Personal Data Protection Act
PERSONAL DATA PROTECTION ACT 2012 OF SINGAPORE UPDATE
SUMMARYThe Personal Data Protection Act of Singapore (the “PDPA”) establishes data protection laws that govern the collection, use and disclosure of Personal Data and came into effect on July 2, 2014. SoftSolvers is a recognized Data Intermediary as a Software-as-a-Service (SaaS) Service Provider. As a Data Intermediary SoftSolvers complies with the Protection and Retention Limitation Obligations of the Act. Details are set out below.
Processes Personal Data through Subscriber’s use of the Service. We are a data intermediary for these purposes; and, we are only subject to the two obligations imposed by the Data Protection Provisions relating to the protection and retention of Personal Data.
SUMMARYThe Personal Data Protection Act of Singapore (the “PDPA”) establishes data protection laws that govern the collection, use and disclosure of Personal Data and came into effect on July 2, 2014. SoftSolvers is a recognized Data Intermediary as a Software-as-a-Service (SaaS) Service Provider. As a Data Intermediary SoftSolvers complies with the Protection and Retention Limitation Obligations of the Act. Details are set out below.
BACKGROUND OF THE PDPA AND HOW IT APPLIES TO US
The following is a brief summary of how we comply with and/or relate to the specific laws and privacy protection principles established by the government of Singapore. The PDPA establishes data protection laws which govern the collection, use and disclosure of Personal Data (the “Data Protection Provisions”). Defined terms not defined herein shall have the meaning set for in our Privacy Policy.Whether and to what extent the obligations imposed by the Data Protection Provisions apply depends on (i) whether we are operating in the capacity of a data principal or a data intermediary when Processing Personal Data in the provision of the Agiliux Service. “Processing” in relation to Personal Data under the PDPA means the carrying out of any operation or set of operations in relation to Personal Data, and includes recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.| Activity | Applicability of Data Protection Provisions |
| Processes Personal Data when a Subscriber registers for an account for the Service or registers Employees to use the Service. | We are a data principal Processing Personal Data for these purposes. As the information collected constitutes “business contact information,” the obligations of the PDPA do not apply. |
OBLIGATIONS IMPOSED BY THE DATA PROTECTION PROVISIONS
The Data Protection Provisions generally require an organization (which term includes any individual, company, association or body of persons, corporate or unincorporated) to beresponsible for Personal Data of individuals in its possession or under its control, and to develop and implement policies that are necessary to meet the following obligations:- The obligation to obtain, on or before the collection, the individual’s consent to the collection, use and disclosure of the individual’s Personal Data (the “Consent Obligation”).
- The obligation to ensure that Personal Data is collected, used and disclosed only for purposes which consent was given or which a reasonable person would consider appropriate in the circumstances (the “Purpose Limitation Obligation”).
- The obligation to notify the individual, on or before collection, use or disclosure, the purposes for which it is collecting, using and/or disclosing the individual’s Personal Data (the “Notification Obligation”).
- The obligation to provide, upon the request of the individual, information about the ways in which the individual’s Personal Data has been or may have been used or disclosed in the year before the request, and allow the individual to correct his/her Personal Data (the “Access and Correction Obligation”).
- The obligation to use reasonable effort to ensure that the Personal Data collected by or on its behalf is accurate and complete (the “Accuracy Obligation”).
- The obligation to make reasonable security arrangements to protect the Personal Data and prevent unauthorised access, collection, use disclosure or similar risks (the “Protection Obligation”).
- The obligation to cease retaining Personal Data or remove the means by which the Personal Data can be associated with an individual when the personal data is no longer necessary for business or legal purpose (“Retention Limitation Obligation”).
- The obligation not to transfer Personal Data to a country or territory outside of Singapore except in accordance with the requirements under PDPA (“Transfer Limitation Obligation”).
- The obligation to make information about its data protection policies, practices and complaints process available on request, and designating one or more individuals as its data protection officer to ensure that the organisation complies with the PDPA (“Openness Obligation”).
PERSONAL DATA PROVIDED BY SUBSCRIBERS TO US
Personal Data is collected when an Account is created by a Subscriber or when Employees are registered to use the Service. This information constitutes business contact information for purposes of the PDPA. In this regard, we are not required to obtain consent or comply with the Data Protection Provisions in relation to such Personal Data. We do, however as a matter of good business practices describe how we collect, use, disclose and Process this Personal Data in our Privacy Policy.HOW WE COMPLY WITH THE PDPA AS A DATA INTERMEDIARY WITH REGARD TO PERSONAL DATA IN THE SERVICE
We act as a data intermediary in connection with the use of the Service by our Subscribers and their Agents. Data intermediaries who process Personal Data on behalf of other organisations are only required to comply with two obligations under the PDPA when Processing this Personal Data:- the Protection Obligation; and
- the Retention Limitation Obligation