1. Introduction and Policy Overview
JobsMercury is committed to protecting the privacy and personal data of individuals in accordance with the Personal Data Protection Act (PDPA) of Singapore. This Data Protection Policy outlines our practices and procedures for handling personal data to ensure compliance with applicable data protection laws and regulations.
2. Definitions
2.1 Personal Data: Refers to any data, whether true or not, that can identify an individual directly or indirectly.
2.2 Data Protection Officer (DPO): Designated individual responsible for overseeing data protection compliance within our organization.
3. Data Protection Principles
3.1 Consent: We will obtain consent from individuals before collecting, using, or disclosing their personal data, unless exempted by the PDPA.
3.2 Purpose Limitation: Personal data will only be collected and used for specified purposes, and individuals will be informed of these purposes at the time of collection.
3.3 Accuracy: Reasonable steps will be taken to ensure that personal data is accurate and kept up-to-date.
3.4 Retention: Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
3.5 Protection: Appropriate measures will be implemented to protect personal data from unauthorized access, disclosure, alteration, or destruction.
4. Data Collection
4.1 Types of Personal Data: We will collect personal data that is relevant and necessary for the purposes identified, which may include but are not limited to: Email address, phone number.
4.2 Lawful Bases for Collection: Personal data will be collected based on one or more lawful bases, such as consent, contractual necessity, legal obligation, vital interests, legitimate interests, or public interest.
4.3 Consent: We will seek individuals’ consent for the collection, use, and disclosure of their personal data, and provide clear information regarding the purposes for which their data will be used.
5. Data Use and Disclosure
5.1 Internal Use: Personal data will be used only for the purposes for which it was collected, and access will be limited to authorized personnel who require the data for legitimate business purposes.
5.2 Third-Party Disclosure: Personal data will not be disclosed to third parties without prior consent, unless permitted or required by law.
5.3 Data Sharing Agreements: When personal data is shared with third parties, appropriate data sharing agreements will be established to ensure the protection and confidentiality of the data.
6. Data Security
6.1 Data Protection Measures: We will implement reasonable security measures to safeguard personal data, including but not limited to physical, technical, and organizational controls.
6.2 Data Breach Response: In the event of a data breach, we will promptly assess the situation, take appropriate measures to mitigate the impact, and notify affected individuals and the relevant authorities, as required by law.
7. Data Retention and Disposal
7.1 Data Retention Period: Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations.
7.2 Secure Disposal: Personal data will be securely disposed of when it is no longer needed, using methods that ensure permanent deletion or anonymization.
8. Data Subject Rights
8.1 Access and Correction: Individuals have the right to request access to their personal data and request corrections if it is inaccurate or incomplete.
8.2 Withdrawal of Consent: Individuals have the right to withdraw their consent for the collection, use, or disclosure of their personal data, subject to legal and contractual restrictions.
8.3 Complaints and Inquiries: We will promptly address any complaints or inquiries related to the handling of personal data and provide appropriate resolution or information.
9. Staff Training and Awareness
9.1 Training Programs: We will provide training and guidance to our employees on data protection principles, their responsibilities, and best practices for handling personal data.
9.2 Data Protection Awareness: We will foster a culture of data protection awareness and encourage employees to be vigilant in safeguarding personal data.
10. Compliance and Monitoring
10.1 Compliance Assessment: We will regularly assess our data protection practices to ensure compliance with applicable laws, regulations, and internal policies.
10.2 Audits: Periodic audits will be conducted to review the effectiveness of our data protection measures and identify areas for improvement.
11. Policy Review and Updates
11.1 Policy Review: This Data Protection Policy will be reviewed periodically to ensure its relevance, accuracy, and compliance with changing legal requirements.
11.2 Policy Updates: Updates to this policy will be communicated to employees and stakeholders, and their compliance will be expected.
12. Enforcement and Consequences
12.1 Policy Violations: Violations of this Data Protection Policy may result in disciplinary action, including but not limited to warnings, suspension, termination of employment, or legal consequences.
12.2 Reporting Concerns: Employees are encouraged to report any suspected breaches of this policy or any concerns regarding data protection to the DPO or the appropriate authority.
By adhering to this Data Protection Policy, JobsMercury is committed to safeguarding personal data and ensuring the privacy rights of individuals are respected and protected in accordance with the PDPA and other relevant regulations.
For any enquiries relating to personal data protection, please contact the following Data Protection Officer.
dpo@jobsmercury.com.sg
JobsMercury
Last updated: 16 October 2024
