1. Purpose Limitation
Only use or disclose personal data for the purposes defined.
Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.
Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.
4. Access and Correction
Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.
Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.
Keep personal data in your possession secure from unauthorised access, modification, disclosure, use, copying, whether in hardcopy or electronic form.
7. Retention Limitation
Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.
8. Transfer Limitation
Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA
Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.
10. Do-Not-Call (DNC)
Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).