This Personal Data Protection Policy applies to Certis CISCO Security Pte. Ltd. and its subsidiaries (collectively, the “Certis Group” or “we”). This Policy outlines the responsibility of each member of the Certis Group in relation to the collection, processing, usage and disclosure of your Personal Data (as defined below). This is designed to protect the confidentiality of the Personal Data and regulate the way it is managed.
This Policy supplements but does not in any way supersede nor replace any other consents you may have previously provided to us, and your consents herein are additional to any rights which we may have at law to collect, use, disclose and manage your Personal Data.
DESCRIPTION OF POLICY
1. Personal Data
1.1 Personal Data (“Personal Data”), which is personal information that links back to an individual, includes but is not limited to:
(a) name, gender, date of birth, passport or other personal identification numbers, images, photographs, videos, closed circuit television (CCTV) footage, voice recordings;
(b) contact information e.g., address, phone number, email address;
(c) payment information e.g., credit or debit card information, including the name of cardholder, card number, billing address and expiry date;
(d) biometric information;
(e) health information e.g., medical records or requests; and
(f) technical information e.g., IP address or device identification.
1.2 The types of data that the Certis Group collects depends on the circumstances of the collection and on the nature of the service requested or transaction undertaken.
1.3 If you choose to make an enquiry or an application (including a job application through our website), send us an email, approach us in person or through any of our various offices in Singapore and overseas, we may require you to provide contact and identity information and other personal data (including name, address, contact details). Where possible, we have indicated the fields which are required and the fields which are optional.
2. Purpose for collection, processing, usage and disclosure
2.1 Generally, the Certis Group collects Personal Data either directly from you or your authorised representatives (i.e. persons who have been validly identified as being authorised by you through our security procedures) in the following ways:
(a) when you submit forms relating to or purchase or use any of our products or services;
(b) when you interact with our customer service officers, including via telephone calls, face-to-face meetings and emails;
(c) when you request that we contact you or be included in an email or other mailing list;
(d) when you respond to our promotions or other incentives;
(e) when you respond to our request for additional Personal Data;
(f) when you respond to our surveys;
(g) when you submit a job application;
(h) when we receive references from business partners and third parties, for example, where you have been referred by them;
(i) when you submit your Personal Data to us for any other reasons; and
2.2 We collect, use, disclose and/or share your personal information for the following purposes:
(a) to communicate with you on any queries you may have;
(b) to process your order and deliver products and services to you;
(c) to manage the administration and business operations of the Certis Group and complying with our policies and procedures;
(d) for service improvements, resolving complaints and disputes;
(e) for identity verification purposes;
(f) to communicate with you and/or to keep records in connection with a job application and other job opportunities;
(g) in relation to a job application by you, (i) to contact the referee(s) and/or guarantor(s) whose details have been provided by you; (ii) to verify your academic and professional qualification by contacting the school/college/university/institute/professional qualifying bodies; and (iii) to disclose your personal data to the Certis Group’s customers in connection with your job application;
(h) for employee training and performance evaluation;
(i) to provide access controls;
(j) to update our records and generally maintain your accounts with us;
(k) to detect and prevent fraudulent activity;
(l) to meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on the Certis Group (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and
(m) purposes which are reasonably related to the aforesaid.
2.3 Furthermore, where permitted under applicable laws, we may collect, use and disclose your Personal Data for the following additional purposes:
(a) analytics and tracking, including facilitating the sale of analytical data;
(b) conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics to develop special offers and marketing programmes in relation to our produces and services and to improve our service delivery and your customer experience at our touchpoints;
(c) providing additional products and services and benefits to you;
(d) matching your Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision, marketing or offering of products and services to you;
(e) leads generation and management for marketing products and services of the Certis Group;
(f) administering contests, competitions and marketing campaigns, and personalising your experience at our touchpoints;
(g) organising promotional events; and
(h) purposes which are reasonably related to the aforesaid.
2.4 The Certis Group does not practice sharing, renting or selling of Personal Data with third parties. However, each member of the Group may share your personal information with members of the Certis Group (which includes our affiliates, subsidiaries and joint ventures worldwide). Access to Personal Data is limited to persons whom we reasonably believe requires access for effective delivery of our products and services to you, to process your job application or for the purposes set out herein.
2.5 We may also collect, use and disclose such personal information if so authorized or required by law or the relevant authorities, or exempted under the relevant Personal Data Protection Act or Privacy Act to do so.
2.6 Further, we may disclose or share your Personal Data in the following circumstances:
(a) Third Party Service Providers: We may disclose your personal data to third parties:
(i) contracted by us to assist us in delivering part or all of the products and services ordered by you;
(ii) who provide services as part of the promotions or services offered to you;
(iii) who provide services to us such as professional advisers, IT consultants etc;
(iv) credit bureaus for the purpose of preparing credit reports or evaluation of creditworthiness;
(v) bankers, insurers, credit card companies and any of their respective service providers.
We will use all commercially reasonable endeavors to ensure that these third parties comply with similar undertakings of privacy.
(b) With your consent: We may seek your consent to collect, hold, use and disclose your personal data for any other purpose not set out herein.
(c) Business Transfers: As we continue to develop our business, we might sell or buy businesses, subsidiaries or business units or undertake a merger. In such transactions, customer information may be one of the transferred business assets.
2.7 The Certis Group shall use its best endeavors to ensure that its employees, officers, partners and such other third parties mentioned above who are involved in the collection, processing and disclosure of Personal Data will observe and adhere to the terms of this Policy.
2.8 The Certis Group also reserves the right to share your Personal Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entity. Further, the Certis Group may disclose your Personal Data to law enforcement agencies, government representative and our advisers, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
3.1 The Certis Group needs your assistance to ensure that your Personal Data is current, complete and accurate. We understand that this information may from time to time change. We encourage you to contact us as soon as possible to enable us to update any Personal Data we have about you. Incomplete or outdated Personal Data may result in our inability to provide you with products and services you have requested or complete the applications sought.
3.2 In certain circumstances, you may need to provide to us personal information about someone other than yourself (for example, your referee or guarantor in relation to your job application). If so, we rely on you to inform these individuals that you are providing their personal information to us, to make sure they consent to you giving us their information and to advise them about where they can find a copy of this Policy. By submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
4. Access, Correction and Withdrawal
4.1 If you wish to:
(a) apply for a copy of the personal data we hold about you;
(b) request for your personal data to be updated or corrected; or
(c) withdraw the consent you previously provided to us to use the Personal Data we hold about you,
please contact the Customer Service Manager (Personal Data Protection Act) at the contact set out in Section 10 below.
4.2 Please allow us reasonable time to respond to any request and effect any change. We may ask you to verify your identity and for more information about your request. Access is only limited to your own data and no others.
4.3 Where we are legally permitted to do so, we may refuse your request and give you reasons for doing so. Where you request your personal data to be updated and there is a dispute about the facts, we will make a note on your personal data of such dispute. Where permitted to do so, we may charge an administrative fee for access requests.
4.4 Please note that if your Personal Data has been provided to us by a third party (e.g. a referral), you should contact that organisation or individual to make such queries, complaints, and access and correction requests. This is to ensure that your queries, complaints, and access and correction requests are properly processed by the organisation or individual.
4.5 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products and services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with us, and your being in breach of your contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.
5.1 The Certis Group will retain your Personal Data for the duration of time to carry out the purposes for which your personal data was collected, for the other purposes set out in this Policy, for business purposes and as required by relevant laws. For the avoidance of doubt, the Certis Group may retain your Personal Data for any of the foregoing reasons notwithstanding any notice to withdraw the consent you previously provided to us to use the Personal Data we hold about you.
6.1 The Certis Group have implemented stringent measures to protect the confidentiality of your personal data. We will take reasonable care to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. These include limiting access to information in our systems, authenticatication processes to prevent unauthorised access to information and safeguards to prevent security breaches in our network and database systems.
6.2 Further, we have appointed Data Protection Officers to oversee our management of your Personal Data in accordance with this Policy and the applicable laws. We train our employees who handle your Personal Data to respect the confidentiality of your Personal Data. We regard breaches of Personal Data seriously.
7. Third Party Websites
7.1 Our websites may contain links to third party sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to consult the applicable privacy policies governing those sites. The Certis Group is not responsible for any information that is submitted to or collected by these third parties.
8. Cookies and Google Analytics
- Google Analytics Help pages
9. Updates to the Policy
9.1 This Policy will be reviewed and updated from time to time by the Certis Group to take into account new laws, technological changes, changes to our operations and practices and industry trends.
9.2 Subject to your rights at law, you agree to be bound by the prevailing terms of our Personal Data Protection Policy as updated from time to time on our websites. Please check back regularly for updated information on the handling of your Personal Data.
10. Contact Us
10.1 If you have any comments or queries or would like to access, correct or withdraw your Personal Data, please contact our Customer Service Manager (Personal Data Protection Act) in writing at the address below referencing “Personal Data Protection Act”:
Customer Service Manager (Personal Data Protection Act)
Certis CISCO Centre
20 Jalan Afifi
Customer Service Hotline:
Local: 1800 747-2888 / Overseas: +65 6747 2888
Dated: 31 October 2017