We take data protection seriously and place great importance on management, protection and handling of personal data. We are committed to protecting your personal data and ensuring that we collect, use and disclose appropriately, lawfully and transparently. This data protection policy explains how we comply with the requirements of Personal Data Protection Act 2012 of Singapore and its regulation(s) (“PDPA”).
In this policy, “personal data” refers to information about an individual, whether true or not, relating to an identified or identifiable natural person such as name, date of birth, contact details etc.
1. Role in Processing Personal Data
Under this Policy, a “Data Controller” is an individual or entity (e.g. company, public agency) determines the purposes and means of the processing of personal data.
A “Data Processor” is an individual or entity (such as a company, public authority, agency or other body) which processes personal data on behalf of the Data Controller.
The terms “process” or “processing” and other similar terms have a broad meaning and include any operation concerning your Personal Data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
When we process any personal data as a Data Controller or a Data Processor in relation to the services, we shall process such information in accordance with this policy. If we are Data Processor for your Personal Data (i.e., not the controller), please contact the controller in the first instance to address your rights with respect to such data.
If there is any unforeseen circumstances whereby SYNERGY need to rely on the exceptions under PDPA and process personal data, SYNERGY will be proceed as deemed suitable and if it falls under First, Second, Fifth and Sixth Schedule of PDPA.
We will try our best to comply with PDPA and upon being aware of a data breach, we will take prompt actions to attend to the breach and notify the relevant stakeholders timely. Any individuals, including our employees, representatives and clients, should notify us as soon as possible upon being aware of a data breach of personal data processed by us or suspect such breach.
2. Collection of Personal Data
We may collect personal data from clients, business partners, employees, representatives, contractors, job applicant, general inquirer and other individuals. Such personal data may be provided to us in forms filled out by individuals, face to face meetings, email messages, telephone conversations, through our websites.
We collect these personal data when it is necessary for business purposes or to meet the purposes for which the individuals have submitted the information. We will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this policy.
We have CCTVs installed in our office premises and the videos will be kept for a reasonable timeframe. Our office premises are secured with biometric access and hence, authorized personnel will be required to provide us their fingerprints in order to gain access accordingly. Calls made on our phone lines may be recorded for quality assurances, training and record-keeping purposes.
If any party is acting as an intermediary or otherwise on behalf of a third party individual or supplying us with information regarding a third party individual (such as a friend, a colleague, an employee etc), such intermediary party undertakes that you are an authorised representative or agent of such third party individual and that you have obtained all necessary consents from such third-party individual to the collection, processing, use and disclosure by us of their personal data. Because we are collecting the third-party individual’s data from you, you undertake to make the third party individual aware of all matters listed in this policy preferably by distributing a copy of this policy to them or by referring them to our website.
As Financial Adviser, we are required to collect NRIC / Fin / Passport details from clients who have decided to purchase a product through SYNERGY and we will collect such data only upon confirmation of purchase to fit the purpose of due diligence as per MAS FAA-N06, Prevention of Money Laundering and Countering the Financing of Terrorism - Financial Advisers.
Personal data of clients’ next of kin may be collected for the purpose of financial needs analysis and there is an option to not provide such data made available to clients.
Personal data of representative’s or employee’s next of kin may be collected for the purpose of due diligence assessment.
For our employees and representatives, we may collect personal data of their next of kin such as birth certificates, death certificates or marriage certificates for the purpose of granting them the eligible entitlements or as supporting document for work-related reason such as registering them as emergency contact.
For all unsolicited personal data being provided to SYNERGY, SYNERGY will not process such data and will delete or destroy it within a reasonable timeframe.
While we strive to obtain the necessary consents from individuals, we may collect personal data under the scope of “deemed consent” if the collection, use, or disclosure of personal data is reasonably necessary to conclude or perform a contract or transaction OR if individuals have been notified of the purpose of the intended collection, use, or disclosure of his or her personal data and are given a reasonable opportunity to opt out (and have not opted out).
We generally collect personal data that (a) you knowingly and voluntarily provide in the course of or in connection with your employment, job application or as a client with us, or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”, which may include your job placement agent), after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
You have choices regarding our collection, use or disclosure of your personal data. You have the right to object to the processing of your personal data and withdraw your consent in a manner described in section 6 below. If you choose not to provide us with the personal data as described in this Policy, we may not be able to fulfil our contractual duties towards you or facilitate your request or provide the service to you.
3. Use of Personal Data
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will only do so if legally permitted and where you are provided with appropriate notice.
To the extent permitted under the PDPA, we may process your Personal Data based on consent. Such consent may be express, based on your agreement to any contract which incorporates these terms or deemed based on the circumstances by which we interact with you. We may also process your Personal Data where permitted by any exception in the relevant schedules to the PDPA.
In general, we use personal data for the following purposes unless as specified upon obtaining consent from individuals:
- To provide financial advisory services;
- To respond to the individual’s request for which it was provided to SYNERGY as stated at the time of collection;
- To service clients;
- To keep clients and prospects informed of the services we offer, industry developments, service offerings, seminar and other events we are holding that may be of interest to them;
- For general purposes such as invoicing, account management;
- For recruitment purposes such as assessment of suitability of job applicants;
- For purposes related to the employment of staff or appointment of representatives;
- For performance of a contract;
- For legal obligation and/or as required by governmental authorities;
- To establish, exercise and defend a legal claim;
- For our legitimate interest (or those of a third party);
- All other purposes related to the services that you are receiving from us.
The particular legitimate interest upon which we rely on includes, without limitation, the following:
- to perform our obligations in connection with the provision of our services;
- to manage our relationship with you and facilitate the provision of our services;
- to monitor, analyse and protect our business;
- to facilitate our internal business operations including but not limited to recruitment and employment purposes;
- to comply with any requests from you;
- to comply with any legal, regulatory or professional obligation;
- to personalise your customer experience, develop our business and/or improve on our services.
Please note that if you choose not to provide us with your personal data or choose not to consent to our processing of your personal data, we may not be able to provide some or all of our services to you or respond to your other requests; for job applicants, we would not be able to assess your suitability against our employment opportunities.
Individual may choose to withdraw their consent or unsubscribe from registrations or mailing lists to stop receiving marketing information by contacting our Data Protection Officer or through submitting the electronic form provided at the end of this page. Such requests will be processed within 30 days.
4. Disclosure of Personal Data
We do not disclose personal data to third parties except when required by law or when we have the individual’s consent or deemed consent or in cases where we have engaged third parties such as data intermediaries or subcontractors specifically to assist with our activities. Any such third parties whom we engage will be bound contractually to keep all information confidential and reasonable security arrangements will be put in place to ensure protection. Any of such third parties are expected to inform SYNERGY as soon as possible within 24 hours upon being aware of potential or confirmed data breach.
We may disclose personal data to other third parties where it is necessary (i) to meet the purpose for which such individual has submitted the information; or (ii) to enable such individual to be provided with information at a later date which may be of relevance and interest to such individual based on the nature and purpose of such individual’s voluntary requests.
Our financial adviser representatives are considered Data Processor of SYNERGY as they collect personal data of clients or prospective clients in order to provide financial advisory services. They are trained and contractually obliged to keep personal data safe and not use it for unauthorized purposes.
SYNERGY is considered Data Processor of our business partners and therefore, personal data will be collected on forms or systems of our business partners and SYNERGY will disclose it to the relevant business partners as deemed necessary to process your instructions submitted to SYNERGY.
5. Access to and Correction of Personal Data
Individuals are given rights in relation to their personal data pursuant to the applicable law. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Where we are data processors, we will assist the data controller as far as reasonably possible to help them respond to your requests.
For security reasons, kindly note that, in relation to certain rights, we may request for information to verify your identity before processing your request.
Access
You have the right to be informed of and request access to the personal data that we process about you. We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your access request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws).
We may charge for a request for access in accordance with the requirements of the PDPA.
Correction
You have the right to request that we amend or update your personal data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the Personal Data we collect is accurate and complete, you are responsible for ensuring the accuracy of the Personal Data that you provide to us directly.
We will respond to your correction request as soon as reasonably possible. Should we not be able to perform the correction request within 30 days after receiving your request, we will inform you in writing via email on the time by which we will be able to perform your correction request. If we are unable to perform a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws). If dissatisfied with the refusal to correct the personal data, individuals could email to DPO with other supporting documents to request for correction. DPO may assess the situation on case by case scenario.
6. Withdrawal of Consent
You have right to withdraw your consent at any time, where consent is the legal basis of the processing of your personal data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with providing the service to you.
Upon reasonable notice being given by an individual, including client, representative, employee, job applicant and general inquirer, of his/her withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his personal data, we will inform the individual of the likely consequences of withdrawing consent. We will cease collecting, using or disclosing the personal data unless it is required or authorised under applicable laws within 30 days.
You may also request us to erase or to stop processing of all or some of your personal data. We will process such instruction whenever possible except if we are not able to do so and we shall provide explanation to you.
7. Accuracy of Personal Data
We make reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete. We may request individuals to provide supporting documents or to confirm the data provided by them is accurate by obtaining their declaration.
8. Security and Protection of Personal Data
We put in place reasonable technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Only authorised personnel are provided access to personally identifiable information and these personnel have agreed to ensure confidentiality of this information.
9. Retention of Personal Data
We will cease to retain personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.
10. Transfer of Personal Data outside of Singapore
We will not make any transfers of personal data to a territory outside of Singapore.
11. Privacy on Our Websites
This Policy also applies to any personal data we collect via our websites. Cookies may be used on some pages of our websites. “Cookies” are small text files placed on your hard drive that assist us in providing a more customised website experience. Cookies are now used as a standard by many websites to improve users’ navigational experience. If individuals are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, a visitor can always delete the cookie from his system if he wishes.
Because we want visitors’ website experience to be as informative and resourceful as possible, we may provide a number of links to third party websites. We assume no responsibility for the information practices of these third party websites that visitors are able to access through ours. When a visitor to our website links to these third party websites, our privacy practices no longer apply. We encourage visitors to review each website’s privacy policy before disclosing any data.
12. Policy Exceptions
Below are the reasonable circumstances whereby exception is allowed for the collection, use or disclosure of personal data of an individual, but further reference shall be made to First, Second, Fifth and Sixth Schedule of PDPA.
Vital Interests of Individuals
- Necessary for any purpose which is clearly in the interests of the individual, if consent for its disclosure cannot be obtained in a timely way.
- Necessary for any purpose which the individual would not reasonably be expected to withhold consent.
- Necessary to respond to an emergency that threatens the life, health or safety of the individual or another individual.
- Reasonable grounds to believe that the health or safety of the individual or another individual will be seriously affected.
- Necessary for the purpose of contacting the next-of-kin or a friend of any injured, ill or deceased individual.
Matters Affecting Public
- Personal data of individual is publicly available.
- Personal data of individual is in the national interest.
- Personal data of individual is solely for artistic or literary purposes.
- Personal data of individual is solely for archival or historical purposes, if a reasonable person would not consider the personal data to be too sensitive to the individual to be collected, used or disclosed (as the case may be) at the proposed time.
- Necessary in the national interest or for any investigation or proceedings or in the public interest.
Legitimate Interests
- In the legitimate interests of SYNERGY or another individual such that the legitimate interests of SYNERGY or other individual outweigh any adverse effect on the individual. SYNERGY shall conduct an assessment to determine the legitimate interests and provide the individual reasonable access to information about SYNERGY’s collection, use or disclosure of personal data of that individual.
- The assessment shall identify any adverse effect to the individual and implement measures to eliminate the effect or reduce the likelihood of it occurring or mitigate the effect.
- Necessary for evaluative purposes.
- Necessary for any investigation or proceedings.
- Necessary for SYNERGY to recover a debt owed by the individual or for SYNERGY to pay the individual a debt owed by SYNERGY.
- Necessary for SYNERGY to provide legal services to another person, or for SYNERGY to obtain legal services.
- Personal data is provided to SYNERGY by another individual to enable SYNERGY to provide a service for the personal or domestic purposes of that other individual.
- Personal data is provided to SYNERGY as it is included in a document produced in the course, and for the purposes, of the individual’s employment, business or profession and for purposes consistent with the purpose for which the document was produced.
- For entering into an employment relationship with the individual or appointing the individual to any office.
- For managing or terminating the employment relationship with or appointment of the individual.
Business Asset Transactions
Where SYNERGY is a party of a prospective party to another organization such as sale and purchase of shares or merger and acquisition.
Business Improvement Purposes
- For improving or enhancing any services provided or developing new services to be provided.
- For improving or enhancing the methods or processes, or developing new methods or processes.
- For learning about and understanding the behaviour and preferences of individuals relating to services provided.
- For identifying services or products that may be suitable for individual or to personalize or customize the product or service for the individual.
Research Purposes
- For research purpose that cannot reasonably be accomplished unless the personal data is used in an individually identifiable form.
- There is a clear public benefit for the research purpose and the results of the research will not be used to make any decision that affects the individual.
- In the event that the results of the research are published, SYNERGY publishes the results in a form that does not identify the individual.
Disclosure to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer.
Disclosure to any 3rd party who has the legal authority to do so on behalf of the individual.
A request made by an individual or an entity from overseas will not be allowed, unless it is required as above.
Data Protection Officer
If an individual wishes to withdraw consent given to us, or if an individual believes that information we hold about him or her is inaccurate or out of date and wishes to correct the personal data, or if an individual would like to access the personal data handled by us, or if an individual has concerns or further queries about how we handle personal data, or for any problem or complaint about such matters, please contact our Data Protection Officer, Evon Lim via [email protected], or call us on our main line, +65 6654 1787, or fill up the contact us form.
Kindly note that from time to time, we may amend the terms of this policy in order to respond to changes in any applicable law or where we develop or offer new services. Where the terms of this policy change, we will provide you with notice as appropriate under the circumstances, including by displaying the notice within our website or by sending you an email. Additionally, you may also wish to refer to the “last updated” date at the beginning of this policy. To the extent permitted under applicable law, by engaging us for our services after such notice, you consent to our updates to this policy.
We reserve the right to modify or amend this policy at any time.