iqDynamics Pte Ltd recognizes its responsibilities in relation to the collection, use, disclosure, storage and transfer of personal data under Singapore’s Personal Data Protection Act 2012 (PDPA) and the European Union (EU)’s General Data Protection Regulation (GDPR). We are a data intermediary as defined in PDPA and a data processor as defined in GDPR. This policy describes our commitment to implement policies, processes and practices and to deploy appropriate technology to protect Personal Data in our possession. “Personal Data” in this Policy means data that can identify an individual.
Companies and organizations who use our HRiQ software applications for their HR management and processing requirements provide their employee data to us for data migration processing during system implementation. The HR employee data provided will contain Personal Data of the employees. We delete such employee data once data migration has been completed and the system implemented successfully.
Some of our clients also subscribe to our HRiQ Software-as-a-Service (SaaS) offering or running their HRiQ application on our platform hosting services. For these clients, we will host their employee data (which includes Personal Data of their employees) in our database servers for their processing. We will remove and delete such employee data after clients cease to use our SaaS offering or platform hosting services.
Other than the above, we collect and use Personal Data for business purposes that you have consented to and for which we have been authorized. We use such Personal Data to facilitate the delivery of the agreed contractual services to you.
We may disclose Personal Data to third party service providers, agents and related corporations whom we engage to enable us to provide services to our clients. We may also be required to disclose Personal Data to regulators, law enforcement and government agencies when required. We will disclose only those information that are requested for and are needful for the purpose for which they are requested. These parties are also required to comply with the Personal Data Protection Act for the Personal Data disclosed to them.
Client HR employee data may be transferred to service providers outside Singapore for storage, disaster recovery and emergency assistance. These service providers with whom we have contractual relationships are required to provide a standard of protection to the transferred data that is comparable to the protection under PDPA and GDPR and consistent with our personal data protection policies and practices.
We employ a range of technological and physical security arrangements to protect and secure client HR employee data and Personal Data in our possession against unauthorized access, collection, use, disclosure, copying, modification, deletion, disposal and other similar risks. These include physical access control to data storage facilities, user profile password and role-based functional rights control at the system and application levels and work procedures incorporating data security considerations when handling, processing or storing client HR employee data and Personal Data.
We only retain client HR employee data and Personal Data for as long as they are needed for the purposes we have described in this Policy and for our business and legal purposes. Generally, we do not retain such data beyond 7 years after the original purpose of receiving these data have ceased to be applicable unless otherwise required by law or under directions from the courts and other government authorities or for legal and similar proceedings or investigations.
Our employment contracts include confidentiality and Personal Data protection obligations to be adhered to by our employees together with appropriate disciplinary actions against them for data security breaches. New employees are required to undergo training on data security and protection and are assessed on the knowledge gained from the training. Existing employees will also undergo this training periodically to maintain awareness and vigilance on data security when carrying out their work.
Questions regarding our Data Protection Policy should be addressed to:
2 Leng Kee Road, Thye Hong Centre #06-04, Singapore 159086
Queries will be responded to within a reasonable timeframe.
We will review our policies, practices and processes from time to time and we reserve the right to update or amend the terms of our Data Protection Policy at our absolute discretion.