1. Types of Personal Information
Under the PDPA, Personal Data is defined as data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which we have or are likely to have access. We have access to or may collect the following personal data:
- Personal details such as your name, and photographs.
- Contact details such as your email address, telephone number(s), residential address, company address, and online messaging details.
- Demographic information such as your gender, age, date of birth, nationality and title.
- Expertise such as your professional history and background, qualification details (e.g., job application references, certifications, memberships under institutes), and other professional skills/records.
- Employer or partner details
- Views and opinions
- Consent records (i.e., records of consent provided by you and information relating to that record such as date and time, means of consent, and the subject matter of the consent).
- Information you state on AMF’s ‘Contact Us’ form
- CCTV footage and visitor records
Please note that PDPA protection obligations generally does not apply to business contact information such as an individual’s name, position or title, business telephone number, business address, business email, business fax number and similar information that is provided in a professional capacity or for professional purposes.
2. How Personal Data is collected
We have access to and collect Personal Data from you in the following ways:
a) Provided directly by you – including but not limited to data provided when you contact us (e.g., via our website’s “Contact Us” form), provide us with your business card, submit a job application, during in-person/online meetings, at trade shows, visits from the sales team or marketing representatives, or at events we attend.
Note: As all communications you make via our website are collected and may be processed for profiling purposes, we advise you not to use the “Contact Us” form on our website to share sensitive Personal Data or make communications of a highly confidential or deeply personal nature.
b) Provided by third parties – such data would include data from third party entities like law enforcement authorities (if any) and third-party software providers.
c) Made available to us – such data would include data made available to us in the ordinary course of our business (e.g., from contracts, collaborations, partnerships), including those provided to us by you in our past interactions or through visits to premises (visitor records, login records and details, and CCTV recordings). It would also include data you make public, such as data available on your public social media accounts (if any).
We will not disclose your Personal Data for any other purpose not listed in Sections D and E unless we have previously obtained your consent to the same, in accordance with the law.
Exceptions to the consent requirement
According to the PDPA, consent is not required in the following circumstances:
- Business contact information that you provide to us for business purposes (also known as business contact information). This can include your name, designation, employer company name, business telephone number/ work address/ email address/ fax number and any other similar information contained in an email signature sent as a part of a business correspondence.
- If consent cannot be obtained in time but the Personal Data is necessary to respond to an emergency that threatens the life, health or safety of you or another individual.
- Where the legitimate interests of AMF in collecting, using or disclosing the Personal Data outweighs any adverse effect on the individual whose Personal Data is collected, used or disclosed.
4. How Personal Data is processed
Personal Data may be processed for the following primary purposes:
- Business operations – to evaluate a potential business relationship; to perform obligations in the course of or in connection with our provision of the goods and/or services requested by you; responding to, handling, and processing queries, requests, applications, complaints, and feedback from you; and any other purposes for which you have provided the information.
- Provision of access to sites, applications, products, and services
- Communications – to communicate with you or any other individuals.
- Statistics – to generate statistics on the use of our website for internal purposes, such as marketing.
- Management and improvement of IT systems – to manage and operate our communications, IT, and security systems; and to perform the necessary audits (including security audits). This allows us to ensure that our website is functioning properly for you, and to improve the security of our website and networks.
- Security – to ensure traceability and to protect our assets including our IT networks, our on-site premises, and employees.
- Legal compliance – to comply with the applicable laws and regulations; to investigate or prevent illegal activities, suspected fraud, violations of our terms and conditions, or threats to the property or safety of any person; to protect our legal rights or defend against legal claims.
- Recruitment – to process job applications.
- Profiling – to prevent data loss and protect AMF’s intellectual property by building profiles of threat patterns or suspected breaches of security using communications exchanged between an individual and/or their representatives and AMF.
- Third party – transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
- any other incidental business purposes related to or in connection with the above.
5. Disclosure of Personal Data to third parties
We may engage third party service providers to assist us in the performance of certain services. If third party vendors need to collect or process your Personal Data to perform those services on our behalf, we will take reasonable steps, in the circumstances, to ensure that the third party will provide a standard of protection that is comparable to the protection under the PDPA. We will not sell or license any Personal Data collected from any individual.
Personal Data may be disclosed to third parties in the following situations:
- Security personnel (such as, security officers) to obtain pre-visit registration and clearances for on-site visits or inspections.
- Accountants, auditors, consultants, lawyers, and/or any other external professional advisors of AMF – subject to binding contractual obligations of confidentiality and only on a need-to-know basis.
- Payment agencies including, but not limited to, financial institutions – to maintain financial records, assess or verify credit, and facilitate payment.
- Service providers including, but not limited to, logistics service providers (e.g., shipping companies), payment service providers, IT service providers (e.g., third party plugins) – only on a need-to-know basis.
- In any court of law or any relevant party in connection with any claim or legal proceedings, regulatory authorities and/or enforcement agencies in any jurisdiction – upon request (where permitted by law); to report any actual/suspected breach of any law/regulation; to investigate, detect, or prevent criminal offences.
- Any actual or potential assignee, transferee, or acquirer of AMF’s business – in the event of a sale or transfer of our business and/or relevant assets, in connection with any corporate exercise (e.g., reorganisation, dissolution, liquidation).
- Website hosting – AMF’s website is currently hosted by WordPress.
6. International transfer of Personal Data
The laws in these countries may not afford the same protection of your Personal Data. However, we will ensure that adequate safeguards are in place and all applicable laws and/or regulations are complied with during such a transfer. Further, before your Personal Data is disclosed to an overseas recipient, we will take reasonable steps, in the circumstances, to ensure that said recipient will provide a standard of protection that is comparable to the protection under the PDPA for the transferred Personal Data.
7. Data security
To safeguard your Personal Data from accidental, unauthorised or unlawful disclosure, access, copying, modification, destruction, loss, and other similar risks, we take all reasonable efforts to implement appropriate physical, technical, and organisational security measures.
However, you should be aware that no method of transmission over the Internet or method of electronic storage is wholly secure. As such, we cannot warrant the security of any information you transmit to us or which we transmit to you, before its receipt, and any transmission is at your own risk.
You are, at all times, responsible for your own Internet privacy settings. We are not responsible for the functionality, privacy, or security measures of any other organisation or third-party websites, applications, or services.
While security cannot be guaranteed, we strive to protect the security of your Personal Data, and will review and enhance our information security measures periodically.
8. Data minimisation
AMF adopts measures to limit the volume of Personal Data collected and processed.
9. Data retention
We will destroy or anonymise relevant Personal Data according to the applicable internal data retention policies as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected and is no longer necessary for legal or business purposes. We will not delete personal data from logs, systems or records necessary to the operation, development, or archives of AMF.
10. Your rights
You are entitled to:
- Withdraw consent – you may decide, at any time, to withdraw your consent to our processing of your Personal Data in any manner or for a particular purpose by giving reasonable notice to AMF. Please note that if you decide to withdraw your consent, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
- Rectify your Personal Data
- Transmit your Personal Data to a controller or an individual – you may request for your data to be transmitted to a controller or an individual (such as yourself). A reasonable time will be required for the data porting process. Fees may also be incurred as a porting organisation may be engaged to perform the necessary porting processes.
- Access your Personal Data, together with information regarding the nature, procession, and disclosure of said data – you may request access to your Personal Data that we collected in connection with any service and information about how we have used and disclosed your Personal Data within a year before the date of your request, subject to exemptions under applicable laws and regulations.
- Lodge complaints with Data Protection Authorities and/or other appropriate authorities.
Please refer to the PDPA for information on additional legal rights that are available to you.
While our website is hosted on other systems (i.e., WordPress), we are not responsible for the collection and usage of your Personal Data by WordPress or any other systems or websites. As such, please review the privacy policies of the third parties to learn more about their privacy and information handling practices.
12. Applicable law
13. Contact information
To exercise any of the rights stated in Section I above, or to seek clarification on privacy-related matters, you may contact our Data Protection Officer via email at email@example.com.
Please provide proof of identity when contacting our Data Protection Officer to allow for verification before we can process your request or query. You understand that if such proof of identity is not provided, we may not be able to address your request or query in compliance with the law.