Personal Data Protection Act (PDPA) Policy
Company Name: Octopus8 Pte Ltd (“O8”)
Effective Date: 10-10-2023 (Updated)
1. Introduction
1.1. Purpose: The purpose of this Personal Data Protection Act (PDPA) Policy is to articulate O8’s unwavering commitment to safeguarding personal data in compliance with the Personal Data Protection Act 2012 (PDPA) in Singapore.
1.2. Scope: This policy applies to all employees, contractors, vendors, and third parties who may access or handle personal data in the course of their duties with O8.
2. Data Protection Principles
2.1. Consent: O8 recognizes that personal data should not be collected, used, or disclosed without the individual’s informed and voluntary consent, except when permitted by law.
2.2. Purpose Limitation: Personal data shall only be collected for specified and legitimate purposes, and any subsequent use must be consistent with those purposes.
2.3. Notification: O8 is committed to transparent practices by notifying individuals about the purposes for which their personal data is collected, used, or disclosed at the time of collection.
2.4. Access and Correction: Individuals have the right to access their personal data held by O8 and request corrections if required.
2.5. Accuracy: O8 will take all reasonable steps to ensure the accuracy of personal data and update it as needed.
2.6. Protection: O8 acknowledges its duty to protect personal data with appropriate security measures to prevent unauthorized access, disclosure, or alteration.
2.7. Retention: Personal data shall not be retained for longer than necessary for the purposes for which it was collected, and it will be disposed of securely.
3. Data Collection and Use
3.1. Collection of Personal Data: O8 shall only collect personal data necessary for the specified purpose and with the individual’s informed and voluntary consent.
3.2. Use of Personal Data: Personal data shall be used only for the purposes it was collected unless otherwise authorized by law or the individual.
3.3. Disclosure of Personal Data: Personal data may be disclosed to third parties only when required for the specified purpose, with consent, or when legally compelled.
4. Data Protection Measures
4.1. Data Security: O8 is committed to implementing technical and organizational measures to protect personal data from unauthorized access, disclosure, or alteration.
4.2. Access Control: Access to personal data will be restricted to authorized personnel on a need-to-know basis.
4.3. Data Breach Response: O8 will maintain a comprehensive data breach response plan to react swiftly and responsibly in case of data breaches.
5. Consent Management
5.1. Consent Collection: O8 is responsible for obtaining explicit and informed consent from individuals before collecting, using, or disclosing their personal data.
5.2. Withdrawal of Consent: Individuals have the right to withdraw their consent at any time, subject to legal or contractual restrictions.
6. Data Access and Correction
6.1. Access Requests: Individuals may request access to their personal data held by O8. Such requests will be processed within 10 working days.
6.2. Correction Requests: Individuals may request corrections to their personal data. O8 will make the necessary corrections, if appropriate, within 10 working days.
7. Training and Awareness
7.1. Employee Training: O8 is committed to ensuring all employees and relevant personnel are trained on PDPA requirements and this policy.
7.2. Awareness: O8 will promote awareness of data protection among its employees through periodic communications and training programs.
8. Policy Review and Updates
8.1. Policy Review: This policy will be reviewed annually or as necessary to ensure it remains compliant with the PDPA and company practices.
9. Contact Information
9.1. Data Protection Officer (DPO):
• Name: Muhammad Nuralfian Bin Abdul Rashid
• Email: dataprotectionofficer@octopus8.com
10. Compliance
10.1. Non-Compliance: O8 will take necessary steps to address non-compliance with this policy, which may result in disciplinary actions, as appropriate.
O8 is committed to maintaining high standards of data protection in line with the PDPA and will regularly review and enhance our practices as required.