We take data protection seriously and place great importance on management, protection and handling of personal data. We are committed to protecting your personal data and ensuring that we collect, use and disclose appropriately, lawfully and transparently. This data protection policy explains how we comply with the requirements of Personal Data Protection Act 2012 of Singapore and its regulation(s) (“PDPA”).
In this policy, “personal data” refers to information about an individual, whether true or not, relating to an identified or identifiable natural person such as name, date of birth, contact details etc.
1. Role in processing personal data
Under this Policy, a “Data Controller” is an individual or entity (e.g. company, public agency) determines the purposes and means of the processing of personal data.
A “Data Processor” is an individual or entity (such as a company, public authority, agency or other body) which processes personal data on behalf of the Data Controller.
The terms “process” or “processing” and other similar terms have a broad meaning and include any operation concerning your Personal Data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
When we process any personal data as a Data Controller or a Data Processor in relation to the services, we shall process such information in accordance with this policy. If we are Data Processor for your Personal Data (i.e., not the controller), please contact the controller in the first instance to address your rights with respect to such data.
If there is any unforeseen circumstances whereby SYNERGY need to rely on the exceptions under PDPA and process personal data, SYNERGY will be proceed as deemed suitable and if it falls under First, Second, Fifth and Sixth Schedule of PDPA.
We will try our best to comply with PDPA and upon being aware of a data breach, we will take prompt actions to attend to the breach and notify the relevant stakeholders timely. Any individuals, including our employees, representatives and clients, should notify us as soon as possible upon being aware of a data breach of personal data processed by us or suspect such breach.
2. Collection of Personal Data
We may collect personal data from clients, business partners, employees, representatives, contractors, job applicant, general inquirer and other individuals. Such personal data may be provided to us in forms filled out by individuals, face to face meetings, email messages, telephone conversations, through our websites.
We collect these personal data when it is necessary for business purposes or to meet the purposes for which the individuals have submitted the information. We will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this policy.
We have CCTVs installed in our office premises and the videos will be kept for a reasonable timeframe. Our office premises are secured with biometric access and hence, authorized personnel will be required to provide us their fingerprints in order to gain access accordingly. Calls made on our phone lines may be recorded for quality assurances, training and record-keeping purposes.
If any party is acting as an intermediary or otherwise on behalf of a third party individual or supplying us with information regarding a third party individual (such as a friend, a colleague, an employee etc), such intermediary party undertakes that you are an authorised representative or agent of such third party individual and that you have obtained all necessary consents from such third-party individual to the collection, processing, use and disclosure by us of their personal data. Because we are collecting the third-party individual’s data from you, you undertake to make the third party individual aware of all matters listed in this policy preferably by distributing a copy of this policy to them or by referring them to our website.
As Financial Adviser, we are required to collect NRIC / Fin / Passport details from clients who have decided to purchase a product through SYNERGY and we will collect such data only upon confirmation of purchase to fit the purpose of due diligence as per MAS FAA-N06, Prevention of Money Laundering and Countering the Financing of Terrorism - Financial Advisers.
Personal data of clients’ next of kin may be collected for the purpose of financial needs analysis and there is an option to not provide such data made available to clients.
Personal data of representative’s or employee’s next of kin may be collected for the purpose of due diligence assessment.
For our employees and representatives, we may collect personal data of their next of kin such as birth certificates, death certificates or marriage certificates for the purpose of granting them the eligible entitlements or as supporting document for work-related reason such as registering them as emergency contact.
For all unsolicited personal data being provided to SYNERGY, SYNERGY will not process such data and will delete or destroy it within a reasonable timeframe.
While we strive to obtain the necessary consents from individuals, we may collect personal data under the scope of “deemed consent” if the collection, use, or disclosure of personal data is reasonably necessary to conclude or perform a contract or transaction OR if individuals have been notified of the purpose of the intended collection, use, or disclosure of his or her personal data and are given a reasonable opportunity to opt out (and have not opted out).
3. Use of Personal Data
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will only do so if legally permitted and where you are provided with appropriate notice.
To the extent permitted under the PDPA, we may process your Personal Data based on consent. Such consent may be express, based on your agreement to any contract which incorporates these terms or deemed based on the circumstances by which we interact with you. We may also process your Personal Data where permitted by any exception in the relevant schedules to the PDPA.
In general, we use personal data for the following purposes unless as specified upon obtaining consent from individuals:
The particular legitimate interest upon which we rely on includes, without limitation, the following:
Please note that if you choose not to provide us with your personal data or choose not to consent to our processing of your personal data, we may not be able to provide some or all of our services to you or respond to your other requests; for job applicants, we would not be able to assess your suitability against our employment opportunities.
Individual may choose to withdraw their consent or unsubscribe from registrations or mailing lists to stop receiving marketing information by contacting our Data Protection Officer or through submitting the electronic form provided at the end of this page. Such requests will be processed within 30 days.
4. Disclosure of Personal Data
We do not disclose personal data to third parties except when required by law or when we have the individual’s consent or deemed consent or in cases where we have engaged third parties such as data intermediaries or subcontractors specifically to assist with our activities. Any such third parties whom we engage will be bound contractually to keep all information confidential and reasonable security arrangements will be put in place to ensure protection. Any of such third parties are expected to inform SYNERGY as soon as possible within 24 hours upon being aware of potential or confirmed data breach.
We may disclose personal data to other third parties where it is necessary (i) to meet the purpose for which such individual has submitted the information; or (ii) to enable such individual to be provided with information at a later date which may be of relevance and interest to such individual based on the nature and purpose of such individual’s voluntary requests.
Our financial adviser representatives are considered Data Processor of SYNERGY as they collect personal data of clients or prospective clients in order to provide financial advisory services. They are trained and contractually obliged to keep personal data safe and not use it for unauthorized purposes.
SYNERGY is considered Data Processor of our business partners and therefore, personal data will be collected on forms or systems of our business partners and SYNERGY will disclose it to the relevant business partners as deemed necessary to process your instructions submitted to SYNERGY.
5. Access to and Correction of Personal Data
Individuals are given rights in relation to their personal data pursuant to the applicable law. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Where we are data processors, we will assist the data controller as far as reasonably possible to help them respond to your requests.
For security reasons, kindly note that, in relation to certain rights, we may request for information to verify your identity before processing your request.
You have the right to be informed of and request access to the personal data that we process about you. We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your access request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws).
We may charge for a request for access in accordance with the requirements of the PDPA.
You have the right to request that we amend or update your personal data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the Personal Data we collect is accurate and complete, you are responsible for ensuring the accuracy of the Personal Data that you provide to us directly.
We will respond to your correction request as soon as reasonably possible. Should we not be able to perform the correction request within 30 days after receiving your request, we will inform you in writing via email on the time by which we will be able to perform your correction request. If we are unable to perform a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws). If dissatisfied with the refusal to correct the personal data, individuals could email to DPO with other supporting documents to request for correction. DPO may assess the situation on case by case scenario.
6. Withdrawal of Consent
You have right to withdraw your consent at any time, where consent is the legal basis of the processing of your personal data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with providing the service to you.
Upon reasonable notice being given by an individual, including client, representative, employee, job applicant and general inquirer, of his/her withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his personal data, we will inform the individual of the likely consequences of withdrawing consent. We will cease collecting, using or disclosing the personal data unless it is required or authorised under applicable laws within 30 days.
You may also request us to erase or to stop processing of all or some of your personal data. We will process such instruction whenever possible except if we are not able to do so and we shall provide explanation to you.
7. Accuracy of Personal Data
We make reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete. We may request individuals to provide supporting documents or to confirm the data provided by them is accurate by obtaining their declaration.
8. Security and Protection of Personal Data
We put in place reasonable technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Only authorised personnel are provided access to personally identifiable information and these personnel have agreed to ensure confidentiality of this information.
9. Retention of Personal Data
We will cease to retain personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.
10. Transfer of Personal Data outside of Singapore
We will not make any transfers of personal data to a territory outside of Singapore.
11. Privacy on Our Websites
This Policy also applies to any personal data we collect via our websites. Cookies may be used on some pages of our websites. “Cookies” are small text files placed on your hard drive that assist us in providing a more customised website experience. Cookies are now used as a standard by many websites to improve users’ navigational experience. If individuals are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, a visitor can always delete the cookie from his system if he wishes.
12. Policy Exceptions
Below are the reasonable circumstances whereby exception is allowed for the collection, use or disclosure of personal data of an individual, but further reference shall be made to First, Second, Fifth and Sixth Schedule of PDPA.
Vital Interests of Individuals
Matters Affecting Public
Business Asset Transactions
Business Improvement Purposes
Disclosure to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer.
Disclosure to any 3rd party who has the legal authority to do so on behalf of the individual.
A request made by an individual or an entity from overseas will not be allowed, unless it is required as above.
If an individual wishes to withdraw consent given to us, or if an individual believes that information we hold about him or her is inaccurate or out of date and wishes to correct the personal data, or if an individual would like to access the personal data handled by us, or if an individual has concerns or further queries about how we handle personal data, or for any problem or complaint about such matters, please contact our Data Protection Officer, Evon Lim via the form below, or call us on our main line, +65 6654 1787.
Kindly note that from time to time, we may amend the terms of this policy in order to respond to changes in any applicable law or where we develop or offer new services. Where the terms of this policy change, we will provide you with notice as appropriate under the circumstances, including by displaying the notice within our website or by sending you an email. Additionally, you may also wish to refer to the “last modified” date at the end of this policy. To the extent permitted under applicable law, by engaging us for our services after such notice, you consent to our updates to this policy.
This policy was last updated on 1 Feb 2021. We reserve the right to modify or amend this policy at any time.