Google+

Data Protection Policy

Mobilus LLP refered as "The organization" collects and uses personal data about participants in accordance with the Singapore Personal Data Protection Act - 2012 (PDPA) and other relevant laws and requirements on private education institutions in Singapore.

Data Collected and Purpose

The organisation holds personal data on individuals, including: personal identification number, address, contact details, attendance information, past medical records and photographs.

The data is used to build relationships with the members which will including advertising, promotional messaging regarding events, sports, nutrition, customer service research and other services the organization deems relevant in building relationships with its members.

Data is shared as necessary with third party companies to provide extended services, examples include sports and nutrition related products, transport, accommodation and online services such as event and seminar sign-ups.

In particular, the organisation may make use of photographs, videos or sound recordings of participants in the organisation's digitals like website and other official Centre communication channels, as well as in external media.

Data Security

The organisation undertakes to:

a. implement appropriate security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular when the processing of data involves the transmission or storage on or within a network.

b. notify data subjects about any accidental or unauthorized access of their data that may lead to damage or harm.

Data Retention & Removal

The organisation undertakes that it shall only keep the data collected as long as is necessary to provide the services outlined above.

Right of Access and Correction

Members have a right to see the data held about them (subject to the exemptions listed below) and to request for data to be corrected if it is incorrect.

To request for data to be changed, please contact hello@wearemobilus.com.

The organisation will consider the request and respond within three working days. The response may be to decline the request with reasons or to provide a time scale in which the data will be supplied.

Exemptions to Right of Access

The PDPA does not provide the right of access to any and all information held by an organisation. Therefore The organisation retains the right to refuse access to:

  • Opinion data kept for evaluative purposes
  • Data or material that provide personal data about other individuals in contravention of this policy or the PDPA.

Sharing Data with Third Parties

The organisation shares personal data with a variety of third parties for the purposes of the third party providing a relevant service to the organisation. The organisation will only share data for the purposes of eliciting a service that will enhance the experience for members. Examples of these services include certification, transport, catering, sports and nutrition related services, accommodation, medical.

Where the Centre signs explicit contracts with these organisations it will include clauses from Appendix A - Contracts with Third Parties to ensure that the organisation is using the data purely for the intended purpose of providing the required service and that it is taking appropriate precautions to safeguard the data.

In some instances, for example for online services provided by companies outside of Singapore, explicit signed contracts do not exist. In these instances the Centre will ensure that the terms & conditions of the service include clauses that:

  • the organization remains the owner of the data
  • the service provider is not entitled to use any data held on its service for any purpose other than to provide the required service
  • the service provider is taking reasonable precautions to ensure the security of the data
  • once the organization terminates its agreement with the service provider, that any and all data held will be deleted and not used for any other purpose

 

Appendix A - Contracts with Third Parties

When signing contracts with any third party organisations that the organization will share personal data with the contract should include the following clauses or entries to the same effect.

Data Protection and Mobilus LLP

Mobilus LLP collects and uses personal data about individuals in accordance with the Singapore Data Protection Act (2012) and other relevant laws and requirements on private education institutions in Singapore.

As a result of the provision of your obligations under this agreement, you may have access to personal data about the organisation's employees and participants. You must (and must ensure that your employees, agents, sub-contractors and representatives will) keep all such data secure and protected against improper disclosure or use as detailed in this agreement.

Definitions:

a. ‘Personal data’ shall refer to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access and all other data deemed protected under the Personal Data Protection Act 2012

b. ‘PDPA’ shall mean the personal Data Protection Act (2012)

c. ‘the Organization’ shall mean the entity who transfers the data to be used

d. ‘the company’ shall mean the processor who agrees to accept the organization's personal data intended for processing and use in accordance with this agreement

1. Data Use

The company agrees and warrants:

a. that any personal data shared by the organization or collected by the company as a result of providing the services covered in this agreement will be used solely for the purposes of providing the service detailed in this agreement

b. that no personal data collected or shared will be used to offer or solicit further services from the individuals concerned.

c. to process the personal data only on behalf of the organization and in compliance with its instructions.

d. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law and do not violate the relevant laws of the Republic of Singapore in which the organization resides.

e. that it shall promptly notify the organization about any request for disclosure received directly from any authority or individual.

2. Data Security

The company agrees and warrants:

a. to implement appropriate security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular when the processing of data involves the transmission or storage on or within a network.

b. that it shall promptly notify the organization about any accidental or unauthorized access of the data, or any loss of the data whether leading to unauthorized access or not.

3. Data Retention - obligations after the termination of contract or services

The company agrees and warrants:

a. that on the termination of the contract or services that required data processing services, that the company shall, at the request of the organization transfer all the data transferred and copies thereof to the data exporter or shall destroy all the personal data and certify that he has done so, unless legislation imposed on the data importer prevents him from returning or destroying all or part of the data transferred. In that case the company warrants that he will guarantee the confidentiality of the personal data and will not actively process the personal data transferred anymore. Once the legal requirement for retention has passed the company warrants that it will destroy all data retained.

4. Data Correctness and Right of Correction

The company agrees and warrants:

a. to provide the organization on request all the personal details of individuals that have been collected as the result of this agreement and to amend or delete such data on request within the lifetime of the agreement.

5. Liability

a. The parties agree that if one party is held liable for a violation of the clauses committed by the other party in contravention of the PDPA,  the latter will, to the extent he is liable, indemnify the first party from any cost, charge, damages, expenses or losses it has incurred.