We at Henderson respect the privacy and confidentiality of the personal data of our Clients, Customers and others who have business dealings with us. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Protection Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data with us.
2. How We Collect Your Personal Data
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
We collect your personal data when you:
- Enter physical premises, facilities or buildings manned by our security personnel
- Report any security incident at the physical premises, facilities or buildings manned by our security personnel
- Register or sign up for services provided by us
- Provide feedback to us on our services
- Visit our websites and leave behind your contact information
- Correspond with us via emails or written correspondences
- Submit your CV and job application form to us in response to our recruitment advertisements in newspapers and websites
- Submit your CV to recruitment firms or job portals, which are in turn forwarded to or retrieved by us
3. Types of Personal Data We Collect About You
The types of personal data we collect about you may include:
- Personal particulars (NRIC / FIN No. / Passport No., Name, Gender, Date of Birth, Race, Citizenship, Country of Residence
- Personal contact information (Telephone No., Residential Address, Mailing Address, Email address)
- Financial information (Type of credit card, Cardholder Name, Credit Card No.)
- Educational and professional qualifications – for job applications and training courses
- Professional and work experience – for job applications and training courses
4. How We Use Your Personal Data
We use the personal data we have collected about you for one or more of the following purposes:
- Provide security-related services
- Provide customer service and support, customer care and account management Process applications for registration at our events and/or services
- Fulfil requests and orders for products and services
- Process billing, payment and other credit-related activities
- Respond to queries and feedback
- Manage and improve our business and operations to serve you better
- Comply with legal obligations and regulatory requirements
- Process job applications, recruitment and selection
5. Who We Disclose Your Personal Data To
We disclose some of the personal data we have collected about you to the following parties or organisations outside Henderson in order to fulfil our services to you:
- Managing agents at the sites where we provide security services
- Freight/courier services
- Print processing services
- Payroll processing services
- Accounting services
- Legal services
- Insurance companies
- Recruitment Agencies / Headhunters
- Webhosting companies
- Cloud service providers
- IT service providers
- Examination and Certification Bodies
- Regulatory authorities and government agencies
6. How We Manage the Collection, Use and Disclosure of Your Personal Data
6.1 Obtaining Consent
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for course registration with the training academy.
6.2 Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us.
Your request for withdrawal of consent can take the form of an email or letter to us, or through the “UNSUB” feature in an online service.
7. How We Ensure the Accuracy of Your Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data we have collected from you is reasonably accurate, complete and up-to-date. From time to time, we may do a verification exercise with you to update us on any changes to your personal data.
8. How You Can Access and Make Correction to Your Personal Data
You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request as soon as reasonably possible, or within 30 days. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the costs involved in retrieving your records. If you find any error or omission in your personal data, you may request us to make the correction.
9. How We Protect Your Personal Data
We will take the necessary security arrangements to protect your personal data that is in our possession or under our control to prevent unauthorised access, use, disclosure, or similar risks. We will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
10. How We Retain Your Personal Data
We will not retain any of your personal data in our possession or under our control when it is no longer necessary for any business or legal purposes. We will dispose of or destroy such documents containing your personal data in a secure manner based on our document retention schedules.
11. How We Handle Queries and Complaints
If you have any query or feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer at: firstname.lastname@example.org
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.