Effective Date: 31 August 2019
This policy governs the collection, use and disclosure of personal data from employees, customers and third party to us and explains how we collect and handle personal data of individuals and comply with the requirements of the Personal Data Protection Act 2012 of Singapore and its regulation(s) (“PDPA”). In this policy, “personal data” shall have the meaning ascribed to it in the PDPA.
The Company’s appointed Data Protection Officer (DPO) who will update this Data Protection Policy from time to time to ensure that this Data Protection Policy is consistent with future developments, market trends and/or any changes in technology, legal or regulatory requirements.
This policy covers all the activities of Capitall Pte Ltd related to Personal Data received from employees, customers and third party.
We will collect, use or disclose personal data for employment and reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under applicable laws.
Employee- by signing consent form.
6. Collection of Personal Data
6.1 Personal Data collected from Customer
6.1.1 Purpose and Scope
THIS POLICY TOGETHER WITH OUR TERMS AND CONDITIONS ARE DESIGNED TO INFORM OUR CUSTOMERS AND ASSIST THEM IN UNDERSTANDING HOW WE COLLECT, USE, RETAIN, DISPOSE, TRANSFER, DISCLOSE AND/OR PROCESS THEIR PERSONAL DATA.
We only collect personal data from our customers to enable us to understand our customer’s financial needs and assess their loan application. Such personal data is provided to us by our customers both online or in person, directly or via a third party, including through face to face interviews, email messages and telephone conversations. We will not use or disclose information collected from our customers other than the purpose made known herein or as may be necessary to comply with the applicable laws.
We will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this policy. If any party is acting as an intermediary or otherwise on behalf of a third party individual or supplying us with information regarding a third party individual (such as a friend, a colleague, an employee etc), such intermediary party undertakes that they are an authorised representative or agent of such third party individual and that they have obtained all necessary consents from such individual to the collection, processing, use and disclosure by us of their personal data. If there is any collection of such individual’s data from the third party, the said intermediary party must undertake to make the third party individual aware of all matters listed in this policy by distributing a copy of this policy to them.
We use personal data of customers for the following purposes:
a) To obtain credit report(s)
b) Understanding our customer’s financial needs and to assist us in customising and delivering loan packages that are of interest to our customers.
c) Assessing our customer’s loan Application and to such extent necessary to comply with the laws of Singapore.
d) To enable us to carry out our operation, legal obligations and to customise loan plans for our customers.
e) We may be required to disclose them for the purposes of recovery of loans which are overdue to our customer’s “Next-of-kin”, their employer, company or office colleagues or any other third party’s information which they have voluntarily provided us with for the aforesaid purpose.
f) For debt recovery purposes, i.e. to engage any law firms, third party debt collection agencies or approved debt collector.
g) We may be required to disclose them for auditing and accounting purposes to a third party accountant or auditor.
We further undertake to maintain strict confidentiality standards for safeguarding your information collected from you other than for the abovementioned purposes.
6.1.2 Type of Personal Data Collected
Personal data are collected for the purposes mentioned hereinabove, taking into consideration the nature and sensitivity of the personal data. Your personal data are strictly handled and we endeavour not to collect information that exceeds that required by law and/or information we need to provide you with Capitall Service. The Personal Data we may collect are:
a) Full Name of company Director(s), Shareholder(s) or Authorised Signatory(ies)
b) Personal Identification Number (IC No., FIN No., or Passport No.) of company Director(s), Shareholder(s) or Authorised Signatory(ies)
c) Nationality of company Director(s), Shareholder(s) or Authorised Signatory(ies)
d) Date of Birth of company Director(s), Shareholder(s) or Authorised Signatory(ies)
e) Sex of company Director(s), Shareholder(s) or Authorised Signatory(ies)
f) Ethnicity of company Director(s), Shareholder(s) or Authorised Signatory(ies)
g) Address of company Director(s), Shareholder(s) or Authorised Signatory(ies)
h) Contact No. of company Director(s), Shareholder(s) or Authorised Signatory(ies)
i) Marriage Status of company Director(s), Shareholder(s) or Authorised Signatory(ies)
j) Email Address of company Director(s), Shareholder(s) or Authorised Signatory(ies)
k) Income of company Director(s), Shareholder(s) or Authorised Signatory(ies)
l) Employment information of company Director(s), Shareholder(s) or Authorised Signatory(ies)
m) Photograph of company Director(s), Shareholder(s) or Authorised Signatory(ies)
n) Next-of-Kin contact details of company Director(s), Shareholder(s) or Authorised Signatory(ies)
6.2 Personal Data collected from Employees
6.2.1 Purpose and Scope
We collect personal data from our employees to enable us to understand, plan, manage, evaluate their employment suitability and performance and to terminate their service. Such personal data is provided to us in the resume filled by our employees, face to face interviews or via the Company’s preferred communication channel (The Company will inform the employees of the purposes for the collection, use and disclosure of their personal data and obtain their consent prior to the collection, use and disclosure. We will not use or disclose information collected from our employees other than the purpose made known herein or as may be necessary to comply with the applicable laws).
Such use includes:
a) For evaluation of work performance
b) For CPF purposes
c) To apply Work Permit/S Pass/ E Pass
d) To manage certain staff schemes like training or educational subsidies
e) For the purpose of employment such as drafting employment letter
f) To purchase work related insurances
g) staff directory
6.2.2 Type of Personal Data Collected
The personal data will be collected for the abovementioned purposes, taking into consideration the sensitive nature of personal data. The handling of personal data are done in a strict manner and we endeavour not to collect information that exceeds that required by law or the foregoing purposes. The Personal Data will be collected are:
a) Full Name
b) IC No./ FIN No.
c) Passport No.
f) Marital status
g) Date of Birth
h) Home Address
i) Contact No.
j) Email Address
k) Work experience
l) Curriculum Vitae
n) Bank Account
6.3 Third Party
6.3.1 Purpose and Scope
The Company may disclose your personal data to third parties to assist with the Company’s activities, the purposes made known to you herein, only when we have the individual’s consent or deemed consent or when required by law. Any such third parties whom we engage will be bound contractually to keep information confidential.
We may also disclose your personal data to our affiliates, only where is it is necessary (i) to meet the purpose for which such individual submitted the personal data; and (ii) for the purposes which the Company has made known to you herein.
Such purpose shall include:
a) Debt collection purposes
b) Accounting purposes
c) Employment purposes
d) Legal purposes
e) Audit purposes
f) Any other disclosure which may be required by law
7. Disclosure of Personal Data
7.1 Personal Data of Customer
7.1.1 Purpose and Scope
We do not disclose personal data of customers to third parties except when required by law, when we have the individual’s consent or deemed consent or in cases where we have engaged third parties to assist with debt recovery or certain aspects of the company’s activities such as accounting and auditing functions. Any such third parties whom we engage are bound contractually to keep all information confidential.
We may disclose personal data to the credit bureau(s) for the purposes of obtaining and producing a credit report.
7.2 Personal Data of Employee
7.2.1 Purpose and Scope
We do not disclose personal data of employees to third parties except when required by law or when we have engaged third parties to assist with Training or certain aspect of the company’s activity such as accounting, to purchase work-related insurances HR and auditing functions. Any such third parties whom we engage are to keep all information confidential. When sharing personal data to third party, we will ensure that the data is correct and the original copy of the document is used to verify the copy. Communication of these personal data is done securely via email or other methods specified in the Internal Communication Management.
7.2.2 Type of Personal Data Disclosure
1) The personal data will be disclosure to the third parties for the purposes of training or certain aspect of the company’s activity such as to purchase work-related insurance, accounting, HR and auditing functions is:
a) Full Name
b) IC No. / FIN No.
c) Passport No.
e) Contact No.
f) Email Address
j) Income (including salary, CPF and bonuses)
l) Income tax
8. Access to and Correction of Personal Data
Upon request, we will process our customer’s/ third party’s/ employee’s request and provide them with access to their personal data or other appropriate information on their personal data in accordance with the requirements of the PDPA, which is made known to our customers via the Terms and Conditions, this policy and in the Loan Contract. Likewise, our employees are being made aware of such channel via our Internal Communication Management while third party will be informed by giving them a copy of this policy. Alternatively, our customers/third party may write in to us via the “Contact Us” tab on our website (www.capitall.com.sg).
Upon request, we will correct an error or omission in the individual’s personal data that is in our possession or control in accordance with the requirements of the PDPA. The request will processed within 5 working days. Should the DPO be unable to process the request within 5 working days, an interim email should be sent to notify the customer regarding the extension of time needed to process their request at any point of time before the expiry of the 5 working days. The procedure is detailed in our Feedback/Complain/Request for Access procedure.
9. Withdrawal of Consent
Request for withdrawal of any consent given or deemed to have been given will be processed within 5 working days. We will inform the individual of the likely consequences of withdrawing their consent. Thereafter, we will cease (and cause any of our data intermediaries and agents, if any) collecting, using or disclosing the personal data unless it is required or authorised under applicable laws. Should the DPO be unable to process the request within 5 working days, an interim email should be sent to notify the customer regarding the extension of time needed to process their request after assessing their request before the expiry of the 5 working days. The procedure is detailed in our Feedback/complain/Request for Access procedure.
10. Accuracy of Personal Data
We ensure that personal data collected by us is accurate, genuine and up-to-date by verifying the data against the original relevant document or via verified sources such as Singpass or Myinfo.
11. Security and Protection of Personal Data
We have implemented generally accepted standards of technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, retention or similar risks. The Company’s personnel observes a strict internal policy. Access to personal data are only given to our personnel on a necessary basis, kept to a minimum and where they have agreed to ensure confidentiality of this information.
12. Retention of Personal Data
The minimum retention period of information relating to the loan, which includes our customer’s personal data is 5 years after the termination of the loan. Thereafter, we will cease to retain their personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.
The retention of information related to employee will be retained and will not be disposed off for review and record-keeping purposes.
13. Transfer of Personal Data outside of Singapore
In the event of transfer of Personal Data outside Singapore, we will ensure that should there be any transfers of personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA should the need arises. This includes (without limitation):
• Imposing legally enforceable obligations on the recipient to provide to the personal data transferred, a standard of protection that is comparable under the PDPA such as:
I. Any applicable foreign law;
II. Any contracts with overseas recipient that requires recipients to provide a comparable standard of protection and specifies the countries & territories to which the personal data may be transferred to; or
III. Have binding corporate rules with overseas recipient(s) to provide a comparable standard of protection, specify the recipients, countries and territories to which the binding corporate rules apply, and the rights and obligations provided by the rules;
• Consent given after reading a written summary of the extent to which his/her personal data will be protected in the countries and territories that the personal data will be transferred to;
• The transfer is necessary for the performance of a contract between the organisation and individual / between the organisation and a third party;
• Take necessary measures to ensure that personal data transferred will not be used or disclosed by the recipient for purposes other than the foregoing
14. Privacy on Our Websites
This Policy also applies to any personal data we collect via our websites. Cookies may be used on some pages of our websites. “Cookies” are small text files placed on your hard drive that assist us in providing a more customised website experience. Cookies are now used as a standard by many websites to improve users’ navigational experience. If individuals are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, a visitor can always delete the cookie from his/her system if he wishes.
We endeavour to notify our customers and third party of any changes to this policy 14days in advance after which the changes will be made effective and published on our website. The communication channel will be informed via our software application / email / text / written notice, at our discretion.
Similarly, we endeavour to notify our employees of any changes to this policy 14days in advance after which the changes will be made effective and published on our website. The communication channel will be informed via email / text / written notice / any channels, at the Company’s Discretion.
16. Data Protection Officer