Personal Data Protection Policy for IIX Group
Impact Investment Exchange Pte Ltd and its group of companies (“IIX”) respect and are committed to the protection of your personal information and your privacy. This Personal Data Protection Policy explains how we collect and handle your personal information in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”).
It is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data.
In the absence of such written notification from you, we will deem it that you consent to the processing, usage and dissemination of your personal information in the manner, to the extent and within the scope of this policy. If you do not consent to the processing of your personal information as above, we may not be able to provide you the services you requested.
1. PERSONAL INFORMATION
1.1 TYPE OF PERSONAL INFORMATION
Personal information means any information which relates to you and which was collected by or provided to IIX for the purposes stated in Section 2 below. Your personal information may include but is not limited, to the following:
- Personal details such as name, identity card or passport number, gender, race, nationality, date of birth or age, marital status, occupation, photo, credit card number, assets, financial and banking account details;
- Contact details such as address, telephone number, fax number, mobile number and email address;
- Information in connection with services provided by us or registration of your interest with us for information, updates, inquiries and engagement;
- Other information that are, have been or may be collected by IIX, or which you provide to us, from time to time, in connection with any service, transaction, survey, questionnaire or communication with IIX
- Your image, by way of video or photo shooting during our seminar and corporate events;
- There is automatic collection of some information about your computer such as IP address, web browser software and other information when you visit our website.
1.2 SOURCE OF INFORMATION
1.2.1 Client or prospect
IIX collects your personal information directly from you or indirectly from:
- your legal representatives;
- your service providers (e.g. outsourcing IT, human resources and accounting services, merchant bankers, etc);
- your employer or employee when you, your legal representatives, service providers and/or employer / employee send us enquiries for services via various means, including online and physical hardcopies at public venues or in our premise;
- your personal information may also be collected from cookies through the use of our websites;
- third party sources such as credit reference agencies, fraud prevention agencies, credit bureau reports, and publicly available sources of information;
- inquiry or communication made with or to us or any companies within IIX
Such personal data may be provided to us in forms filled out by individuals, face to face meetings, email messages, telephone conversations, through our websites or provided by third parties. If you contact us, we may keep a record of that contact.
1.2.2 Prospective candidates in recruitment
As part of our recruitment process, we collect your personal information directly or from your authorised intermediaries to consider you for employment with our firm. During the course of the recruitment and selection process, we may request further personal information that is necessary to assess your suitability for positions with our firm. We may also obtain, with your consent, references from your current or former employer(s) or other sources, in situations where pre-employment checks may be necessary.
2. PURPOSE IN COLLECTION OF PERSONAL INFORMATION
We will only collect, hold, process, use, communicate and/or disclose such personal data in accordance with this policy. If you are acting as an intermediary or otherwise on behalf of a third party or supply us with information regarding a third party (such as a friend, a colleague, an employee etc), you undertake that you are an authorised representative or agent of such third party and that you have obtained all necessary consents from such third party to the collection, processing, use and disclosure by us of their personal data. Because we are collecting the third party’s data from you, you undertake to make the third party aware of all matters listed in this policy preferably by distributing a copy of this policy to them or by referring them to our website.
2.1 CLIENT OR PROSPECT
Your personal information is collected and further processed by IIX as required or permitted by law and to give effect to your requested commercial transaction, including the following:
- to provide our services
- to respond to the individual’s request or for the purposes for which it was provided to us as stated at the time of the collection (or as is obvious from the context of collection)
- to maintain contact with clients and other contacts
- to keep clients and other contacts informed of the services we offer, industry developments, service offerings, seminars and other events we are holding, that may be of interest to them
- for general management and reporting purposes, such as invoicing and account management
- all other purposes related to our business.
Where you have indicated your consent to receiving marketing or promotional updates from IIX, you may opt-out from receiving such marketing or promotional material at any time. You may select the “opt-out” option provided in IIX’s email blasts or you may contact IIX at the details provided in Section (8) below.
2.2 PROSPECTIVE CANDIDATES IN RECRUITMENT
Your personal information is collected and further processed by IIX for the primary purpose of considering your suitability for positions with us and will be used only by partners and staff directly involved in the recruitment process. We will not collect or use personal information in ways other than for the purpose of recruitment.
3. DISCLOSURE OF PERSONAL INFORMATION
3.1 CLIENT OR PROSPECT
We respect the confidentiality of the personal data you have provided to us. Your personal information provided to us is processed by entities (in or outside of Singapore) within IIX (including related business units, companies, subsidiaries, holding companies, associated companies and outsourcing partners) in order to meet the purposes for which you have submitted the information and activities directly related to it.
By submitting personal data to us, you are providing explicit consent to trans-border transmission of such data as described in this policy. However, we will ensure that any transfer of personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.
We do not disclose personal data to third parties except when required by law, when we have your consent or deemed consent or in cases where we have engaged the third party such as data intermediaries or subcontractors specifically to assist with our firm’s activities. Any such third parties whom we engage will be bound contractually to keep all information confidential.
However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations. For more information on these exceptions, please refer to The Second, Third and Fourth Schedule of the PDPA, at the website http://statutes.agc.gov.sg.
3.2 PROSPECTIVE CANDIDATE IN RECRUITMENT
Information will not be disclosed to third parties except when required by law, when we have your explicit consent or in cases where the third party is a contractor or supplier whom we have engaged specifically to assist with our firm’s activities. All such contractors will be bound contractually to keep all information confidential.
4. PRIVACY AND DATA PROTECTION ON OUR WEBSITES
This policy also applies to any personal data we collect via our websites. IIX may collect non-personal information about your activity at the website. The website may automatically recognize and store information about the type of browser you are using; your Internet Protocol (“IP”) address; the time, date, and length of your visit; and the referring site. This information, if collected, is collected via computer code sent to your computer (commonly referred to as “cookies”). The cookies may not expire, unless you manually delete them or set your browser to reject them. If you do not accept the cookies, however, you may have difficulty navigating the website. Furthermore, the website may utilize web beacons, embedded web links, and other commonly used information-gathering tools.
We provide links to other sites for your convenience and information. These sites may have their own privacy and data protection policy in place, which we recommend that you review if you visit any linked websites. We are not responsible for the content on the linked sites or any use of the site.
5. ACCESS AND UPDATE TO PERSONAL INFORMATION
You have the right to access and correct your personal information held by us (subject always to certain exemptions). We will make every endeavour to ensure your personal information is accurate and up to date. Therefore we ask that if there are changes to your information you should notify us directly. Upon request, we will correct an error or omission in the individual’s personal data that is in our possession or control in accordance with the requirements of the PDPA. We may charge for a request to access in accordance with the requirements of the PDPA.
For a request to access personal data, we will provide you with the relevant personal data within thirty (30) days from such a request being made. Where a request cannot be complied with within the above time frame, we will inform you of the reasonably soonest time in which we will respond.
6. REQUEST TO WITHDRAW CONSENT
You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by submitting your request to our Data Protection Officer. We will process your request within 30 days from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request unless otherwise negated.
However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us. The collection of your personal data by us may be mandatory or voluntary in nature depending on the purposes for which your personal data is collected. Where it is obligatory for you to provide us with your personal data, and you fail or choose not to provide us with such data, or do not consent to the above or this policy, we will not be able to provide products and/or services or otherwise deal with you.
7. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
We will put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorised use of your personal data by third parties which are wholly attributable to factors beyond our control.
We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
8. CONTACT AND ACCESS TO THE DATA PROTECTION OFFICER
If you wish to access or delete your personal data provided to us or if you believe that information we hold about you is incorrect or out of date, or if you have concerns or further queries about how we are handling your personal data, or any problem or complaint about such matters, you may contact us at the following address, for the attention of “The Data Protection Officer”:
1 King George’s Avenue #05-00
+65 6221 7051
Email Address: firstname.lastname@example.org
9. UPDATES ON DATA PROTECTION POLICY
As part of our efforts to ensure that we properly manage, process and protect your personal data, we will undertake a continuous review of our policies, procedures and processes. We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website. You are encourage to visit us at www.iixglobal.com from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.