NEX CorporateIT Pte Ltd (“NEX”) takes its responsibilities under Singapore’s Personal Data Protection Act 2012 and its regulations seriously. To fulfil our obligations under the PDPA, NEX has undertaken extensive measures to properly manage, protect, process and dispose of any personal data entrusted to our possession by our employees, job applicants, and visitors, in a responsible and safe manner. We are committed to protecting the privacy and confidentiality of personal data in our care from unauthorized access or use by unauthorized persons, either external or internal, and to prevent the commingling of data amongst customers and / or individuals.
Definition of Terms in this Policy
- NEX CorporateIT Pte Ltd - Herein known as (“NEX”, “NEX CorporateIT”, “we”, “our” or “us”), is a company incorporated in the Republic of Singapore. NEX is an outsourced IT services and solutions provider.
- Personal Data - Pertains to any data concerning a living individual which can be used to identify them. Personal Information may be classified under any of the below categories:
- Information that includes name, NRIC or Passport number, address, date of birth, gender, occupation, telephone number, email address, photographic or video graphic recordings, or any other information that may enable identification of specific individuals;
- Information that by itself does not enable identification of specific individuals, but can be easily collated with other information and thereby enable identification of specific individuals; or
- Information that includes individual identification codes as defined under Article 2, Paragraph 2 of the Act on the Protection of Personal Information (the "Personal Information Protection Act").
- Personal Data Protection Act 2012 – Abbreviated as “PDPA”, this refers to the baseline standard of protection for “Personal Data” in Singapore, comprising of various requirements governing the collection, use, disclosure, and care of “Personal Data” in Singapore. The PDPA law is administered and regulated by the Personal Data Protection Commission (“PDPC”).
- Protected Health Information (PHI): Defined as any information about health status, provision of health care, or payment for health care, that can be linked to, or used to identify, a specific individual.
- Derived Personal Data – Refers to (a) personal data about an individual that is derived by an organisation in the course of business from other personal data, about the individual or another individual, in the possession or under the control of the organisation; and (b) does not include personal data derived by the organisation using any prescribed means or method.
- Processing – This term includes the activities of obtaining, recording or holding data, or carrying out any operation or set of operations on data such as, but not limited to, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring “Personal Data” to third parties.
- Data Protection Officer (DPO) - Refers to the person heading all data privacy-related programmes and initiatives within NEX.
Purposes of collecting Personal Data
NEX will only collect Personal Data when there are legitimate and/ or reasonably valid business or compliance purposes for collection.
NEX will provide clear and transparent notification about the purpose(s) behind collecting personal data at the point of collection(s) and seek consent from the individual, where reasonably possible.
The purposes for which NEX may collect personal data are, but not strictly limited to:
- To verify identities in order to perform/carry out a service for an individual or a client;
- To facilitate or administer provision of services to an individual or client;
- To verify information submitted by an individual or client;
- To evaluate job applicants’ suitability for a position at NEX and/ or to contact them;
- To contact individuals and/ or provide customer support;
- For employment and payroll administration purposes;
- For monitor our premises and property for security and surveillance purposes;
- For invoicing and billing purposes;
- To ensure compliance with our terms and agreements or policies;
- To respond to any emergencies threating the life, health, and safety of an individual;
- To fulfil any legal obligations or legitimate purposes required by law.
Collection of Personal Data
NEX collects personal data when individuals interact with our services or staff and provide their own personal data voluntarily. NEX will inform individuals and seek their consent prior to collection of personal data, where practicable.
Individuals provide personal data to NEX when they voluntarily:
- Sign up for our services;
- Sign up as a registered user on our company website;
- Register for virtual or in-person events organized by NEX;
- Communicate with and provide information to NEX staff;
- Provide documents to NEX;
- Fill up application and registration forms provided by NEX;
- Visit NEX’s website and accept cookies on the website;
- Visit NEX’s facilities.
The forms of personal data which NEX may collect, with your consent for the purposes above, include but are not limited to:
- Contact Information (email and phone numbers, social media such as Linkedin)
- Home or Work Addresses
- Previous or current employment history and details
- Education history, qualifications, and details
- Names and contact details of references
- Contact details of Immediate Family members
- Health, Criminal, and Financial History
- Copies of education certificates
- Copies of NRIC (Singaporeans & Permanent Residents)/ Passport (Foreigners)
- Birth Certificate of Children (only for employees who intend to apply for childcare leave)
- Bank account information
NEX will not collect any more personal information than is strictly necessary for the performance of the purpose of collection (e.g. NEX will only collect NRIC data from our employees and not from members of the public).
Disclosure of Personal Data
NEX respects the privacy and confidentiality of every individual, and avoids or minimizes the disclosure of personal data to the bare minimum.
NEX only performs disclosure of data where necessary to fulfil one of the purposes stated in the “purposes” section above, to the following entities:
- To service providers, subcontractors, or business partners for the provision or performance of services by NEX. These entities are given only the minimum amount of information they need to perform their designated functions and are prohibited from using our provided information for their own unrelated purposes.
- To third party background check companies engaged by NEX to perform background checks for foreign employees
- To government authorities or regulatory bodies for compliance with laws or regulations, where required to do so, or when reasonably necessary to protect against fraud, or to protect property or an individual, or to protect our legal rights and/ or that of our business partner(s).
Where the disclosure of personal data is required to fulfil one of the purposes stated above, NEX shall disclose Personal Data only under the following conditions:
- Where prior consent is given by the individual;
- Where deemed required by the law;
- Where Personal Data is provided to third parties such as contractors or subcontractors (including sub-subcontractors) is specifically to assist with our activities listed above in the “purposes” section.
Transfer of Personal Data Outside of Singapore
NEX will generally avoid transferring personal data outside of Singapore unless the transfer is necessary. NEX currently transfers data overseas only for the following purpose:
- To perform background checks on education, bankruptcy, employment history checks on non-Singaporean and non-Permanent Resident (PR) employees only
If or where transfer of personal data outside of Singapore is necessary, NEX shall notify the affected individual(s) and seek their consent for the overseas transfer before performing the transfer of data. Additionally, NEX shall work with the overseas recipient to ensure that the transferred personal data continues to receive a standard of protection in the destination country, that is equivalent or comparable to the PDPA and General Data Protection Regulation (GDPR).
NEX will endeavour to notify individuals of the collection, use, and/ or disclosure of their personal data and obtain your consent prior to performing any collection, use, and/ or disclosure of personal data.
If you decline to provide consent for NEX to collect, use, and/ or disclose your personal data, NEX shall respect your choice and will not proceed with collection, use, or disclosure of your personal data, but be advised it may result in us being unable to administer or carry out some services to you, for example:
- If you do not consent to providing us with the personal information in your CV, we would be unable to process your application for employment.
- If you do not consent to us recording images of you through the CCTV cameras in our office, we regret to inform you that we would not be able to grant you access to our office.
There may be some cases where NEX may collect, use, and/ or disclose personal data without consent, where such actions are permitted or required by the PDPA or other laws. In such cases, NEX shall seek consent before collecting any additional personal data, and before using personal data for a purpose which has not been notified to an individual (except where permitted or authorised by law).
NEX utilizes encryption, data segregation, fire-walling, and anti-intrusion systems to protect and safeguard personal data in our possession from loss, misuse, unauthorized access, disclosure, alteration, and/ or destruction. We also limit and restrict access to personal data, and only grant temporary access to it when absolutely necessary for a legitimate purpose.
NEX will only be retain personal data for as long as necessary to serve the purpose for which it was collected, and/ or as long as there is a justifiable legal or business purpose for the continued retention of the data, unless a longer retention period is required or permitted by law.
When retention of personal data is no longer necessary, NEX will either return, anonymize, or delete/ destroy the personal data. NEX will determine and carry out the most appropriate method of disposal based on the storage medium and sensitivity of the personal data.
Individual Choices and Privacy Rights
Every individual has the right under the PDPA to exercise choice and control over how NEX collects, uses, processes, and discloses their personal data. The choices that every individual has the right to exercise under the PDPA are:
- Access and Correction: Any individual has the right to request for access, view, and / or correct any of their Personal Data that NEX is in possession of. Note that NEX may request to verify the requestee’s identity before carrying out the request, and/ or impose a reasonable fee for administrative costs incurred in order to perform this request.
- Disputes, Queries, and Complaints: Any individual may raise a query, a dispute or a complaint regarding their individual personal data to NEX.
- Provision of Consent: In situations where provision of personal data is optional, an individual may exercise choice in whether they wish to provide their personal data to NEX, after being advised of the consequences of not providing their personal data.
- Withdrawal of Consent: Any individual may withdraw their consent for NEX’s collection, use, or disclosure of their personal data even if they have previously provided consent.
When an individual withdraws their consent, NEX will cease retention of the personal data after informing the individual of the consequences of withdrawing consent, unless the retention, use, and/ or disclosure of the personal data is required or permitted under the PDPA and/ or any other applicable laws.
- Data Portability: individuals have the right to receive all requested copies of their personal
data in a structured, commonly used and machine-readable format, and to request for us to transmit it to another controller where technically feasible.
Any individual may submit a request for any of the above to NEX’s Data Protection Officer (“DPO”), whose contact information may be found at the end of this policy. Requestees can expect to receive a response within 5 working days.
- Distinguishing users on our website(s) or website / IT portal(s) / mobile application(s);
- Remembering individual users’ preferences after they have logged in for a seamless experience;
- Revising, altering, or deleting website content to improve customer satisfaction;
- Tracking users’ movements from page to page to store their selected inputs and preferences, so that they are not constantly asked for the same information;
- Analysing what interest users may have in any of the products and services offered by the company;
However, users are advised that NEX has no control over any cookies used by third parties and shall not be responsible for the protection, management or other handling of Personal Information and any other information on any third-party websites that are linked to NEX’s website. NEX shall bear no responsibility for any damage that individuals may incur arising from any use of third-party websites.
For further information on the types of cookies and how they work, users are recommended to visit www.allaboutcookies.org.
Contact Information of Data Protection Officer
Data Protection Officer
Phone Number: +65 6296 0703
Email address: DPO@NEXCorporateIT.com
NEX CORPORATEIT PTE LTD
No.1 Pemimpin Drive,
#04-04 / #04-03 Singapore 576151
Notice of Changes and Updates to this Policy
NEX reserves the right to change or amend this policy without prior notification at any time.