This Policy sets out the manner in which CNPLaw LLP (“CNP“) collects, uses, manages and protects Personal Data (as defined below) in compliance with the provisions of the Personal Data Protection Act 2012 (“PDPA“).
This Policy applies to all Individuals (as defined below) who provide CNP with Personal Data or whose Personal Data is otherwise collected, used and/or disclosed by CNP in connection with and/or for the purposes of its operations.
This Policy supplements but does not supersede or replace any previous consent which an Individual may have provided to CNP, nor does it affect any rights that CNP may have at law in connection with the collection, use and/or disclosure of any Individual’s Personal Data. Subject to that, CNP will not collect any Personal Data from an Individual unless the Individual has voluntarily chosen to provide us with the Personal Data or as required for the purposes of providing services to the Individual or by law.
CNP may from time to time update this Policy to ensure it is consistent with its future developments or business purposes or to accommodate future changes to applicable legal or regulatory requirements. All updates to this Policy will be published at www.cnplaw.com (“CNP Website“) and appropriate notifications of any material revisions will be published on the CNP Website and may be issued separately to relevant persons such as may be determined by CNP. Subject to an Individual’s rights at law, the prevailing terms of the Policy from time to time shall apply. By continuing their relationship with CNP after any amendments have been introduced and published on the CNP Website, Individuals shall be deemed to have accepted the Policy as amended.
For the avoidance of doubt, this Policy forms part of the terms and conditions, if any, governing an Individual’s specific relationship with CNP (“Terms and Conditions”) and should be read in conjunction with such Terms and Conditions. In the event of any conflict or inconsistency between the provisions of this Policy and the Terms and Conditions, the provisions of the Terms and Conditions shall prevail to the fullest extent permissible by law.
For purposes of this Policy:
“Individual” means a natural person, whether living or deceased and “Individuals” shall be construed accordingly;
“CCTV” means Closed-circuit Television;
Personal Data means data that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to CNP;
“Personnel” means any Individual engaged under a contract of service with CNP, a contract for service with CNP, permanent or temporary employees as well as trainees and interns engaged by CNP from time to time; and
“Potential Personnel” means any Individual who has submitted an application to be engaged by CNP as Personnel.
- Personal Data collected by CNP
CNP will only collect, use or disclose Personal Data about an Individual which it reasonably considers necessary for the relevant purposes underlying such collection, use or disclosure. Depending on the specific nature of an Individual’s interaction with CNP, Personal Data which CNP collects, uses or discloses concerning an Individual may variously include but is not limited to the following:
- the Individual’s name, gender and contact particulars, including telephone number(s), residential/mailing address(es) and email address;
- details of the Individual’s identification documents (such as, NRIC or passport numbers), and applicable visa or permits (such as employment pass, work permit, permanent residency status);
- details of the Individual’s employment history and academic qualifications;
- the name and contact particulars of the Individual’s next-of-kin;
- the Individual’s network usage data and other information gathered automatically by our computer systems, including the Individual’s computer IP address, links visited and other activities conducted online or using our computer systems;
- photographs and video or CCTV recordings of the Individual; and
- other information which the Individual may provide to CNP, from time to time, in the course of such Individual’s interaction with CNP.
- How CNP collects Personal Data Generally, CNP may collect Personal Data from an Individual in one or more of the following ways or circumstances:
- when the Individual interacts with CNP’s staff via telephone calls, emails, other correspondence and/or face-to-face meetings;
- when the Individual visits CNP’s premises;
- when the Individual specifically requests that CNP contact him or her or requests to be included in an email or any mailing list maintained by CNP;
- when the Individual responds to any request by CNP for the provision of Personal Data;
- when CNP receives references or referrals from its business partners or other third parties;
- when the Individual attends or participates in any event organised by CNP;
- when the Individual submits his or her Personal Data to CNP pursuant to a job application;
- when the Individual subscribes to CNP’s publication(s); and/or
- when the Individual submits his or her Personal Data to CNP for any other reason related to CNP’s ordinary course of business operations.
- Purposes of collection, use and disclosure of Personal Data Generally, CNP collects, uses and/or discloses Personal Data from Individuals for one or more of the following purposes:
- Provision of services
- administering and managing the Individual’s relationship with CNP;
- providing the Individual with information about CNP’s services and/or the services of any external vendor that is providing services or products in partnership or collaboration with CNP;
- responding to the Individual’s complaints, queries and/or requests;
- facilitating and/or organising events;
- informing the Individual of changes and/or updates to CNP’s policies, terms and conditions and/or other administrative information;
- Security measures
- verifying the Individual’s identity or monitoring the Individual’s activities, including without limitation via CCTV observation and/or recording;
- preventing, detecting and investigating fraud, misconduct, any unlawful action, omission or dispute, and whether or not there is any suspicion of the aforementioned;
- General business operations of CNP
- staff training, quality assurance and performance evaluation;
- legal purposes (including but not limited to the Individual obtaining legal advice and dispute resolution);
- meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines which are binding on CNP (including but not limited to responding to regulatory complaints, disclosure to regulatory bodies and conducting audit checks, due diligence and investigations);
- Managing Personnel
- administering, managing and/or terminating CNP’s relationship with Personnel;
- evaluating the performance of Personnel;
- undertaking staff training and quality assurance activities;
- providing Personnel with services, facilities and/or other benefits being offered or made available by CNP to such Personnel as well as information about such services, facilities and benefits;
- Managing Potential Personnel
- administering and managing CNP’s relationship with Potential Personnel;
- evaluating the suitability and eligibility of Potential Personnel to be engaged by CNP;
- where CNP circulates CNP’s publications or marketing information to an Individual or to any person which may be disseminated to and individual relating to services offered by CNP (whether by CNP or CNP’s business partners) which CNP thinks is or may be of benefit or interest to him/her via postal mail, electronic transmission to his or her or any email address(es), and/or voice call or phone call and/or fax to his or her or any telephone number(s);
- for promotional and publicity purposes, including recording or taking photographs of participants at events or functions organised, hosted or participated by CNP;
- for transfer to third party data intermediaries to facilitate any of the aforesaid purposes;
- for any purposes reasonably related to any of the above purposes; and
- for any other purposes in relation to which CNP has specifically obtained the Individual’s consent.
- Consent Unless otherwise authorised under the PDPA or any other applicable law, CNP will not collect, use or disclose an Individual’s Personal Data without his or her consent.CNP will take reasonable steps to highlight the purposes relevant to an Individual, by appropriate means, at the point or time of collection of the Personal Data from such Individual, including:
- via express provisions in contracts, application forms and/or registration forms to be signed with or submitted to CNP;
- via notifications on CNP’s websites;
- in the course of verbal communications;
Where feasible, CNP will inform the Individual of purposes that are intrinsic to the relationship between CNP or to the provision of services to such Individual, as well as purposes that are optional.
In so far as any purpose(s) are intrinsic to the relationship or provision of services, CNP reserves the right to decline to engage in the relevant relationship or to provide the relevant services to the Individual if he or she does not consent to CNP’s collection, use or disclosure of his or her Personal Data for such purpose.
- voluntarily provide their Personal Data to CNP for the specified purposes;
- use or access CNP’s website(s) or computer network;
- enter CNP’s premises or using any of the facilities thereon; and/or
- attend or participate in events or programmes organised by CNP.
An Individual who provides CNP with Personal Data relating to a third party (e.g. information of his or her spouse or children) for any particular purpose, represents to CNP that he/she has obtained the consent of the relevant third party to CNP collecting, using or disclosing such Personal Data for the relevant purpose.
In so far as CNP collects Personal Data of an Individual from any third party(ies), CNP will take reasonable steps to inform the relevant third party(ies) of CNP’s purposes for collecting the Personal Data and to verify that consent from the Individual has been obtained by the relevant third party(ies) to such disclosure for the intended purpose.
- Disclosure of Personal Data
In carrying out one or more of the above Purposes, CNP may need to disclose Individuals’ Personal Data to the following third parties for one or more of the above Purposes:
- to CNP’s third party service providers or agents;
- any external vendor that is providing services or products in partnership or collaboration with CNP;
- to CNP’s auditors and professional advisors;
- any person to whom disclosure is permitted or required by any statutory provision or law;
- any permitted assigns; and/or
- to any local or foreign regulatory body, government agency, statutory board, ministry, department or other government body and/or its officials.
- Withdrawal of Consent
Any Individual who wishes to withdraw his or her consent to any use or disclosure of his or her Personal Data by CNP as set out in this Policy may do so by contacting CNP’s Data Protection Officer at email@example.com.
Depending on the extent to which an Individual withdraws consent to the use or disclosure of his or her Personal Data by CNP, such withdrawal of consent may result in CNP’s inability to provide services to the Individual and may be considered as a termination by the Individual of any agreement between CNP and the Individual. CNP’s legal rights and remedies are expressly reserved in such event.
- Verification of Personal Data & Notification of Changes
Where feasible, CNP will take reasonable steps to verify the accuracy of Personal Data received at the point of collection but Individuals remain primarily responsible and liable to ensure that all Personal Data submitted by them to CNP is complete and accurate. Information voluntarily provided by an Individual to CNP shall prima facie be deemed complete and accurate.
CNP will also take reasonable steps to periodically verify Personal Data in its possession, taking into account the exigencies of its operations, but Individuals are nonetheless responsible for notifying CNP, from time to time, of any applicable changes to such Personal Data.
CNP shall not be held liable for any inability on its part to provide services to an Individual who fails to ensure that his or her Personal Data submitted to CNP is complete and accurate or who fails to notify CNP of any relevant changes to such Personal Data.
- Activities undertaken prior to 2 July 2014
CNP may continue to use Personal Data of an Individual that was collected before 2 July 2014 for purposes for which the Personal Data was collected unless consent is withdrawn by that Individual. Individuals who wish to withdraw their consent to CNP’s use of their Personal Data may contact CNP’s Data Protection Officer at firstname.lastname@example.org.
- Protection of Personal Data
CNP shall make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to Personal Data in its possession.
If CNP transfers Personal Data outside Singapore, CNP will take reasonable steps to ensure that such Personal Data transferred receives a standard of protection comparable to the protection received under the PDPA and such transfer shall be subject to this Policy.
CNP will ensure that third parties who receive Personal Data from CNP protect such Personal Data in a manner consistent with this Policy and not use such Personal Data for any purposes other than those specified by CNP, by incorporating appropriate contractual terms in its written agreements with these third parties.
CNP is not responsible in any way for the security and/or management of Personal Data shared by Individuals with third party websites accessible via links on CNP’s website.
- Contacting CNP-Access and Correction of Personal Data
Any Individual who:
- has questions or feedback relating to this Policy;
- would like to obtain access to his or her Personal Data held by CNP;
- would like to obtain information about the ways in which his or her Personal Data held by CNP has been or may have been used or disclosed by CNP in the year preceding the request; and/or
- would like to update or make corrections to his or her Personal Data held by CNP,
should contact CNP’s Data Protection Officer at email@example.com.
Individuals should note that CNP is not required, under the PDPA, to provide access and correction to Personal Data in certain exempted situations as set out in the PDPA.
The PDPA allows and CNP reserves the right to charge a reasonable fee for the handling and/or processing of access requests by an Individual pursuant to paragraphs (b) or (c) above.
- Governing Law
This Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.