IQ Dynamics Pte Ltd recognizes its responsibilities in relation to the collection, use, disclosure, storage and transfer of personal data under Singapore’s Personal Data Protection Act 2012 (PDPA) and the European Union (EU)’s General Data Protection Regulation (GDPR). We are a data intermediary as defined in PDPA and a data processor as defined in GDPR. This policy describes our commitment to implement policies, processes, and practices and to deploy appropriate technology to protect Personal Data in our possession. “Personal Data” in this Policy means data that can identify an individual.
Collection, Use and Retention
Customers of our HRiQ software applications requirements provide their employee data to us for data migration processing during system implementation. The HR employee data provided includes Personal Data of the employees. We delete the HR employee data once data migration has been completed and the system implemented successfully.
Customers of our HRiQ Software-as-a-Service (SaaS) offering or HRiQ application hosting services have their HR employee data stored in our system. This system is on Microsoft Azure Cloud. These customers will access and process their employee data with this system. We do not access nor process customer HR employee data stored in this system. We perform daily and weekly backup of the HR employee data stored in the system. We also perform data restoration during DRP testing and upon request from individual customers for their employees. We delete the HR employee data of customers from the system when they cease to use our HRiQ SaaS offering or HRiQ application hosting services.
Other than the above, we may collect your Business Contact Information for business purposes to facilitate the delivery of the agreed contractual services to you. We retain such data for as long as they are needed for business and legal reasons. Generally, we do not retain such data beyond 7 years after the original purpose of receiving these data have ceased to be applicable unless otherwise required by law or under directions from the courts and other government authorities or for legal and similar proceedings or investigations.
Disclosure and Transfer
We may disclose Personal Data to third party service providers, agents, and related corporations whom we engage to enable us to provide the agreed contractual services to our customers. We may also disclose Personal Data to regulators, law enforcement and government agencies when required. We will disclose only information that is requested for and is needful for the purpose for which it is requested. Unless exempted by law, these parties are also required to comply with the PDPA or GDPR for the Personal Data we disclose to them.
We may transfer customer HR employee data outside Singapore for storage, disaster recovery and emergency assistance. These service providers are contractually required to provide a standard of protection to the transferred data in their possession outside Singapore that is comparable to the protection under PDPA and GDPR and consistent with our personal data protection policies and practices.
We employ a range of organizational, employee, technological, and physical controls to protect HR employee data and Personal Data in our possession against unauthorized access, collection, use, disclosure, copying, modification, deletion, disposal, and other similar risks. Our Information Security Management System (ISMS) framework manages these information security controls to ensure that they are working properly to achieve information security objectives for the business. The ISMS is audited annually by the internal audit team and by an independent external auditor to verify that it meets the requirements of ISO 27001 standard.
Data Breach Incident Management
We respond to any data breach incident according to our incident management procedure. The incident management team comprises the DPO, company management, business stakeholders, and IT manager working with external expertise in breach counselling, forensic investigation, and communication to meet the statutory requirements and business obligations concerning the data breach.
We will notify customers of the data breach and the results of the investigation according to the notification requirements in the data protection regulations. The customers shall be responsible to notify their affected employees accordingly in compliance with the data protection regulations.
Our employment contracts include confidentiality and Personal Data protection obligations to be adhered to by our employees together with appropriate disciplinary actions against them for data security breaches they are found to have caused. All employees must complete annual training in information security and protection and are assessed on the knowledge gained from the training. They are also encouraged to develop information security awareness and apply it in their work through regular internal communication about IT security.
Data Protection Officer (DPO)
Questions regarding our Data Protection Policy should be addressed to:
IQ Dynamics Pte Ltd,
351 Braddell Road, #04-04, Singapore 579713
Email: [email protected]
We will respond to your query within a reasonable timeframe.
Updates on Data Protection Policy
We will review our policies, practices and processes from time to time and we reserve the right to update or amend the terms of our Data Protection Policy at our absolute discretion.
Regarding This Website