Data Protection Policy
This Data Protection Notice (“Notice”) sets out the basis which Uniquestz Pte Ltd may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organizations which we have engaged to collect, use, disclose or process personal data for our purposes.
We respect your privacy and protect your personal data
We are open and transparent to customers that we served, we know privacy is important and we take it seriously.
Our business is conducted in compliance with the Personal Data Protection Act (PDPA) and have continue to implement measures to protect our customer personal information.
Use of personal Information
We do not use your personal information for any purposes without your consensus or which are permitted under local laws and regulations. Personal information will be retained for only as long as there is a business or legal need.
Information Sharing
We may share your information with business partners and vendors we work with to deliver the service you have with us. Your information is disclosed only for relevant purposes.
Protecting your information
We implemented tight measures to protect and secure personal data. To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption to secure storage and transmission of personal data by us. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
-
Our network is safeguards to prevent security breaches.
-
Limits access of data or information of our business partner, customer and suppliers.
-
Implemented strict verification process to prevent unauthorized access to information
Withdrawing your consent
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via
-
Email to pdpaofficer@uniquestz.com
-
Submit by this link https://www.uniquestz.com/contact
Videos
PDPA Videos
Articles
PDPA Posts
Data Protection Obligations under the PDPA
Organisations are responsible for personal data in their possession or under their control, and are required to comply with these obligations when undertaking activities relating to the collection, use or disclosure of personal data.
Click here to access the infographics
Frequently Asked Questions
What is personal data?
Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.
In determining personal data, organisations should consider (i) whether the purpose of the information about or relates to an individual (e.g., information about an individual’s health, educational, employment background, activities); and (ii) whether the individual is identifiable from that data. In general, there should be at least two data elements in the dataset before individuals can be identified. The nature of data will also affect identifiability.
What are the new data protection obligation under the PDPA
The enhanced PDPA includes two new obligations, namely the data breach notification obligation and the data portability obligation.
How much personal data can an organisation collect, use or disclose?
Under the PDPA, an organisation may collect, use or disclose personal data only for reasonably appropriate purposes under the circumstances. Organisations should notify individuals of the purposes for the collection, use and disclosure of personal data, and seek individuals’ consent for the collection, use and disclosure of the personal data unless an exception under the PDPA applies.
Must all organisations appoint a data protection officer?
All organisations, including sole proprietorships, are required to designate at least one person, a Data Protection Officer (DPO), to be responsible for ensuring that the organisation complies with the PDPA.
Organisations are also required to ensure that at least one DPO’s business contact information is made available to the public. The business contact information may be a general telephone or email address of the organisation.
The DPO may be a person whose scope of work solely relates to data protection or a person in the organisation who takes on this role as one of his multiple responsibilities. To be clear, compliance by the organisation with the PDPA remains the responsibility of the organisation notwithstanding the appointment of the data protection officer.
How long can an organisation retain its customer's personal data?
The PDPA does not prescribe the retention period of personal data. However, an organisation should cease to retain its documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose of collection is no longer served by the retention; and retention is no longer necessary for business or legal purposes.
Organisations are not required to delete or destroy a customer’s personal data upon the customer’s request, and may retain it as long as there is a business or legal reason to do so
What are the financial Penalties for breaches of PDPA
The financial penalties for breaches of the Data Protection Provisions are currently capped at $1 million. This cap will be revised to $1 million or up to 10% of the organisation’s annual gross turnover in Singapore, whichever is higher.
The financial penalties for breaches of the Do Not Call Provisions are now capped at $1 million for organisations and $200,000 for individuals. This cap will be revised to $1 million or 5% of the organisation’s annual gross turnover in Singapore, whichever is higher, where a breach involves egregious conduct.
The abovementioned revised financial penalty caps will take effect no earlier than 1 February 2022.
How can an organisation obtain an individual's consent for the collection, use or disclose of his or her personal data?
Consent can be obtained in a number of different ways. As a best practice, an organisation should obtain consent that is in writing or recorded in a manner that is accessible for future reference, for example, if the organisation is required to prove that it had obtained consent.
An organisation may also obtain consent verbally although it may correspondingly be more difficult for an organisation to prove that it had obtained consent. For such situations, it would be prudent for the organisation to document the consent in some way.
Under what circumstances will the PDPC commence and initiate an investigation into the public complaints?
In general, the PDPC may commence an investigation either upon receiving a complaint from an individual against an organisation or of its own motion.
Upon receiving a complaint or other information that indicates that an organisation has or may have contravened the PDPA, the PDPC will first consider:
a) Whether the matter may be more appropriately resolved in the manner set out in Part II of Advisory Guidelines on Enforcement of Data Protection Provisions, that is, by resolving the underlying dispute between the complainant and the organisation. Additionally, when a complaint relates to access and correction matters, the PDPC will generally conduct a review instead of an investigation; and
b) Otherwise, the PDPC may commence an investigation into the conduct of an organisation if the PDPC considers that an investigation is warranted, based on the information it has obtained.
We're Here To Help!
Office
60 Kaki Bukit Place #07-04 Eunos Techpark, Singapore 415979
Hours
S-S: Closed