This policy outlines the responsibility of Ensign InfoSecurity Pte Ltd (Ensign InfoSecurity) in relation to the collection, processing, usage and disclosure of your Personal Data (as defined below). This is designed to protect the confidentiality of the Personal Data and regulate the way it is managed.
This policy supplements but does not in any way supersede nor replace any other consents you may have previously provided to us, and your consents herein are additional to any rights which we may have at law to collect, use, disclose and manage your Personal Data.
1.0 Personal Data
1.1 Personal Data ("Personal Data"), which is personal information that links back to an individual, includes but is not limited to:
a. name, gender, date of birth, passport or other personal identification numbers, images, photographs, videos, closed circuit television (CCTV) footage, voice recordings;
b. contact information e.g., address, phone number, email address;
c. payment information e.g., bank name, bank branch, bank code and account number, including the name of account holder;
d. biometric information;
e. health information e.g., medical records or requests; and
f. technical information e.g., IP address or device identification.
1.2 The types of data that Ensign InfoSecurity collects depends on the circumstances of the collection and on the nature of the service requested or transaction undertaken.
1.3 If you choose to make an enquiry or an application (including a job application through our website), send us an email, approach us in person or through any of our various offices in Singapore and overseas, we may require you to provide contact and identity information and other personal data (including name, address, contact details). Where possible, we have indicated the fields which are required and the fields which are optional.
2.0 Purpose for Collection, Processing, Usage and Disclosure
2.1 Generally, Ensign InfoSecurity collects Personal Data either directly from you or your authorised representatives (i.e. persons who have been validly identified as being authorised by you through our security procedures) in the following ways:
a. when you submit forms relating to or purchase or use any of our products or services;
b. when you interact with our customer service officers, including via telephone calls, face-to-face meetings and emails;
c. when you request that we contact you or be included in an email or other mailing list;
d. when you respond to our promotions or other incentives;
e. when you respond to our request for additional Personal Data;
f. when you respond to our surveys;
g. when you submit a job application;
h. when we receive references from business partners and third parties, for example, where you have been referred by them;
i. when you submit your Personal Data to us for any other reasons; and
2.2 We collect, use, disclose and/or share your personal information for the following purposes:
a. to communicate with you on any queries you may have;
b. to process your order and deliver products and services to you;
c. to manage the administration and business operations of Ensign InfoSecurity and complying with our policies and procedures;
d. for service improvements, resolving complaints and disputes;
e. for identity verification purposes;
f. to communicate with you and/or to keep records in connection with a job application and other job opportunities;
g. in relation to a job application by you,
i. to contact the referee(s) and/or guarantor(s) whose details have been provided by you;
ii. to verify your academic and professional qualification by contacting the school/college/university/institute/professional qualifying bodies; and
iii. to disclose your personal data to Ensign InfoSecurity's customers in connection with your job application;
h. for employee training and performance evaluation;
i. to provide access controls;
j. to update our records and generally maintain your accounts with us;
k. to detect and prevent fraudulent activity;
l. to meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on Ensign InfoSecurity (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations).
2.3 Furthermore, where permitted under applicable laws, we may collect, use and disclose your Personal Data for the following additional purposes:
a. analytics and tracking, including facilitating the sale of analytical data;
b. conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics to develop special offers and marketing programmes in relation to our products and services and to improve our service delivery and your customer experience at our touchpoints;
c. providing additional products and services and benefits to you;
d. matching your Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision, marketing or offering of products and services to you;
e. leads generation and management for marketing products and services of Ensign InfoSecurity;
f. administering contests, competitions and marketing campaigns, and personalising your experience at our touchpoints;
g. organising promotional events; and
h. purposes which are reasonably related to the aforesaid.
2.4 Ensign InfoSecurity does not practise sharing, renting or selling of Personal Data with third parties. However, each member of the Group may share your personal information with members of Ensign InfoSecurity (which includes our affiliates, subsidiaries and joint ventures worldwide). Access to Personal Data is limited to persons whom we reasonably believe requires access for effective delivery of our products and services to you, to process your job application or for the purposes set out herein.
2.5 We may also collect, use and disclose such personal information if so authorised or required by law or the relevant authorities, or exempted under the relevant Personal Data Protection Act or Privacy Act to do so.
2.6 Further, we may disclose or share your Personal Data in the following circumstances:
a. Third Party Service Providers: We may disclose your personal data to third parties:
i. contracted by us to assist us in delivering part or all of the products and services ordered by you;
ii. who provide services as part of the promotions or services offered to you;
iii. who provide services to us such as professional advisers, IT consultants etc.;
iv. credit bureaus for the purpose of preparing credit reports or evaluation of creditworthiness;
v. bankers, insurers, credit card companies and any of their respective service providers
b. With your consent: We may seek your consent to collect, hold, use and disclose your personal data for any other purpose not set out herein.
c. Business Transfers: As we continue to develop our business, we might sell or buy businesses, subsidiaries or business units or undertake a merger. In such transactions, customer information may be one of the transferred business assets.
2.7 Ensign InfoSecurity shall use its best endeavours to ensure that its employees, officers, partners and such other third parties mentioned above who are involved in the collection, processing and disclosure of Personal Data will observe and adhere to the terms of this policy.
2.8 Ensign InfoSecurity also reserves the right to share your Personal Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entity. Further, Ensign InfoSecurity may disclose your Personal Data to law enforcement agencies, government representative and our advisers, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
3.1 Ensign InfoSecurity needs your assistance to ensure that your Personal Data is current, complete and accurate. We understand that this information may from time to time change. We encourage you to contact us as soon as possible to enable us to update any Personal Data we have about you. Incomplete or outdated Personal Data may result in our inability to provide you with products and services you have requested or complete the applications sought.
4.0 Access, Correction and Withdrawal
4.1 If you wish to:
a. apply for a copy of the personal data we hold about you;
b. request for your personal data to be updated or corrected; or
c. withdraw the consent you previously provided to us to use the Personal Data we hold about you, please contact the Data Protection Officer in Ensign InfoSecurity listed at the contact set out in Section 10 below.
4.2 Please allow us reasonable time to respond to any request and effect any change. Should we not be able to respond to your request within 30 days after receiving your request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. We may ask you to verify your identity and for more information about your request. Access is only limited to your own data and no others.
4.3 Where we are legally permitted to do so, we may refuse your request and give you reasons for doing so. In such cases, you may resubmit a request with other supporting valid reasons to the Data Protection Officer in Ensign InfoSecurity listed at the contact set out in Section 10 below. Where you request your personal data to be updated and there is a dispute about the facts, we will make a note on your personal data of such dispute. Where permitted to do so, we may charge an administrative fee for access requests.
4.4 Please note that if your Personal Data has been provided to us by a third party (e.g. a referral), you should contact that organisation or individual to make such queries, complaints, and access and correction requests. This is to ensure that your queries, complaints, and access and correction requests are properly processed by the organisation or individual.
4.5 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products and services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with us, and your being in breach of your contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.
5.1 Ensign InfoSecurity will retain your Personal Data for the duration of time to carry out the purposes for which your personal data was collected, for the other purposes set out in this policy, for business purposes and as required by relevant laws. For the avoidance of doubt, Ensign InfoSecurity may retain your Personal Data for any of the foregoing reasons notwithstanding any notice to withdraw the consent you previously provided to us to use the Personal Data we hold about you.
6.1 Ensign InfoSecurity has implemented stringent measures to protect the confidentiality of your personal data. We will take reasonable care to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. These include limiting access to information in our systems, authentication processes to prevent unauthorised access to information and safeguards to prevent security breaches in our network and database systems.
6.2 Further, we have appointed Data Protection Officers to oversee our management of your Personal Data in accordance with what are stated in this policy as well as the applicable laws. We train our employees who handle your Personal Data to respect the confidentiality of your Personal Data. We regard breaches of Personal Data seriously.
6.3 We may transfer, store, process and/or deal with your personal data outside Singapore. In doing so, we will comply with the PDPA and other applicable data protection and privacy laws.
7.0 Third Party Websites
7.1 Our websites may contain links to third party sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to consult the applicable privacy policies governing those sites. Ensign InfoSecurity is not responsible for any information that is submitted to or collected by these third parties.
8.0 Cookies and Google Analytics
9.0 Updates to the Policy
9.1 This policy will be reviewed and updated from time to time by Ensign InfoSecurity to take into account new laws, technological changes, changes to our operations and practices and industry trends.
9.2 Subject to your rights at law, you agree to be bound by the prevailing terms of our Personal Data Protection guidelines as updated from time to time on our websites. Please check back regularly for updated information on the handling of your Personal Data.
10.0 Contact Us
10.1 If you have any comments or queries or would like to access, correct or withdraw your Personal Data or complaint relating to how we manage your personal data, please contact our Data Protection Officer (DPO) in writing at the address below referencing "Personal Data Protection Act":
Ensign InfoSecurity Data Protection Officer (DPO)
30A Kallang Place, #08-01, Singapore 339213
Main line: +65 6788 2882
Updated as of 11 November 2021