The Personal Data Protection Act 2012 (“PDPA”) was enacted in Singapore in January 2013, and is in force with effect from 2 July 2014. Evoqua Water Technologies Pte Ltd (“Evoqua”) is committed to complying with the PDPA. Accordingly, the collection, use, disclosure, processing and transfer of personal data – whether by Evoqua itself or by service providers contracted by Evoqua – must be carried out in accordance with the PDPA.
In view of the above, Evoqua requires all its employees to take all necessary steps to ensure compliance with the PDPA.
Under the PDPA, ‘personal data’ refers to data, whether true or not, about an individual who can be identified from that data or from that data and other information to which Evoqua and its employees are likely to have access to.
Examples of personal data include NRIC numbers and photographs of individuals, or a combination of personal data e.g. John Lim, age 30, personal address 123 ABC Road.
(Please note: business contact information, i.e. an individual’s name, title, business telephone number/ address/ email address/ fax number and any other similar business-related information, is excluded from the definition of ‘personal data’.)
Handling and Management of Personal Data
In relation to the handling and management of personal data (including personal data collected from customers), the PDPA imposes the following obligations on Evoqua and its employees. Thus, in the course of your work, please ensure that you comply with the following obligations:
- Consent Obligation – Collecting, using or disclosing an individual’s personal data is generally prohibited unless the individual gives, or is deemed to have given, his consent for the collection, use or disclosure of his personal data. When consent has been withdrawn by the individual, the collection, use and/or disclosure of the personal data must be refrained from immediately;
- Purpose Limitation Obligation – Collecting, using or disclosing personal data about an individual may be permitted only for purposes that a reasonable person would consider appropriate in the circumstances; and where applicable, that the individual has been informed of by Evoqua of the purpose of such collection, use or disclosure of personal data;
- Notification Obligation – Individuals must be informed of the purposes for which their personal data will be collected, used and disclosed in order to obtain their consent. Evoqua’s collection, use and disclosure is limited to the purposes for which notification has been made to the individuals concerned;
- Access and Correction Obligation – Individuals have the right to request access to their personal data and for a correction to their personal data held by Evoqua. Accordingly, access to, and correction of, the individual’s personal data must be provided in line with the PDPA;
- Accuracy Obligation – Reasonable efforts must be made to ensure that personal data collected by or on behalf of Evoqua is accurate and complete, if the personal data (i) is likely to be used by Evoqua to make a decision that affects the individual to whom the personal data relates; or (ii) is likely to be disclosed by Evoqua to another organisation;
- Protection Obligation – Personal data within the possession or under the control of Evoqua and/or its employees must be protected by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks;
- Retention Limitation Obligation – Retention of documents containing personal data that can be associated with particular individuals must cease immediately as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data, and retention is no longer necessary for legal or business purposes;
- Transfer Limitation Obligation – Personal data must not be transferred to a country or territory outside Singapore except in accordance with requirements prescribed under the PDPA to ensure that the organisations in question provide a standard of protection to personal data so transferred that is comparable to the protection provided under the PDPA; and
- Openness Obligation – Information about data protection policies and practices must be made available. In this regard, please refer to the Data Privacy Protection policy of Evoqua as published on Evoqua’s Internet.
Questions and Comments
If you suspect or recognise that an event may lead to or already represents a breach of PDPA or any other related policies issued by Evoqua, you should notify the Data Protection Officer immediately.
Should you need to clarify any situation with respect to complying with any of the aforesaid obligations imposed by the PDPA, please consult the Data Protection Officer.
Evoqua Water Technologies Pte Ltd
Data Protection Officer
+65 6830 7149
Evoqua Water Technologies LLC
Office of Ethics & Compliance
Singapore Personal Data Protection Act 2012
GM0007 V1 7/24/2014