DATA PROTECTION POLICY
The Association of Certified Strategic Auditor (ACSA) in Singapore is required to comply with the entire Personal Data Protection Act 2012 (PDPA) and General Data Protection Regulation (GDPR) for all its candidates and members of ACSA and the following data protection obligations for how ACSA is complying with the PDPA and GDPR:
1. Consent Obligation
Only collect, use or disclose personal data for purposes for which an individual has given his or her consent.
Allow individuals to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal. Upon withdrawal of consent to the collection, use or disclosure for any purpose, ACSA will cease such collection, use or disclosure of the personal data.
2. Purpose Limitation Obligation
ACSA may collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent.
ACSA may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.
3. Notification Obligation
Notify individuals of the purposes for which ACSA is intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data.
4. Access and Correction Obligation
Upon request, the personal data of an individual and information about the ways in which his or her personal data has been or may have been used or disclosed within a year before the request should be provided. However, ACSA are prohibited from providing an individual access if the provision of the personal data or other information could reasonably be expected to:
cause immediate or grave harm to the individual’s safety or physical or mental health;
threaten the safety or physical or mental health of another individual;
reveal personal data about another individual;
reveal the identity of another individual who has provided the personal data, and the individual has not consented to the disclosure of his or her identity; or
be contrary to national interest.
ACSA is required to correct any error or omission in an individual’s personal data upon his or her request. Unless ACSA is satisfied on reasonable grounds that the correction should not be made, ACSA should correct the personal data as soon as practicable and send the corrected data to other organisations to which the personal data was disclosed within a year before the correction is made (or, with the individual's consent, only to selected organisations).
5. Accuracy Obligation
Make reasonable effort to ensure that personal data collected by or on behalf of ACSA is accurate and complete, if it is likely to be used to make a decision that affects the individual, or if it is likely to be disclosed to another organisation.
6. Protection Obligation
Make reasonable security arrangements to protect the personal data that your organisation possesses or controls to prevent unauthorised access, collection, use, disclosure or similar risks.
7. Retention Limitation Obligation
Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.
8. Transfer Limitation Obligation
Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the PDPC.
9. Openness Obligation
Make information about data protection policies, practices and complaints process available on request.
11. Access to Personal Information
At your request, we will provide access to your personal data, save that in specified circumstances your access may be subject to fees to meet our costs.
12. European Union's General Data Privacy Regulation
Under the European Union's General Data Privacy Regulation (GDPR), you may have certain rights pertaining to your personal data. If you are covered by GDPR, you may contact us in order to exercise any of your data privacy rights.
ACSA may modify this Policy at any time by giving you written notice.
14. Questions, Application for Access/Correction and Withdrawal of Consent
If you have any questions, comments or suggestions regarding this Policy, we would be glad to hear from you. Please contact our ACSA Data Protection Officer at:
ACSA Data Protection Officer
12 Marina Boulevard
MBFC Tower 3