Privacy and Data Protection Policy
We respect all our customers, visitors, job applicants and employees and are committed to safeguarding the confidentiality of information and the privacy of individuals provided to us.
In accordance with the Singapore Personal Data Protection Act 2020, this Data Protection Notice outlines how Innovax Systems Pte Ltd collects, uses, discloses, or otherwise processes the personal data of our stakeholders. This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we may engage to collect, use, disclose or process personal data for our purposes.
Types of Personal Data We Collect
- Contact information (Name, Address, Phone No., Email Address).
- Personal details (Name, Gender, Date of Birth, Country of Birth, Country of Residence, Citizenship, Nationality, Race/Ethnicity).
- Personal and professional details contained in the curriculum vitae when you apply to us for a job.
- CCTV footages / images
How We Collect Your Information
PDPA does not consider business contact information’s (e.g., full name, business address, business telephone number) as personal data if it is strictly used for business-to-business (B2B) transactions.
Personal information can only be collected voluntarily or by lawful and fair means and not collected for future use. We conduct regular reviews to make sure the purposes for collecting personal data are still relevant and required.
- Enter into an agreement or contract with us to provide you with our services.
- Respond to our electronic direct mails (EDMs) sent by us as part of our marketing or promotion campaigns.
- Visit our websites and leave behind contact information through our Enquiry Form.
- Communicate with us via calls, text messages or emails or written correspondences.
- Submitting CV and Job Application Form to us in response to our recruitment advertisements.
- Contacting us with your enquiries, request or feedbacks.
- Participating to visit our office.
- While conducting or completing of transactions with us.
- Visiting and entering our office obtaining CCTV footages (Entrance Door)
We may collect, use or disclose your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations:
- To respond to an emergency that threatens your life, health and safety or of another individual; and
- Necessary in the national interest, for any investigation or proceedings.
In general, subject to the applicable exceptions permitted in the PDPA, before we collect the above personal data from you, we will notify you of the purposes for which your personal data may be collected, used, and/or disclosed.
Obtaining Consent
Before we collect, use or disclose personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent to disclose your personal data to us. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use, or disclosure of the personal data has changed. If you choose not to provide us with the personal data described in this Notice, we may not be able to fulfil our contractual duties towards you or facilitate your request or provide the service to you. Visitors who choose not to provide us with their personal data may not be granted access to the company premise.
By providing personal data relating to a third party (e.g. spouse, children, parents, referees and/or employees), the individual shall represent and warrant that prior consent is obtained from such third party for the collection, use or disclosure of personal data.
We usually obtain consent from the person dealing with us directly. However, if you have appointed a representative to provide consent on your behalf, a letter of authorisation must be provided. Do include the full name and type of valid document used to prove the identity of the appointed representative in the authorization letter.
Under certain circumstances, we can assume deemed consent from you if you voluntarily provide us with your personal data, for example, if you send your resume to us or if you apply for a job with us using our Job Application Form.
Under PDPA, we will not require your consent for the collection, use, or disclosure of your personal data for the following reasons:
- The personal data is publicly available
- The personal data is disclosed by a public agency or disclosed to a public agency
- The personal data is necessary for any investigation or proceedings
- The personal data is necessary for legitimate interests, including evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for)
- The personal data is necessary for the purpose of managing or terminating an employment relationship
- The personal data is necessary for a business asset transaction
- The personal data is necessary for purpose that is clearly in the interest of individual or necessary to protect vital interest of individual
- The personal data is necessary for business improvement, such as improving, enhancing or developing new goods or services
The Use of Personal Data by Us
We use the personal data provided to us for one or more of the following purposes:
- For the supply of any services which we may offer to you or that you may request, obtain or purchase from us.
- For identification and verification purposes in connection with any of our services that may be supplied to you by us or that you may request from us.
- To facilitate and/or deal with payment for the services provided by us.
- To help us improve our services to you; and/or
- To store, host, and back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore. (Collectively, they are referred to as the “Purposes”)
- To produce statistics and research for internal and/or statutory reporting and/or record-keeping requirements and performing policy/process reviews.
- To perform internal administrative, operational, and technology tasks to facilitate, administer or manage your transactions with us.
- To comply with or as required by any request or direction of any governmental authority; or respond to requests for information from hospitals, embassies, public agencies, ministries, statutory boards, or other similar authorities (including but not limited to the Ministry of Defence, Ministry of Trade and Industry, Ministry of Education, Immigration and Checkpoints Authority, Ministry of Health, Ministry of Home Affairs, Ministry of Manpower, Ministry of Foreign Affairs, Ministry of Social & Family Development and Central Provident Fund Board).
- To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us, including meeting the requirements to make disclosure under the requirements of any law binding on us, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or elsewhere), with which we are expected to comply.
- To prevent or investigate any fraud, unlawful activity or omission, or misconduct, whether there is any suspicion of the aforementioned, dealing with conflict of interests, or dealing with and/or investigating complaints.
- To carry out due diligence or other screening activities (including security and background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us.
- To contact you or communicate with you via various modes of communication such as phone/voice call, text message and/or fax message, forms, email, and/or postal mail for the purposes of administering, dealing with, and/or managing your transactions with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents, or notices to you, which could involve the disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages.
- To conduct research, analysis, and development activities (including but not limited to data analytics, surveys, focus groups, and/or profiling) to improve our services and facilities for your benefit.
- To carry out your instructions, respond to any enquiry or deal with any feedback given by (or purported to be given by) you or on your behalf, including contacting you via phone/voice call, text message and/or fax, email, and/or postal mail regarding your instructions, enquiries and/or feedback.
- For the purpose of surveillance and security (CCTV Footages)
Managing Personal Data Disclosures
For the purposes of fulfilling our services for you, we disclose some personal data provided to us to the following entities or organizations:
- Government Agencies – Ministry of Manpower, CPF Board, IRAS, HPB (employees only)
- Third parties who require the data in order to complete the service delivery process
We will seek fresh consent from you if the original purpose for the disclosure of the personal data has changed. Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
How We Handle Consent Withdrawal Requests
Until the consent, you provide for the collection, use, and disclosure of your personal data has been withdrawn, it will remain valid. If you wish to withdraw your consent, you may do so in writing.
You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request) to process your request and notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 10 working days of receiving it.
In addition, withdrawing consent does not affect our ability to collect, use, and disclose personal data without consent as permitted or required by applicable laws.
Our Approach to Ensuring the Accuracy of Personal Data
It is our policy to ensure that the personal data we collect about you is accurate, complete, not misleading, and kept up-to-date.
In case we have an ongoing relationship with you, it is important that you inform us of any changes to his/her personal information (such as a change in telephone number, email address, or postal address).
How We Protect Personal Data
In order to protect your personal data from loss, misuse, destruction, unauthorised access, disclosure, or similar risks, we have implemented appropriate administrative, physical, and technical measures (such as data encryption, firewalls, and secure network protocols).
Additionally, we have implemented reasonable and appropriate organizational measures to ensure the confidentiality and integrity of your personal data. We will only share your data with authorized persons on a ‘need to know’ basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your data and are constantly reviewing and enhancing our information security measures.
Retaining Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data provided to us, in paper or electronic forms. We will not retain any personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing personal data in a proper and secure manner when the retention limit is reached.
Data Retention Policy
After the completion of our contractual agreement, it is company policy to promptly and securely delete all associated data within a 30-day timeframe. Additionally, please note that recordings are purged on the 5th of every month. As a result, recordings may be retained for slightly longer than the period specified in the agreement, depending on the timing of the purge. This protocol reflects our commitment to safeguarding the privacy and confidentiality of our clients' information. We adhere to strict corporate standards to ensure the thorough and systematic removal of data, thereby upholding the integrity of our Privacy Policy and complying with applicable regulatory requirements.
Personal Data Access and Correction Requests
If you wish to request access to the personal data we hold about you, please contact our Data Protection Officer in writing. However, we will need to verify your identity in order to process your request properly. Within 25 working days, we will provide you with the relevant personal data. Should we not be able to do so within 25 working days, we will inform you of the earliest possible time within which we will be able to provide you with the requested information. We may also charge a reasonable fee for the cost involved in processing your access request.
If you wish to make:
- an access request for access to - a copy of the personal data which we hold about you or
- a correction request to correct or update any of the personal data which we hold about you
- information about the ways in which we use or disclose your personal data
Request to access and make corrections can take the form of an email or letter to us. We will respond to your request as soon as reasonably possible or within 25 working days. If we are unable to do so within the 25 working days, we will let you know and give an estimate of how much longer we require. We may also charge a reasonable fee for the cost involved in processing your access request.
Managing the Transfer of Personal Data
Currently, we do not transfer personal data to countries outside of Singapore.
When there is such a need, we will obtain consent from the individual for the transfer to be made and we will take steps to ensure that his/her personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
Complaint / Feedback Process
In the event that you have any complaints, feedback, or suggestions regarding our handling of your personal data, please let us know through the channels below. We will respond as soon as possible. We will deal with them confidentially and within a reasonable time.
Enquiries
For any enquiries on our Privacy and Data Protection Policy, you may contact us via the following channels:
- Email us at DPO@innovax.com.sg
Write in to:
Attn: Data Protection Officer (DPO)
Innovax Systems Pte Ltd
317 Outram Road #01-01, Holiday Inn Atrium,
Singapore 169075
Effect of Notice and Changes to Notice
This Notice applies in conjunction with any other notices, contractual clauses, and consent clauses that apply in relation to the collection, use, and disclosure of your personal data by us.
We may revise this Notice from time to time without any prior notice. By continuing to use our services, you acknowledge and accept any revisions made to this Notice since the date on which it was last updated.
Policy Review and Updates
This policy will be reviewed periodically to take into account changes to the law and technology, as well as changes in our operations and practices and the changing business environment. If you are uncertain whether the version you are reading is the most current one, please contact our DPO.
Upon completion of review and approval from management, DPO will ensure to update both internal and external stakeholders inclusive of third-party vendors within 5 calendar days.
Effective Date: 15 July 2022
Updated on 14 Sep 2022