Privacy Policy

Privacy Policy

This Privacy Policy (“Policy”) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. This Policy may be updated from time to time.

By visiting this website, or by becoming a member or employee of our society, you are accepting and consenting to the practices described in this Policy.

Our Data Protection Officer is responsible for ensuring compliance with the Personal Data Protection Act 2012 of Singapore (the “Act”) and with this Policy. A reference to the Act in this Policy includes a reference to any subsidiary legislation made thereunder. Please contact our Data Protection Officer at [insert email address] if you have any questions about the operation of this Policy or any concerns that the Policy has not been followed.

1. Definition of Data Protection Terms

1.1 Data means information stored electronically on a computer, or in certain paper-based filing systems.

1.2 Data subjects means all living individuals about whom we hold personal data.

1.3 Personal data refers to any data and/or information about you from which you can be identified, either:

  • from that data; or
  • from that data and other information to which we have or are likely to have access.

It includes the data described in Schedule A (Types of Personal Data).

1.4 Data users are employees whose work involves processing personal data. Data users must protect the data they handle in accordance with this Policy and any applicable data security procedures.

1.5 Data intermediaries are persons or organisations (other than data users) that process personal data on our behalf and on our instructions. Employees are excluded from this definition, but suppliers or contractors may be included.

1.6 Processing means the carrying out of any operation or set of operations in relation to personal data. This includes recording, holding, organizing, adapting, altering, retrieving, combining, transmitting, erasure, or deletion.

2. Data Protection Principles

Anyone processing personal data must comply with the following principles of good practice. Personal data must be:

  • Processed fairly and lawfully.
  • Processed for limited purposes and in an appropriate way (see Schedule C: Purposes).
  • Accurate.
  • Not kept longer than necessary.
  • Processed in line with data subjects’ rights.
  • Secure.
  • Not transferred to countries without adequate protection.

3. Fair and Lawful Processing

3.1 The Act is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.

3.2 For personal data to be processed lawfully, it must be processed on one of the legal grounds set out in the Act. When processing personal data during our activities, we will ensure that those requirements are met, including when processing for the purposes outlined in Schedule C.

4. Processing for Limited Purposes

4.1 During our activities, we may collect and process the personal data set out in Schedule A (Types of Personal Data), by the methods described in Schedule B (Collection Methods).4.2 We will only process personal data for the specific purposes set out in Schedule C (Purposes for the Collection, Use, and Disclosure of Your Data) or for other purposes permitted by the Act.

4.3 We will notify those purposes to the data subject when we first collect the data, or as soon as possible thereafter.

5. Accurate Data

We will make reasonable efforts to ensure that the personal data we hold is accurate and kept up to date if it is likely to:

  • be used by us to make a decision that affects the individual (e.g., processing for membership management under Schedule C, Purpose 1); or
  • be disclosed by us to another organisation (e.g., subcontractors under Schedule C, Purpose 9).

6. Retention of Data

6.1 We will not keep personal data longer than is necessary for the purposes for which it was collected, unless retention is required for legal or business reasons (see Schedule C, Purpose 17).

6.2 We will take reasonable steps to securely destroy or erase personal data that is no longer required.

7. Data Subject Rights

7.1 We will process all personal data in line with data subjects’ rights, in particular their right to:

  • Request access to personal data held about them (see clause 12).
  • Request correction of inaccurate data (see clause 5).

8. Data Security

8.1 We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against accidental loss or damage.

8.2 We will put in place procedures and technologies to maintain the security of all personal data from collection to destruction.

8.3 Personal data will only be transferred to a data intermediary if they agree to comply with these procedures, or if they have adequate measures in place (see Schedule C, Purpose 9).

8.4 Data security will be maintained by ensuring:

  • Confidentiality: Only authorised individuals may access data.
  • Integrity: Data must be accurate and suitable for its purpose.
  • Availability: Authorised users must be able to access data when required.

8.5 Security procedures include:

  • Entry controls – Any stranger seen in entry-controlled areas should be reported.
  • Secure lockable desks and cupboards – Must be locked if they contain confidential information.
  • Secure disposal – Paper documents must be shredded. Digital devices must be securely erased or destroyed when no longer required.
  • Equipment care – Monitors must not display confidential information to passers-by. Computers must be locked when unattended.

9. Transfer of Personal Data Outside Singapore

9.1 In the course of operations, we may disclose your data to third-party service providers, agents, affiliates, or related corporations, whether in Singapore or overseas, for the purposes described in Schedule C.

9.2 We may transfer personal data to a country outside Singapore in compliance with the Act. We will ensure the foreign recipient is bound by legally enforceable obligations to provide protection comparable to that under the Act.

9.3 Personal data may also be processed by staff operating inside or outside Singapore who work for us or our suppliers, for purposes such as contract fulfilment (Schedule C, Purpose 8), payment processing (Schedule C, Purpose 7), or support services (Schedule C, Purpose 10).

10. Consent

10.1 By browsing our website, becoming a member or employee, or otherwise engaging with us, you consent to the collection, use, and disclosure of your personal data for the purposes mentioned in Schedule C.

10.2 You must ensure that all personal data submitted is complete, accurate, true, and correct at the time of submission. Failure to do so may result in our inability to provide services.

11. Disclosure and Sharing of Personal Data

11.1 We may share personal data with employees or officers of Nora, and affiliated companies.

11.2 We may also disclose personal data:

  • If we sell or buy any business or assets, to the prospective seller or buyer.
  • If we or substantially all of our assets are acquired by a third party, in which case personal data will be transferred (see Schedule C, Purpose 8).
  • If required by law, to enforce contracts, or to protect our rights, property, and the safety of our employees, customers, or others (see Schedule C, Purpose 17).

11.3 We may also share personal data with selected third parties for the purposes set out in Schedule C.

12. Subject Access Requests

12.1 Data subjects must make a formal written request to access information we hold about them.

12.2 Employees receiving such requests must forward them to their line manager immediately.

12.3 For telephone inquiries, we will only disclose data if:

  • The caller’s identity can be verified; or
  • If uncertain, we request that the caller submit a written request.

12.4 Employees must seek assistance from their line manager in difficult cases and must not be pressured into disclosing personal data.

13. Cookies and Personal Data

13.1 When you visit our website, we may collect anonymised information that cannot be used to identify individuals (see Schedule A, Item 12). This may include: number of users, time spent on the site, country of access, device type, online preferences, and frequency of visits.

13.2 We use this information to improve our website’s content and navigation.

13.3 A cookie is a small text file placed on your computer’s hard drive as a unique identifier. Our cookies do not collect personally identifiable information.

13.4 You may disable cookies via your browser settings, though this may affect your experience on the site.

14. Changes to this Privacy Policy

We may update this Policy from time to time. We will notify you of changes by posting the updated Policy on this page.

15. Contact Us

If you have any questions about this Policy, please contact us at (email coming soon).

Schedule

A. Types of Personal Data

  • Full name.
  • NRIC/ID/Passport numbers (or part thereof) and copies, to the extent required or permitted by law.
  • Next of Kin, family or emergency contact information.
  • Date of Birth.
  • Business and/or residential addresses.
  • Business and/or personal email addresses.
  • Employment history and/or education background.
  • Mobile and business telephone numbers.
  • Bank account details or other payment information.
  • Educational history and qualifications.
  • Photos and videos, if applicable.
  • Information about your usage of and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website.
  • Any other information relating to you that you have provided in any forms which you may have submitted to us or in any interaction with us.

B. How Personal Data May Be Collected

  • When you provide personal data by filling in online or hardcopy forms when applying for membership to our society, or making inquiries or feedback, requests, and other submissions to us.
  • If you contact us (e.g. telephone calls, online chat programs, social media, faxes, and emails), we may keep a record of that correspondence.
  • When you access our websites or perform an online transaction including, but not limited to, cookies, location data, weblogs, and other communication data, that you access.
  • When you ask to be included in an email or other mailing list.
  • When you fill out an online or hardcopy job application form to apply for a job with us.
  • If you enter into any contract with us.
  • If you participate in any exhibition, event, seminar, forum, or workshop organised by us or where we are a participant.
  • When you respond to our request for additional personal data.
  • When you request that we contact you.
  • When personal data is exchanged during an accident or incident reporting.
  • When you submit personal data to us for any other reason.

C. Purposes for the Collection, Use, and Disclosure of Your Data

  • To manage your membership including application, processing, and termination of your membership.
  • For recruitment and evaluation purposes if you apply for a job with us, including applying for employee work visas.
  • To administer and update your records in our databases.
  • To process your inquiries and for any administrative purposes related to the business.
  • To provide you with membership benefits and services.
  • To provide you with information about, and to facilitate participation in, our activities.
  • To process payment administration, such as your membership fees or any other fees/payments.
  • To perform or carry out our contractual obligations.
  • To enable our subcontractors, third-party agents, and service providers to fulfill any obligations or services.
  • To enable us to facilitate the management of the business, including any activities or events.
  • To keep you updated on any exhibition, event, seminar, forum, or workshop, and to facilitate your participation in the same.
  • To conduct research, surveys, data analysis, and obtain feedback.
  • For accident and insurance reporting and assessment purposes.
  • For debt collection.
  • For security, safety surveillance, and monitoring purposes.
  • For internal reporting and/or accounting purposes.
  • To comply with applicable laws and regulations.