1. Consent

We must ensure that we obtain clear and informed consent from individuals before collecting, using, or disclosing their personal data. Our privacy notice should clearly explain the purposes for data collection and usage.

2. Notification

The PDPA requires us to inform individuals of the purposes for data collection, use, and disclosure at the time of collection. Our privacy notice should make these purposes transparent to our website visitors.

3. Access and Correction

Individuals have the right to request access to their personal data held by our organisation and to request corrections when necessary. Our privacy notice should outline the process for making such requests.

4. Data Protection Officer (DPO)

Depending on our organisation’s size and nature, appointing a Data Protection Officer may be necessary. Our privacy notice should specify the contact information for our DPO.

5. Data Transfer

If we transfer personal data outside of Singapore, our privacy notice should provide information on the countries to which data may be transferred and the safeguards in place to ensure its protection.

6. Security Measures

We need to explain the security measures in place to protect personal data from unauthorized access, disclosure, alteration, and destruction.

7. Retention Period

The PDPA mandates that we specify how long we will retain personal data, ensuring it’s not retained longer than necessary for the purpose for which it was collected.

8. Updates to Privacy Policy

Like other jurisdictions, we should inform individuals of any changes to our privacy policy and provide a means for them to stay informed about our data protection practices.

9. Contact Information

Our privacy notice should include clear contact information for inquiries and requests regarding personal data, as required under the PDPA.