STATEMENT OF POLICY
Personal Data Protection Policy (“PDPP”)
Issue Date / Version: January 02, 2015 / V3
The Personal Data Protection Policy provides a consistent approach to comply with the requirements of the Singapore Personal Data Protection Act 2012 (“PDPA”) by Sun Electric Pte. Ltd. (“Sun Electric”) employees and the Sun Electric Group, including Sun Electric Power Pte Limited and Sun Electric Energy Assets Pte Ltd.
The Singapore Personal Data Protection Act 2012 (“PDPA”) is a law that governs the collection, use and disclosure of personal data by all private organizations and came into effect on 2 July 2014. This law is governed by the Personal Data Protection Commission (“PDPC”) of Singapore and it is based on a compliant regime.
Personal data is defined as data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which Sun Electric has or is likely to have access, including data in Sun Electric’s records as may have be updated from time to time (“Personal Data”). Please note that electronic and non-electronic personal data as well as photographic, video and sound recordings are considered Personal Data.
Sun Electric utilises a customer relationship management (CRM) system. All information (including Personal Data) in relation to Sun Electric’s potential or existing clients/investors is captured in the CRM system.
This policy applies to all employees of Sun Electric. If any requirement of this policy is inconsistent with a legal obligation, the legal obligation prevails over this policy.
- Purpose Limitation
Sun Electric collects Personal Data mainly from the following sources:
- Potential individual consumers who may purchase Sun Electric’s electricity and/or other products and services;
- Individual property owners who contribute roof space to Sun Electric for generation, and who receive revenue (“Clients”)
All Personal Data collected is only used or disclosed for the purpose it was collected for.
- Investors who invest into Sun Electric’s funds, assets, and/or products
The following paragraph is to be incorporated into all relevant forms (Acceptance Form, License Form, Subscription form, etc):
Personal data is defined as data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which Sun Electric has or is likely to have access, including data in Sun Electric’s records as may have be updated from time to time (“Personal Data”).
Each time a Client voluntarily provides his or her personal data in order to carry out a transaction in relation to the particular transaction, he/she is deemed to have consented to the following:
- that Sun Electric shall collect, store and maintain the personal data and other information relating to the Client as received (whether in writing, electronically or otherwise) as part of the records maintained by Sun Electric.
- that such Personal Data collected, stored and maintained shall be used for the purposes of account maintenance and transaction purposes from time to time, including but not limited to the processing of such Personal Data for the purposes of record keeping, compliance, regulatory, legal, audit, tax (including tax reporting) and providing the investor with regular statements of account as well as other notices;
- that such Personal Data collected, stored and maintained shall be provided to and processed by third parties for the above purposes from time to time, including but not limited to, professional advisors, engineers or consultants of a technical discipline, accounts support, as well as other the agents or service providers employed by Sun Electric for the above purposes from time to time;
- that such Personal Data collected, stored and maintained shall be provided to any and all applicable regulatory authorities upon request or as may be required by applicable law or regulation from time to time; and
- that such Personal Data shall be stored, maintained, used, processed, transferred or held in Singapore or outside Singapore, as Sun Electric shall consider appropriate for the above purposes.
- Employees who join Sun Electric
All employees who join Sun Electric have to sign the Employee Non-disclosure Acknowledgement. The sample Employee Non-disclosure Acknowledgement will be made available upon request.
- Access and correction
Upon request from any Client, Investor or Employee, Sun Electric will endeavour to provide the Client, Investor or Employee any Personal Data stored in the CRM system/individual Personal File as well as how the Personal Data has been used for the past twelve months from the date of the request.
Upon request from any Client, Investor or Employee, Sun Electric will correct any inaccuracies in the Personal Data of the Client, Investor or Employee stored in the CRM system/individual Personal File as soon as practicable.
Sun Electric endeavours to ensure that all Personal Data captured in the CRM system/Personal Files are accurate. Hence, upon discovery by Sun Electric or request from the Client or an Employee, Sun Electric will correct any inaccuracies in the Personal Data of the Client stored in the CRM system/individual Personal File as soon as practicable.
Any access to the CRM system (password protected) is allowed only for employees of Sun Electric. Individual employees of Sun Electric only have access to the Personal Data of their own Clients. In addition, as stated in paragraph 2 above, all employees who join Sun Electric will sign the Employee Non-disclosure Acknowledgement. Any access to the Personal Files is allowed only to Sun Electric’s management and the HR department and is on a need to know basis.
- Retention Limitation
All Personal Data captured in the CRM system shall only be used for Sun Electric’s business. The CRM system will be cleaned up annually to ensure that all irrelevant and/or outdated Personal Data will be removed. All Personal Data captured in the Personal Files shall only be used for HR purposes and Sun Electric’s business.
- Transfer Limitation
Sun Electric will endeavor to ensure that any receiving organizations which receive Personal Data from Sun Electric has a standard of protection comparable to the protection under PDPA.
Upon request, Sun Electric will make available its Personal Data Protection Policy to its Clients, Investors or Employees. The Compliance Officer is designated as the Data Protection Officer (“DPO”).
- Do-Not-Call (DNC)
Sun Electric will not send marketing messages to individuals who have registered in the National DNC registry unless Sun Electric has obtained their clear and unambiguous consent or have an on-going relationship. In addition, Sun Electric will track in the CRM system any Client or Investor who has requested previously not to be contacted by Sun Electric for any marketing message.
All policy breaches must be immediately escalated to the Policy Owner. Breaches of this policy will be investigated and will result in an appropriate consequence being applied. This may include re-assessment of bonus qualification and/ or termination of employment.
If, in performing duties under this policy, you compiled with a legal obligation that was inconsistent with this policy, you must report this inconsistency to the Policy Owner.
WHERE TO GET HELP
Contact your manager, representative, or Management Officer.