HOW WE COLLECT YOUR PERSONAL DATA

Personal data refers to any information that can uniquely identify a person (a) on its own, or (b) when combined with other information. Under the Personal Data Protection Act 2012 (PDPA), business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.

We collect your personal data when:

• you request for us to contact you via telephone or email.

• you enquire about our range of services

• you provide feedback to us on our quality of service

 

We may rely on the Second Schedule exception of the Personal Data Protection Act to collect your personal data without consent under the following circumstances:

(a) Your personal data is publicly available. For instance, you enquire if we have a job vacancy and to learn more about you, we may access your personal information available on your social media public profile.

 

TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU

Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include name, email address and telephone number. 

 

HOW WE USE YOUR PERSONAL DATA

We use the personal data you provide us for a range of services, including but are not limited to one or more of the following purposes:

• perform obligations during or in connection with our provision of the goods or services requested by you,

• verify your identity,

• respond to, handle, and process queries, requests, applications, complaints, and feedback from you,

• manage your relationship with us,

• comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental or regulatory authority,

• assist in an investigation by an Authority, where there is a reasonable suspicion of the commission of a crime under any written law in any jurisdiction in which Goshen operates,

• any other purposes for which you have provided the information, and

• any other incidental business purposes related to or in connection with the above.

We may rely on the Third Schedule exception of the Personal Data Protection Act to use your personal data without consent under the following circumstances:

(a) To respond to an emergency that threatens your life, health and safety or of another individual. For instance, you fainted in Goshen’s office premises and we will use your PD to the emergency respondent.

​

WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO

• We may pass your personal data to our third-party service providers who need the data to fulfil your request for our services.

• We may pass your personal data to third-party service providers, agents and other organisations we have engaged to perform any of the functions concerning the purposes mentioned above.

• Except as set out above, we do not disclose your personal information unless we are obliged to do so or allowed to do so, by law, or where we need to do so to run our business (for instance where we outsource services or other organisations to process data for us).

• In the event we need to disclose your personal data to third party, we will obtain your written consent prior to disclosing.

We may rely on Fourth Schedule exception of the Personal Data Protection Act to disclose your personal data without consent under the following circumstances:

(a) To respond to an emergency that threatens your life, health and safety or of another individual. For instance, you fainted in Goshen’s office premises and we will disclose your PD to the emergency respondent.

(b) Assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority. For instance, Goshen is contacted by the police to disclose information of the list of job applicants in a certain period.

 

HOW WE MANAGE THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA

Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

We may rely on exceptions to the need for consent under the PDPA Second, Third and Fourth Schedule for the collection, use or disclosure of your personal data as stated in the preceding paragraphs

 

WITHDRAWAL OF CONSENT

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time you are withdrawing it. If you wish to withdraw consent, you should write or email us. Please give us reasonable notice to process and notify you of the consequences of the withdrawal.

We shall seek to process your request within fourteen (14) business days of receiving it. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Individuals have choices regarding our collection, use or disclosure of your personal data. If you choose not to provide us with the personal data described in this notice, we may not be able to perform our obligations as stated in this notice. You have the right to object to the processing of your personal data and withdraw your consent in the manner described in this section.

 

HOW WE ENSURE ACCURACY OF YOUR PERSONAL DATA

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up to date.

We generally rely on personal data provided by you (or your authorised representative). To ensure that your personal data is current, complete and accurate, please update us in writing or via email if there are changes to your personal data.

​

HOW WE PROTECT YOUR PERSONAL DATA

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, and disclosing personal data both internally and to our authorised third-party service providers and agents only on a need-to-know basis.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

 

HOW WE RETAIN YOUR PERSONAL DATA

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

We will cease to retain your personal data or remove how the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

 

HOW YOU CAN ACCESS AND CORRECT YOUR PERSONAL DATA

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about how we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer (DPO) at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

In general, our response will be within fourteen (14) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

 

TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

 

CONTACTING US

If you have any query or feedback regarding this Notice or any concern you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at dpo@consultgoshen.com

Any query or concern should include, at least, the following details:

• Your full name and contact information

• Brief description of your query or concern

We treat such queries and feedback seriously and will deal with them confidentially and within a reasonable time.

 

CHANGES TO THIS DATA PROTECTION NOTICE

We may update this Data Protection Notice from time to time. Please visit our website periodically to note any changes. Changes to this Notice take effect when they are posted on our website.