and processes.
  2. Do review the notice and confirm it meets the organisation’s requirements and whether any additional or alternative clauses may be required.
  3. The notice is crafted broadly for general use and purposes, but may be adapted by the organisation to suit a more specific use and purpose, such as for publication on its job portal.
  4. Use of the notice does not mean that an organisation will be in compliance with the Personal Data Protection Act 2012 (“PDPA”) (or any other law). An organisation is encouraged to seek professional legal advice if it is uncertain of its obligations under the PDPA or if it requires assistance with the drafting of such a Notice for its particular purposes and context.
  5. Please refer to the advisory guidelines published by the PDPC at www.pdpc.gov.sg for more information about the PDPA and its requirements.

Data Protection Notice for Job Applicants

This Data Protection Notice (“Notice”) sets out the basis upon which TalentX AI Pte. Ltd. (“we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of job applicants in accordance with the Personal Data Protection Act (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

Application of This Notice

  1. This Notice applies to all persons who have applied for any such position with us (“job applicants”).

Personal Data

  1. As used in this Notice, “personal data” means data, whether true or not, about an employee or a job applicant who can be identified:
    1. from that data; or
    2. from that data and other information to which we have or are likely to have access.
  2. Personal data which we may collect includes, without limitation, your:
    1. mailing address, telephone numbers, email address and other contact details;
    2. resume, educational qualifications, professional qualifications and certifications and employment references;
    3. employment and training history;
    4. salary information;
    5. photographs; and
    6. other basic information (e.g. current employment status, any offer on hand, interviewer opinion, culture fit, technical/cognitive skills match, career & learning opportunities, employer branding, overall benefits, and workplace flexibility).
  3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

Collection, Use and Disclosure of Personal Data

  1. We generally collect personal data that
    1. you knowingly and voluntarily provide in the course of or in connection with your employment or job application with us, or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”, which may include your job placement agent), after
      1. you (or your authorised representative) have been notified of the purposes for which the data is collected, and
      2. you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or
    2. collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
  2. Your personal data will be collected and used by us for the following purposes and we may disclose your personal data to third parties where necessary for the following purposes:
    1. assessing and evaluating your suitability for employment in any current or prospective position within the organisation and the client organisations;
    2. verifying your identity and the accuracy of your personal details and other information provided;
    3. assessing and evaluating your suitability for employment/appointment or continued employment/appointment in any position within our organization and our client organisations; and
    4. performing obligations under or in connection with the provision of our goods or services to our clients; and
    5. any other purposes/incidental business purposes related to or in connection with the above (including but not limited to consolidated data to create analytical trend data, databases and intellectual capital to improve the quality of our products for the benefit of all clients, provided that no particular client or individual shall be identifiable).
  3. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to your employment contract should you be hired) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).

Withdrawing Consent

  1. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. As a job applicant, you may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
  2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within ten (10) days of receiving it.
  3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your job application (as the case may be). We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 8 above.
  4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Access to and Correction of Personal Data

  1. If you wish to make
    1. an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
    2. a correction request to correct or update any of your personal data
    which we hold, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
  2. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
  3. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
  4. Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.

Protection of Personal Data

  1. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, use of privacy filters, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
  2. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy of Personal Data

  1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

Retention of Personal Data

  1. We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable laws.
  2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.

Transfers of Personal Data Outside of Singapore

  1. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Data Protection Officer

  1. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures; or if you wish to make any request, in the following manner:

Effect of Notice and Changes to Notice

  1. This Notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
  2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which thisNotice was last updated. Your continued employment and participation in our recruitment process constitute your acknowledgement and acceptance of such changes.

Effective date: 10 May 2021

Join our tech community!

Receive market demand, industry skills and salary insights,
coaching seminar invites – and more!

No spam, no junk, just facts that matter to you.

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

TalentX will use the information you provide on this form to be in touch with you and to provide updates and marketing.