Data Protection Policy

We at YP! Solutions Pte Ltd take our responsibilities under the Personal Data Protection Act 2012 (the “PDPA”) seriously.

We also recognize the importance of the personal data which has been entrusted to us by your organization and we believe that it is our responsibility to properly manage, protect and process the entrusted data.

This Data Protection Policy has been designed to assist your organization in understanding how YesPay! collects, uses and/or discloses the personal data provided to us, as well as to assist you in making informed decisions before providing us with any form of personal data.

If you or your organization, at any point of time, have any queries on this policy, or any other queries on how YesPay! may manage, protect and/or process your organization’s personal data, please do not hesitate to contact our Data Protection Officer (the "DPO") at:

Attention: The Data Protection Officer

Email: privacy@yespaygroup.com

1. INTRODUCTION TO THE PDPA

1.1 “Personal Data” is defined under the PDPA to mean that data, whether true or not, about an individual who can be identified via the data, or from the data and other information to which an organization has or is likely to have access to. Common examples of personal data includes names, identification numbers, contact information, data of birth, nationality, medical records and photographs.

1.2 YesPay! will collect your personal data in accordance to the PDPA. In general, before any collection of personal data from you is carried out, we will notify you for which your personal data may be collected, used and/or disclose, as well as obtaining your consent for the collection, use and/or disclose your personal data for any intended purposes.

2. PURPOSES FOR COLLECTION, USAGE, DISCLOURE OF PERSONAL DATA

2.1 The personal data which YesPay! collects from you may be collected, used and/or disclosed for the following purposes:

Provision of proper performance of payroll, leave and claims processing services;

Conducting employee administration and HR operations;

Provision with adequate consultancy services and advices on HR processes and issues;

Management of enquiries and instructions from you; and

Sending you invitations to events held by us;

2.2 In order for YesPay! to conduct our business and consultancy operations more smoothly, we may also have to disclose the personal data provided by you to our third party service providers, vendors, and/or our affiliated or related corporations, which may be sited outside of Singapore, for one or more of the above-state Purposes. This is because such third party service providers, vendors, and/or affiliated or related corporations would be processing your personal data on your behalf for one or more of the above-stated Purposes.

3. SPECIFIC ISSUES FOR THE DISCLOSE OF PERSONAL DATA TO THIRD PARTIES

3.1 YesPay! respects the confidentiality of the personal data that you have provided to us. used and/or disclosed for the following purposes:

3.2 In regards to that confidentiality, we will not disclose any of your personal data to any third parties without first obtaining your expressed consent permitting YesPay! to do so. However please note that we reserve the rights to disclose your personal data to their parties without first obtaining your consent in certain situations including, and without limitation, the following:

Cases to which the disclosure of personal data is required based on the applicable laws and/or regulations;

Cases to which the purpose of such disclosures are clearly in your interests, and if consent cannot be obtained in a timely manner;

Cases to which the disclosure is necessary in response to an emergency that threatens the life, health or safety of yourself or another individual;

Cases to which there are substantial and reasonable grounds for YesPay! to believe that the health or safety of yourself or another individual will be seriously and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;

Cases to which the discloses are necessary for any form of legal investigations or proceedings;

Cases to which the personal data is disclosed to any officer representing a prescribed law enforcement agency, upon production of written authorization signed by the head or director of the said law enforcement agency or a person of a similar rank, certifying and stating that the personal data is a necessity for the purposes of specific functions or duties of the officer; and/or

Cases to which the disclosure is to a public agency and such disclosure is a necessity for public interest.

3.3 The instances listed above at paragraph 3.2 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the Second, Third and Fourth Schedules of the PDPA which is publicly available at http://statutes.agc.gov.sg.

3.4 In all other instances of disclosure of personal data to third parties with your express consent, we will endeavor to provide adequate supervision over the handling and administration of your personal data by such third parties, as well as to provide for adequate forms of protection over such personal data.

4. REQUEST FOR ACCESS AND/OR CORRECTION OF PROVIDED PERSONAL DATA

4.1 You may request to access and/or correct the personal data that is currently in the possession of YesPay! at any time by submitting your request through the following methods:

Attention: The Data Protection Officer

Email: privacy@yespaygroup.com

Office Address: 391A Orchard Road #17-08, Singapore 238873

4.2 For a request to access personal data, we will provide you with the relevant personal data within a reasonable time from such a request being made.

Subject paragraph 4.4, we will send the corrected personal data to every other organization to which the personal data was disclosed by YesPay! within a year before the data that the correction of the personal data was made, unless in any circumstances in which the other organization do not require the corrected personal data for any legal or business purposes.

4.3 Notwithstanding paragraph 4.3(b), YesPay! may, if you so consent, send the corrected personal data only to specific organizations to which the personal data was disclosed by us within a year before the date that the correct of the personal data was made.

5. REQUEST TO WITHDRAW CONSENT

5.1 You may withdraw your consent for personal data collection, use and/or disclosure of your personal data in the possession of YesPay! or under our control at any time by submitting your request via the following channels:

Attention: The Data Protection Officer

Email: privacy@yespaygroup.com

Office Address: 391A Orchard Road #17-08, Singapore 238873

5.2 YesPay! will process your request within a reasonable time from such a request for withdrawal of consent is being made by you and will thereafter from collecting, using and/or disclosing your personal data in the manner stated as per your request.

6. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA

6.1 YesPay! will take the appropriate measures to keep your personal data accurate, complete and updated.

6.2 YesPay! will also take commercially reasonable efforts to take all appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will constantly be taken to prevent any form of unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alterations of your personal data which has been entrusted to us. However, YesPay! will not be able to assume any form of responsibility for any unauthorized usage of your personal data by third parties which are wholly attributable to factors beyond our control.

6.3 YesPay! will also take commercially reasonable efforts to ensure that all personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.

7. DATA INTERMEDIARY

7.1 YesPay! will be considered to be a data intermediary under the PDPA, as we are processing their personal data on behalf of other organizations.

7.2 As a data intermediary, YesPay! is obliged to take all form of commercially reasonable efforts to ensure that your personal data which we are processing on behalf of other organizations is (i) adequately protected and secured; and (ii) destroyed and/or anonymized as soon as it is reasonable to do so, as mentioned in paragraphs 6.2 and 6.3 respectively.

8. UPDATES ON DATA PROTECTION POLICY

8.1 As part of our efforts to ensure that YesPay! properly manages, protects and processes your personal data, we will constantly review our policies, procedures and processes from time to time.

8.2 YesPay! reserves the rights to amend the terms of this Data Protection Policy at our sole discretion. Any amended Data Protection Policy will be posted on our website and can be viewed at https://www.yespaygroup.com

8.3 You are encouraged to visit the above mentioned website from time to time to ensure that you are well informed and fully updated of our latest policies in relations to personal data protection.

Last Updated on 15 July 2019