Privacy policy
1. Introduction
The Purpose of this document (“Privacy Policy”) sets out the basis upon which TUFF Group and its subsidiary companies (“we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of our Employees, Job Applicants, Customers, Business Partners, Consultants, Contractors, Service Providers, Outsourced Third-Parties and others who have business dealings with us.
It contains important information about how and why TUFF Group and its subsidiary companies collect, use and disclose personal data of individuals. This policy takes into consideration the Personal Data Protection Act 2012 (“PDPA”)and all applicable PDPA advisory guidelines.
2. Personal Data Protection Act 2012
The PDPA establishes a data protection law in Singapore that comprises various rules governing the collection, use, and disclosure, access to, correction and care of individuals’ personal data by organisations. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
The PDPA contains 2 main sets of provisions, covering data protection (effective 2 July 2014)and a Do Not Call (“DNC”) Registry(effective 2 January2014).
The DNC provisions generally prohibits organisations from sending certain marketing messages (in the form of voice calls, text or fax messages) to individuals with Singapore telephone numbers, registered with the DNC Registry. As TUFF Group and its subsidiary companies does not send marketing messages to individuals, the DNC provisions are not applicable to the company.
TUFF Group and its subsidiary companies intends to comply with all applicable provisions covering data protection by implementing certain procedures as set out below.
3. Definitions
Personal Data
Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.
This includes unique identifiers (e.g. NRIC number, passport number, fingerprint);as well as any set of data (e.g. name, age, address, telephone number, occupation, etc) which when taken together would be able to identify the individual.
Data Protection Officer
Data Protection Officer (“DPO”) means an individual designated by the organisation under Section 11(3) of the Personal Data Protection Act 2012 (“Act”)responsible for ensuring that the organisation complies with this Act or an individual to whom the responsibility of the data protection officer has been delegated under section 11(4) of the Act.
4. When We Collect Your Personal Data
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
We collect your personal data when you:
- Engage our services through agreements and contracts
- submit to your application/registration form for our products and services
- Submit to us your membership/registration form to sign up as a member
- Respond to our electronic direct marketing
- Participate in our surveys
- Submit your CV and job application form to us in response to our recruitment publicity and advertisements in newspapers and websites, or at roadshows or job fairs
- Submit your CV to recruitment firms or job portals, which are in turn forwarded to or retrieved by us
- Such Personal data may be provided to us in forms filled out by individuals through our websites, face to face meetings, email messages, telephone conversations (including SMS) or provided by third parties.
- If any individuals contact us, we may keep a record of that contact. We collect these personal data when it is necessary for business purposes or to meet the purposes for which the individual have submitted the information.
- If any party is acting as an intermediary or otherwise on behalf of a third-party individual or supplying us with information regarding a third-party individual (such as a friend, a colleague, an employee etc), such intermediary party undertakes that you are an authorised representative or agent of such third-party individual and that you have obtained all necessary consents from such third-party individual to the collection, processing, use and disclosure by us of their Personal Data.
We will only collect, hold, process, use communicate and/or disclose such personal data in accordance with this privacy policy.
5. Types of Personal Data We Collect
As used in this Policy, “personal data” means data, whether true or not, about an employee, job applicants, customers, clients, business contacts, partners, personnel, contractors and other individuals who can be identified:
- from that data; or
- from that data and other information to which we have or are likely to have access.
-
If you are a job applicant, personal data which we may collect includes, without limitation, your:
- name or alias, gender, date of birth, nationality, and country and city of birth;
- mailing address, telephone numbers, email address and other contact details;
- resume, educational qualifications, professional qualifications and certifications and employment references;
- employment and training history;
- family particulars;
- work-related health issues and disabilities; and
- photograph.
-
If you are an employee, Personal data which we may collect in the context of your employment with us includes, without limitation, your:
- name or alias, gender, NRIC/FIN or passport number, date of birth, nationality, and country and city of birth;
- mailing address, telephone numbers, email address and other contact details;
- employment and training history;
- salary information and bank account details;
- details of your next-of-kin, spouse and other family members;
- work-related health issues and disabilities;
- records on leave of absence from work;
- photographs and other audio-visual information;
- performance assessments and disciplinary records; and
- any additional information provided to us by you as a job applicant (that is, prior to being engaged as an employee).
-
If you are an independent consultant, personal data which we may collect includes, without limitation, your:
- name or alias, gender, date of birth, nationality, and country and city of birth;
- email address, telephone numbers;
- resume, educational qualifications, professional qualifications and certifications and employment references;
- employment and training history;
-
Clients, customers, business contacts, partners, personnel, contractors and other individual’s personal data which we may collect
- name, email address, telephone numbers;
-
Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
6. Who We Disclose Your Personal Data To
We disclose some of the personal data we have collected about you to the following parties or organisations outside TUFF Group and its subsidiary companies:
- our affiliated companies
- agents, contractors, data intermediaries or third-party service providers who provide services, such as telecommunications, mailing, information technology, payment, payroll, data processing, storage and archival, to us;
- Accounting firms, external banks, financial institutions and their respective service providers.
- relevant government regulators, statutory boards or authorities, customs and immigration purposes or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any government authority; and
- any other person in connection with the purposes set forth above
-
7. Collection, Use And Disclosure Of Personal Data
You may write in to us, based on reasonable grounds, to find out how we have been using or disclosing your personal data. We are obligated under the PDPA to allow you access to your personal data of the past one year, and to make any correction if there is any error or omission. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request within 30 days. If we are unable to do so, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the man-effort involved in retrieving your records.
7.1 Obtaining Consent
On or before we collect, use or disclose your personal data, we will notify you of the purpose on why we are doing so. We obtain written confirmation from you on your expressed consent. As far as possible, we will not collect more personal data than necessary for the stated purpose.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for a job with us.
7.2 Withdrawal Consent
If you wish to withdraw consent, you should give us reasonable advance notice. You have to be aware, though, of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us or our clients.
Your request for withdrawal of consent can take the form of an email or letter to us, or through the “UNSUB” feature in an online service.
8. Access to And Correction Of Personal Data
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do sounder the PDPA).
Please note that before we accept your request, we may need to verify your identity by checking your NRIC/Passport or other legal identification document.
Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves.
9. Protection of Personal Data
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
10. Accuracy of Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data we have collected from you is reasonably accurate, complete and up-to-date. From time to time, we may do a verification exercise with you to update us on any changes to your personal data
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
11. Retention of Personal Data
TUFF Group and its subsidiary companies will retain your personal data for as long as it is necessary to fulfil the purposes for which your personal data was collected, or as required or permitted by applicable laws.
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.
12. Transfer Of Personal Data Outside Of Singapore
We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
13. Link to Third Party Websites
This website may contain links to third party sites whose data protection and privacy practices differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to consult the privacy policies of those websites. TUFF Group and its subsidiary companies is not responsible for any information that is submitted to or collected by these third parties.
14. IP Address
When you visit this website, our server may record your IP address together with the date, and duration of your visit. An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet. We may use this information to compile statistical data on the use of this website to track how users navigate through this website. We may do this, so we can evaluate and improve our site.
15. Cookies
This website uses cookies to monitor browsing preferences and help us analyse data about web page traffic in order to make website improvements and for statistical analysis purposes. A cookie does not give us access to your computer or any personally identifiable information about you, other than the data you choose to share with us. Most internet browsers offer the option to turn off any cookie.
Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to access all or parts of our Website or to fully experience the interactive features of the TUFF Group and its subsidiary companies services or websites you visit.
TUFF Group and its subsidiary companies is not responsible for the Personal Data policies (including Personal Data protection and cookies), content or security of any third-party websites linked to the TUFF Group and its subsidiary companies website.
16. Effect of Policy and Changes to Policy
This Policy applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued employment and participation in our recruitment process constitute your acknowledgement and acceptance of such changes.
Effective date: 16-APR-2021
Last updated: 16-APR-2021
17. Contact Us
You may contact us if you have any enquiries or feedback on our personal data protection policies and procedures; or if you wish to make any request, in the following manner:
Any query or complaint should include, at least, the following details:
Your full name and contact information
Brief description of your query or complaint
We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.
Address:
3791 Jalan Bukit Merah
#06-19, E-Centre@Redhill
Singapore 159471
Attn: Data Protection Officer
Email: info@tuffgroup.com