Privacy

1. Introduction

1.1. Purpose of policy

SG Ventures Lab (SGVL) is committed to safeguarding the personal data entrusted to it by the individuals. This Policy sets out how SGVL collects, uses and disclose personal data about you so that we can serve you better. It also sets out how you can update us or request to be unsubscribed from our records.

1.2. Definitions

Personal Data

Personal data generally refers to data about an individual which can accurately identified the individual, in whatever format. These include information such as individual’s name, identification number, address, mobile phone number, email addresses and photos and video images of the person (including CCTV images). Staff data of SGVL such as salaries, medical records and educational records is also recognized as personal data and is subject to all the obligations of the PDPA.

2. Policy Statement

SGVL will:

1. comply with regulatory requirements as stated in the PDPA 2012;

2. respect individual rights;

3. be transparent and honest to the individuals whose data are held by us;

4. provides training and support for staff and volunteers who handle personal data, so that they may confidently comply with this policy

5. properly documented and protected by appropriate security and keep with trusted and authorized parties;

6. kept for no longer than necessary.

3. Data Collection, usage and disclosure

3.1 Purpose for Information Collection

Personal data collected by SGVL is mainly to help us connect with you with regards to our programmes so as to enable us to communicate and serve you better.

These purposes include the following:

1. To consider your application for approval of the course you applied;

2. To update you on the course;

3. To update you on any upcoming events or courses;

4. To comply with legal process or legal requirements of any government agencies;

5. Any other purpose relevant to SGVL objectives of which you will be notified and we will ask for your consent.

3.2 How do we acquire your personal data

Personal data is to be collected by fair, transparent and lawful means, without misleading or deceiving individuals as to the purposes for collection of personal data about them. SGVL may collect personal data from a number of channels, but are not limited to:

1. Application form (s) submitted by clients to SGVL for purpose of applying for SGVL programmes;

2. Job application form (s) apply for a job position in SGVL;

3. E-forms from website for course registration and enquiries;

4. Images and videos taken by representatives during SGVL events or from our CCTV cameras within our premises;

5. Where an individual submits his personal data for the purpose of training, and volunteering;

6. We may collect information such as your name, email address, telephone number when you visit our SGVL office, for security purposes.

3.3. Consent

SGVL shall always seek consent from individual to collect, use or disclose the individual’s personal data, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law.

SGVL may not be able to fulfill certain services if individuals are unwilling to provide consent to the collection, use or disclosure of certain personal data.

3.4. Deemed Consent

SGVL may assume individual has consented to collection, usage and disclosure of their personal data in situations where the individual provided information for obvious purposes.

​SGVL may deem individual’s consent was obtained for personal data collected prior to 2nd July 2014 for the purpose of which the personal data was collected. The consent may include for SGVL usage and where applicable include disclosure.

SGVL need not seek consent from staff (including volunteers and part-time workers) for purposes related to the staff’s work in SGVL. However, staff’s consent shall be obtained if such purpose is unrelated to their work. Staff shall be informed that their personal data may be disclosed to public and arrangements may be made to limit such disclosure with mutual agreement.

3.5 Consent withdrawal

Any individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for SGVL to fulfill its legal obligations. SGVL shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between the individual and SGVL. SGVL may cease such services or arrangements as a result of the withdrawal.

3.6. Notification obligation

SGVL shall collect this personal data directly from the individuals. However, SGVL may also collect individual’s personal data from third parties i.e. referral agencies such as schools, community centres, and partners provided the consent was obtain from the individual or required by law.

Prior or during collecting personal data, SGVL shall make known to the individual the purpose for which the personal data was collected, except when such personal data is provided by an individual for an obvious purpose (E.g. individual provided personal data to register for an event, as such the purpose is for that event participation).

3.7. Accuracy obligation

SGVL shall make every reasonable effort to ensure that individuals’ information it keeps are accurate and complete. SGVL relies on individuals’ self-notification of any changes to their personal data that is relevant to SGVL.

3.8. Data disclosure and Transfer of personal data in and outside Singapore

SGVL may disclose individual personal data to internal/external/overseas organizations for necessary and appropriate purposes. Such transfer shall be done in a manner that is secure and appropriate align with PDPA requirements. SGVL uses Google platform with data centre in Singapore, thus the personal data is not transfer out of Singapore.

4. Security and storage

4.1. Protection of Personal data

All personal data held must be secured and protected against unauthorized access and theft. SGVL shall ensure that:

1. Restriction of personal data access within the organization;

2. Provide physical security to personal data records and files;

3. Personal computers and other computing devices that may access to personal data are password protected. Passwords are managed in accordance with industry best practices;

4. Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorized access.

4.2. Storage of Personal Data

SGVL shall take reasonable and appropriate security measures to protect the storage of personal data such as:

1. Making confidential on documents with personal records clearly and prominently;

2. Storing hardcopies of documents with personal records in locked file cabinet systems;

3. Storing electronic files that contain personal data in secured folders.

4.3. Retention Limitation Obligation

SGVL shall retain individual’s personal data only for as long as it is reasonable to fulfill the purposes for which the information was collected for or as required by law.

5. Access and correction of personal data

We can provide and help you access your own personal data:

1. Request for personal copy – A nominal administrative fee will be charged;

2. For update or correction. Request for personal data access or correction by individuals, including any enquires and complaints shall be submitted to SGVL in writing to the Data Protection Officer at the following address and contact information:

Attention:

Data Protection Officer: Patrick Oh

SG Ventures Lab (A Division under SG Venture Consulting)

Email: pdpa@sgventureslab.com

Telephone: (+65) - 815-71701

We may refute your access in cases if and when such related personal data is under legal proceeding, no proper identification or request is carried out with suspected fraudulent intent.

6. Openness Obligation

SGVL shall develop and publish data protection policy statements to inform staff, including part-time staff and volunteers, declaring the manner that their personal data are collected, used and disclosed. The data protection policy statements are made available to staff and the public in our website.

7. CCTV, video recording and photography

CCTV, video footage and photos may constitute personal data if an identifiable individual is captured.

1. Appropriate notices shall be put up to inform that the premises are covered by CCTV video surveillance

2. Notices shall be put up to inform visitors and volunteers that photographs and videos taken may be used by SGVL for communication and publicity purposes in print or electronic media.

8. Policy review

The Personal Data Protection Policy shall be maintained and updated by the Data Protection Officer, reviewed and approved by the Management in a timely manner but shall review at least yearly.