DATA PROTECTION AND PRIVACY NOTICE

The privacy of your Personal Data is important to us and we are committed to accord the information the due level of care in compliance with the Personal Data Protection Act of Singapore (the “Act”). The Personal Data Protection and Privacy Notice indicates how Enabling Consulting process personal data of our General Public and General Enquirers.

PERSONAL DATA

Personal Data refers to the personal data, as defined under the Act, obtained by us in the course of and as a result of the provision of any products and services by us to you. Such Personal Data collected, used and disclosed to us may include, but not limited to, your name, mailing address, telephone number(s), personal email address, your images taken by us and any other information which you may have provided in any form to us.

COLLECTION OF PERSONAL DATA

Personal Data may be collected from you in a number of ways, such as, but not limited to:

• when your company engages us for our product and service provision;
• when you visit us in any of our premises or events hosted by us; or
• when you ask us to provide a product or service over the telephone, social media, official webpage or internet.

Where your company has given Enable Consulting, your Personal Data through the aforementioned mediums or any other mode, you agree to be bound by this Personal Data Protection and Privacy Notice.

Our websites may also offer interactive facilities where personal data may also be collected, such as:

• general enquiry (Contact us, Subscribe);
• feedback forms;
• order form; or
• request for support.

Where you have accessed and used our websites and any services we offer via the websites, you agree to be bound by this Personal Data Protection and Privacy Notice in respect of the Personal Data collected about you via our websites.

We assure you that regardless of the medium you provide your Personal Data to us, it will be handled by us with care and diligence not only in accordance with this Personal Data Protection and Privacy Notice, in compliance with the PDPA, but also in line with our commitment to you as our customers and/or service users.

PURPOSE FOR COLLECTION

Generally, we collect Personal Data for General Public and General Enquirers for purposes relating to the products and services we offer or require. These purposes include, but are not limited to:

• strictly for the purposes of fulfilling its obligations and for contractual work and / or services required under our contract agreement;
• responding to your request or enquiries regarding to an issue or question, and any other services we offer;
• receiving feedback and dealing with complaints;
• processing orders and administering accounts;
• communicating with you in relation to products and services we provide which are relevant to your existing relationship with us;
• offering you updated marketing and promotional packages you can benefit from, including products and services offered by our selected partners;
• product updates and upgrades;
• meeting regulatory and legal obligations.

We may for these purposes, contact you via mail (including electronic mail), telephone, SMS or other communication (text or image) applications for mobile devices.

DISCLOSURE

In providing you with a product or service, we may sometimes need to disclose your Personal Data to others. It is generally not our policy to disclose your Personal Data to external organisations unless we have your consent and/or are required to disclose your Personal Data as required in the normal course and scope of our business in the provision of our services to you, and/or for contractual, legal and regulatory requirements. Some examples of the types of external organisations we may need to disclose information to in the course of providing a product or service are:

• appointed third party service partners; or
• other companies or individuals, including legal counsel and information technology service providers, who assist us in providing services or who perform functions on our behalf (e.g., mailing houses of letters or printers for our marketing materials) who are contract bound to comply with our Data Protection and Privacy Notice and that of the PDPA.

Those external organisations are not authorised by us to use your Personal Data for anything other than the purpose(s) for which we supplied that information to them.

Unless otherwise required or permitted by law, we will only disclose your Personal Data with your consent (implied or expressed), and we will also take reasonable steps to ensure the external organisation to whom we have disclosed your information are also legally bound to protect the privacy of your Personal Data.

WITHDRAWAL OF CONSENT

Should you wish to withdraw your consent for us to send you sales and marketing information via a specific mode or all modes of communications (e.g., mail, email, telephone calls, SMS-Text), please notify us in writing to our Data Protection Officer (“DPO”). We may require up to 10 days, upon receipt of your request, for your request to take effect.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, withdrawal will take effect within 10 days from date of acknowledgement of request.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your request. We shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing via email.

ACCESS TO AND CORRECTION OF PERSONAL DATA

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

We will respond to your correction request as soon as reasonably possible. Should we not be able to correct the correction request within 30 days after receiving your request, we will inform you in writing on the time by which we will be able to correct your correction request. If we are unable to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

We will not provide information under the access requirement for:-

• opinion data kept solely for an evaluative purpose;
• the personal data of the beneficiaries of a private trust kept solely for the purpose of administering the trust;
• personal data kept by an arbitral institution or a mediation centre solely for the purposes of arbitration or mediation proceedings administered by the arbitral institution or mediation centre;
• documents related to a prosecution if all proceedings related to the prosecution have not been completed;
• personal data subject to legal privilege;
• personal data which, if disclosed, would reveal confidential commercial information that could, in the opinion of a reasonable person, harm the competitive position of the organisation;
• contrary to the national interest;
• the personal data was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he was appointed to act —
• under a collective agreement under the Industrial Relations Act (Cap. 136) or by agreement between the parties to the mediation or arbitration;
• under any written law; or
• by a court, arbitral institution or mediation centre.
• any request:-
• That would unreasonably interfere with the operations of the organisation because of the repetitious or systematic nature of the requests;
• If the burden or expense of providing access would be unreasonable to the organisation or disproportionate to the individual’s interests;
• For information that does not exist or cannot be found;
• For information that is trivial; and
• That is otherwise frivolous or vexatious.
• personal data or other information shall not be provided to an individual if the provision of that Personal Data or information could reasonably be expected to:
• Threaten the safety or physical or mental health of an individual other than the individual who made the request;
• Cause immediate or grave harm to the safety or to the physical or mental health of the individual who made the request;
• Reveal Personal Data about another individual;
• Reveal the identity of an individual who has provided Personal Data about another individual and the individual providing the Personal Data does not consent to the disclosure of his/her identity; or be contrary to national interest.
• If Personal Data has been disclosed to a prescribed law enforcement agency without the consent of the individual or pursuant to the exemptions in the PDPA, we shall not be required to inform the individual of such disclosure.

Correction request will not be approved in respect of:

• opinion data kept solely for an evaluative purpose;
• the personal data of the beneficiaries of a private trust kept solely for the purpose of administering the trust;
• personal data kept by an arbitral institution or a mediation centre solely for the purposes of arbitration or mediation proceedings administered by the arbitral institution or mediation centre; or
• a document related to a prosecution if all proceedings related to the prosecution have not been completed.

ENSURING PERSONAL DATA IS UP-TO-DATE

We rely on the Personal Data we hold in conducting our business. Therefore, it is very important that the Personal Data we hold is accurate, complete and up-to-date.

We will do our best to ensure that the Personal Data we hold is accurate, complete and up-to-date whenever we collect or use it. This means that from time to time, we may ask you to update us if there is any change to your Personal Data. If you find that the Personal Data we hold about you is incorrect, please contact us immediately in writing to our DPO and we will update it.

SECURITY OF PERSONAL DATA

Security of Personal Data is very important to us and we take all reasonable precautions and care to protect your Personal Data from misuse, loss, unauthorised access, modification or disclosure.

Some of the ways we protect Personal Data include:

• external and internal premises security;
• restricting access to Personal Data only to staff who need it to perform their day to day functions;
• maintaining technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and anti-virus software; and
• maintaining physical security over paper records.

RETENTION

We will retain your Personal Data for a reasonable period for the purposes as cited herein or as required by law.

For our existing customers, you may refer to the service agreement and / or data protection policies which you have contracted with us.

TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

COOKIES: PRIVACY AND OUR WEBSITES

The type of Personal Data we collect on our website depends on how you make use of the site. When you visit our websites, our host records your server address, domain name, the date and time of the visit and the pages viewed. This information may be collected by using cookies (data sent to your web browser, which generally allows our site to interact more efficiently with your computer). You may disable the use of cookies but your use of our site may be affected. Information collected about your visit to our site is retained for statistical and website development reasons and is not in a form which would enable us to identify you, grant us access to your computer or information about your browsing activity on other websites.

When visiting our sites, you will not be required to provide us with any Personal Data unless you request information about our product or service, respond to a promotion and/or provide a feedback. In which case, we will ask you to provide contact details along with other information required to respond to your request or allow you to enter the promotion.

The Personal Data and information provided may also be retained for product planning purposes, and we may use your Personal Data to contact you for direct marketing purposes where your consent was given.

RESOLVING CONCERNS

If you believe that the privacy of your Personal Data has been compromised, please contact us immediately and we will take the relevant steps to address your concerns.

RIGHT TO AMEND OUR ONLINE PRIVACY STATEMENT

We reserve the right to amend this Personal Data Protection and Privacy Notice from time to time at our sole discretion. If we make any changes to this Personal Data Protection and Privacy Notice and the way in which we use your Personal Data, we will update these changes on our websites.

NOTIFICATION OF BREACH

In event of a data breach incident where the personal data in our care has been breached, Enable Consulting will notify the affected individuals through phone or email as soon as possible within 72 hours.

CONTACTING OUR DATA PROTECTION OFFICER

For any questions relating to your Personal Data or about our Privacy Notice, you may contact our DPO at this email contactdpo@enablegroupasia.com