Privacy Policy

Last updated on 25 Oct 2024

About this policy

This policy sets out the basis on which any personal data we collect from you, or that you provide us, will be processed by us. This policy may be updated from time to time.

By visiting this website or becoming a member or employee of our society, you are accepting and consenting to the practices described in this policy.

Our Data Protection Officer is responsible for ensuring compliance with the Personal Data Protection Act 2012 of Singapore (the “Act”) and with this policy. A reference to the Act in this policy includes a reference to any subsidiary legislation made thereunder. Please contact our Data Protection Officer at [insert email address] if you have any questions about the operation of this policy or any concerns that the policy has not been followed. Definition of data protection terms

Data is information that is stored electronically, on a computer, or in certain paper-based filing systems.

Data subjects for this policy include all living individuals about whom we hold personal data.

Personal data refers to any data and/or information about you from which you can be identified by, either (a) from that data; or (b) from that data and other information to which we have or are likely to have access and includes the data described in the Schedule.

Data users are those of our employees whose work involves processing personal data. Data users must protect the data they handle in accordance with this data protection policy and any applicable data security procedures at all times.

Data intermediaries include any person or organisation that is not a data user that processes personal data on our behalf and on our instructions. Our employees are excluded from this definition, but it could include suppliers which handle personal data on our behalf.

Processing means the carrying out of any operation or set of operations in relation to personal data and includes recording, holding, organising, adapting, altering, retrieving, combining, transmitting, erasure, or deleting.

Data protection principles

Anyone processing personal data must comply with the following principles of good practice. These provide that personal data must be:

1. Processed fairly and lawfully.
2. Processed for limited purposes and in an appropriate way.
3. Accurate.
4. Not kept longer than necessary for the purpose.
5. Processed in line with data subjects’ rights.
6. Secure.
7. Not transferred to people or organisations situated in countries without adequate protection.

Fair and lawful processing

The Act is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.

For personal data to be processed lawfully, it must be processed based on one of the legal grounds set out in the Act. When processing personal data during our activities, we will ensure that those requirements are met.

Processing for limited purposes

During our activities, we may collect and process the personal data set out in the Schedule. This may include data we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email, or otherwise) and data we receive from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).

We will only process personal data for the specific purposes set out in the Schedule or for any other purposes specifically permitted by the Act. We will notify those purposes to the data subject when we first collect the data or as soon as possible thereafter.

Accurate Data

We will make reasonable efforts to ensure that the personal data we hold is accurate and kept up to date if it is likely to be used by us to make a decision that affects the individual to whom the personal data relates or is likely to be disclosed by us to another organisation.

Timely processing

We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected, and retention is no longer necessary for legal or business purposes. We will take all reasonable steps to destroy or erase from our systems all data which is no longer required.

Processing in line with data subject’s rights

We will process all personal data in line with data subjects’ rights, in particular their right to:

1. Request access to any data held about them by us (see also clause 12).
2. Ask to have inaccurate data amended (see also clause 5).

Data security

We will take appropriate security measures against unlawful or unauthorised processing of personal data, and the accidental loss of, or damage to, personal data.

We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data intermediary if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.

We will maintain data security by protecting the confidentiality, integrity, and availability of the personal data, defined as follows:

1. Confidentiality means that only people who are authorised to use the data can access it.
2. Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
3. Availability means that authorized users should be able to access the data if they need it for authorised purposes.

Security procedures include:

1. Entry controls. Any stranger seen in entry-controlled areas should be reported.
2. Secure lockable desks and cupboards. Desks and cupboards should be kept locked if they hold confidential information of any kind.
3. Methods of disposal. Paper documents should be shredded. Digital storage devices should be securely erased or destroyed when they are no longer required.
4. Data users must ensure that individual monitors do not show confidential information to passers-by and that they log off from their computers when it is left unattended.

Transferring personal data to a country outside Singapore

In the course of conducting the society’s operations and activities, we may disclose your data to our third-party service providers, agents, and/or our affiliates or related corporations, and/or other third parties whether in Singapore or outside of Singapore, for the purposes in the Schedule.

We may transfer any personal data we hold to a country outside Singapore in compliance with the Act. We will take appropriate steps to ascertain that the foreign recipient is bound by legally enforceable obligations to provide to the transferred personal data a level of protection comparable to the protection under the Act. This may include us entering into an appropriate contract with the foreign recipient or permitting personal data transfer without such a contract if the Act or law permits us to do so.

Personal data we hold may also be processed by staff operating inside or outside Singapore who work for us or one of our suppliers or service providers. That staff may be engaged in, among other things, the fulfillment of contracts with the data subject, the processing of payment details, and the provision of support services.

Consent for collection and use of personal data

You consent to the collection, use, and disclosure of your data for the purposes mentioned in the Schedule and agree to be bound by the obligations it imposes on you when you accept this policy.

You accept this policy when you continue to browse our website, become a member or employee of the society, or when the policy is incorporated during our dealings with you.

You shall ensure that all personal data submitted to us is complete, accurate, true, and correct at the time of submission. Failure on your part to do so may result in our inability to provide you with the relevant services.

Disclosure and sharing of personal information

We may share personal data we hold with the employees or officers of LES, and any of the affiliated companies.

We may also disclose personal data we hold to third parties:

1. If we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets.
2. If we or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets.

If we are under a duty to disclose or share a data subject’s personal data to comply with any legal obligation, or to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

We may also share personal data we hold with selected third parties for the purposes set out in the Schedule.

Dealing with subject access requests

Data subjects must make a formal request for information we hold about them. This must be done in writing. Employees who receive a written request should forward it to their line manager immediately.

When receiving telephone inquiries, we will only disclose personal data we hold on to our systems if the following conditions are met:

1. We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
2. We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.

Our employees will make a request to their line manager for assistance in difficult situations. Employees should not be bullied into disclosing personal information.

Cookies and personal data

When you visit our website, we may collect or analyze anonymised information from which individuals cannot be identified. The information collected may include the number of users and the amount of time they stay on our website, which countries they are from, their online preferences, and what mode of device they are currently using to view our website, as well as domain information that helps us to learn our client’s profile, the frequency of viewing. We use this information to improve our website’s content and navigation.

A cookie is a small text file that our server places on your computer’s hard drive as a unique identifier. Please note that our cookies do not collect personally identifiable information. You may disable the use of cookies associated with these technologies by changing the appropriate settings on your browser. This may however affect your user experience of the website.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Contact Us

If you have any questions about this Privacy Policy, please do not hesitate to contact us at [email protected].

Schedule

Types of personal data

Examples of personal data that we may collect from you include:

1. Full name.
2. NRIC/ID/Passport numbers (or part thereof) and copies, to the extent required or permitted by law.
3. Next of Kin, family or emergency contact information.
4. Date of Birth.
5. Business and/or residential addresses.
6. Business and/or personal email addresses.
7. Employment history and/or education background.
8. Mobile and business telephone numbers.
9. Bank account details or other payment information.
10. Educational history and qualifications.
11. Photos and videos, if applicable.
12. Information about your usage of and interaction with our website and/ or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website.
13. Any other information relating to you that you have provided in any forms which you may have submitted to us or in any interaction with us.

How personal data may be collected

We may collect your data in the following ways:

1. When you provide personal data by filling in online or hardcopy forms when applying for membership to our society, or making inquiries or feedback, requests, and other submissions to us.
2. If you contact us (i.e. telephone calls, online chat programs, social media, faxes, and emails), we may keep a record of that correspondence.
3. When you access our websites or perform an online transaction including, but not limited to, cookies, location data, weblogs, and other communication data, that you access.
4. When you ask to be included in an email or other mailing list.
5. When you fill out an online and hardcopy job application form to apply for a job with us.
6. If you enter into any contract with us.
7. If you participate in any exhibition, event, seminar, forum, or workshop organised by us or where we are a participant.
8. When you respond to our request for additional personal data.
9. When you request that we contact you.
10. When personal data is exchanged during an accident or incident reporting.
11. When you submit personal data to us for any other reason.

Purposes for the collection, use, and disclosure of your data

We may use the personal data we collect from you for any of the following purposes:

1. To manage your membership including application, processing, and termination of your membership.
2. For recruitment and evaluation purposes if you apply for a job with us, including applying for employee work visas.
3. To administer and update your records in our databases.
4. To process your inquiries and for any administrative purposes related to the business.
5. To provide you with membership benefits and services.
6. To provide you with information about, and to facilitate participation in, our activities.
7. To process payment administration, such as your membership fees or any other fees/payments.
8. To perform or carry out our contractual obligations.
9. To enable our subcontractors, third-party agents, and service providers to fulfill any obligations or services.
10. To enable us to facilitate the management of the business, including any activities or events.
11. To keep you updated on any exhibition, event, seminar, forum, or workshop, and to facilitate your participation in the same.
12. To conduct research, surveys, data analysis, and obtain feedback.
13. For accident and insurance reporting and assessment purposes.
14. For debt collection.
15. For security, safety surveillance, and monitoring purposes.
16. For internal reporting and/or accounting purposes.
17. To comply with applicable laws and regulations.