Last Updated: 25 May 2018
We are a corporation registered in the Republic of Singapore with company name Trudence HR Pte Ltd, company number 200705808H and a registered office at 14 Robinson Road, #08-01A Peninsula Plaza, Singapore 048545. For the purpose of the General Data Protection Regulation (“GDPR”), we are the data controller. Our data protection officer can be contacted at firstname.lastname@example.org.
What information do we collect about you?
We collect information when you are an employee of the company that we are engaged to provide services to. We also collect information from your interactions with our user platform, and from specific requests you make. In addition, we collect device and technical information from you when you use our website or mobile application.
How will we use the information about you?
We use your information to fulfil our contract of service with your employer, to administer the HR requirements and services. We also use your information to maintain our website and mobile application. In addition we use your information to ensure compliance with local government regulations as required by applicable law.
Who do we share your information with?
We share your data with our third party service providers such as banks and financial institutions to the extent necessary to comply with banking requirements and regulations for making salary payments. We use these third parties services solely to process or store your information for the purposes described in this policy. We also share your information with government bodies and agencies as required by law.
Where do we process your information?
Our servers are located in Singapore, Malaysia and the United States. We transfer your information to various servers for redundancy and disaster recovery purposes.
How long do we keep hold of your information?
We retain your information for as long as it is necessary to fulfil the purpose for which it was collected, the legal or business purposes of PET, or as required by relevant laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. For EU residents, we will endeavour to delete data within 30 days of a request for erasure or contact you if it will take longer. This would subject to local government regulations as required by applicable law.
How can I exercise my rights over my information?
You may have various rights in relation to your data. Please refer to the sections for non-EU residents and EU residents respectively.
If you have any concerns or complaints, please contact us through your company’s HR Department.
How will we notify you of changes?
1. The types of Customer Data we collect
The types of Customer Data that PET collects depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.
There are two broad categories of Customer Data that )ET collects:
• Personal Data. The data we collect includes but is not limited to:
(i) personal information that can be used to identify an individual, such as name, gender, date of birth, passport or other personal identification numbers;
(ii) contact information, such as mailing address, phone number, email address;
(iii) employment information, such as position code, job grade, join date and resignation date
(iv) banking information, such as bank account number for salary crediting;
(v) information on your claims made through PET, such as tracking your claim items, amount spent, and other claim-related information;
(vi) information on your leave made through PET, such as leave period, leave entitlement, balance and other leave-related information;
(vii) information about your training information made through PET, such as training courses, dates and other training-related information;
(viii) salary info, such as allowances, deductions, overtime payment, statutory contributions, tax information and other payroll-related information;
For purposes of this policy statement, Customer Data means Personal Data and Technical Data.
We also use Customer Data to derive Statistical Data, such as the number of passengers. This is processed and stored purely for analytical purposes, and is entirely anonymous. This information will not be stored to your customer record, and will only be aggregated for statistical analysis so that we can better understand PET’s customer profile and improve PET's service offering.
Special categories of information or “sensitive personal data”
Certain categories of Customer Data, such as information about your race, ethnicity, religion or health, are considered special categories of information, or “sensitive personal data” under the GDPR.
Generally, we try to limit the circumstances where we collect your sensitive personal data. However, this can occasionally occur because of legal compliance on local government regulations or as required for statistical purposes by your employer.
How we collect data from you
PET collects Customer Data, either directly from you or from your authorised representatives (i.e. persons whom you have authorised and/or persons who have been validly identified as being your authorised representative (e.g. your organisation’s HR manager) pursuant to our then-current security procedures).
PET also collects Customer Data from third parties which are located in various countries. This includes, but is not limited to, statutory bodies, banking and financial institutions, or through our Website, mobile services, any posts on our PET-specific pages on social media websites and other channels including our hotline.
2. Is the provision of Customer Data required?
The collection of the following types of Customer Data is mandatory to enable PET to fulfil our contract of carriage with you. These types of Customer Data are marked as mandatory on our booking form. If you do not provide this information, we will not be able to provide you with our services required.
• Employee details, e.g title, first/given name, last/family name, date of birth, gender, whether you are an EU resident.
• Contact details, e.g. email address, mobile phone number, home number or business number.
• Banking details, e.g. the bank account number, banking branch/code which will be transmitted to our payments processors.
Additional information may be mandatory as stipulated by your employer. These mandatory fields will be clear when you transact with our platform.
The collection of the following types of Customer Data is mandatory to enable PET to administer your HR information with your employer: (i) last/family name; (ii) first/given name; (iii) date of birth; (iv) employment start date; (vi) gender; (vii) national ID eg NRIC number and (viii) resign date.
These types of Customer Data are marked as mandatory in our communication with your employer. If you do not provide this information, we will not be able to provide you with our services required.
3. How we use your Customer Data
If you are an EU resident, we are required to disclose the legal basis for processing your data under the GDPR. We will use the Customer Data in the following ways:
In accordance with our service level agreement with your employer, we will use the Customer Data to:
• process and assist your employer with any transactions related to your employment;
• provide salary related information such as processing of any salary, including statutory payments;
• provide leave related information such as leave balances and entitlements;
• provide claim related information such as processing of any claims, including claims submitted;
• provide training related information such as training courses applied or attended
• provide any other HR-related information in accordance with the contract with your employer during the course of your employment.
As it is in our legitimate interests to be responsive to you, to provide customised services and marketing and to ensure the proper functioning of our products, services and organisation, we will use your Customer Data to:
• improve the Website and to ensure content from the Website is presented in the most effective manner for you and your device;
• administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• monitor and record calls for quality, training, legal compliance, analysis and other related purposes in order to pursue our legitimate interest to improve service delivery;
• send you service emails, such as reminders when you have not approved any leave pending;
• respond to your enquiries, requests or feedback;
• enforce our terms, conditions and policies;
• allow you to participate in interactive features of the Website, when you choose to do so;
• customise our products and services to you, including by responding to and catering for your customer preferences;
• personalise the content you see on our Website;
• keep the Website safe and secure;
• aggregate Customer Data into anonymised statistical data (such as number of employees using the system for submitting leave during a certain period), which we will use for statistical analysis so that we can better understand PET’s customer profile and improve PET's service offering;
• enforce our terms and conditions against your employer;
We will never attempt to do any form of marketing nor use any of the data we hold for any marketing purposes; either on our own nor with any third party service providers. We will never attempt to sell any of the data we hold in any form, including aggregated information to any third party service providers; as per our contract with your employer.
4. Disclosure of your Customer Data
PET will share your Customer Data with selected third parties in the situations set out below:
• banking and financial institutions for the purposes of salary crediting or payment of any amounts due to you as per instructed by your employer
• government agencies and departments as mandated by local government regulations
PET will exchange your Customer Data with any member of our group, which means our subsidiaries, associate companies and any of our other group companies, such as PET Payroll Outsourcing Sdn Bhd (“PET Payroll”) and PET Consultants Sdn Bhd (“PET Consultants”) in order to provide some of the functionality and features that your employer may have signed with them:
• For the purposes of our contract with your employer, i.e. to:
i. Fulfill obligations as an employer;
ii. Manage HR services in virtue of your employment with your company;
• As it is in our legitimate interests to be responsive to you, to provide customised services, to:
i. Respond to complaints or compliments received by PET from employees who are sharing their experiences with their employer;
ii. Providing an enhanced customer experience and personalising offers to passengers;
iii. Anticipating the servicing needs of customers; and
iv. Understanding users better through analytics and research
PET will only use and disclose your Customer Data to your employer, yourself (through our online platforms), authorized third parties such as banks and financial institutions and government agencies or departments as required by law.
PET will disclose your Customer Data to law enforcement agencies, public or regulatory authorities, securities commissions or other organisations, if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
• comply with legal obligation, process or request;
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect the rights, property, health or safety of us, our users, a third party or the public as required or permitted by law (including exchanging Customer Data with other companies and organisations for the purposes of fraud protection and credit risk reduction).
For example, PET is required by law in Malaysia, Singapore and other countries to provide employment information to social security department, pension fund bodies and tax agencies as required by law.
We will also disclose your Customer Data to third parties:
• in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets;
• if we or substantially all of our assets are acquired by a third party, in which case Customer Data held by us about our customers will be one of the transferred assets; or
• to comply with legal obligations, processes or requests (such as disclosing Customer Data to executors in response to court orders).
In addition, PET may disclose Customer Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. PET also reserves the right to share Customer Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entities such as PET. Further, PET will disclose Customer Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
5. Transfer of information overseas
The PET Head Office is based in Malaysia. Customer Data will be transmitted to data storage facilities where PET keeps its central records. Customer Data will be transferred to PET’s offices and appointed agents, in Singapore and around the world in connection with PET’s performance of the contract with your employer.
This means that Customer Data will be transferred to, and stored at, a destination outside of your country and outside the European Economic Area ("EEA"), and in particular to Singapore, Malaysia and USA where we have data centres.
The Customer Data is transferred outside the EEA on the basis that it is necessary for the performance of the contract of service between your employer and PET.
If you are an EU resident, where we transfer Customer Data outside the EEA, this is done either on the basis that it is necessary for the performance of the contract of carriage between you and PET, or that the transfer is subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate.
The Customer Data will also be processed by staff operating outside the EEA who work for us, for our suppliers or our business partners. Such staff are engaged in, among other things, the fulfilment of your services, the processing of your payment details and the provision of services.
6. Non-EU Data Subject Rights
If you are not a resident in the EU, you may have certain rights in relation to the Customer Data we hold about you, which we detail below.
You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.
Where permitted by law, PET reserves the right to charge a reasonable administrative fee for this service. In exceptional circumstances, PET reserves the right to deny you access to your Customer Data and may provide an explanation as required by applicable laws.
Exceptional circumstances include (to the extent allowable under applicable law) where:
• an investigating authority or government institution objects to PET complying with a customer’s request;
• the information may, in the exercise of PET’s reasonable discretion and/or assessment, affect the life or security of an individual; and
• data is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities or contravention of law.
You have the right to correct any Customer Data held about you that is inaccurate.
Feedback and complaints
If you have any concerns, feedback or complaints about the use and/or sharing of your Customer Data, we are open to receiving your feedback or complaints.
Exercise of Rights.
To exercise any of your rights, please contact us through your company’s HR Department.
7. EU Data Subject Rights
If you are a resident in the EU, you may have certain rights in relation to the Customer Data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights.
These rights include:
• The right of access.
• The right of data portability.
• The right of rectification.
• The right of erasure.
• The right to restrict processing.
• The right to object.
Please note that we will require you to provide us with proof of identity and address before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us through your company’s HR Department.
In the event that you wish to make a complaint about how we process your Customer Data, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.
You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the Customer Data we hold about you, we may charge an administration fee.
We may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person) or where another exemption applies.
You have the right to receive a subset of the Customer Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Customer Data to another party.
The relevant subset of Customer Data is data that you provide us with your consent or for the purposes of performing our contract with your employer.
If you wish for us to transfer the Customer Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Customer Data or its processing once received by the third party. We also may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person).
You have the right to correct any Customer Data held about you that is inaccurate. Please note that whilst we assess whether the Customer Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
To exercise any of your rights, please use contact us through your company’s HR Department.
You may request that we erase the Customer Data we hold about you in the following circumstances:
• you believe that it is no longer necessary for us to hold the Customer Data we hold about you;
• we are processing the Customer Data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the Customer Data;
• we are processing the Customer Data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Customer Data; or
• you believe the Customer Data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing of the Customer Data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Customer Data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Customer Data, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.
Where you have requested that we erase Customer Data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.
To exercise any of your rights, please contact your company’s HR Department.
Restriction of Processing to Storage Only.
You have a right to require us to stop processing the Customer Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Customer Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the Customer Data we hold about you where:
• you believe the Customer Data is not accurate, for the period it takes for us to verify whether the Customer Data is accurate;
• we wish to erase the Customer Data as the processing we are doing is unlawful but you want us to just store it instead;
• we wish to erase the Customer Data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
• you have objected to us processing Customer Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Customer Data whilst we determine whether there is an overriding interest in us retaining such Customer Data.
You have the right to object to our processing of Customer Data about you and we will consider your request in other circumstances as detailed below by contacting your company’s HR Department, referencing: Data Subject Rights.
You may object where we are processing the Customer Data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.
Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the Customer Data whilst we make the assessment on an overriding interest by indicating this in your written response to your company’s HR Department.
PET will retain Customer Data for as long as it is necessary to fulfil the purpose for which it was collected, the legal or business purposes of PET, or as required by relevant laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. This includes information which may contain sensitive personal data about yourself, e.g. race, religion and bank account information.
PET needs your assistance to ensure that your Customer Data is current, complete and accurate. As such, please inform PET of changes to your Customer Data by contacting your company’s HR Department and submitting your updated particulars to PET in writing.
PET will also request Customer Data updates from you from time to time. As detailed above, your employment information may be disclosed to the appropriate government department or agency as required by law. As such, it is important to ensure that the Customer Data contained in your employment records is current, complete and accurate.
10. Security safeguards
PET takes the protection of your Customer Data seriously but, unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Customer Data, we cannot guarantee the security of your Customer Data transmitted through the Website; any transmission is at your own risk.
11. Links to other websites
PET's Website is not directed at children under the age of 16 and PET cannot distinguish the age of persons who access and use our Website. If a minor (according to applicable laws) has provided PET with Customer Data without parental or guardian consent, the parent or guardian should contact PET to remove the relevant Customer Data and unsubscribe the minor. If we become aware that Customer Data has been collected from a person under the age of 16 without parental or guardian consent, we will delete this Customer Data and, where that minor has an account, terminate the minor’s account.
14. Contact us
PET Group of Companies DPO
c/o Trudence HR Pte Ltd
#08-01A Far East Finance Building
14 Robinson Road