EXTERNAL DATA PRIVACY NOTICE (SINGAPORE)

Grace Management & Consultancy Services Pte Ltd

Introduction

We at Grace Management & Consultancy Services Pte Ltd respect the privacy and confidentiality of personal data in our possession or under our control. We have implemented policies and practices to safeguard the collection, use, disclosure, storage and other processing of personal data provided to us.

How We Collect Your Personal Data About You

We collect personal data from the following sources:

Internal Collection Channels

  • Website – Corporate (via submission forms, emails)
  • Admin Office
  • Roadshow
  • Mobile Apps – Developed In-house
  • Department – Human Resource
  • Company Premises (Front Staff)
  • Headquarters
  • Service Counter

External collection channels

  • Job Applicant
  • New applicant / membership
  • External Sales Associates
  • Agents

Data Collectors

  • Front Office
  • Support Services
  • Finance
  • Internal Audit / Risks Management / Governance
  • Training
  • Administration
  • Human Resource

Types of Personal Data About You that We Process

The types of personal data we collect about you and process (or have a service provider process on our behalf) may include:

  • Authentication
  • Communication and Correspondence
  • Criminal Background / Past Offences
  • Demographic
  • Education Qualifications
  • Ethnicity
  • Family Background & Details
  • Financial Information
  • Medical Details / Health Information
  • Personal Contact Information
  • Personal Details
  • Photos & Video Footage
  • Physical Characteristics
  • Preference
  • Professional Profile

 

Our Purpose(s) for Processing Personal Data About You

We use and otherwise process the personal data we have collected about you for one or more of the following purposes:
Accounting/Finance

  • Account payables/receivables
  • Claims & disbursements

Education

  • Analyze academic and learning outcomes and preferences
  • Conduct surveys relating to products and services
  • Determine eligibility for admission
  • Monitor and enhance the provision of educational courses
  • Monitor and maintain a copy of your record of academic achievement (including all information arising from investigations of misconduct)
  • Plan the provision of educational courses
  • Prevent potential illegal activities
  • Process and administer student records
  • Process applications, registrations or enquiries

General

  • Billing and other credit-related activities
  • Billing and payment processing
  • Carry out our obligations arising from any contracts entered into between you and us
  • Comply with legal obligations and regulatory requirements
  • Conduct risk assessment
  • Customer care and account management
  • Delivery of products and services
  • Fulfil orders and services
  • Fulfil requests for products and services
  • Internal purposes for accounting, auditing and booking
  • Internal purposes for auditing, data analysis and research
  • Pass information about you to our agents and associates to carry out services
  • Process and administer employment records
  • Process applications and registration
  • Process payment for products and services
  • Process payment for purchases and transactions
  • Protect against or identify possible fraudulent transactions
  • Provide customer service and support
  • Provide information to subsidiaries or partners that perform services for the company

Human Resource

  • Benefits & compensation management
  • Payroll processing
  • Personnel management
  • Processing & administration of employment records
  • Recruitment & selection
  • Staff Appraisals
  • Training & career development

Who We Disclose Personal Data About You To

We disclose some of the personal data we have collected about you to the following parties or organisations outside Grace Management & Consultancy Services Pte Ltd:

Data Processing and Hosting Companies

  • IT/Technical Support

Education and Training Establishments, and Examining Bodies

  • Certification Authorities
  • Education Departments/Ministries

Voluntary, Charitable & Non-Profit Organisations

  • Voluntary, Charitable & Non-Profit Organisations

How We Manage the Collection, Use, Disclosure and Storage of Your Personal Data

Obtaining Consent

If we collect personal data directly from you, we will ordinarily first notify you of the purposes for which we are collecting it and obtain your express consent to us collecting, using and disclosing it for those purposes. However, when you voluntarily provide personal data to us for a purpose and it is reasonable that you do so we may rely on you being deemed to have consented to us collecting, using and disclosing your personal data for that purpose.

Under certain circumstances, we may collect, use and/or disclose personal data about you without your consent for example, so that we can comply with our statutory obligations or where personal data is publicly available.

Third-Party Consent

If you have a one-on-one meeting with us or do a transaction with us on behalf of another individual, you must first obtain consent from that individual in order for us to collect, use or disclose his/her personal data.

How You Can Limit Processing of Personal Data About You

Withdrawal of Consent

If you have given us consent to collect, use, disclose and otherwise process personal data about you, you may withdraw that consent at any time. You should give us reasonable advance notice of your withdrawal of consent. We will notify you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future updates or that the quality of our service may be impacted.

Your request for withdrawal of consent can take the form of an email or letter to us.

Accessing and Making Correction to Personal Data About You

You may ask us in writing to tell you what personal data we hold about you and how we have, or may have, used or disclosed it within a year before the date of your request. We will respond to your request as soon as reasonably possible and, in any event, we will respond to you within 30 days after receiving your request. We may charge a fee for processing your request, but we will let you know the amount of the fee before you incur it.

You may also ask us to correct an error or omission in the personal data we hold about you. Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable.

When you make any such request, we may need to verify your identity – for example, by checking your identity card number or other legal identification document.

Accuracy of Your Personal Data

We will take reasonable precautions and make reasonable verification checks to ensure that the personal data we hold is reasonably accurate, complete and up-to-date.

From time to time, we may do a verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us if there are any changes in the personal data we hold about you (such as a change in your home address).

Protection of Personal Data

We have implemented an Information Security Policy that governs how we protect personal data. We make reasonable security arrangements to protect personal data about you that is in our possession or under our control to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. All our employees will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.

Entities that provide services to us to process personal data on our behalf will be bound by contracts with us that that require them to provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and to take reasonable steps ensure compliance with those measures.

Retention of Personal Data

We will not retain any documents containing personal data about you as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by retention of it and retention is no longer necessary for legal or business purposes.

We have a Document Retention Policy that spells out when we must cease to retain personal data and that requires documents and personal data to be destroyed (paper documents) or deleted (electronic documents and data stored in databases) securely. Certain retention periods are based on statutory or regulatory requirements.

Transfer of Personal Data

If there is a need for us to transfer personal data about you to a country or territory outside Singapore, we will ensure that the recipient organisation will be obliged to provide a standard of protection to such transferred data that is comparable to the protection it receives under Singapore law.

Tracking of User Activity

Where we track user activity, we will document this in our Data Inventory, and disclose such activity in our Privacy Notice.

Compliance With Laws

Where required to do so by law, we will disclose personal data about you to the relevant authorities or to law enforcement agencies.

Links To Other Sites

Our website may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s website. It is important that you review the Privacy Policy of every site you visit. We have no control over, and are unable to assume any responsibility for, the content, privacy policies or practices of any third party sites or services.

Changes To This Data Protection Policy

We may update our Data Protection Policy from time to time. We will notify you of any changes by posting the policy on this page. Please revisit this page periodically for any changes. Changes to this Policy are effective when they are posted on this page.

Contacting Us

If you have any questions about our collection, use, and/or disclosure of personal data about you; feedback regarding this Policy, or any complaint you have relating to how we collect, use, disclose and store personal data about you, you may contact our Data Protection Officer(s).

Any query or complaint should include, at least, the following details:

  • Your full name and contact information
  • A brief description of your query or complaint

If there are any questions regarding this privacy policy you may contact us using the information below.

Website: http://www.gmcs.com.sg
Address: 198 Geylang Road #04-01, Singapore 389263
Email    : enquiry@gmcs.com.sg
Tel        : 6296 4333