This Data Protection Policy (“Policy”) sets out the basis upon which Waystone (SG) Pte Ltd (“Waystone”, formerly known as DMS Governance (Singapore) Pte Ltd) may collect, use, disclose or otherwise process personal data of employees and job applicants in accordance with the Personal Data Protection Act (“PDPA”).
This Policy applies to personal data in Waystone’s possession or control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for Waystone’s purposes. It sets out details of how and why we, together with third parties, collect and process personal information in connection with your application for employment and/or employment with us. The Policy explains what personal data is collected, the purposes for which it is used, the third parties to whom it may be disclosed and how individuals can exercise their rights in relation to their personal data.
We are the controller of your personal data. We engage third party service providers to process such personal data on our behalf and those third parties act as processors.
If you have any questions about the use of your personal data, your data protection rights or if you want to exercise those rights, please contact the Data Protection Officer for the Singapore office or a member of the P+D team.
Sheila Panja Nadan, Data Protection Officer (Singapore) +65.6911.3696 – [email protected]
160 Robinson Rd, #16-05 SBF Center, Singapore 068914
Laura O’Connell, Senior People Manager (International) +353.1.619.2340 – [email protected]
Waystone, 3rd Floor, 76 Baggot Street Lower, Dublin, D02 EK81, Ireland
Louise Mooney (People Manager) +353.1.619.2329 – [email protected]
Waystone, 3rd Floor, 76 Baggot Street Lower, Dublin, D02 EK81, Ireland
Personal Data that we Process
As used in this Policy, “personal data” means data, whether true or not, about an employee or a job applicant who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
We collect personal data relating to you from you, or from public sources and in connection with our dealings with you or associated interactions with us and in connection with ensuring compliance with our legal obligations. This may include the following:
- Recruitment related data and information on your personnel file – these include your name, signature, postal address, nationality, email address, fax number, date and place of birth, nationality, curriculum vitae, bank account details, tax identification, credit history, signatures, references, work and educational history, interview notes and other contact details, right to work documentation, your PPS or social security number (or equivalent); passport number; utility bills, photographic identification and verification such as copies of your passport, passport number, gender, drivers licence and address verification, photographs, working hours, annual leave and other holiday records, emergency contact details, marital status, next of kin and family details.
- Payroll information – these include bank account details, salary arrangements, bonus entitlements and allowances.
- Performance, grievance and disciplinary details – these include performance and grievance review forms, notes from performance review and grievance investigation meetings, performance improvement and grievance plan documentation, witness statements, complaints.
- Information obtained through electronic means – these include emails stored in your email inbox, data relating to your internet browsing history, CCTV footage and other information obtained through electronic means such as swipe-card records
- Medical information and pension details – these include sick certificates, medical records, sick leave records, sick pay records, occupational health assessments and pension details.
- Termination of our relationship – these include resignation letters, exit interviews and reference letters.
- Special categories of more sensitive personal information – information about your race or ethnicity, religious beliefs, sexual orientation and political opinions, membership of a trade union or equivalent industrial relations body, information about your health, including any medical condition, health and sickness records, genetic information and biometric data.
We may collect and process personal data relating to you in connection with our on-going relationship with you, such as via correspondence and calls, and in connection with our relationship with you. Telephone calls with you may be recorded for the purposes of record keeping, security and training.
In addition, we may collect personal data relating to you from third party sources in connection with complying with legislation relating to anti-money laundering, taxation, and other legislation or for vetting or screening purposes or fitness and probity assessments or from employment or credit reference agencies or previous employers.
Purposes of Processing
Personal data will be processed for the following purposes:
- processing your application with us and during the recruitment process, to assess your suitability for the role, establishing your identity and determine the terms on which you work with us and to manage an effective recruitment process;
- during our relationship for normal HR management and administration purposes, to ensure that the terms and conditions of your appointment are properly adhered to and managed, to manage the relationship in accordance with relevant policies. This is necessary for the performance of our contract with you;
- paying you and (where relevant) deducting tax and national insurance and other contributions;
- to ensure your health and safety at work, assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
- to afford natural justice and fair procedures (where relevant);
- conducting performance reviews, managing performance and determining performance requirements including decisions about promotions and pay reviews;
- to protect your vital interests in the event of an emergency or accident;
- to pay trade union premiums or register your status as a protected employee;
- making decisions about your continued relationship with us, to properly manage the termination of the relationship and following the termination of the relationship in accordance with relevant policies;
- complying with our legislative and regulatory obligations in connection with our dealings with you, including pension law, revenue law, health and safety law, taxation, crime-detection, prevention, investigation and prosecution, the prevention of fraud, bribery, anti-corruption, tax evasion or equivalent, to prevent the provision of financial and other services to those who may be subject to economic or trade sanctions, in response to legal or court requests or requests from regulatory authorities or where it is in the public interest;
- for quality control, business and statistical analysis, market research or for tracking fees and costs or for customer service, training and related purposes;
- to communicate with you by way of notice pursuant to applicable legislation or our constitution or circulating reports or other correspondence to you;
- maintaining appropriate business records;
- to ensure network and information security, including preventing unauthorised access to our computer and electronic communications system and preventing malicious software distribution;
- where required for tax reporting purposes;
- education, training and development requirements;
- equal opportunities monitoring;
- to respond to, evaluate or deal with any queries, complaints or legal issues in relation to you;
- internal and external audits and, where necessary, investigations;
- establishing, exercising, defending or gathering evidence relating to any legal claims, litigation or grievance or disciplinary hearings;
Recipients of Data
Your personal data may be disclosed to various recipients in connection with the above purposes, including:
- our Board and (in certain circumstances) other employees of the Waystone group of companies;
- payroll providers, pension and health insurance providers, pensions trustee;
- to the Revenue Commissioners and other foreign tax authorities as required by applicable law;
- to the Monetary Authority of Singapore, the Securities & Futures Commission, Central Bank of Ireland, Cayman Islands Monetary Authority, the Financial Conduct Authority, National Futures Association, Commission de Surveillance du Secteur Financier, the Workplace Relations Commission, Department of Social Protection, Pensions Authority, auditors, or other competent governmental or regulatory authorities, trade unions or equivalent industrial relations body and bodies as requested or required by law;
- to other third parties who we engage to provide services to us, such as professional advisers, independent investigators, insurers, occupational health specialists, legal advisers, auditors and IT service providers;
- to screening and other reference agencies in order to carry out money laundering and identity checks and to comply with legal obligations;
- to other members of our corporate group or the corporate groups of the entities referred to above, as well as affiliates, agents and delegates, both within and outside the EEA; and
- in the context of a business or group company sale, re-organisation or restructuring or corporate finance activities.
In connection with the above purposes your personal data may be transferred outside Singapore, including to a jurisdiction which is not recognised by the Personal Data Protection Commission as providing for an equivalent level of protection for personal data as is provided for in Singapore. These jurisdictions may include the European Union, the United States of America, the Cayman Islands and Hong Kong. If and to the extent that we do so, we will ensure that appropriate measures are in place to protect the privacy and integrity of such personal data and in particular will comply with our obligations under the PDPA.
In particular Waystone will take appropriate steps to ensure that, if the personal data is transferred to a recipient in a country or territory outside Singapore, the recipient is bound by legally enforceable obligations to apply to the personal data transferred a standard of protection that is comparable to that under the PDPA. Waystone shall be taken to meet this standard where:
- subject to conditions, the individual whose personal data is to be transferred gives his or her consent to the transfer of his personal data;
- the transfer is necessary for the performance of a contract between Waystone and the individual;
- the transfer is necessary for the conclusion or performance of a contract between the organisation and a third party which is entered into at the individual’s request, or which a reasonable person would consider to be in the individual’s interest;
- the transfer is necessary for a use or disclosure in certain situations where the consent of the individual is not required under the PDPA;
- the personal data is data in transit; or
- the personal data is publicly available in Singapore.
Further details of the measures that we have taken in this regard and the territories to which your personal data may be transferred are available by contacting the Data Protection Officer as set out above.
We will retain your personal data for the duration of your relationship with us and for such a period of time after the relationship ends as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise.
You have the right to access your personal data, together with other information about our processing of that personal data and the right to rectify any inaccuracies in your personal data.
What happens if you do not provide us with your information or withdraw consent
It is voluntary for you to provide the personal data requested by us. However, if we believe that we require relevant information to effectively and properly manage your application or the employment relationship, we may not be able to process your application or continue our relationship with you or (in certain circumstances) to pay you or administer your pension if you decline to provide us with that personal data.
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. If you are a job applicant, you may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided above.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within fourteen (14) days of receiving it.