Data Protection Notice
We, at SP Consulting (International) Pte Ltd (SP Consulting) progress with our stakeholders towards personal and organisational effectiveness through innovative consulting and training solutions that meet specific needs. We envisage that technological innovations and new uses of data can better help to achieve personal and organisational effectiveness. We respect the privacy of all our stakeholders and are committed to safeguarding the personal information you provide to us.
This Data Protection Notice (“Notice”) sets out the basis which SP Consulting (International) Pte Ltd (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Singapore Personal Data Protection (Amendment) Act 2020 (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we may engage to collect, use, disclose or process personal data for our purposes.
2. How We Collect Personal Data
Under the PDPA, business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.
Personal information is only collected by lawful and fair means and not collected ‘just in case’ it may be useful in the future. We conduct regular reviews to ensure that purposes for which collection of personal data are still necessary and appropriate.
We collect personal data of you when:
- Enter into an agreement or contract with us to provide you with our consultancy and training services.
- Register for and enroll in any of the training courses and certification programmes that we conduct.
- Respond to our electronic direct mails (EDMs) sent by us as part of our marketing or promotion campaigns.
- Are referred to us for our services by one of our clients.
- Enquire about our range of training and certification courses and services.
- Visit our websites and leave behind contact information through our Enquiry Form.
- Communicate with us via emails or written correspondences.
- Submit CV and Job Application Form to us in response to our recruitment advertisements.
We may collect, disclose or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations:
- To respond to an emergency that threatens your life, health and safety or of another individual; and
- Necessary in the national interest, for any investigation or proceedings.
In general, subject to the applicable exceptions permitted in the PDPA, before we collect the above personal data from you, we will notify you of the purposes for which your personal data may be collected, used and/or disclosed.
3. How We Obtain Consent
Before we collect, use or disclose personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of the personal data has changed. If you choose not to provide us with the personal data described in this Notice, we may not be able to fulfill our contractual duties towards you or facilitate your request or provide the service to you.
We usually obtain consent from you who will be dealing directly with us. If you appoint a representative to provide consent on your behalf, you are required to provide an authorisation letter indicating the appointment. Do include the full name and type of valid document used to prove the identity of the appointed representative in the authorisation letter.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when applying for a job with us using our Job Application Forms.
We will not obtain your consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances:
- The personal data is publicly available.
- The personal data is disclosed by a public agency or disclosed to a public agency.
- The personal data is necessary for any investigation or proceedings.
- The personal data is necessary for legitimate interests, including evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for).
- The personal data is necessary for the purpose of managing or terminating an employment relationship.
- The personal data is necessary for a business asset transaction.
- The personal data is necessary for purpose that is clearly in the interest of individual or necessary to protect vital interest of individual.
- The personal data is necessary for business improvement, such as improving, enhancing or developing new goods or service.
4. Types of Personal Data We Collect
The types of personal data we collect about an individual may include:
- Contact information (Name, Address, Phone No., Email Address).
- Personal details (Name, Gender, Date of Birth, Country of Birth, Country of Residence, Citizenship, Nationality, Race/Ethnicity).
- Personal and professional details contained in the curriculum vitae when you apply to us for a job.
5. How We Use Personal Data
We use the personal data provided to us for one or more of the following purposes:
- Provide our consultancy and advisory services.
- Conduct training courses and certification programmes that an individual has signed up for
- Process account payables/receivables.
- Process billing, payment and other credit-related activities.
- Conduct direct marketing and lead generation activities through analysing and tracking of our sales proposals, advertisements and EDMs on our events, seminars and workshops.
- Conduct joint marketing with other companies and service providers.
- Communicate with customers and website visitors.
- Respond to inquiries and feedback by an individual to improve our quality of service.
- Process employment passes of our employees with the relevant government agencies.
- Process visa applications of our employees with the relevant government agencies.
- Process job applications, recruitment and selection.
- Carry out our obligations arising from any contracts entered between our clients/contractors and us.
- Comply with or fulfil legal obligations and regulatory requirements.
6. How We Manage Disclosure of Personal Data
We disclose some of the personal data provided to us to the following entities or organisations outside SP Consulting in order to fulfill our services to you:
- Government Agencies – Ministry of Manpower, CPF Board, IRAS, IMDA, HPB (employees only).
We will seek fresh consent from you if the original purpose for the disclosure of the personal data has changed. Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
7. How We Handle Request for Withdrawal of Consent
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you. Request for withdrawal of consent can take the form of an email or letter to us.
You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request) to process your request and notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 10 business days of receiving it.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
8. How We Ensure the Accuracy of Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.
If we are in an ongoing relationship with you, it is important that you update us of any changes to his/her personal data (such as a change in contact number, email and mailing address).
9. How We Protect Personal Data
We have implemented appropriate administrative, physical and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data. We will only share your data with authorised persons on a ‘need to know’ basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your data and are constantly reviewing and enhancing our information security measures.
10. How We Retain Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data provided to us, in paper or electronic forms. We will not retain any personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing personal data in a proper and secure manner when the retention limit is reached.
11. How We Handle Request to Access and Make Correction to Personal Data
If you wish to make:
- an access request for access to
- a copy of the personal data which we hold about you or
- information about the ways in which we use or disclose your personal data.
- a correction request to correct or update any of the personal data which we hold about you.
Request for to access and make correction can take the form of an email or letter to us. We will respond to your request as soon as reasonably possible, or within 30 days. If we are unable to do so within the 30 days, we will let you know and give an estimate of how much longer we require. We may also charge a reasonable fee for the cost involved in processing your access request.
12. How We Manage the Transfer of Personal Data
We do not transfer personal data to countries outside of Singapore except for training courses accredited by overseas Certification Authorities and educational institutions (such as IRCA and CQI).
We will obtain consent from the individual for the transfer to be made and we will take steps to ensure that his/her personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisits our website or in filling electronic Forms.
Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of the person computer at the end of the session.
You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.
14. Contacting Us
You may contact our Data Protection Officer (DPO) via email if you have any enquiries, complaints or feedback on our personal data protection policies and procedures, or if you wish to make any requests.
Our DPO could be contacted via email: firstname.lastname@example.org. Tel: 6749 5698.
Attn: P M Yau / M W Ho
We treat all enquiries, complaints, feedback and requests seriously and will deal with them confidentially and within a reasonable time.
15. Effect of Notice and Changes to Notice
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgment and acceptance of such changes.
Effective Date: 1 March 2021
Updated on: 10 December 2021