Midwich Asia Pte Ltd and its related entities (herein after referred to as 'Midwich Asia', 'we', 'us' or 'our') are committed to protecting the privacy of your personal data in accordance with Singapore’s privacy laws.
This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
1. Application of this Policy
(a) This Policy applies to the following groups of individuals:
(i) Employees: All persons engaged in a contract of service with us (whether on a part-time, temporary or full-time basis) and interns and trainees working at or attached to us;
(ii) Job applicants: All persons who have applied to be an employee (as defined above) with us; and
(iii) Customers: An individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us.
(b) As used in this Policy, “personal data” means data, whether true or not, about an employee, job applicant, or customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
We generally do not collect your personal data unless:-
(a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after
(i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and
(ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or
(b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
Where applicable we may require you to confirm your express, explicit consent when collecting your personal data for the purposes of compliance with the Personal Data Protection Act 2012 and the regulations set out in the General Data Protection Regulation (EU) ('GDPR'). In the event of the data being transferred to our European subsidiary for data processing or because our parent company is located in Europe, such transfer will be subject to the GDPR.
3. Types of personal data we collect
The kinds of personal data we may collect from you will depend on what type of interaction you have with us:
• If you are a job applicant, personal data which we may collect includes, without limitation, your:
o identity particulars - such as your name, address, date of birth, NRIC/FIN or passport number, nationality, country, and city of birth;
o contact details – such as your mailing address, telephone numbers, email address and other contact details;
o resume, educational qualifications and certifications and employment references, employment and training history;
o work-related health issues and disabilities; and
• If you are an employee, personal data which we may collect in the context of your employment with us includes, without limitation, your:
o identity particulars - such as your name, address, date of birth, NRIC/FIN or passport number, gender, marital status, nationality, country, and city of birth;
o contact details - such as your mailing address, telephone numbers, email address and other contact details;
o employment and training history;
o salary and bank account details;
o details of your next-of-kin, spouse and family members;
o work-related health issues and disabilities;
o records on leave of absence;
• If you are a customer, personal data which we may collect in the course of doing business from you includes, without limitation, your:
o Identity particulars - such as your name, address, date of birth, NRIC/FIN or passport number, gender, marital status, nationality, country, and city of birth;
o contact details - such as your mailing address, email address or telephone numbers;
o employment information;
o financial information such as credit card numbers, debit card numbers and/or bank account information; and
o photographs and other audio-visual information.
Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
4. Purpose of collection, usage, and disclosure of personal data personal data
Midwich Asia only collects personal data for purposes which are necessary depending on the nature of our interaction with you. You will always know what information is being collected and will have the option to choose how Midwich Asia utilises your information to communicate with you.
Specifically, your personal data will be collected and used by us for the following purposes and we may disclose your personal data to third parties where necessary for the same purposes:
• If you are a job applicant:
o assessing and evaluating your suitability for employment in any current or prospective position within the organisation; and
o verifying your identity and the accuracy of your personal details and other information provided.
• If you are an employee:
o performing obligations under or in connection with your contract of employment with us, including payment of remuneration and tax;
o all administrative and human resources related matters within our organisation, including administering payroll, granting access to our premises and computer systems, processing leave applications, administering your insurance and other benefits, processing your claims and expenses, investigating any acts or defaults (or suspected acts or defaults) and developing human resource policies;
o managing and terminating our employment relationship with you, including monitoring your internet access and your use of our intranet email to investigate potential contraventions of our internal or external compliance regulations, and resolving any employment related grievances;
o assessing and evaluating your suitability for employment/appointment or continued employment/appointment in any position within our organisation;
o ensuring business continuity for our organisation in the event that your employment with us is or will be terminated;
o performing obligations under or in connection with the provision of our goods or services to our clients;
o facilitating any proposed or confirmed merger, acquisition or business asset transaction involving any part of our organisation, or corporate restructuring process; and
o facilitating our compliance with any laws, customs and regulations which may be applicable to us.
• If you are a customer:
o performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
o verifying your identity;
o responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
o managing your relationship with us;
o processing payment or credit transactions;
o sending your marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;
o complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
o any other purposes for which you have provided the information;
o transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
o any other incidental business purposes related to or in connection with the above.
The purposes listed above may continue to apply even in situations where your relationship or interaction with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
Your personal data is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf who is also authorised to disclose your personal data.
Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (‘CRBs’) and your bankers.
We will take reasonable steps to ensure that you are aware of:
• the likely use of the information;
• the right of access to the information;
• the identity and contact details of our employee/representative collecting your personal data;
• any law requiring collection of the information; and
• the main consequences of failure to provide your personal data.
Aggregated data that contains no information specific to a particular person or business and which does not constitute personal data under the PDPA may be shared with our business partners, for example, aggregated statistical trend in a particular industry sector.
We do not disclose your personal data for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal data that we collect from you.
5. Withdrawing your consent
Please note that the consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. If you are a job applicant, you may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within thirty (30) business] days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your job application or continue providing our goods and services to you (as the case may be). We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
6. How your personal data is stored and secured
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we take reasonable steps to protect your personal data from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
We have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We only keep your personal data for as long as it is required for the purposes for which it was collected or as otherwise required or permitted by applicable laws. We will take appropriate measures to destroy or permanently anonymise your personal data if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
7. What do we do if there is a data breach?
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal data, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the PDPA. Our first priority will be to contain the data breach and assess the risks and impact of the breach.
Pursuant to our obligations under the PDPA, we will notify you about the data breach as soon as is practicable. Such notification will also include making recommendations about the steps you should take in response to the breach.
Where required by law, the Personal Data Protection Commission of Singapore will also be notified of data breaches likely to cause public concern, or where there is a risk of harm to a group of affected individuals.
8. Using our Website and Cookies
Many useful services are currently available at Midwich Singapore websites and more services are being planned. Your information gives you authorised access so that you - and only you - can update your personal data, access online help or perform financial transactions. As with most websites, when you visit our website or use an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed and documents downloaded type of browser and operating system.
Depending on the nature of your interaction with us via our websites, we may collect and process personal data such as:-
• Your name and email address, when you contact us; and
• Your name, contact details, residential address, credit card information, and other personal data, when you use the services provided on our website;
We use the collected information to operate and improve our websites, deliver our services, gather customer feedback, inform or update you about our new products and services when you have consented to us doing so, and to update you on changes to our websites and services. We also use “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal data. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use our website, but the website may be limited in the use of some of the features.
Personal data that is submitted to Midwich Asia websites it is protected both on and offline. Midwich Asia web pages that request information or allow transaction processing use the Hypertext Transport Protocol Security (HTTPS) protocol (excluding Test Drive and Accountant updates) which allows data to be transmitted in an encrypted form known as Secure Sockets Layer (SSL) - visit secure for details.
You can confirm that any Midwich Asia data-entry page is secure by checking that:
• the page address in the Web browser's tool bar or status bar begins with https://, or
• the padlock icon in the web browser's tool bar or status bar is locked.
9. Marketing and Opting-Out
We may use your personal data for:
• promoting and marketing of our current and future products and services;
• informing you of upcoming events and special promotions and offers; and
• analysing our products and services so as to improve and develop new products and services.
We may exchange your personal data between our related entities and so they can also assist in the marketing of our products and services to you. We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.
At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal data. You will be given the opportunity to “opt out” from receiving marketing communications from us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with this request.
10. Cross border disclosure
For the purposes listed above at Section 3, your personal data may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Singapore who work for, or are engaged by us in other countries, including the United Kingdom. For example, we may use a server hosted overseas or a cloud-base accounting/business software to store data, which may include your personal data.
We will take appropriate steps, in the circumstances, before your personal data is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach Singapore privacy laws in relation to your personal data (‘the appropriate steps’). We will ensure that your personal data is afforded a standard of protection comparable to that which is afforded by the PDPA.
11. GDRP Applicability
Data Subject Rights
Where applicable under the GDPR, and in addition to the rights set out above, you have the following rights regarding your personal data stored with us:
• the right to object to your personal data being processed;
• the right to data portability of your personal data;
• the right to complain or query how we process your personal data;
• the right to object to automated decision making using your personal data; and;
• the right to have your personal data forgotten by us.
Data Controller and Data Processor
You acknowledge that when using our website, you will be deemed to be the data controller in relation to any personal data that you collect and store and will be responsible for how such personal data is collected. You must ensure that you obtain consent and provide notice to any persons as required under the relevant privacy legislation in relation to the collection, storages and use of their personal data.
When you use our website, we act as a data processor only in relation to personal data and data entered, collected and stored by you. We will only access your data in accordance with written instructions given by you, or unless required to do so by the PDPA or GDPR.
12. Accountability and legislative compliance
13. Accurate and up-to-date information
We take reasonable steps to ensure your personal data is accurate, up-to-date and not misleading by updating its records whenever true and correct changes to the data come toour attention.
We need your assistance to ensure that your personal data with us is current, complete and accurate, so please inform us of any changes that need to be made. If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer. To contact our Privacy Officer please see contact details below.
If you are a customer, you may update your personal data at any time by logging on to your website account(s) with Midwich Asia.
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with its reasons for taking that view.
We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
14. Access to your personal data
We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You also have a right to information about the ways in which your personal data has been, or may have been used or disclosed.
You are able to access the personal data we hold about you, and information about how it has or may have been used by contacting our Privacy Officer in writing.
If access is refused to your personal data for reasons permitted by the PDPA, we will give you a notice explaining our decision to the extent practicable and your options.
To contact our Privacy Officer please see contact details below. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.
15. Dealing with unsolicited information
We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
16. Anonymity when dealing with us
Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.
17. Collecting sensitive information
18. Government identifiers
We do not use or adopt government identifiers (e.g. tax file numbers or Medicare number) to identify individuals.
19. Enquiries, complaints and disputes
If you have any enquiries about our data protection policies and practices, you can contact our Privacy Officer (details below).
We will ensure your compliant is handled by our Privacy Officer in an appropriate and reasonable manner. Were necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Personal Data Protection Commission:
Personal Data Protection Commission
Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438
Phone: +65 6377 3131
20. Who should you contact for further information?
Mr Fai Tsang
Phone: 6950 5599
Our Privacy Officer will consider your question or complaint and respond to you in a reasonable timeframe.