Personal Data Protection Policy
Your personal data and privacy is important to us and it is our commitment to respect the confidentiality of information and the privacy of individuals. We, Trybe Limited (‘the Company’), may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, sector developments and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your Personal Data.
1.0 PREAMBLE AND INTRODUCTION
1.1 This policy states the Company’s commitment to safeguarding personal information provided to it in the course of its work and lays out the principles and practices in managing and securing such data. The Company should comply with all statutes under the Personal Data Protection Act and where the Company does not, its primary objective is to ensure compliance as soon as practicable. 1.2 The Company’s primary commitment with reference to the Data Protection Act is to ensure individuals’ personal data are not misused. This is done by ensuring that personal data are:
• Obtained for specified and lawful purposes and not further processed in a manner incompatible with that purpose; • Relevant and not excessive; • Accurate; • Kept for no longer than necessary; • Protected by appropriate security.
2.0 INFORMATION – TYPES, COLLECTION AND USE
2.1 Types of Information Collected
2.1.1 For the purposes of this Policy document, the types of information collected/captured by the Company, for professional purposes, include but are not limited to the following:
• NRIC number • Full name • Address • Contact number(s) • Medical situation/history • Name(s) of relative(s) / Next of Kin (NOK) • Contact details of relative(s) or NOK • Video footage(s) of any kind, pertaining to individuals (in the course of work), including CCTV footage
2.2 Methods of Collecting Information/Data
2.2.1 The methods of collecting the above information, include, but are not limited to the following:
• Interview(s) • Forms filled by Client/Individuals/Volunteers or relative(s) of client • Official documents or forms submitted by officers from the Singapore Prisons’ Service (SPS), or Ministry of Social and Family Development (MSF) or any other government body and/or statutory body. • Any other means where information is passed to the Company
2.3 Use of Information Collected
2.3.1 The Company may collect, use or disclose a client’s personal data including, but not limited to the full name, NRIC number, contact details, financial and family situation, medical history, etc for purposes such as case management as these form part of the professional services and operations of the Company. 2.3.2 In addition, the Company may use personal data as part of the human resource management and administration.
3.0 PROVIDERS OF DATA
3.1 The Providers of the data can include, but are not limited to the following:
• Individuals • Staff • Clients / beneficiary (persons whom the Company serves directly) • Counterparty / stakeholders • Funders or Donors (whether individual persons or bodies corporate)
4.0 APPOINTMENT OF DATA PROTECTION OFFICER
4.1 The Chief Executive will appoint the Data Protection Officer of the Company.
5.1 Consent to Disclose Information
5.1.1 The Company shall seek consent from individual to collect, use or disclose the individual’s personal data, except in specific circumstances where collection, use or disclosure without consent is authorised or required by law, law enforcement officers and/or authorised representatives of the Government. Where there is any other need to disclose without consent, the disclosure shall be approved by the Data Protection Officer. 5.1.2 Consent may be collected through written documentations (e.g. consent form, written note) or electronically (email consent, electronic forms). In situations that consent cannot be conveniently obtain in written form or electronically, the Company may opt to obtain verbal consent and such process shall be approved by the Data Protection Officer.
5.2 Withdrawal of Consent
5.2.1 Any individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for the Company to fulfil its legal obligations. The Company shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between the individual and the Company. The Company may therefore be required to cease such services or arrangements as a result of the withdrawal.
6.1 The Company shall adopt security arrangements that are reasonable and appropriate while taking into consideration the nature of the personal data, the form in which the personal data is collected (physical or electronic) and the possible impact to the individual concerned if an unauthorized person were to obtain, modify or dispose of the personal data. Each department shall determine such arrangements appropriate for their operating unit. The Data Protection Officer shall review and examine such arrangements and provide necessary recommendations to ensure safe storage. 6.2 The Company shall take reasonable and appropriate security measures to protect the storage of personal data, such as:
• Marking confidential on documents with personal records clearly and prominently; • Storing hardcopies of documents with personal records in locked file cabinet systems; • Storing electronic files that contain personal data in secured folders; • Archived paper records and data backup files may be stored in off-site facilities or service providers, provided such facilities are secured.
6.3 The Data Protection Officer shall ensure that:
• The Company’s IT networks that host personal data are secured and protected against unauthorised access. • Personal computers and other computing devices that may access to personal data are password protected. Passwords are managed in accordance with industry best practices. • Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorised access. • The IT service providers’ services and/or provisions comply with security standards in line with industry practices.
6.4 In the event of a security breach, the Data Protection Officer shall be notified. The Data Protection Officer shall investigate if such breach is a malicious act and shall take appropriate action after consulting with the Chief Executive.
7.0 HOW TO CONTACT US
7.1 If you have any questions about this Policy, or you would like to obtain access, make corrections to your personal data records and/or request for withdrawal of the use and disclosure of any specific set of your personal data, please contact our Data Protection Officer with the relevant information at:
DPO : Vimel Rajoo
Deputy DPO : Aren Tang
By Email : DPO@trybe.org
By Post : Data Protection Officer
Block 479 Tampines Street 44