Assurance Partners LLP
PRIVACY NOTICE FOR CUSTOMERS
Revised on: 1 February 2024 (with updated revision to PDPA 2021)
This Privacy Notice (“Notice”) sets out the basis which Assurance Partners LLP and its affiliated & its associated business (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”).
Although this Notice is in common use by Assurance Partners LLP, and its affiliated and its associated businesses, each is responsible to you to the extent of its own collection, use and disclosure of your personal data, and its own actions.
This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
ORGANISATION OVERVIEW
Assurance Partners LLP’s Group of Companies is a chartered accounting and professional service corporate group that provides a suite of accounting, financial control, and compliance services to help businesses better focus on growing their core business. The personal data we process are mainly our clients, job applicants, and employee’s data.
PERSONAL DATA
1) As used in this Notice:
“client” means an individual who
(a) has contacted us through any means to find out more about services we provide, or
(b) may, or has, entered into a contract with us for the supply of services by us; and
“personal data” means data, whether true or not, about a customer who can be identified:
(a) from that data; or
(b) from that data and other information to which we have or are likely to have access.
2) Depending on the nature of your interaction with us, some examples of personal data which we may collect from our various data subjects as follows:
2.1 Client: name, residential/company address, email address, telephone number; information required for the incorporation or as required by the government agencies.
2.2 Job Applicants: Contact information, Education background, Employment history, Health History
2.3 Employees: Contact information, Bank info
We may collect your personal data directly or indirectly through various channels, including when:
• you use our services or enter transactions with us (or express interest in doing so)
• you respond to our promotions or subscribe to our mailing lists.
• you visit our websites, download, or use our mobile applications.
• you register an account with us through our websites or applications.
• you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax, and letters.
• your images are captured via photographs or videos taken by us or our representatives when you are within our premises or attend events organised by us.
• you participate in events and programs, competitions, contests, or games organised by us
• we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a customer, investor, or shareholder; or
• you submit your personal data to us for any other reason.
Depending on your relationship with us, we may also collect your personal data from third parties, including:
• from your family members, employees, and mutual contacts who provide your personal data to us on your behalf; and
• from public agencies or other public sources.
3) Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
4) We generally do not collect your personal data unless
(a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after
(i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and
(ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or
(b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
(c) Our website and applications may also contain or involve certain technologies that automate the collection of data (including personal data). These technologies include cookies, web beacons and web analytics. If you do not wish to have your data collected through such technologies you may disable the operation of these technologies on your devices (where possible), or you may refrain from using our websites and applications.
5) We may collect and use your personal data for any or all of the following purposes:
• you have given us consent.
• necessary to comply with our legal or regulatory obligations.
• necessary for our legitimate business interests if this does not override your interests or rights; and/or
• necessary to perform a contract or transaction you have entered with us or provide a service that you have requested or require from us.
And may include the following relevant to our business:
• processing your transactions with us, or to provide products and services to you.
• managing your relationship with us.
• facilitating your use of our platforms and services.
• assisting you with your requests, enquiries and feedback.
• administrative purposes, e.g., accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training.
• security and safety purposes, e.g., protecting our platforms from unauthorised access or usage and to monitor for security threats, and your image may be captured by security cameras.
• carrying out research, data, and statistical analysis.
• compliance with laws and regulations, internal policies, and procedures, e.g., audit, accounting, risk management and record keeping.
• enforcing legal obligations owed to us, or responding to complaints, litigation or investigations concerning us.
• managing and engaging third parties or data processors that provide services to us, e.g., IT services, data analytics, marketing, and other professional services.
• such purposes that may be informed to you when your personal data is collected.
• carrying out our legitimate business interests (listed below); and/or
• any other reasonable purposes related to the aforesaid
Marketing purposes:
Where you give us consent, we collect, use, and disclose your personal data for purposes of:
• managing and/or administering your request to receive news (including events and product launches), promotions and marketing information from us (and/or our affiliates or related entities) and on our group products.
• analysing and/or profiling your purchases, transactions and/or likes or dislikes to be better able to send you relevant or targeted news (including events and product launches), promotion and marketing information from us (and/or our affiliates or related entities) and on our group products; and/or
• sending you news (including events and product launches) and promotions from us (and/or our affiliates or related entities) as well as marketing information from us (and/or our affiliates or related entities) and on our group products.
Legitimate business:
Our legitimate business interests include:
• managing our business and relationship with you and providing services to our users and customers.
• protecting our rights and interests and those of our users and customers.
• preventing and investigating possible misuse of our websites, applications, and services.
• understanding and responding to inquiries and feedback.
• understanding how our users use our websites, applications, and services.
• identifying what our users want and improving our websites, applications, services, and offerings.
• enforcing obligations owed to us, or protecting ourselves from legal liability; and
• sharing data in connection with acquisitions and transfers of our business.
Use permitted under applicable laws:
We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.
Contacting:
When using your personal data to contact you for the above purposes, we may contact you via email, e-mail, SMS, telephone, pop-up notifications (when you are using our applications), or any other means.
We will not contact you for marketing purposes unless with your consent, or we are exempted by applicable law from having to obtain consent. When contacting you for marketing purposes, we will not contact you through your telephone number, unless you have specifically consented to such a mode of communication. If you do not wish to receive any communication or information from us or wish to restrict the manner by which we may contact or send you information, you may contact us to do so.
6) We may disclose your personal data:
(a) Government agencies as required by law; eg. MOM, ACRA, IRAS, CPF, ….
(b) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or
(c) to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the abovementioned purposes.
7) The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
RELIANCE ON THE LEGITIMATE INTERESTS EXCEPTION
8) In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of us or approved intermediary. In relying on the legitimate interests’ exception of the PDPA, we will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
a) In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
b) Fraud detection and prevention;
c) Detection and prevention of misuse of services;
d) Network analysis to prevent fraud and financial crime, and perform credit analysis; and/or
e) Collection and use of personal data on company-issued devices to prevent data loss.
The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
WITHDRAWING YOUR CONSENT
9) The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
10) Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
11) Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing or via email.
12) Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
ACCURACY OF PERSONAL DATA
13) We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
ACCESS TO AND CORRECTION OF PERSONAL DATA
14) If you wish to make
(a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
(b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
15) Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
16) We will respond to your request as soon as reasonably possible. In general, our response will be within fourteen (14) business days. Should we not be able to respond to your request within fourteen (14) days after receiving your request, we will inform you in writing within fourteen (14) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
17) Limitations: We may be permitted under applicable laws to refuse your request to exercise your rights, for example, we may refuse
(a) a request for erasure where the personal data is required for in connection with claims; or
(b) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.
DATA PORTABILITY
18) Under the Data Portability obligation, we are obliged to convert personal data into machine readable format, and transmit to another organisation as requested by the Data subject.
19) The Request Form will be similar to the Access and Correction Form.
PROTECTION OF PERSONAL DATA
20) To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as:
a. Encryption of all files with personal data in storage and in transit
b. Access Rights to facility, and also company’s system
c. Data anonymisation, (if you are conducting business analytics)
d. Up-to-date antivirus or internet security protection software,
e. Regular patching of operating system and other software,
f. Web security measures against risks, and security review and testing performed regularly.
g. Firewall for in-house server
h. Using secured storage; eg. Dropbox
21) You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
RETENTION OF PERSONAL DATA
22) We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
23) We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes. Certain information may also be retained for longer, e.g., where we are required to do so by law. Typically, our data retention period is from 6 years upwards, depending on the limitation period.
TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE
24) We conduct due diligence with entity outside of Singapore that are processing the data from our Accounting and Audit departments by conducting a Data Protection Impact Assessment (DPIA) and putting in place the necessary safeguards to ensure the entity is able to protect the personal data at a standard comparable to that under the laws of Singapore.
The following are our due diligence:
• The data are located in our in-house server located in Singapore, and personnel are given only the access to relevant files for processing under the charge of the Accounting and Audit departments; basically, the data resides in Singapore at all time.
• The personnel from our outsource entity are trained in the PDPA and Data protection and familiar with the organisation’s Data Protection Policy.
• Proper Contractual agreement is signed concerning the engagement.
• Regular monitoring by the Accounting and Audit departments under the supervision of the Data Protection Officer will be conducted to ensure quality in data protection.
DATA PROTECTION OFFICER
25) You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Name of DPO: Mr. Gilmark Espeleta
Contact No.: +65-6702 3178
Email Address: mail@assurancepartners.sg
Address:
Assurance Partners LLP
140 Paya Lebar Road, #10-08 AZ@Paya Lebar Singapore 409015
For more information about the Singapore Personal Data Protection Act, please visit http://www.pdpc.gov.sg
EFFECT OF NOTICE AND CHANGES TO NOTICE
26) This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
27) We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
(1) Effective date : 01/02/2024
(2) Last updated : 01/02/2024