Overview

This Data Protection Policy describes how the Cybersprout Pte. Ltd(hereinafter referred to as the Company) complies to the principles, guidelines and requirements of the Personal Data Protection Act 2012 which commenced on 2 January 2013.
Notwithstanding references to the Company, any obligations in this Policy, where stated, will only extend to the relevant entity within the Company that is providing services to the Person or is otherwise in control and possession of the Personal Data.
We will continue to review this Policy and all privacy-related information made publicly available by Cybersprout Pte. Ltd, to ensure it is relevant and remains current with changing technologies, laws and regulations, and the evolving needs of the Company.

Definitions

For the purposes of this Policy, the following capitalized terms, unless elsewhere defined in this Policy, shall have the following meanings:
Act- means the Personal Data Protection Act, in force as at the date of this Policy;
DPO- means data protection officers appointed by Cybersprout Pte. Ltd pursuant to the Act;
Laws- means the Act, other Statutes, regulations made thereunder and any other applicable laws, regulations, guidelines, directives, codes of practice or, where the context so requires the order or other lawful request made by any Public Agency;
Company- means Cybersprout Pte. Ltd;
Policy- means this Cybersprout Pte. Ltd Data Protection Policy, as may be amended or supplemented by the Company in its discretion from time to time;
Person- means any individual to whom the Act applies, and includes an individual client, prospective client or applicant to job vacancy and any past or present user of our services but excludes any corporate entity and any other entity that is excluded under the Act;
Personal Data- means personal data of a Person that the Company generally collects, uses or discloses which includes the following:
• Contact information, including name, address, telephone number, and e-mail address and/or other identification information
• Your preferences for website viewing;
• Information from other organisations which include fraud prevention agencies, human resources reference agencies we believe you may have authorised to provide your personal details on your behalf;
provided always that the Person can be identified from such data.
Public Agency- means any Government body, including any ministry, department, agency (including law enforcement agencies), or organ of State, any judicial or quasi-judicial body or disciplinary, arbitral or mediatory body appointed under any written law in Singapore or any statutory body established under a public Act for a public function that is so appointed by the Minister by notification in the Gazette for the purposes of the Act.

Applicability

The scope and application of this Policy is as follows:
• This Policy applies to entities within the Company that is collecting, using or disclosing the Personal Data; to the extent as may be required by the Act.
• This Policy covers all practices regarding Personal Data.
• This Policy applies to all Persons. The Person who holds the account with the relevant entity within the Company must ensure that all end users under the same account understand and agree to this Policy.
• The application of this Policy is subject to applicable Laws, and to the extent that any Laws pre-existing the Act apply, such pre-existing Laws may supersede the applicability of the Act in the event of inconsistency, to the extent stipulated under the Act.
• This Policy does not supersede or replace any earlier consents you may have provided to the Company, and this Policy supplements all such pre-existing consents concerning the collection, disclosure and/or use of your Personal Data.
• References to the male gender include a reference to the female gender.
• References to the singular include a reference to the plural as the context so requires.

Policy Provisions

Data Protection Officers (DPO)
1.1 The DPO have been appointed to oversee compliance with the Act. Other employees within the Company may be delegated to act on behalf of the DPO or to take responsibility for the day -to-day collection and processing of Personal Data.
1.2 The Company shall make known, upon request, the title of the person or persons designated as DPO.
The DPO may be contacted at:
The Office of the Data Protection Officer
Cybersprout Pte. Ltd
#03-07, 108 Pasir Panjang Road, Singapore 118535
Email: dpo@cybersprout.com

Collection of Personal Data

2.1 Personal Data may be collected from you in the following ways:
• A Person gives it to us upon completing an application form when a Person applies for our services or job opportunities or when a Person enquires with us about our services or job opportunities, or which is otherwise volunteered to us in any way;
• Automatically, when a Person visits our websites and other websites which we own or manage, using technologies such as cookies (either by the Company or a third party), contracts with us or with any third parties via our websites;
• We obtain it from other sources, such as employers, credit agencies, law enforcement agencies and/or other Public Agency;
• When we receive references from third parties, where you have been referred by them;
• When we lawfully seek information from third parties about you in connection with the services you have applied for, including applications to open vacancies;
• When you submit your Personal Data to us for any other reasons; and/or
• We collect it by other lawful means.

2.2 Unless permitted by Laws, the Company shall not collect Personal Data without the consent of the Person.

2.3 All Persons warrant and represent to the Company that Personal Data which he discloses to the Company, or to another entity that subsequently provides it to the Company, is accurate and complete.

2.4 A Person who volunteers Personal Data of another person to the Company also warrants and represents to the Company that he is authorized by such other person to disclose such Personal Data to us, and that such Personal Data is accurate and complete.

Purposes for Collection, Use and Disclosure of Personal Data

3.1 Depending on the nature of your relationship to the Company, your Personal Data may be collected, used and/or disclosed for the following purposes:
• To manage, develop and improve our business and operations to serve you better;
• To conduct investigations or take action in relation to bad debts, crime and fraud prevention, detection or prosecution, risk management, or to prevent you or the Company from harm, illegal or unlawful activities;
• To protect and maintain the Personal Data, and to have access to it including for making corrections to the Personal Data;
• To comply with legal and regulatory requirements imposed by any Public Agency, and otherwise with Laws;
• Any other purpose necessary, ancillary or consequential to the above specified purposes.

3.2 Your Personal Data will be disclosed for the purposes indicated above to our officers and employees, third parties, advisors, which includes without limitation, the following persons or entities:
• Public Agencies;
• Advisors, including auditors and lawyers who advise us;
• Any data intermediaries;
• Any other party to whom you authorize us to disclose Personal Data to.
Where this involves the transfer of your Personal Data outside Singapore, we will comply with the Act and take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the Act.

3.3 Unless permitted by Laws, the Company shall not use or disclose the Personal Data for any other purpose, without first identifying and documenting the other purpose and obtaining the consent of the Person.

3.4 Upon request by a Person, our employees collecting Personal Data shall explain this Policy.

Deemed Consent

4.1 Persons are deemed to have given their consent for the collection, use and disclosure of Personal Data in the following circumstances:
• When the Person voluntarily provides his Personal Data to us;
• When the Person is aware of the purposes for which he is providing his Personal Data to us;
• It is reasonable for the Person to have provided the Personal Data to us in the circumstances;
• In any other circumstances where consent is deemed under the Act.

Limiting Collection, Use and Disclosure of Personal Data

5.1 The Company collects Personal Data primarily from Persons who are our clients (including prospective clients). The collection of Personal Data is limited to that which is necessary for the identified purposes.

5.2 Unless permitted by Laws, the Company will not disclose Personal Data to other persons or entities for the advertising, promotion or marketing of such other party’s products and services, and the Company will not sell for payment the Personal Data to anyone for any marketing purpose without your consent.

Retention of Personal Data

6.1 The Company will collect, and retain Personal Data via the procedures described in this Policy and/or other reasonable controls and practices in the Company’s discretion, for as long as such Persons remain our clients or employees and for as long as it is necessarily required or relevant for business or legal purposes.

Withdrawal of Consent

7.1 Persons are able to withdraw their consent to our continued use and disclosure of Personal Data as described in this Policy at any time. Such withdrawal should be made formally in writing to the Office of the DPO. We shall process your withdrawal request within a reasonable time (depending on the complexity of the request and its impact on our relationship with you), and in any event no later than within ten (10) business days of receiving your request.

7.2 Persons may write in to the Office of the DPO for more information regarding the implications of withdrawing consent.

Protection of Personal Data

8.1 To the extent required by the Act, the Company shall protect Personal Data in its possession or under its control against risks of unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction, through reasonable and appropriate security measures.

Accuracy and Correction of Personal Data

9.1 To the extent required by the Act, the Company will use reasonable efforts to ensure that the Personal Data it uses is sufficiently accurate and complete to minimise the possibility that incorrect Personal Data may be used to make a decision that impacts the Person to whom the Personal Data relates, or if such Personal Data is likely to be disclosed to a third party. However, you acknowledge that there may be circumstances where the Company is entitled to assume such accuracy and completeness, in accordance with Laws.

9.2 We encourage Persons to inform us when there are any changes to the Personal Data which they have provided to the Company, so as to ensure that we have the most current, accurate and complete information. Upon request by a Person, the Company may, in accordance with the Act, correct or complete any Personal Data found to be inaccurate or incomplete as soon as practicable. Any unresolved differences as to accuracy or completeness of Personal Data shall be noted in the Person’s records. Save as otherwise required under the Act, the Person may only correct any Personal Data which the Person has provided to the Company. The Company reserves the right to not correct Personal Data where permitted under the Act.

9.3 We will respond to your correction request as soon as reasonably possible, and in any event no later than within ten (10) days of receiving the request.

Access to Personal Data

10.1 To the extent required by the Act, upon request, the Company shall provide a Person with an account of his Personal Data which is in the Company’s possession or control. Such information requested for shall be provided within a reasonable time (and in any event no later than within thirty (30) days) and at reasonable cost to the individual.

10.2 To the extent required by the Act, upon request by a Person, the Company shall provide information relating to how the Person’s Personal Data has been or may have been used or disclosed within a year before the date of such request. The Company may also provide a standard list of possible third parties as part of its response to all access requests for information relating to the disclosure of Personal Data during such period, and the same shall suffice as performance of the Company’s obligation in respect thereof. Such information requested for shall be provided within a reasonable time and at reasonable cost to the individual.

10.3 Subject to the Act, the Company may not be able to provide access to all of the Personal Data that they hold about a Person. For example, the Company may not provide access to Personal Data if such provision could reveal Personal Data about another person, if such information is subject to legal privilege or if such provision will be contrary to national interest. If access to Personal Data cannot be provided, the reasons for denying access will be provided upon request, to the extent permitted under Laws.

10.4 Persons may seek access to their Personal Data by writing in to the Office of the DPO.

Procedures and Practices

11.1 The Company has implemented the following procedures to give effect to this Policy:
• Implementing procedures to protect Personal Data and to oversee compliance with the Act, including means to access and/or correct Personal Data and to facilitate withdrawal of consent;
• Establishing procedures to receive and respond to inquiries or complaints in relation to Personal Data;
• Training and communicating to employees about this Policy;
• Developing public information to explain this Policy;
• Notifying changes to this Policy on the Company’s website.

Final Clauses

12.1 The Company may revise and/or amend and/or supplement this Policy at its discretion from time to time. Such changes will be published on this website. Persons are advised to check back periodically to ensure that they are aware of any such changes. To the fullest extent permissible under Laws, you agree to be bound by the prevailing terms of this Policy.

12.3 To the fullest extent permitted under Laws, the Company cannot be responsible for a third party’s acts, omissions, data policies or their use of cookies, nor the content or security of any third party websites, even if linked to the Company website, and any such liability is expressly disclaimed and excluded.

12.4 For more information on the Personal Data Protection Act 2012 or to contact the Personal Data Protection Commission (PDPC) please visit [http://www.pdpc.gov.sg/.](http://www.pdpc.gov.sg/)