Data Protection Policy

DATA PROTECTION POLICY FOR EMPLOYER

Updated on 22/12/2020

Any person or entity that is accessing OSP platform to post a job or utilizing the Services for any reason related to the purpose of seeking candidates for employment is known as "Employer". Onestop Security Platform Pte Ltd ("we", "us", or "our") imposes this Data Protection Notice ("Notice") with obligations on the Employers so as to ensure the Onestop Security Platform Pte Ltd‘s own compliance with the Singapore Personal Data Protection Act ("PDPA"). 1. DEFINITIONS 1.1 In this Agreement, unless the context otherwise requires, the following terms shall have the meanings assigned to them below: 1.1.1 "Employer" means a person or entity that is accessing a Site to post a job or utilizing the Services for any reason related to the purpose of seeking candidates for employment. 1.1.2 "OSP" means Onestop Security Platform Pte Ltd; 1.1.3 "OSP Personal Data" means Personal Data of Job Seekers which OSP discloses to the Employer including data of OSP's Job Seekers such as Name, Medical Data, Security Officer License Number and Contact Details; 1.1.4 "PDPA" means the Personal Data Protection Act 2012; 1.1.5 "Job Seeker" means the Security Officer who is a member of OSP's application platform; and 1.1.6 "Personal Data" means data, whether true or not, about an individual who can be identified: (a) from that data alone; or (b) from that data and other information which the Employer has or is likely to have access. 2. HANDLING AND PROTECTION OF PERSONAL DATA 2.1 Compliance with PDPA. The Employer shall comply with all its obligations under the PDPA at its own cost. 2.2 The Employer shall not disclose or copy OSP's Personal Data unless with permission form OSP or until the Job Seeker has been employed by the Employer. 2.3 The Employer shall only use OSP Personal Data, until the Job Seeker has been employed by the Employer, for the following : (a) strictly for the purposes of fulfilling its obligations and for Job Seeker search required under this Agreement; (b) with the OSP's consent; or (c) when required by law or an order of court, but shall notify the OSP as soon as practicable before complying with such law or order of court at its own costs. 2.4 Transfer of personal data outside Singapore. The Employer shall not transfer OSP Personal Data to a place outside Singapore without the OSP's prior written consent, until the Job Seeker has been employed by the Employer. However, if the OSP provides consent, the Employer shall provide a written undertaking to the OSP that the OSP Personal Data transferred outside Singapore will be protected at a standard that is comparable to that under the PDPA. If the Employer transfers OSP Personal Data to any third party overseas, the Employer shall procure the same written undertaking from such third party. 2.5 Security Measures. 2.5.1 The Employer shall protect OSP Personal Data in the Employer's control or possession by making reasonable security arrangements (including, where appropriate, physical, administrative, procedural and information & communications technology measures) to prevent unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of OSP Personal Data, or other similar risks. 2.6 Accuracy and Correction of Personal Data. OSP provides Personal Data of Job Seekers to the Employer through OSP's online application platform, the OSP shall make reasonable effort to ensure that the Personal Data is accurate and complete before providing the same to the Employer. The Employer shall put in place adequate measures to ensure that the Personal Data in its possession or control remain or is otherwise accurate and complete. 2.7 Retention of Personal Data. 2.7.1 The Employer shall not retain OSP's Personal Data (physical or electronic form) for any period of time longer than is necessary to serve the purposes of this Agreement unless the Job Seeker has already been employed by the Employer. 2.7.2 The Employer shall not retain OSP's Personal Data (physical or electronic form) once the employer have end the relationship or contract agreement with OSP unless the Job Seeker has already been employed by the Employer at the time of which the relationship has ended. 2.7.3 The Employer shall, upon the request of the OSP: a) return to the physical copy of OSP's Personal Data; and/or b) delete the electronic copy of OSP's Personal Data in its possession, and, after returning or deleting all OSP Personal Data, provide the OSP with written confirmation that it no longer possesses any OSP Personal Data. Where applicable, the Employer shall also instruct all third parties to whom it has disclosed OSP Personal Data for the purposes of this Agreement to return to the Employer or delete, such OSP Personal Data. 2.8 Notification of Breach. 2.8.1 The Employer shall immediately, within 1 hour, notify the OSP when the Employer becomes aware of a breach of any of its obligations in Clauses [2.2 to 2.7]. 2.8.2 The Employer report to OSP's Data Protection Officer by the below channel: Contact Person: Data Protection Officer Contact Number: +65 6747 6186 Email: bruno.ang@osp.sg 2.9 Indemnity The Employer shall indemnify the OSP and its officers, employees and agents, against all actions, claims, demands, losses, damages, statutory penalties, expenses and cost (including legal costs on an indemnity basis), in respect of: (a) the Employer's breach of Clauses [2 to 3]; or (b) any act, omission or negligence of the Employer or its subcontractor that causes or results in the OSP being in breach of the Singapore Personal Data Protection Act.