Personal Data and Protection Policy
From time to time, it may be necessary for employees, service contractors and job applicants to supply SSP with personal data about yourself and other individuals for purposes in connection with your employment or your job application.
Depending on the nature of your interaction with us, the following are (without limitation) some examples of personal data which SSP may collect from a service contractor or job applicant:
a. name, gender, NRIC/FIN, passport number, date of birth, nationality and country and city of birth;
b. mailing address, telephone numbers, email address and other contact details;
c. resume, educational qualifications, professional qualifications and certifications and employment references;
d. employment and training history;
e. salary information and bank account details;
f. details of next-of-kin, spouse and other family members;
g. health issues and disabilities;
i. performance assessments and disciplinary records; and
j. any additional information provided to SSP as a service contractor or job applicant.
Collection, Use And Disclosure Of Personal Data
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided consent (express, implied or deemed) to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law). To avoid doubt, where our purposes of obtaining personal data is for direct marketing messages, we will obtain express consent from you, which will be obtained through the opt-in method.
In accordance with our obligations under the PDPA, SSP will only collect, use and/or disclose your personal data for purposes that a reasonable person would consider appropriate in the circumstances and that you have been informed of (where applicable).
For job applicants, SSP will collect and use personal data and may disclose personal data to third parties where necessary for one or more of the following purposes:
a. assessing and evaluating your suitability for employment/engagement in any current or prospective position within SSP;
b. verifying your identity and accuracy of your personal details and other information provided;
c. responding to queries of job applicants; and
d. any other purpose reasonably related to the aforesaid purposes.
For an employee and service contractors, SSP will collect and use personal data and may disclose personal data to third parties where necessary for one or more of the following purposes:
a. performing obligations under or in connection with your employment/engagement with SSP, including (without limitation) payment of remuneration and tax;
b. all administrative and human resources related matters within SSP, including (without limitation) administering payroll, granting access to SSP’s premises and computer systems, processing leave applications, administering insurance and other benefits, processing of claims and expenses, investigating any acts or defaults (or suspected acts or defaults) and developing human resource policies;
c. considering and processing applications for continuing skill development and training, including (without limitation) organising training and staff development programs;
d. providing resources and assistance in connection with the performance of duties (including without limitation making business-related travel arrangements on their behalf);
e. managing and terminating the employment contract, including (without limitation) monitoring internet access and use of SSP’s intranet email to investigate potential contraventions of SSP’s internal or external compliance regulations, and resolving any employment-related grievances;
f. conducting disciplinary and security matters and/or arrangements;
g. carrying out background checks, investigation and screening activities in accordance with legal or regulatory obligations that may be required by the Singapore law or that may have been put in place by SSP;
h. producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements and performing SSP’s policy/process reviews;
i. assessing and evaluating your suitability for employment/engagement or continued employment/engagement in any position with SSP;
j. responding to requests for information from embassies, public agencies, ministries, statutory boards or similar authorities;
k. responding to queries of employees;
l. ensuring business continuity for SSP in the event that your employment/engagement with SSP is or will be terminated;
m. facilitating SSP’s compliance with any laws, customs and regulations which may be applicable to SSP;
n. publishing in internal SSP’s publications and broadcasts such as newsletters and email; and
o. any other purpose reasonably related to the aforesaid purposes.
The purposes listed in the above clauses may continue to apply even in situations where your employment/engagement with SSP has been terminated or altered in any way, and for a reasonable period thereafter (including, where applicable, a period to enable SSP to enforce its rights under any contract with you).
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request SSP to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to SSP’s Data Protection Officer.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and, if necessary, for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten(10) business days of receiving it.
Withdrawal of consent does not affect SSP’s right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
Access To And Correction Of Personal Data
If you wish to make (a) an access request for access to a copy of the personal data which SSP holds about you or information about the ways in which SSP uses or discloses your personal data, or (b) a correction request to correct or update any of your personal data which SSP holds, you may submit your request in writing or via email to SSP’s Data Protection Officer.
A fee may be charged for an access request. We will inform you of the fee before processing the request.
Depending on the request that is being made, SSP will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents (or systems) themselves.
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within 30 days after receiving your request, we will inform you in writing within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so.
Where we are not required to provide you with any personal data or make a correction requested by you under the PDPA, any such request for the same shall be refused. In such situations, and in accordance with our obligations under the PDPA, we will preserve, for not less than 30 days after the date of refusal or such other prescribed period, a copy of the personal data concerned. Such copy of the personal data concerned shall be a complete and accurate copy of the personal data concerned.
Protection Of Personal Data
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Accuracy Of Personal Data
SSP generally relies on personal data provided by you (or your authorised representative). In order to ensure that the personal data is current, complete and accurate, you should inform the Human Resource Department of any changes to your personal data in writing.
Retention Of Personal Data
SSP may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable laws. SSP will cease to retain your personal data as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes. At such point in time, SSP will either cease to retain the documents containing personal data or we may remove the means by which the personal data may be associated with particular individuals (that is, to anonymise the data). In the latter case, SSP will take steps to minimise the risks of re-identification of the individual involved.
Data Breach Notification
In the unlikely event that SSP suffers a Data Breach (defined below) in relation to personal data, SSP will assess whether the Data Breach is notifiable, and notify the affected individuals and/or the Personal Data Protection Commission (“PDPC”) where it is assessed to be notifiable. To be clear, a Data Breach within SSP does not trigger any obligation to notify affected individuals and/or the PDPC.
For the purposes of this section, “Data Breach” in relation to personal data means (a) the unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data; or (b) the loss of any storage medium or device on which personal data is stored in circumstances where the unauthorised access, collection, use, disclosure, copying, modification or disposal of the personal data is likely to occur.
Effect Of Policy And Changes To Policy
If you have any questions relating to our collection, use, disclose and/or process of your personal data or the matters set out in this document, please contact our Data Protection Officer.