{"id":6048,"date":"2021-05-27T17:29:36","date_gmt":"2021-05-27T09:29:36","guid":{"rendered":"https:\/\/www.npn.sg\/?page_id=6048"},"modified":"2023-11-14T11:10:15","modified_gmt":"2023-11-14T03:10:15","slug":"dataprotection","status":"publish","type":"page","link":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/","title":{"rendered":"Data Protection"},"content":{"rendered":"\r\n<div class=\"vce-row-container\" data-vce-boxed-width=\"true\">\r\n<div id=\"el-33f433f6\" class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" data-vce-do-apply=\"all el-33f433f6\">\r\n<div class=\"vce-row-content\" data-vce-element-content=\"true\">\r\n<div id=\"el-44471bc9\" class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\">\r\n<div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background el-44471bc9\">\r\n<div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-44471bc9\">\r\n<div class=\"vce-single-image-container vce-single-image--align-left\">\r\n<div id=\"el-d8b7a79e\" class=\"vce vce-single-image-wrapper\" data-vce-do-apply=\"all el-d8b7a79e\">\r\n<figure>\r\n<div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"padding-bottom: 31.25%; width: 1920px;\"><img class=\"vce-single-image\" title=\"\" src=\"\/sg\/wp-content\/uploads\/2022\/01\/dataProtectBanner.jpg\" alt=\"\" data-img-src=\"\/sg\/wp-content\/uploads\/2022\/01\/dataProtectBanner.jpg\" \/><\/div>\r\n<figcaption hidden=\"\"><\/figcaption><\/figure>\r\n<\/div>\r\n<\/div>\r\n<div class=\"vce-raw-html\">\r\n<div id=\"el-f4b2fa92\" class=\"vce-raw-html-wrapper\" data-vce-do-apply=\"all el-f4b2fa92\">\r\n<div class=\"bannerTitle\">Data Protection Policy<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<div class=\"vce-row-container\" data-vce-boxed-width=\"true\">\r\n<div id=\"el-490358a3\" class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" data-vce-do-apply=\"all el-490358a3\">\r\n<div class=\"vce-row-content\" data-vce-element-content=\"true\">\r\n<div id=\"el-b2cc4acb\" class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\">\r\n<div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background el-b2cc4acb\">\r\n<div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-b2cc4acb\">\r\n<div class=\"vce-raw-html contentText\">\r\n<div id=\"el-9ef10b84\" class=\"vce-raw-html-wrapper\" data-vce-do-apply=\"all el-9ef10b84\">\r\n<div class=\"content\">\r\n<h3><span style=\"font-size: 12pt;\">1) Overview<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">1.1) Purpose<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">The purpose of this policy is to set out New POS Network(S) Pte Ltd\u2019s\r\n(\u201c<strong>the Company<\/strong>\u201d) procedures on protection of personal data of individuals in the Company\u2019s\r\ncustody. It contains important information about how and why the Company collects, uses and discloses personal\r\ndata of individuals. This policy takes into consideration the Personal Data Protection Act 2012\r\n(\u201c<strong>PDPA<\/strong>\u201d) and all applicable PDPA advisory guidelines.<\/span>\r\n<h3><span style=\"font-size: 12pt;\">2) Personal Data Protection Act 2012<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\">2.1) The PDPA establishes a data protection law in\r\nSingapore that comprises various rules governing the collection, use, disclosure, access to, correction and\r\ncare of individuals\u2019 personal data by organisations. It recognises both the rights of individuals to protect\r\ntheir personal data, including rights of access and correction, and the needs of organisations to collect, use\r\nor disclose personal data for legitimate and reasonable<\/span><\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\">2.2) The PDPA contains 2 main sets of provisions,\r\ncovering data protection (effective 2 July 2014) and a Do Not Call (\u201cDNC\u201d) Registry (effective 2 January\r\n2014).<\/span><\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\">2.3) The DNC provisions generally prohibits\r\norganisations from sending certain marketing messages (in the form of voice calls, text or fax messages) to\r\nindividuals with Singapore telephone numbers, registered with the DNC<\/span><\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\">2.4) The Company intends to comply with all\r\napplicable provisions covering data protection by implementing certain procedures as set out<\/span><\/span>\r\n<h3><span style=\"font-size: 12pt;\">3) Definitions<\/span><\/h3>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">3.1) Personal Data<\/span><\/p>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">Personal data refers to data, whether true or not,\r\nabout an individual who can be identified from that data; or from that data and other information to which the\r\norganisation has or is likely to have access to.<\/span><\/p>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">This includes unique identifiers (e.g. NRIC number,\r\npassport number, fingerprint); as well as any set of data (e.g. name, age, address, telephone number,\r\noccupation, etc) which when taken together would be able to identify the individual.<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">3.2) Data Protection Officer<\/span><\/p>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">Data Protection Officer (\u201cDPO\u201d) means an individual\r\ndesignated by the organisation under Section 11(3) of the Personal Data Protection Act 2012 (\u201cAct\u201d) who is\r\nresponsible for ensuring that the organisation complies with this Act or an individual to whom the\r\nresponsibility of the data protection officer has been delegated under section 11(4) of the Act.<\/span><\/p>\r\n\r\n<h3><span style=\"font-size: 12pt;\">4) The Company\u2019s Personal Data Inventory<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\">4.1) The Company has the following personal data in\r\nits custody:<\/span><\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><u>Employees<\/u><\/span>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">The Company collects personal data of its employees\r\nincluding but not limited to name, address, telephone numbers, e-mail address, NRIC number, passport number, FIN\r\n(Foreign Identification Number), date and place of birth, nationality, gender, resume, education background,\r\nemployment history etc in connection with the employees\u2019 employment or job applications with The Company.<\/span><\/p>\r\n<span style=\"font-size: 12pt;\"><u>Customer<\/u><\/span>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">a. <u>Individuals<\/u><\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">The Company has in custody personal data of\r\nindividuals who:<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(i) have made online purchases via any of the\r\nplatforms operated by the Company; and\/or<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(ii) have consented to companies\r\n(\u201c<strong>Transferring Companies<\/strong>\u201d) to send them marketing messages. Such Transferring Companies then\r\ncontract with the Company as an outsourced service provider to send marketing messages to such\r\nindividuals.<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">Such personal data include but not limited to name,\r\naddress, mobile and telephone numbers, e-mail address, NRIC number, passport number, FIN (Foreign Identification\r\nNumber), date and place of birth, nationality, gender, education background, etc.\r\n<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">For the avoidance of doubt, PDPA requirements do not\r\napply to corporate entities and hence they are not in scope of this policy.<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">b. <u>Copies of identity papers of directors and\/or\r\nauthorised signatories of our corporate clients<\/u><\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">The Company is required to comply with all applicable\r\nanti-money laundering and countering financing of terrorism (\u201cAML\/ CFT\u201d) laws, rules and regulations. Under the\r\nCompany\u2019s AML\/CFT Policy, we are required to collect KYC documents relating to its corporate customers. Such KYC\r\ndocuments may include copies of identity papers such as NRICs or passports of directors and\/or authorised\r\nsignatories of our corporate customers. For the purpose of meeting the AML\/ CFT requirements, the Company will\r\ncollect, use and disclose such information without the corporate customers\u2019 consent as allowed by the\r\nregulations.<\/span><\/p>\r\n<span style=\"font-size: 12pt;\">4.2) It is important to note that the PDPA does not apply to business contact\r\nBusiness contact information refers to individual\u2019s name, position name or title, business telephone number,\r\nbusiness address, business electronic mail address or business fax number and any other similar information\r\nabout the individual, not provided by him or her solely for his or her personal purposes.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">For the avoidance of doubt, the Company is not required to obtain consent before\r\ncollecting, using or disclosing any business contact information or comply with any other obligations in the\r\nData Protection Provisions in relation to business contact information.<\/span>\r\n<h3><span style=\"font-size: 12pt;\">5) Collection of Personal Data<\/span><span style=\"font-size: 12pt;\"><strong>\u00a0<\/strong><\/span><\/h3>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">5.1) Generally, the Company collects personal data\r\nfrom the following sources:<u> Employees<\/u><\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">The personal data that we collect and process on our\r\nemployees is sourced from:<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(a) information provided by employees and\/or relevant\r\nthird parties in the course of a potential employee applying for a position with us; and<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(b) information provided by employees, relevant third\r\nparty information sources, or information otherwise generated upon a potential employee being hired and in the\r\ncourse of employment with \u2013\u00a0<\/span><\/p>\r\n<span style=\"font-size: 12pt;\"><u>Customers<\/u><\/span>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">The Company collects customers\u2019 personal data from the\r\nfollowing sources:<\/span><\/p>\r\n\r\n<ul>\r\n \t<li><span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\"><span style=\"font-size: 12pt;\">Personal data\r\nprovided by the customers:<\/span><\/span><\/span><\/li>\r\n<\/ul>\r\n<p style=\"padding-left: 60px;\">(a) through customers\u2019 relationship with us, for example information provided in\r\napplication forms, survey and feedback forms and\/or agreements entered into with us, when using our products or\r\nservices;<\/p>\r\n<p style=\"padding-left: 60px;\">(b)\u00a0<span style=\"font-size: 12pt;\">through verbal and written communications\r\nwith us;<\/span><\/p>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">(c) from an analysis of the customers\u2019 transactions\r\nand from the payments which are made; and\/or<\/span><\/p>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">(d) through the Company\u2019s mailbox.<\/span><\/p>\r\n\r\n<ul>\r\n \t<li><span style=\"font-size: 12pt;\">Personal data from third party sources connected with customers:<\/span><\/li>\r\n<\/ul>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">(a) from any relevant third parties connected with the\r\ncustomers; and\/or<\/span><\/p>\r\n<p style=\"padding-left: 60px;\"><span style=\"font-size: 12pt;\">(b)\u00a0<\/span><span style=\"font-size: 12pt;\">from\r\nany other sources which the customer has consented to as provided for in our terms and conditions and\/or\r\napplication form or where lawfully permitted<\/span><\/p>\r\n<span style=\"font-size: 12pt;\">5.2) Unless permitted under the PDPA or any other laws, regulations and\r\nguidelines, the Company shall not collect personal data without the consent of the individual<\/span>\r\n<h3><span style=\"font-size: 12pt;\">6) Purposes for the Collection, Use and Disclosure of Personal Data<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">6.1) Generally, the Company collects, use and discloses personal data for the\r\nfollowing purposes as described below.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><u>Employees<\/u><\/span>\r\n\r\n<span style=\"font-size: 12pt;\">The Company may collect, process and use, and retain employees\u2019 (including\r\npotential employees) personal data for our legitimate activities, including but not limited to:<\/span>\r\n<ul>\r\n \t<li><span style=\"font-size: 12pt;\">assessing employee\u2019s suitability for the job;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">verifying employee\u2019s information and conducting reference checks;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">conducting background checks if the employee is offered a job;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">general administrative and record keeping purposes;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">headcount and payroll planning;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">workforce development, training and certification;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">performance management;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">approving and monitoring employee benefits and entitlements;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">posting employee\u2019s photograph on the intranet and email directory;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">maintain emergency contact details;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">audit, risk management and security and\/or compliance purposes;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">internal investigations and legal proceedings;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">purposes as required by regulators; and\/ or<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">other purposes as may be required by any laws, regulations and<\/span><\/li>\r\n<\/ul>\r\n<span style=\"font-size: 12pt;\"><u>Customers<\/u><\/span>\r\n\r\n<span style=\"font-size: 12pt;\">The Company may collect, use and disclose customers\u2019 personal data for one or more\r\nof the following purposes:<\/span>\r\n<ul>\r\n \t<li><span style=\"font-size: 12pt;\">to confirm and verify the customer\u2019s identity;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to assess application(s) \/inquiry(ies) for our products and services;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to process the customer\u2019s transaction in relation to his\/her investment(s) in\r\nany of our products and services;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to manage our business and the customer\u2019s relationship with us;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to notify customers about benefits and changes to the features of products and\r\nservices;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to respond to customers\u2019 enquiries and complaints and generally to resolve\r\ndisputes;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to update, consolidate and improve the accuracy of our records;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to produce data, reports and statistics which have been anonymised or\r\naggregated in a manner that does not identify the customer as an individual;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to conduct research for analytical and\/or statistical assessments;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to facilitate audit, risk management and\/or compliance;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to assess financial and insurance risks;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to conduct AML\/ CFT checks for risk detection and prevention; and\/or<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">to provide to relevant regulatory authorities and for any other purpose that is\r\nrequired or permitted by any laws, regulations and<\/span><\/li>\r\n<\/ul>\r\n<span style=\"font-size: 12pt;\">6.2) Further, the Company may rely on the Legitimate Interests exception to\r\ncollect, use and disclose personal data without consent for purposes of prevention of misuse of services, for\r\nevaluative purposes, for any investigation or proceedings, for recovery or payment of debt owed, detecting or\r\npreventing illegal activities (e.g. fraud, money laundering) or threats to physical safety and security, IT and\r\nnetwork security and carrying out other necessary corporate due diligence. \u201cLegitimate interests\u201d generally\r\nrefer to any lawful interests of an organisation or other person (including other organisations).<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">6.3) The Company may continue to use personal data about an individual collected\r\nbefore 2 July 2014, the effective date of the data protection provisions of the PDPA, for the purposes for which\r\nthe personal data was collected unless the employee or the customer has withdrawn<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">6.4) The Company may disclose personal data for the purposes indicated above to\r\nour employees, third parties, service providers, advisors, related entities, which includes, without limitation,\r\nthe following persons or entities:<\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><u>Employees<\/u><\/span>\r\n\r\n<span style=\"font-size: 12pt;\">To the extent necessary, the Company may disclose employees\u2019 personal data to a\r\nlimited number of the Company\u2019s employees whose job necessitates that they maintain, compile or otherwise have\r\naccess to employees\u2019 personal data. The Company may also disclose employees\u2019 personal data to third parties that\r\nthe Company deals with for the purpose of providing our products and services to our customers and generally\r\noperating our business.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\"><u>Customers<\/u><\/span>\r\n\r\n<span style=\"font-size: 12pt;\">The Company may disclose customers\u2019 personal data (to the extent necessary) to the\r\nfollowing third parties:<\/span>\r\n<ul>\r\n \t<li><span style=\"font-size: 12pt;\">companies and\/or organisations that act as our agents and\/or professional\r\nadvisers;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">companies and\/or organisations that assist us in processing and\/or otherwise\r\nfulfilling transactions that the customer has requested;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">any person notified by the customer as authorised to give instructions on his\/\r\nher behalf;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">any competent authority(ies) and\/or regulator(s),<\/span><\/li>\r\n<\/ul>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">subject at all times to any laws (including\r\nregulations, guidelines and\/or obligations) applicable to the Company.<\/span><\/p>\r\n<span style=\"font-size: 12pt;\">6.5) Unless permitted under the PDPA or any other laws, regulations and\r\nguidelines, the Company shall not use or disclose the personal data for any other purpose, without first\r\nidentifying and documenting the other purpose and obtaining the consent of the affected employee or\r\ncustomer.<\/span>\r\n<h3><span style=\"font-size: 12pt;\">7) Withdrawal of Consent<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">7.1) Employees or customers are able to withdraw their consent to the Company\u2019s\r\ncontinued use and disclosure of personal data as described in this Policy at any Such withdrawal should be made\r\nformally in writing to the Data Protection Officer (\u201cDPO\u201d) of the Company.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">7.2) If consent is withdrawn by an employee, the Company may need to discontinue\r\nhis\/her employment with the company. If consent is withdrawn by a customer, the Company may no longer be able to\r\nprovide the requested products or services and our relationship with the customer may have to be<\/span>\r\n<h3><span style=\"font-size: 12pt;\">8) Protection of Personal Data<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">8.1) The Company places great importance on ensuring the security of the personal\r\ndata in our custody against risks of authorised access, collection, use, disclosure, copying, modification,\r\ndisposal or destruction. The Company has implemented security measures which include computer safeguards and\r\npassword-protected files to enhance the security of such personal In addition, all employees\u2019 hardcopy personal\r\nfiles are maintained by the HR Department under lock and key. The Company will regularly review and implement\r\nappropriate security measures when processing and retaining personal data.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">8.2) Employees of the Company are required to handle personal data securely and\r\nwith strict confidentiality, failing which they may be subject to disciplinary action.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">8.3) Further, the Company will impose compliance with data confidentiality\r\nrequirements on our agents, third party service providers, consultants and professional advisors in our working\r\nrelationships and\/ or agreements with these<\/span>\r\n<h3><span style=\"font-size: 12pt;\">9) Access to Personal Data<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">9.1) A customer may make a request to access his\/her personal data which is in the\r\nCompany\u2019s possession or control. The customer must complete a data access and correction request form (Refer to\r\n<strong>Appendix A<\/strong>), provide all necessary documents and make the requisite service fee payment, where\r\nrelevant, as prescribed in the DAR The Company aims to revert within 30 days from the receipt of the DAR form.\r\nIf the Company is unable to comply with the DAR requirements within the said timeframe, the Company will inform\r\nthe customer of the extended timeframe by which the response will be provided in relation to the request.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">9.2) To the extent required by PDPA, upon request by a customer, the Company shall\r\nprovide information relating to how the customer\u2019s personal data has been or may have been used or disclosed\r\nwithin a year before the date of such request. The Company may also provide a standard list of possible third\r\nparties as part of its response to all access requests for information relating to the disclosure of personal\r\ndata during such<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">9.3) Employees who wish to access their personal data should contact the HR\r\nDepartment. Potential employees who were subsequently not employed by the Company or former employees of the\r\nCompany should complete the DAR form as mentioned<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">9.4) The Company may not be able to provide access to all of the personal data\r\nthat they hold about an individual. For example, the Company may not provide access to personal data if such\r\nprovision could reveal personal data about another individual, if such information is subject to legal privilege\r\nor if provision will be contrary to national interest or where such refusal is permitted under the If access to\r\npersonal data cannot be provided, the reasons for denying access will be provided to the customer within 30 days\r\nof receipt of the DAR form, subject to any legal or regulatory constraints.<\/span>\r\n<h3><span style=\"font-size: 12pt;\">10) Accuracy and Correction of Personal Data<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">10.1) A customer may make a request to correct or update his\/her personal data\r\nwhich is in the Company\u2019s possession or control. The customer must complete a data access and correction request\r\nform (Refer to <strong>Appendix A<\/strong>) and provide all necessary documents or information as prescribed in\r\nthe said The Company will correct or update his\/her personal data found to be inaccurate or incomplete as soon\r\nas practicable. Any unresolved differences as to accuracy or completeness of his\/her personal data shall be\r\nnoted in the customer\u2019s records.<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">10.2) Employees who wish to correct or update their personal data should contact\r\nthe HR Department. Potential employees who were subsequently not employed by the Company or former employees of\r\nthe Company should complete the said form as mentioned<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">10.3) The Company may refuse to correct or update personal data as requested in\r\nthe said form in certain instances. For example, the Company is unable to confirm the customer\u2019s identity or\r\nwhere such refusal is permitted under the PDPA. If the Company denies customer\u2019s correction request, the Company\r\nwill inform the customer the reason for the refusal within 30 days of receipt of the said form, subject to any\r\nlegal or regulatory<\/span>\r\n<h3><span style=\"font-size: 12pt;\">11) Offences and Penalties<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">11.1) An organisation or person commits an offence if the organisation or person\r\n\u2014<\/span>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(a) with an intent to evade a request under section 21\r\nor 22, disposes of, alters, falsifies, conceals or destroys, or directs another person to dispose of, alter,\r\nfalsify, conceal or destroy, a record containing:-<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(i) personal data; or<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(ii) information about the collection, use or\r\ndisclosure of personal data;<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(b) obstructs or impedes the Commission* or an\r\nauthorised officer in the exercise of their powers or performance of their duties under this Act; or<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(c) knowingly or recklessly makes a false statement to\r\nthe Commission*, or knowingly misleads or attempts to mislead the Commission*, in the course of the performance\r\nof the duties or powers of the Commission* under this<\/span><\/p>\r\n<span style=\"font-size: 12pt;\">* Personal Data Protection Commission<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">11.2) An organisation or person that commits an offence under section 1 (a) above\r\nis liable:-<\/span>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(a) in the case of an individual, to a fine not\r\nexceeding $5,000; and<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(b) in any other case, to a fine not exceeding\r\n$50,000.<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">An organisation or person that commits an offence\r\nunder Chapter 11.1 (b) or (c) is liable:-<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(a) in the case of an individual, to a fine not\r\nexceeding $10,000 or to imprisonment for a term not exceeding 12 months or to both; and<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(b) in any other case, to a fine not exceeding\r\n$100,000.<\/span><\/p>\r\n<span style=\"font-size: 12pt;\">11.3) Where an offence under this Act committed by a body corporate^ is\r\nproved:-<\/span>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(a) to have been committed with the consent or\r\nconnivance of an officer<sup>#<\/sup>; or<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">(b) to be attributable to any neglect on his part, the\r\nofficer as well as the body corporate^ shall be guilty of the offence and shall be liable to be proceeded\r\nagainst and punished accordingly.<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">Where the affairs of a body corporate^ are managed by\r\nits members, section 11.3 (a) shall apply in relation to the acts and defaults of a member in connection with\r\nhis functions of management as if he were a director of the body corporate^.<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">^ includes a limited liability partnership<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\"># in relation to a body corporate, means any director,\r\npartner, member of the committee of management, chief executive, manager, secretary or other similar officer of\r\nthe body corporate and includes any person purporting to act in any such capacity;<\/span><\/p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-size: 12pt;\">the officer or member shall be guilty of the offence\r\nand shall be liable to be proceeded against and punished accordingly.<\/span><\/p>\r\n<span style=\"font-size: 12pt;\">11.4) Any act done or conduct engaged in by a person in the course of his\r\nemployment (\u201c<strong>the Employee<\/strong>\u201d) shall be treated for the purposes of this Act as done or engaged in\r\nby his employer as well as by him, whether or not it was done or engaged in with the employer\u2019s knowledge\r\nor<\/span>\r\n\r\n<span style=\"font-size: 12pt;\">In any proceedings for an offence under this Act brought against any person in\r\nrespect of an act or conduct alleged to have been done or engaged in, as the case may be, by an Employee of that\r\nperson, it is a defence for that person to prove that he took such steps as were practicable to prevent the\r\nEmployee from doing the act or engaging in the conduct, or from doing or engaging in, in the course of his\r\nemployment, acts or conduct, as the case may be, of that description.<\/span>\r\n<h3><span style=\"font-size: 12pt;\">12) Retention of Personal Data<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">12.1) The Company will retain employees and\/or customers\u2019 personal data as set out\r\nbelow:<\/span>\r\n<ul>\r\n \t<li><span style=\"font-size: 12pt;\">for the duration of the employee and\/or customers\u2019 relationship with us;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">for such period as may be necessary to protect the Company\u2019s interests and\/or\r\nour customers or employees;<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">where otherwise required by laws, regulations and guidelines; and\/or<\/span><\/li>\r\n \t<li><span style=\"font-size: 12pt;\">where required by the Company in order for us to perform our duties in the\r\ndischarge of our duties and obligations.<\/span><\/li>\r\n<\/ul>\r\n<h3><span style=\"font-size: 12pt;\">13) Data Protection Officer<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">13.1) Please refer to <strong>Appendix B<\/strong> for the appointed Data\r\nProtection Officer of the Company. Business contact information of the Data Protection Officers will be\r\navailable on the Company\u2019s website. Under the PDPA, the Data Protection Officer is responsible for facilitating\r\nthe Company\u2019s compliance with the PDPA. For the avoidance of doubt, primary responsibility for compliance with\r\nthe PDPA remains with the Company.<\/span>\r\n<h3><span style=\"font-size: 12pt;\">14) Complaints Procedures<\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">14.1) If a customer or an employee of the Company has reason to believe that\r\nhis\/her personal data has been misused by the Company, the customer or the employee is advised to lodge a\r\ncomplaint with the Data Protection Officer of the Company who will handle the complaints.<\/span>\r\n<h3><span style=\"font-size: 12pt;\"><u>Appendices<\/u><\/span><\/h3>\r\n<span style=\"font-size: 12pt;\">Appendix A \u2013 <a href=\"https:\/\/drive.google.com\/file\/d\/1vJH7GAsQ7GSVlbCYQZjbMVsnIseqGK0g\/view?usp=sharing\">Data access and\r\ncorrection request form<\/a><\/span>\r\n\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Data Protection Policy 1) Overview 1.1) Purpose The purpose of this policy is to set out New POS Network(S) Pte Ltd\u2019s (\u201cthe Company\u201d) procedures on<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":1,"featured_media":0,"featured_media_url":null,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Data Protection<\/title>\n<meta name=\"description\" content=\"Refer to read more on our full data protection policy for our solutions and services offerings from our business.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Protection\" \/>\n<meta property=\"og:description\" content=\"Refer to read more on our full data protection policy for our solutions and services offerings from our business.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/\" \/>\n<meta property=\"og:site_name\" content=\"NPN - New Retail New Experience\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/npnsingapore\/\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-14T03:10:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retailtechnpn.com\/sg\/wp-content\/uploads\/2022\/01\/dataProtectBanner.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"15 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Protection","description":"Refer to read more on our full data protection policy for our solutions and services offerings from our business.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/","og_locale":"en_US","og_type":"article","og_title":"Data Protection","og_description":"Refer to read more on our full data protection policy for our solutions and services offerings from our business.","og_url":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/","og_site_name":"NPN - New Retail New Experience","article_publisher":"https:\/\/www.facebook.com\/npnsingapore\/","article_modified_time":"2023-11-14T03:10:15+00:00","og_image":[{"url":"https:\/\/www.retailtechnpn.com\/sg\/wp-content\/uploads\/2022\/01\/dataProtectBanner.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.retailtechnpn.com\/sg\/#organization","name":"NPN","url":"https:\/\/www.retailtechnpn.com\/sg\/","sameAs":["https:\/\/www.facebook.com\/npnsingapore\/"],"logo":{"@type":"ImageObject","@id":"https:\/\/www.retailtechnpn.com\/sg\/#logo","inLanguage":"en-US","url":"https:\/\/www.retailtechnpn.com\/sg\/wp-content\/uploads\/2022\/01\/logo_npn.png","contentUrl":"https:\/\/www.retailtechnpn.com\/sg\/wp-content\/uploads\/2022\/01\/logo_npn.png","width":88,"height":29,"caption":"NPN"},"image":{"@id":"https:\/\/www.retailtechnpn.com\/sg\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.retailtechnpn.com\/sg\/#website","url":"https:\/\/www.retailtechnpn.com\/sg\/","name":"NPN - New Retail New Experience","description":"NPN - New Retail New Experience","publisher":{"@id":"https:\/\/www.retailtechnpn.com\/sg\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retailtechnpn.com\/sg\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/#primaryimage","inLanguage":"en-US","url":"\/sg\/wp-content\/uploads\/2022\/01\/dataProtectBanner.jpg","contentUrl":"\/sg\/wp-content\/uploads\/2022\/01\/dataProtectBanner.jpg"},{"@type":"WebPage","@id":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/#webpage","url":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/","name":"Data Protection","isPartOf":{"@id":"https:\/\/www.retailtechnpn.com\/sg\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/#primaryimage"},"datePublished":"2021-05-27T09:29:36+00:00","dateModified":"2023-11-14T03:10:15+00:00","description":"Refer to read more on our full data protection policy for our solutions and services offerings from our business.","breadcrumb":{"@id":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.retailtechnpn.com\/sg\/dataprotection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.retailtechnpn.com\/sg\/"},{"@type":"ListItem","position":2,"name":"Data Protection"}]}]}},"_links":{"self":[{"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/pages\/6048"}],"collection":[{"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/comments?post=6048"}],"version-history":[{"count":18,"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/pages\/6048\/revisions"}],"predecessor-version":[{"id":7053,"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/pages\/6048\/revisions\/7053"}],"wp:attachment":[{"href":"https:\/\/www.retailtechnpn.com\/sg\/wp-json\/wp\/v2\/media?parent=6048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}