DATA PROTECTION & PRIVACY POLICY

INTRODUCTION

Acutus respects the privacy and confidentiality of prospects and clients’ personal data as well as visitors’ personal data collected via our website. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with our understanding of the Personal Data Protection Act (2012) (“PDPA”).

We have developed this Data Protection & Privacy Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data.

This policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your personal data.

 

HOW WE COLLECT YOUR PERSONAL DATA

 The PDPA defines “personal data” as “data, whether true or not, about an individual who can be identified:

(a)       from that data; or
(b)       from that data and other information to which the organisation has or is likely to have access”.

We collect personal data through the following methods and / or channels:

  • When you engage Acutus to render professional services to you;
  • When we record CCTV footage while you are within our premises;
  • When you interact with Acutus via face to face meetings, emails, letters, fax and telephone conversations;
  • When we receive your personal data in the course of our professional work;
  • When we receive references from business partners, associates and / or third parties;
  • When you submit an application form, curriculum vitae, etc. for the purpose of employment opportunities, seminars and / or any events organised by Acutus;
  • When photographs or videos of you are taken by Acutus or our representatives during events hosted by us;
  • When you visit our website and leave your personal data including your IP address assigned to your computer;
  • When you visit our website which may use cookies to facilitate the management and maintenance of our website as well as improved navigation by visitors;
  • When you submit your personal data to us for any other reasons;
  • When we collect information about you from other sources, including commercially available sources, such as public databases (where permitted by law).

 

  1. Social Media
    We may host various blogs, forums, wikis and other social media applications such as Facebook, Twitter and Linkedin that allow you to share content with other users (collectively “Social Media Applications”). You have to be aware that any personal information that you contribute to these Social Media Applications can be read, collected and used by other users of the application. We have little to no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any Social Media Applications will be handled in accordance with our Data Protection and Privacy Policy.
  2. Cookies
    We use cookies to identify you from other users on our website to improve your navigation. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device.

    You can block or deactivate cookies in your browser settings. You have to be aware that blocking or deactivating the cookies may, inter alia, affect the quality of your user experience on our website. By continuing to use our website, you are agreeing to the use of cookies on our website.

 

TYPES OF PERSONAL DATA COLLECTED

The types of personal data that we collect about you may include, but not limited to, your name, current job title, address, email address, telephone numbers and fax numbers. Sensitive personal data including, but not limited to, passport or other identification number, date of birth, bank account numbers, employment details, family background and details, race and / or ethnicity is only collected when you voluntarily provide this personal data to us or where such personal data is required or permitted to be collected by law or professional standards.

If you provide the personal data of anyone other than yourself (including your family members), you warrant that you have informed him / her of the purposes for which Acutus requires his / her personal data and that he / she has consented to your disclosure of his / her personal data to Acutus for those purposes.

We understand the importance of protecting the information of children below the age of 16 years and do not knowingly collect or maintain information about such children.

 

HOW WE USE YOUR PERSONAL DATA

Personal data that we collect from you is used only for the intended purpose(s) stated and / or communicated to you at the time that the personal data is collected. In addition, we may use the personal data that we have collected for the following purposes:

  • To deliver accounting, audit, tax or advisory services to you on your instruction;
  • To answer queries that you make prior to any formal instruction;
  • To avoid any conflict of interest as we represent you;
  • To send you updates, materials and communications regarding the professional services rendered by Acutus;
  • To send you information on seminars and conferences conducted by Acutus;
  • To respond to, process and handle your queries, feedback and suggestions;
  • To meet or comply with any applicable laws, regulations or professional standards issued by any legal or regulatory bodies in Singapore;
  • To verify your identity, processing payments as well as manage our administrative and business operations;
  • To manage the security of our premises, facilities and technology infrastructure;
  • To fulfil all other purposes related to our business;

If you are seeking employment or any other appointment with Acutus, we may use the personal data that we have collected from you for the following purposes:

  • To process and assess your application;
  • To perform background checks;
  • To verify your credentials and qualifications as well as to obtain employment references; and
  • To fulfil all other purposes related to the process of employment or appointment (henceforth, collectively known as the “purposes”).

 

Acutus may process and / or transfer such personal data to other members of the Acutus network and / or subcontractors (which may be located in other territories) for the purposes of (i) providing the services; (ii) maintaining Acutus operations or client relationship management system; (iii) quality and risk management reviews, or (iv) providing you with information about Acutus and / or Acutus’s range of services.

If there is an instance where the personal data collected is to be used for a different purpose and / or shared with a third party, we will seek your consent before using or sharing the personal data.

It is our policy to avoid collecting excessive and / or irrelevant personal data and Acutus does not collect and / or compile personal data for the purpose of sale to outside parties.

 

WHO WE DISCLOSE YOUR PERSONAL DATA TO

Personal data that we collect from you is only disclosed to other members within Acutus and third parties in relation to the intended purpose(s) which is stated and / or communicated to you at the time that the personal data is collected. We will also disclose personal data to such third parties who have confirmed in writing that they have and will provide adequate protection over the personal data in question. Such third parties do not include law enforcement, regulatory and / or government agencies. When required by a court order or any other law or regulatory requirements, your personal data may be disclosed accordingly to the relevant parties as directed by such legal processes, whether local or overseas.

Acutus website also includes links to other Acutus offices located overseas as well as other third party websites. Our privacy practices stated herein do not apply when you connect to these overseas offices’ websites and / or other third party websites. You are encouraged to review the data protection and privacy policies of websites you choose to visit.

 

HOW WE MANAGE THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA

We take our responsibilities under the PDPA seriously and are committed to implementing policies, practices and processes to ensure compliance with the PDPA obligations.

Information on our policies, practices and processes can be found in the latter part of this policy document.

 

  1. Obtaining Consent
    Before we collect, use or disclose your personal data, we will notify you of the purpose(s) of such collection, use and disclosure. As far as possible, we will not collect excessive and / or irrelevant personal data for the stated purpose(s).

    Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data to us for the stated purpose(s). By providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing and disclosure of your personal data as described in this policy. The exceptions upon which personal data may be collected without consent are pursuant to the Second Schedule of the PDPA, which is available at http://sso.ogc.gov.sg.

  2. Third-Party Consent
    If you are carrying out a transaction with us, having a face-to-face meeting with us, and / or providing us with any personal data on behalf of another individual, you must first notify and obtain consent from that individual in order for us to collect, use and / or disclose his or her personal data. Such consent must be represented to us.
  3. Withdrawing Consent
    If you wish to withdraw consent, you should give us reasonable advance notice in writing. You have to be aware of the possible consequences of your withdrawal of consent which may, inter alia, affect the quality of services rendered to you. We will cease (and cause any of our intermediaries and agents to cease) collecting, using or disclosing the personal data unless it is authorised or required under applicable laws.

    Your request for withdrawal of consent can take the form of:

    • An email or letter to us (please refer to CONTACT INFORMATION Section of this Data Protection and Privacy Policy); or

     

    • Through the “UNSUB” feature in our emails to you.


 

ACCESSING AND MAKING CORRECTION TO YOUR PERSONAL DATA

You may write to us, based on reasonable grounds, to find out how we have been using or disclosing your personal data and / or to request a copy of your personal data. We are obliged under the PDPA to allow you access to your personal data which has been or may have been used or disclosed by us within a year before the date of the request and to correct an error or omission in your personal data that is in the possession or under the control of Acutus. 

Where we have corrected an error or omission in your personal data that is in the possession or under the control of Acutus, we will send the corrected personal data to other members of the Acutus network and / or third parties which the personal data was sent to before it had been corrected, where applicable.

Before we accede to your request, we may need you to verify your identity through appropriate means including, but not limited to, verification through your NRIC or other legal identification documents. Thereafter, we will let you have an estimate of the time required to retrieve all the relevant personal data and the fee that we will charge for processing your request (our costs in administering your request). Upon confirmation of your acceptance of our aforesaid fee, we shall respond to your written request within 30 days.

Acutus may be prevented by law from complying with your request and may also decline your request if the law permits Acutus to do so or if the records of Acutus have been destroyed in accordance with its Document Retention Policy.

We may choose not to provide you with access to, or correction of such information, in accordance with the exceptions under the PDPA, including but not limited to the following:

  • We are satisfied on reasonable grounds that the correction should not be made;
  • The request for access is frivolous or vexatious or the information requested is trivial; or
  • The personal data, if disclosed, would reveal confidential commercial information, which, in the opinion of a reasonable person, may harm our competitive position.

 

ACCURACY OF YOUR PERSONAL DATA 

We will take reasonable precautions and verification checks to ensure that the personal data that we have collected from you is reasonably accurate, complete and up-to-date. If you are a client or if you would like to continue to receive updates, materials and communications regarding our professional services, seminars and / or conferences, it is important that you update us if there are any changes to your personal data such as email address etc. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you had initially provided us with.

 

PROTECTION OF PERSONAL DATA

Acutus has reasonable technology and operational security policies and procedures in place that govern how personal data and confidential information are protected within our organisation. We will take the necessary security measures to protect your personal data that is under our care and control to prevent loss, modification, collection, unauthorised access, misuse, copying, alteration, disclosure and / or destruction.

All Acutus employees have agreed and will take reasonable and appropriate measures to ensure the confidentiality and integrity of your personal data. Your personal data will only be shared with authorised personnel in Acutus on a “need to know” basis.

External data intermediaries who process and maintain your personal data on our behalf will be bound by contractual data protection arrangements we have with them.

Although we use appropriate measures to protect your personal data, the transmission of data over the internet is never completely secure. Whilst we endeavour to protect your personal data, we cannot fully guarantee the security of data transmitted to us or by us.

 

 

RETENTION OF PERSONAL DATA 

We will not retain any of your personal data under our care and / or control when it is no longer necessary for any business or legal purposes. Acutus has a Document Retention Policy that spells out how long we ought to retain each type of confidential document and / or personal data. Certain retention periods are based on statutory or regulatory requirements.

We will ensure that your personal data that no longer has any business or legal use are destroyed or disposed in a secure manner. This applies to both physical documents and electronic data stored in databases.

 

TRANSFER OF PERSONAL DATA OUTSIDE OF SINGAPORE

In the event that there is a need for us to transfer your personal data to another country, we will take appropriate steps. This includes ensuring that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA or entering into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.

 

UPDATES ON DATA PROTECTION & PRIVACY POLICY

As part of our efforts in implementing the latest policies, practices and processes, we will be reviewing these policies, practices and processes from time to time. We reserve the right to amend the terms of this Data Protection and Privacy Policy at our absolute discretion. Any amended Data Protection and Privacy Policy will be posted on our website. You are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.

 

CONTACT INFORMATION

You may contact our Data Protection Officer via email at [email protected] or write in to us at 133 New Bridge Road, #24-01/02 Chinatown Point Singapore 059413 if you would like to:

  • Withdraw your consent to any use of your personal data;
  • Obtain access to your personal data;
  • Make corrections to your personal data;
  • Clarify any questions relating to our collection, use and / or disclosure of your personal data;
  • Provide feedback regarding this policy document; and / or
  • Make any complaint relating to how we manage your personal data.

Any query or complaint should include, at least, your full name, contact information and a brief description of the query or complaint. We treat such queries and complaints seriously and will deal with them confidentially and within a reasonable time.