ARCO respects the privacy and confidentiality of the personal data of our Customers, Partners, Consultants, Contractors, Service Providers, Outsourced Third-Parties and others who have business dealings with us. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Personal Data Protection Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data with us.
2. How We Collect Your Personal Data
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
We collect your personal data when you:
- Engage our services through agreements and contracts
- Submit to us your application/registration form for our products and services
- Submit to us your membership/registration form to sign up as a member
- Respond to our electronic direct marketing
- Participate in our surveys
- Correspond with us via emails and over the phone (including SMS)
- Submit your CV and job application form to us in response to our recruitment publicity and advertisements in newspapers and websites, or at roadshows or job fairs
- Submit your CV to recruitment firms or job portals, which are in turn forwarded to or retrieved by us
3. Types of Personal Data We Collect About You
The types of personal data we collect about you may include:
- Personal particulars (NRIC / FIN No. / Passport No., Name, Gender, Date of Birth, Citizenship, Country of Residence)
- Personal contact information (Phone No., Mobile Phone No., Residential Address, Mailing Address, Email address)
- Financial information (Type of credit card, Cardholder Name, Credit Card No.)
- Purchase information (Purchase history, Product/Service preferences)
- Educational and professional qualifications – for job application
- Work experience – for job application
4. How We Use Your Personal Data
We use the personal data we have collected about you for one or more of the following purposes:
- Analyse and data-mine to deliver better products and services, and customer experiences
- Notify customers about our products, services, enhancements, special offers, specific software updates and upcoming events
- Process and administer membership applications (if any)
- Process exchange or product returns, rewards and redemptions
- Billing and payment processing
- Customer care and account management
- Delivery of products and services
- Fulfilment of orders and services
- Contact winners of contests/competitions
- Process job applications and recruitment
5. Who We Disclose Your Personal Data To
We may disclose some of the personal data we have collected about you to the following parties or organizations outside ARCO:
- Accounting firms
- Recruitment agencies
- External advisors (recruiters, auditors, lawyers)
- Delivery services
- Mailing houses, freight and courier services
- Government Ministries / Departments
- Law Enforcement Agencies for security, customs and immigration purposes
6. How We Manage the Collection, Use and Disclosure of Your Personal Data
6.1 Obtaining Consent
On or before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We next obtain written confirmation from you on your expressed consent. As far as possible, we will not collect more personal data than necessary for the stated purpose.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for a job with us.
6.2 Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. You have to be aware, though, of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us or our clients.
Your request for withdrawal of consent can take the form of an email or letter to us, or through the “UNSUB” feature in an online service.
7. How You Can Access and Make Correction to Your Personal Data
You may write in based on reasonable grounds, to find out how we have been using or disclosing your personal data. We are obligated under the PDPA to allow you access to your personal data of the past one year, and to make any correction if there is any error or omission. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request within 30 days. If we are unable to do so, we will let you know and give you an estimate of how much longer we require.
8. How We Ensure the Accuracy of Your Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data we have collected from you is reasonably accurate, complete and up to-date. From time to time, we may do a verification exercise with you to update us on any changes to your personal data.
9. How We Protect Your Personal Data
We will take the necessary security arrangements to protect your personal data that is in our possession to prevent unauthorized access, use, disclosure, or similar risks. We will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorized persons on a ‘need to know’ basis.
Third parties engaged by us to process and maintain your personal data on our behalf will be bound by contractual information security arrangements we have with them.
10. How We Retain Your Personal Data
We will not retain any of your personal data under our charge when it is no longer necessary for any business or legal purposes. Based on our Document Retention Policy, we will ensure that your personal data that is no longer needed by us will be destroyed or disposed of in a secure manner.
11. How We Transfer Your Personal Data
If there is a need for us to transfer your personal data to another country, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
12. How We Handle Queries and Complaints
If you have any query or feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer at: firstname.lastname@example.org.
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
- We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.