Personal Data Protection Act
Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).
KB Associates and Associated Companies (KBA) are committed to complying with the Act and respects their choices.
The purpose of this policy is to govern the collection, use and disclosure of personal data by KB Associates and Associated companies; in a manner that recognises both the right of individuals to protect their personal data and the need of KBA to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate under such circumstances.
With the growing concerns about how personal data is being used, a data protection regime to govern these concerns and to maintain individuals’ trust in how KBA manages the data we received.
Collection of Personal Data
Where possible, we will collect Personal Data directly from individuals after we have received and secured the relevant consent from them. Generally, KBA may collect Personal Data of personnel in the following ways:
a) submitting an application to register for our training courses/services;
b) responding to our enquiries regarding our training services/products we offer;
c) when asked to be included in an email or other mailing list;
d) when requested to contact individuals or companies;
e) when responding to our initiatives, marketing or promotions;
f) applications for employment;
g) data that is previously on file prior to PDPA being implemented; and
h) voluntarily giving out their business card.
i) Photograph or video image/CCTV footage with permission when within our premises.
j) when Personal Data is submitted to us for any other reason;
We will not collect, use or disclose personal information for other purposes without first obtaining the consent of the individual, except when authorised or required by law or the courts to do so with documented proof.
Purposes for the Collection, Use and Disclosure of Personal Data
KBA and its subsidiary companies may collect, use or disclose personal data in an appropriate manner for the following purposes:
a) evaluating and providing advice and/or recommendations to individuals regarding the type of products and services suited to your needs;
b) assessing and processing any applications or requests made by individuals for products and services offered by KBA Group;
c) communicating with individuals to inform of changes and updates to our products and services we provide which are relevant to existing relationship with us;
d) offering updated marketing and promotional packages that individuals can benefit from, including products and services offered by our selected accredited bodies/partners;
e) verification of individual’s identity for the purpose of providing our services;
f) responding to enquiries regarding training courses, and other services we offer and handling complaints, feedbacks and comments;
g) processing request, orders and administering accounts
h) archival of documents and records in both electronic and physical form for record keeping purposes; and
i) conducting credit checks and ensuring ongoing creditworthiness, and the collection of amounts outstanding from individuals any person providing security or guarantees for your obligations.
j) when legally required to do so.
Disclosure of Personal Data
When providing or advertising a product or service, we may sometimes need to disclose individuals Personal Data to others. It is generally not KBA policy to disclose Personal Data to external organisations unless KBA has the individuals consent &/or are required to disclose the Personal Data as required in the normal course and scope of our business in the provision of our services, &/or for contractual, legal and regulatory requirements.
Some examples of the types of external organisations KBA may need to disclose information to in the course of providing a product or service are:
• Regulatory bodies and agencies, e.g. Ministry of Manpower (MOM) etc.
• Funding agencies e.g, SkillsFuture Singapore (SSG) etc.
• Insurers and financiers
From time to time, we may send our email “Newsletter” to inform individuals about our products and services or about special offers and promotions that we think may be of interest.
Individuals can let us know at any time if they no longer wish to receive marketing material by clicking on the “Unsubscribe” button or by contacting us directly and we will remove your contact details from our direct marketing database.
KBA will not disclose Personal Data to external organisations outside KBA for the purposes of allowing them to directly market their products and services, unless expressly authorised by individuals or companies.
Do Not Call Registry
The Do Not Call (DNC) Registry prohibits the sending of unsolicited telemarketing messages (“specified messages”) to Singapore telephone numbers through voice calls, text or fax messages registered on the DNC Registers, unless the organisation sending the messages have the user’s/subscriber’s clear and unambiguous consent to do so in written or other accessible forms.
In compliance with the DNC Registry provisions, KBA will not send specified messages to telephone or facsimile numbers that appear on the DNC Registry unless the user/subscriber has given us clear and unambiguous consent to do so.
If an individual or company has given us such consent, we will continue to send specified messages until advised in writing (contact details below) of withdrawal of consent.
KBA will continue to contact individual or companies on the details provided in the limited circumstances allowed under the DNC Registry, even if these telephone or facsimile number/s are registered with the DNC.
We will still contact individuals and companies in the most effective and efficient mode where required by law.
Withdrawal of Consent
Should an individual wish to withdraw their consent for KBA to send them anything via all other modes of communications e.g., mail, email, and telephone calls, they must notify us by email at firstname.lastname@example.org. We will remove their details from our direct marketing/client database.
It may require up to 2 weeks, upon receipt of the request, for the change to take effect.
Regardless of who provides Personal Data to KBA, it will always be handled in accordance with this Personal Data Protection Policy and the Personal Data Protection Act 2012 (Act 26 of 2012).
It is vital that all KBA staff understand the importance of protecting personal data; that they are familiar with our organisation’s data protection policy; and put into practice.
The responsibilities of individual staff members for protecting personal data, including the possibility that they may commit criminal offences if they deliberately try to access, or to disclose, information without authority and permission;
Staff are to be wary of people who may try to trick them into giving away personal details;
The effectiveness of staff training relies on the individual concerned being reliable in the first place. The Data Protection Act requires them to take reasonable steps to ensure the reliability of any staff member who has access to personal data.
Ensuring Accuracy and Correction of Personal Data
KBA relies on the Personal Data kept in our records which are provided by our interaction with our clients, when conducting business. Therefore, it is very important that the Personal Data recorded is accurate, complete and up-to-date.
KBA will do our best to ensure that the Personal Data on record is accurate, complete and up-to-date whenever it is collected or use it. This means that from time to time, KBA will ask if there are any changes to Personal Data. If the Personal Data on record is incorrect, KBA will request the new details and update the records.
Access to Personal Data by Individual
Individual can access most of the Personal Data on KBA records by contacting KBA.
KBA will require a formal written request to our Data Privacy Officer.
Access to Personal Data may be refused in a number of circumstances, such as where the Personal Data relates to anticipated legal proceedings or the request for access is frivolous or vexatious. If KBA deny or restrict access, KBA will explain why as required by applicable laws.
Security of Personal Data
Security of Personal Data is important to KBA and we take all reasonable precautions to protect Personal Data from misuse, loss, unauthorized access, modification or disclosure.
Some of the ways we protect Personal Data include:
a) internal and external security measures with visitors; (e.g. visitors to our premises shall be escorted, and employees shall be prior informed to keep personal data out of sight).
b) restricting access to Personal Data only to staff who need it to perform their day to day functions;
c) maintaining technology products to prevent unauthorized computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and anti-virus software; and
d) maintaining physical security over paper records.
KBA will retain Personal Data for a reasonable period for the purposes as cited in KBA Retain of Documented Information manual or until requested to delete the Personal Data, or as required by law.
When no longer required, personal information is destroyed, anonymised, pseudonymised or disposed.
Cookies: Privacy and our websites
The type of Personal Data KBA collects on our website depends on how the site is used. When visiting websites, the host records server address, domain name, the date and time of the visit and the pages viewed. This information may be collected by using cookies (data sent to your web browser, which generally allows the website to interact more efficiently with computers). If the cookies are disabled, use of website may be affected. Information collected about any visits to our site is retained for statistical and website development reasons and is not in a form which would enable to identify you.
Visitors to KBA websites will not be required to provide KBA with any Personal Data, unless they have requested for a specific KBA’s product or service, or respond to a contest or promotion, or providing a feedback. In such cases, KBA will ask for contact details along with other information required to respond to the request or allow access to enter the contest, promotion or feedback location.
The Personal Data and information provided may be retained for product planning purposes, and KBA may use your Personal Data to make contact for direct marketing purposes with authorised consent provided by the individuals/parties involved.
If the individual send KBA an email containing their Personal Data, we will take reasonable steps to ensure the confidentiality of that information. The content of emails is sometimes monitored by our internet host for maintenance and fault detection purposes. KBA may also monitor emails for legal compliance purposes.
Although KBA take steps to protect Personal Data and information sent by email, email is not a secure method of communication and if there are any concerns about sending Personal Data to KBA in this manner, contact us by any of the other means e.g. Dropbox, file transfer protocol (ftp) or any other system may be possible.
If the privacy of an individual Personal Data has been compromised, please contact KBA Data Protection Officer at +65 6546 0939 or email us at email@example.com and we will take the relevant steps to address the concerns.
Use of Other’s Information
KBA agree to respect and protect other users' personal information that we obtain through the website or through any of our Site-related communication or transaction.
In addition, under no circumstances will KBA disclose personal information about another user to any third party without their consent and the consent of such other user after adequate disclosure. Please note that law enforcement personnel and other rights holders are given different rights with respect to information they access.
KBA does not tolerate the sending of any form of spam content.
Control of Username and Password to E-Learning Student
When provided access to KBA Learning Management System, the individual is then responsible for all actions taken while using username and password. Username and Passwords should therefore not be disclosed to any third parties.
If disclosed, there is a risk of the student’s e-learning account being compromised or hijacked. This may result in the student having their assignments deleted or modified reducing the student’s chances of passing the course”.
If a password has been compromised for any reason, change the password immediately and notify KBA of the potential security breach.
Third Party Websites
KBA website may contain links to other websites which are owned or operated by third parties training partners of KBA owned or operated by KBA dealers and by our service providers.
Those websites should contain their own privacy statements and their owners or operators are responsible for informing the public about their security and privacy practices. KBA will not be responsible for the privacy policies and practices of other websites even if access to them was by using links from KBA websites. KBA recommend that a check of the policy of each site visited and contact the site owner or operator if there are any concerns or questions.
In addition, if there are links to our websites from a third-party website, KBA cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that a check of the policy of that third party site and contact its owner or operator if there are any concerns or questions.
This includes external links that are linked to those third party websites which may hold viruses, malware or adware. KBA is not responsible for the reckless downloading of any third party software or external software that may corrupt, infect or ruin the system of any visitors and users.
Remedial Plan in the event of Data Breach
KBA shall act as soon as it is aware of a data breach.
KBA may consider the following measures, where applicable
a) Shut down the compromised system that led to the data breach
b) Put a stop to practices that led to the data breach (e.g. shredding paper documents containing personal data)
c) Establish whether steps can be taken to recover lost data and limit any damage caused by the breach (e.g. remotely disabling a lost notebook containing personal data of individuals).
d) Isolate the causes of the data breach in the system, and where applicable, change the access rights to the compromised system and remove external connections to the system.
e) Prevent further unauthorised access to the system. Reset passwords if accounts and passwords have been compromised.
f) Address lapses in processes that led to the data breach
g) Notify the police if criminal activity is suspected and preserve evidence for investigation (e.g. hacking, theft or unauthorised system access by an employee)
Transfer Limitation Obligation
Some of KBA customer may be located overseas (if any) and, as a result, Personal Data collected and held by KBA may be transferred overseas.
Unless otherwise required or permitted by law, KBA will only disclose Personal Data with full consent (implied or expressed), and KBA will also take reasonable steps to ensure the external organisation to whom it is disclosed to the information is also legally bound to protect the privacy of the Personal Data.
Right to Amend our Online Privacy Statement
KBA reserve the right to amend this Personal Data Protection Policy at any time.
If KBA make any changes to this Personal Data Protection Policy and the way in which Personal Data is used; KBA will inform of the change on KBA websites and will notify individuals and companies of any significant changes. Please check the Personal Data Protection Policy on a regular basis.
For any questions relating to KBA Personal Data Protection Policy, you may contact KBA Data Protection Officer at +65 6546 0939 or email us at firstname.lastname@example.org.