This statement sets out the Data Protection Policy (“DPP”) and practices of Oceanus Group Limited (“Oceanus Group Limited”) that will be followed with respect to the collection, storage, processing, disclosure, accessing, reviewing, and/or use of your personal data. This statement is provided in accordance with the Singapore Personal Data Protection Act (Act 26 of 2012) (the “PDPA”).
We are aware of the revised Advisory Guidelines on the PDPA for NRIC and other National Identification Numbers that the Personal Data Protection Commission (PDPC) issued on 31 August 2018, and we will adhere to these guidelines.
Any data collected on behalf of any public agency by Oceanus Group Limited for the purpose required by the public agency will be exempted from the PDPA.
Please note that this DPP complements, and does not limit or replace, the purposes for which you provide Company Name with your personal data which may be expressly stated in any form for submission of personal data to Company Name. Company Name reserves the right to update this DPP from time to time to ensure that it reflects our current practices and remains consistent with the requirements imposed by law. This DPP was last updated on 22 November 2018.
1. What kind of Data will this DPP Apply to This DPP applies to “personal data” and in line with PDPA, refers to any data, whether true or not, about an individual (i.e. the data subject) who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access to, including data in our records as may be updated from time to time.
The exact type of personal data that may apply will vary depending on how you have interacted with us. Examples of such personal data provided to us include (depending on the nature of your interaction with us) name, NRIC, passport or other identification number, nationality, gender, date of birth, marital status, telephone number(s), mailing address, email address, photographs and other audio-visual information, employment information, financial information and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
2. What is not Personal Data Personal data does not include data about a data subject which has been anonymised. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual. Techniques can include pseudonymisation, 1. aggregation, 2. replacement, data reduction, 3. data suppression, 4. data shuffling, or 5. masking.
3. Collection, Use and Disclosure of Personal Data In providing Oceanus Group Limited with your personal data (either directly or through a third party), you hereby agree that Oceanus Group Limited may collect, store, process, disclose, access, review and/or use personal data (including sensitive personal data) about you, whether obtained from you or from other sources (such as our Approved Training Organisations), for the purposes set out below and/or any other administrative or operational purposes and/or the purpose of managing your relationship with Company Name:
You further agree to be bound by the prevailing terms of this DPP as updated from time to time.
4. Consent
a. Consent Required Oceanus Group Limited will not collect, use or disclose your personal data unless:
If you disclose the personal data of third parties to Oceanus Group Limited, you represent that you have obtained the consent of the relevant third parties to have their personal data collected, used and/or disclosed by Oceanus Group Limited for the applicable purposes listed in clause 1.
b. Provision of Consent
Oceanus Group Limited will not obtain or attempt to obtain your consent for collecting, using or disclosing personal data by providing false or misleading information with respect to the collection, use or disclosure of your personal data.
c. Withdrawal of Consent
5. Data Quality Oceanus Group Limited will take reasonable steps to make sure that the personal data it collects, uses or discloses is accurate, complete and up to date.
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are any changes to your personal data by informing our Data Protection Officer in writing or via the email at the content details provided below.
6. Data Security & Retention To safeguard your personal data from unauthorised access, collection, use, copying, modification, disclosure, disposal or similar risks, Company Name takes appropriate administrative, physical and technical measures.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Oceanus Group Limited will not keep personal data for longer than is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws, and will take reasonable steps to securely dispose of personal data if it is no longer needed.
7. Use of Cookies Cookies are simple text files which are stored on your computer or mobile device by our website’s server. Only Oceanus Group Limited’s server will be able to retrieve or read the contents of these cookies. Oceanus Group Limited uses cookies on its website in order to enable certain features and functionality, to ensure a smooth and optimised user experience, and to improve user security.
8. Access and Correction You are entitled to have access to the personal data about you that is in the possession or under the control of Company Name and information about the ways in which the personal data has been or may have been used or disclosed within a year before the date of the request. This can be done by you making a written application to our Data Protection Officer or via the email at the content details provided below requesting for any such information. Oceanus Group Limited reserves the right to estimate a fee before processing your request (representing its costs in administering your request) for supplying such information and to refuse requests which, in its opinion, occur with unreasonable frequency.
Oceanus Group Limited will also, where you have requested that it correct an error or omission in the personal data about you that is kept with Oceanus Group Limited, correct such data as soon as practicable and send the corrected personal data to every organisation to which the personal data was sent before it had been corrected, if applicable, unless that organisation does not need the corrected personal data for any legal or business purpose.
Oceanus Group Limited will respond to your request as soon as reasonably practicable. Should we not be able to respond to your request within twenty (20) working days after receiving your request, we will inform you in writing within twenty (20) working days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so. Company Name may however choose not to provide you with access to or correct such information, in accordance with the exceptions under the PDPA. This would include cases where:
Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.
9. Transborder Data Flows We generally do not transfer your personal data to countries or territories outside of Singapore. However, if we do so, for instance, if your personal data is required to be transferred for administrative or operational purposes by Oceanus Group Limited, we will ensure that the recipients thereof provide a standard of protection to your personal data so transferred that is comparable to that which is provided herein.
10. Enquiries and Complaints Oceanus Group Limited has designated a Data Protection Officer who will be responsible for ensuring Company Name’s compliance with applicable data protection laws. If you have any queries or requests or wish to make any applications concerning your personal information or data, please contact the Data Protection Officer:
Contact Person: Data Protection Officer
Email: admin@oceanus.com.sg
Address: 25 Ubi Rd 4, #03-05 UBIX, Singapore 408621
Please note that if your personal data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests.