We at DigiSME Pte Ltd. recognise the importance of the Personal Data (as defined hereafter) you have entrusted to us and believe that it is our responsibility to properly manage, protect, and process your Personal Data.
This Policy is designed to assist you in understanding how DigiSME Pte Ltd., subsidiaries, as well as its representatives and/or agents (collectively referred to herein as " DigiSME", "us", "we" or "our") collects, uses, discloses, and/or processes the Personal Data you may provide in the course of the use of our website and/or application, and such functionalities, services, or features offered in connection thereof (collectively, the "Platform"), or in connection with your dealings with, though, or on the same.
- Personal Data
- Collection of Personal Data
- Purposes for Collection, Use, Disclosure and Processing of Personal Data
- Disclosure of Personal Data
- Accuracy of Personal Data
- Request for Access and/or Correction of Personal Data
- Request to Withdraw Consent
- Administration and Management of Personal Data
- Transfers of Personal Data
- Data Breach Notification
- Third-Party Sites
- Contacting us - Widthdrawal of Consent, Access and Correction of Your Personal Data
- Data Retention
- Updates to this Policy
1. Personal Data
1.1 Information Collected by DigiSME:
a) DigiSME collects the below listed Personal Information from you to provide our services or products to you:
- Company Name
- Contact Name
- Email Address
- Contact number
- Information about your use of our Platform, including cookies, domain name details, IP addresses, subscription account details and membership details; and
- Payment related information, such as your bank account information and your credit history
1.2 Data that DigiSME processes on behalf of our customers
As a service provider, DigiSME collects the following Personal Information on behalf of our customers (Employers) through the DigiSME platform.
- Personal Information such as name, date of birth, gender, contact details, emergency contact number, address, nationality, family member details, and national security/identity number are collected as per customer’s instructions.
- For tracking attendance and payment purposes, the DigiSME platform collects face images, Location, IP address, unique identifiers, leave details, bank account, and tax declarations.
2. Collection of Personal Data
Generally, we may collect Personal Data in the following ways,
2.1 DigiSME collects the Personal Data for providing our services or products to customers.
The data is collected when you
- Register your details with our website
- Register your details with our company representatives
- Enter into any agreement or provide other documentation or information in respect of your interactions with us;
- Submit your Personal Data to us;
- Enter our property and/or premises and/or when your images are captured by us via CCTV cameras while you are within our property and/or premises, or via photographs or videos taken by us or our representatives when you attend our events;
- Complete our sales orders, requests or applications for our products and services (by phone, in person, mail, or electronically);
- Interact with our staff in relation to our products and services, including customer service officers, for example via telephone calls (which may be recorded), direct mails, fax, face-to-face meetings, social media platforms, emails or any other means;
- Use and/or subscribe to any of our products and services such as assembly/installation services, training services and/or any of our maintenance and after sales service program;
- Conduct certain types of transactions such as payments;
- Interact with us during promotions, competitions, contests, special events, workshops or respond to any request for additional Personal Data;
- Receive your Personal Data from business partners, public agencies, your ex-employer, referral intermediaries, and any third parties or the relevant authorities, for example where you have been referred by business partners or where we have sought information about you in connection with your relationship with us, including for our products and services or job applications; and/or
- Submit your Personal Data to us for any other reason.
2.2 As a Service provider: DigiSME collects the Personal Information on behalf of our customers (Employer)
The data is collected,
- When customers enter their employee details such as name, date of birth, gender, contact details, emergency contact number, address, nationality, family member details, and national security/identity number for maintaining employee records.
- When customers enter the payment related bank and tax details
- When employees update their Personal Information.
- When the DigiSME platform captures the face images, and location details for calculating attendance and payroll.
3. Purposes for Collection, Use, Disclosure and Processing of Personal Data
3.1 Subject to the provisions of any applicable law, generally, we may collect, use, and disclose your Personal Data for the following purposes depending on the nature of your interaction with us:
- to communicate with you;
- to assess, process and provide products, services and/or facilities to you, including performing obligations during or in connection with our provision of the goods and services requested by you;
- to administer and process any payments related to products, services and/or facilities requested by you or your commercial transactions with us;
- to establish your identity and background;
- to respond to your enquiries, feedback, requests or complaints and/or resolve any issues and disputes which may arise in connection with any dealings with us
- to facilitate your participation in, and our administration of, any events including workshops, promotions, contests, or campaigns;
- to maintain and update internal record keeping;
- for internal administrative purposes, or managing and planning the administrative and business operations of DigiSME and complying with internal policies and procedures;
- to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
- for detecting, conducting any form of investigation, and preventing fraudulent, prohibited, or illegal activities and analysing and managing commercial risks, including those relating to disputes, billing, fraud, offences, prosecutions etc;
- for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
- to transfer or assign our rights, interests and obligations under any agreements entered with us;
- for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
- to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation, and regulations;
- for purposes required to operate, maintain, and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent;
- facilitating business asset transactions (which may extend to any mergers, acquisitions, or asset sales);
- matching any Personal Data held which relates to you for any of the purposes listed herein;
- managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
- monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes; and/or
- in connection with any claims, actions, or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations.
3.2 In addition, we may collect, use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
- If you have an account with us:
- to process your account and to maintain your account with us;
- administering and processing your requests including creating and maintaining profiles of our users in our system database for administrative purposes (including but not limited to tracking your use of the Platform); and/or
- administering debt recovery and debt management.
- If you are an employee, officer or owner of a vendor, contractor or other external service provider, or prospective vendor, prospective contractor, or other prospective external service provider of DigiSME:
- to conduct appropriate due diligence checks;
- to evaluate your organisation's suitability as a vendor, contractor, and external service provider for DigiSME and to conduct background checks on you;
- to create and maintain profiles of our vendors, contractors, and external service providers in our system databases;
- to process and facilitate necessary actions and processes for the purposes of the work or engagement of said vendor, contractor, and external service provider;
- to respond to emergencies;
- for facilities management purposes (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
- to communicate with your deployed staff, after award of contract, who are in our properties to carry out work or services, and for any emergency or/and security concerns.
3.3 You have the rights regarding DigiSME collection, use or disclosure of your Personal Data. If you choose not to provide us the Personal Data as described in this notice, we may not be able to perform our obligations as stated in clause 3. You have the rights to object to the processing of your Personal Data and withdraw your consent in the manner described in Clause 6 and 11.
3.4 In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use, and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
3.5 DigiSME shall undertake to protect Personal Data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks;
3.6 Information that DigiSME collects on behalf of our customers
DigiSME only collects information as per the customer’s (employer) requirement. Our contract governs the delivery, access, and use of the Services and Mobile Apps, including the processing of Personal Information and data submitted through DigiSME. The customers (e.g., employers) controls their Platform and any associated client data. If there are any questions about specific platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the customers administrator of the platform you use.
4. Disclosure of Personal Data
Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or operating country:
- third-party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above-mentioned purposes;
- amongst DigiSME in overseas to carry out their job obligations with appropriate technical and organizational measures in place; to assist with the resolution of technical support issues relating to the Software, whether via ticketing system, telephone calls or otherwise
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any mergers, acquisitions and debt or asset sale);
- relevant government regulators, government ministries, statutory boards, embassies, or authorities and/or law enforcement agencies, whether local or overseas, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them; and/or
- any other party to whom you authorise us to disclose your Personal Data.
Information that DigiSME processes on behalf of our customers
- DigiSME share Employees’ Personal Information only with third-party Cloud Service providers. The data DigiSME collect is hosted on the Microsoft Azure Cloud in the respective country region with advanced security features.
- Facial data will be stored in User’s mobile and cloud as well. When users use face authentication, the system verifies the image from mobile storage and authenticate to the application. Cloud image will restore when the user’s mobile loses the stored data (During mobile change/App reinstall).
- DigiSME implements, enforces, and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance with such policies on an ongoing basis.
5. Accuracy of Personal Data
We will take reasonable steps to ensure that the Personal Data we collect about you is accurate, complete, not misleading and kept up to date, taking into account its intended use. Where possible, we will validate the Personal Data provided by you using generally accepted practices and guidelines. If we are in an ongoing relationship with you, it is important that you update us of any changes to your business contact information.
6. Request for Access and/or Correction of Personal Data
- You have the right
- an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data; or
- a correction request to correct or update any of your Personal Data which we hold,
- by submitting your request in writing or via email to our Data Protection Officer (" DPO") at the contact details provided below. Subject to the provisions of Data Protection Laws, we will endeavour to respond to your access and/or correction request within 30 days after receiving such request. If we are unable to respond to your access and/or correction within 30 days after receiving such request, we will inform you in writing within 30 days of the time by which we will be able to respond to the request.
- Depending on the scope and nature of the work required to process your access and/or correction request, we may be required to impose a fee to recover our administrative costs. This will be assessed on a case-by-case basis by our DPO. Where such a fee is to be imposed, we will inform you of the fee before processing your request. Please note that we will only process your request once you have agreed to the payment of the fee. In certain cases, we may also require a deposit from you before we process the access request. You will be notified if a deposit is required, if any.
DigiSME has no direct relationship with the individuals whose Personal Information is provided to DigiSME through the Services. An individual who is or was employed by one of our customers and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete his/her Personal Information in the platform, should direct his/her query to the HR department of the customer organization that uses the platform and for which he/she works or used to work if he/she cannot make the appropriate changes via its access to the platform provided by the customer.
7. Request to Withdraw Consent
7.1 You have the right, to withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control for any or all the purposes listed above by submitting your request in writing or via email to our DPO at the contact details provided below.
7.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. Therefore, you may still receive communication during this period.
7.3 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, DigiSME may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with DigiSME, and your being in breach of your contractual obligations or undertakings. DigiSME's legal rights and remedies in such event are expressly reserved.
7.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.
8. Administration and Management of Personal Data
8.1 We generally rely on you to ensure that any Personal Data provided by you (or your authorised representative) is accurate and complete in all respects. In order to ensure that your Personal Data is current, complete and accurate, please promptly update us if there are changes to your Personal Data by informing our DPO in writing or via email at the contact details provided below. Until you have informed us otherwise, we will treat your Personal Data (as provided by you or our authorised representative) as accurate and complete.
8.2 We may retain your Personal Data for as long as the purpose for which that Personal Data was collected is being served by retention of the Personal Data, retention is necessary for legal or business purposes, or as required or permitted by applicable laws.
9. Transfers of Personal Data
Where applicable, your Personal Data may be stored in external servers in a particular country region. In addition, as described above, in the course of our business operation needs, we may be required, from time to time, to transfer your Personal Data with and between our subsidiaries located in country outside. For example, your Personal Data stored in the Software may be transferred overseas for support functions. The Personal Data transfer will be in accordance with requirements prescribed in applicable data protection law to ensure that the organization provides a standard of protection to Personal Data. Rest assured, where we disclose Personal Data to a third-party in another country, we put safeguards in place to ensure your Personal Data remains protected.
10. Data Breach Notification
In the event of a breach security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data, we shall promptly assess the impact and once assessed that it is a notifiable data breach, we shall report this breach within 3 calendar days to the regulatory body or data protection authority. DigiSME will notify the customers without undue delay, within 24 hours after establishing that the data breach is likely to result in significant harm or impact to the individuals to whom the individual relates, or of a significant scale.
11.2 The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our Platform, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
11.4 Cookies - Small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognise a particular device or browser. There are several types of cookies:
Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
- Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.
- First-party cookies are set by the site you are visiting.
- Third-party cookies are set by a third-party site separate from the site you are visiting.
11.5 Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options.
11.6 Web beacons - Small graphic images (also known as "pixel tags" or "clear GIFs") may be included on our Platform. Web beacons typically work in conjunction with cookies to profile each unique user and user behaviour.
11.7 Similar technologies - Technologies that store information in your browser or device utilising local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all your browsers.
11.8 We may use the terms "cookies" or "similar technologies" interchangeably in our policies to refer to all technologies that we may use to collect or store information in your browser or device or that collect information or assist in identifying you as a unique user in the manner described above.
11.9 The Platform and certain site features and services are available only using these technologies. You are always free to block, delete, or disable these technologies if your browser so permits.
11.10 However, if you decline cookies or other similar technologies, you may not be able to take advantage of the Platform and certain site features or services tools. For more information on how you can block, delete, or disable these technologies, please review your browser settings.
12. Third-Party Sites
13. Contacting Us - Withdrawal of Consent, Access and Correction of your Personal Data
13.1 If you:
- have any questions or feedback relating to your Personal Data or about this Policy;
- would like to withdraw your consent to any use of your Personal Data as set out in this Policy; or
- would like to obtain access and make correction to your Personal Data records, please contact us as follows:
Data Protection Officer
DigiSME Pte Ltd
Address: 30 Kallang Place #07-22, Singapore 339159
Contact No: +65 6297 3398
Email address: email@example.com
14. Data Retention
DigiSME will retain your Personal Data as long as in necessary to fulfil the service that you have requested, comply with any laws or regulations, resolve disputes, and enforce our agreements. DigiSME may retain your data longer for a legitimate business interest where business benefit is not outweighed by your personal rights and freedoms. Data entered in DigiSME service is retained in accordance with any applicable agreement between DigiSME and its customers.
Information that DigiSME processes on behalf of our customers
With respect to the data of employees of the DigiSME customers, the DigiSME customers are solely responsible for defining the data retention period for their data, taking into consideration relevant laws and regulations.
The customer shall define the data retention period for their data, considering the purpose for which the data was collected and processed, the applicable legal requirements, and the customer’s own data retention policies. The data retention period should not exceed the time necessary to fulfil the purpose for which the data was collected or to comply with legal requirements. Data entered in a DigiSME is retained in accordance with any applicable agreement between DigiSME and its customers.
We retain customers’ face data as long as they choose to use DigiSME. When a customer's account is terminated, their face data will be removed from the active database after 30 days from the termination date. We will give customers a prior notice via email before the permanent deletion of their database. Complete back up will be deleted after 7 days from the active database deletion.
15. Updates to this Policy