PDPA Compliance

The Singapore Personal Data Protection Act ("PDPA") sets out the terms by which The Company ("ServiceQUIK", "ZING","us", "we", "our") complies with the regulation as it applies to ZING and its underlying Services ("applications", "modules", "databases") and found on its websites at Site ("www.zing.work", "www.company.servicequik.com").

Please read the following adherence to compliance carefully and ensure it is fully understood. Also, please read our Data Privacy Policy.

Any questions can be raised by sending an email to our Data Privacy Officer at dpo@servicequik.com or writing to us via our contact us page.

The Personal Data Protection Act is the Singapore data privacy law that came into effect on January 2nd, 2013. The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data. It recognizes both the rights of individuals to protect their personal data, including rights of access and correction and the needs of organizations to collect, use, or disclose personal data for legitimate and reasonable purposes.

The PDPA provides for the establishment of a national Do Not Call (DNC) Registry. The DNC Registry allows individuals to register their Singapore telephone numbers to opt-out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organizations.

Today, vast amounts of personal data are collected, used, and even transferred to third party organizations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.

With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use, and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organizations that manage data.

By regulating the flow of personal data among organizations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.

The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organizations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to when handling personal data in their possession.

The PDPA takes into account the following concepts:

Consent:

Organisations may collect, use or disclose personal data only with the individual's knowledge and consent (with some exceptions);

Purpose:

Organizations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and

Reasonableness:

Organizations may collect, use, or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

The PDPA covers personal data stored in electronic and non-electronic forms.

The data protection provisions in the PDPA (parts III to VI) generally do not apply to:

• Any individual acting in a personal or domestic basis.
• Any employee acting in the course of his or her employment with an organization.
• Any public agency or an organization in the course of acting on behalf of a public agency in relation to the collection, use, or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
• Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number, and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.

These rules are intended to be the baseline law that operates as part of the law of Singapore. It does not supersede existing statutes, such as the Banking Act and Insurance Act but will work in conjunction with them and the common law.

In the development of this law, references were made to the data protection regimes of key jurisdictions that have established comprehensive data protection laws, including the EU, UK, Canada, Hong Kong, Australia, and New Zealand, as well as the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data, and the APEC Privacy Framework. These references are helpful for the formulation of a regime for Singapore that is relevant to the needs of individuals and organizations and takes into account international best practices on data protection.

Three public consultations were conducted since 2011 to seek feedback on the proposed data protection regime. The public consultation sought the public’s views on topics including the coverage of the proposed law, the proposed data management rules, and transitional arrangements for organizations to comply with the new law. For more information on the public consultations, please visit the MCI website.

Yes, The Company is compliant with the requirements of the PDPA and is also compliant with the somewhat more stringent European General Data Protection Regulations (GDPR code of conduct published by CISPE Data Protection Code of Conduct. You can access a copy of Code of Conduct here.

When onboarding to Service, we use the country location of your business to determine where your and your customer's data will be stored. The Service platform uses AWS Cloud infrastructure to run our applications globally. We store data in AWS's facilities located in all major jurisdictions worldwide. For example, if our client is in South East Asia, data is stored in either Singapore or Hong Kong. The same for EU member countries, data is stored in the AWS EU.

Your data is stored in Virtual Private Servers of The Company within the AWS cloud environment. All your personally identifiable data on our databases are encrypted using the AES 256-bit technique.

Your files, such as employee documents, profile images, and company documents are all stored as private and encrypted.

All customer data is stored in at least two different locations with the same level of security as a backup mechanism.

Your data is not accessible even by employees of The Company unless permission is granted as all the personal data is encrypted before storage.

We never share your personally identifiable data with a third party.

According to our information security policy, The Company staff are only allowed to access a customer installation when written permission is granted by the customer.

Please review our Data Privacy Policy here.

The Company Services are monitored continuously for suspicious activity. In case of a security incident, customers will be notified promptly.

You have ownership of your data and you have the right to request a copy of all your company data stored within The Company Service.

You have the right to request the deletion of your data and the termination of the services provided by The Company at any time.

We use the infrastructure services of AWS. You can check their GDPR readiness via these URLs.

Amazon Web Services

If you have any questions about our GDPR Compliance, please contact our Data Privacy Officer via email at dpo@servicequik.com.