Personal Data Protection Policy

 

1. Introduction

GOSHEN CONSULTANCY SERVICES PTE LTD (the “Company”) is a business consulting company that provides consulting and training services to healthcare and social service agencies. We take responsibility under Singapore’s Personal Data Protection Act 2012 (the "PDPA") seriously. We will always update the latest Personal Data Protection Policy on our website at www.consultgoshen.com

 

2. Purpose

This policy governs the collection, use and disclosure of personal data from employees, customers and Third parties to us and explains how we collect and handle personal data of individuals and comply with the requirements of the Personal Data Protection Act 2012 of Singapore and its regulation(s) (“PDPA”). In this policy, “personal data” shall have the meaning ascribed to it in the PDPA.

The Personal Data Protection Policy sets out:

a) Our policy on how we manage your personal data;

b) Type of personal data we collect, use, disclose and/or retain;

c) How we collect, use, disclose and/or retain your personal data;

d) Purpose(s) for which we collect, use, disclose and/or retain your personal data

3. Responsible

Data Protection Officer (DPO) of company update this Data Protection Policy annually or as deemed necessary, from time to time to ensure that this Data Protection Policy is consistent with future developments, market trends, any changes in technology, legal or regulatory requirements. 

 

4. Scope

This policy covers all the activities in GOSHEN CONSULTANCY SERVICES PTE LTD related to Personal Data Protection.

 

5. Consent

We will collect, use or disclose personal data for employment and reasonable business purposes only if there is consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under applicable laws.

Such consents are obtained from our customers, employees or supplier via an application form, signing contract or by declaration that they have read and consent to our Terms and Conditions to collect, use, retain, dispose, handle, transfer, process and/or disclose your personal data, in accordance with this privacy.

6. Collection of Personal Data:

6.1 Personal Data collected from Customer - 

6.1.1 Purpose and Scope 

We only collect personal data from our customers to enable us to carry out our operation, contract agreement and any other related to business. Such personal data is provided to us in the application forms filled by our customers both online or in person, face to face interviews, email messages and telephone conversations. We will not use or disclose information collected from our customers other than the purpose made known herein or as may be necessary to comply with the applicable laws.

6.1.2 Type of Personal Data Collected

Personal data are collected for the purposes mentioned hereinabove, taking into consideration the nature and sensitivity of the personal data. Your personal data are strictly handled, and we endeavour not to collect information that exceeds that required by law and/or information we need to process the operation. The Personal Data may be collected are Full Name, Employee ID (Client’s Company), Gender, Contact No., Email Address, Signature, Photo identification and Medical History.

 

6.2 Personal Data collected from Employees - 

6.2.1 Purpose and Scope

We collect personal data from our employees to enable us to understand, plan, manage, evaluate their employment. Such personal data is provided to us in the resume by our employees when they are employed. Company will inform the employees of the purposes for the collection, use and disclosure of their personal data and obtain their consent prior to the collection, use and disclosure. We will not use or disclose information collected from our employees other than the purpose made known herein or as may be necessary to comply with the applicable laws.

We use the personal data for the following purposes:

  1. Manage employee’s employment and profile

  2. Evaluate the suitability of employment

  3. CPF purposes

  4. To apply for Work Permit/S Pass/ E Pass

  5. To manage certain staff schemes like training or educational subsidies

  6. For the purpose of employment such as drafting employment letter

  7. To purchase work-related insurances

  8. To process payment for your services

  9. To comply with applicable laws and regulations

 

6.2.2 Type of Personal Data Collected

The personal data will be collected for the abovementioned purposes, taking into consideration the sensitive nature of personal data. The handling of personal data is done in a strict manner, and we endeavour not to collect information that exceeds that required by law or the foregoing purposes.  The Personal Data will be collected are Full Name, IC No./ FIN No./Passport No., Nationality, Gender, Date of Birth, Home Address, Contact No., Email Address, Work experience, Curriculum Vitae, Designation, Bank Account, Photograph, Income, CPF Account and Marital information. 

 

6.3 Personal Data collected from Third parties

6.3.1 Purpose and Scope

We only collect personal data from third parties to enable us to carry out our operation, contract agreement, payment purpose and any other related to business. Such personal data is provided to us in face to face interviews, email messages and telephone conversations. We will not use or disclose information collected from our customers other than the purpose made known herein or as may be necessary to comply with the applicable laws.

6.3.2 Type of Personal Data Collected

Personal data are collected for the purposes mentioned hereinabove, taking into consideration the nature and sensitivity of the personal data. Your personal data are strictly handled, and we endeavour not to collect information that exceeds that required by law and/or information we need to process the operation. The Personal Data may be collected are Company Name, Registration No. (U.E.N), Company Address, Company Bank Account No. , Company Contact information (Tel No., Fax No. & Email Address), Full Name of Person In Charge, Contact No. of Person In Charge and Email Address of Person In Charge.

7. Disclosure of Personal Data

7.1 Personal Data of Customer

​7.1.1 Purpose and Scope

We do not disclose personal data of customer except when required by law or when we have the individual’s consent or in cases where we have engaged a certain aspect of company’s activity such as accounting and auditing functions.  Any such disclosure whom we engage is bound contractually to keep all information confidential.

 

7.1.2 Type of Personal Data Disclosure

The personal data may disclosure are Name, Date of birth, Gender, Email Address and Contact No.  

7.2 Personal Data of Employee

7.2.1 Purpose and Scope

We do not disclose personal data of employees except when required by law or when we have engaged third parties to assist with Training or a certain aspect of the company’s activity such as accounting, HR and auditing functions.  Any such third parties whom we engage are to keep all information confidential. When sharing personal data to third party, we will ensure that the data is correct and the original copy of the document is used to verify the copy.

7.2.2 Type of Personal Data Disclosure

The personal data may be disclosed for the purposes of training, or certain aspect of the company’s activity such as accounting, HR and auditing functions are Name, Personal Identification Number, Address, Contact No., Email Address, Designation, Qualifications, Appraisal, Income, deductibles and income tax.

 

8. Access to and Correction of Personal Data

We may process our customer’s/ employee’s / third parties’ request and provide them with access to their personal data or other appropriate information on their personal data in accordance with the requirements of the PDPA, which is made known to our customers via the Terms and Conditions and this policy. Our customers/employees/third parties can contact us via email at aisiew@consultgoshen.com for such request or fill-up the Request Note.

We will correct an error or omission in the individual’s personal data that is in our possession or control in accordance with the requirements of the PDPA upon the request. The request will be processed within 8 working days. If the DPO unable to process the request within 8 working days, an email should be sent to notify the requester regarding the extension of time needed to process their request at any point of time before the expiry of the 8 working days.

9. Withdrawal of Consent

Request for withdrawal of consent given to have been given will be processed within 8 working days. We will inform the individual of the likely consequences of withdrawing their consent. Thereafter, we will cease collection of any personal data and remove the personal data unless it is required or authorised under applicable laws. Should the DPO be unable to process the request within 8 working days, an email should be sent to notify the customer regarding the extension of time needed to process their request after assessing their request before the expiry of the 8 working days.

10. Accuracy of Personal Data

We ensure that personal data collected by us is accurate by verifying the data against the original relevant document. You may also keep us informed when there are any updates to your Personal Data by contacting us directly.

 

11. Security and Protection of Personal Data

We have implemented generally accepted standards to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, retention or similar risks. The Company’s personnel observe a strict internal policy. Access to personal data is only given to our personnel on a necessary basis, kept to a minimum and where they have agreed to ensure confidentiality of this information.

 

12. Retention of Personal Data

We will cease collection of any personal data and remove the personal data when it is no longer necessary for any business or legal purposes unless it is required or authorised under applicable laws.

The retention of information related to an employee will be retained and will not be disposed of for review and record-keeping purposes. 

13. Transfer of Personal Data outside of Singapore

We do not transfer data overseas. However, we will ensure that any transfers of personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.

If identifiable personal data need to be sent overseas, we will take appropriate steps to ensure compliance with the data protection requirements in PDPA. This includes:

  • Impose legally enforceable obligations on the recipient to provide to the personal data transferred a standard of protection that is comparable under PDPDA such as :

i. Any law;

ii. Any contracts with oversea recipient that requires the recipients to provide a comparable standard of protection and specifies the countries & territories to which the personal data may be transferred to; or

iii. Have binding corporate rules with overseas recipient(s) to provide a comparable standard of protection, specify the recipients, countries and territories to which the binding corporate rules apply, and rights and obligations provided by the rules

  • Consent given after reading a written summary of the extent to which his/her personal data will be protected in the countries and territories that the personal data will be transferred to

  • The transfer is necessary for the performance of a contract between the organisation and individual / between the organisation and a third party

  • The personal data is publicly available in Singapore

  • Take necessary measures to ensure that personal data transferred will not be used or disclosed by the recipient for purposes other than the foregoing

 

14. Privacy on Our Websites

This Policy also applies to any personal data we collect via our websites. Cookies may be used on some pages of our websites. “Cookies” are small text files placed on your hard drive that assist us in providing a more customised website experience. Cookies are now used as a standard by many websites to improve users’ navigational experience. If individuals are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites. However, other functionality in the site may be impaired. After termination of the visit to our site, a visitor can always delete the cookie from his/her system if he wishes.

 

15. Notification

We endeavour to notify our customers, employees and third parties of any changes to this policy and the new purpose of collection, use and disclosure of Personal Data Protection 14days in advance after which the changes will be made effective and published on our website.

16. Data Protection Officer

If you have any questions or complaints relating to the use or disclosure of your Personal Data, or if you wish to know more about our data protection policies and practices, please contact our Data Protection Officer (Ai Siew) via email at aisiew@consultgoshen.com or 6224 1378.

© 2019 by Goshen Consultancy Services Pte Ltd | REG no. 201135030C