INTRODUCTION AND SCOPE

This Personal Data Privacy Statement (“Statement”) explains how Impetus Group IHC Pte. Ltd. and its affiliates (collectively referred to as “Impetus Group”) handle the collection, use, disclosure, processing, and safeguarding of your personal data. It applies to your use of our websites, applications, and services, as well as your interactions with us at Impetus Group’s facilities, events, and other online or offline engagements.

Our personal data protection and privacy policy is formulated in accordance with the requirements of the Personal Data Protection Act 2012 (“PDPA”). Impetus Group respects the privacy of individuals and recognises the need to treat personal data in an appropriate and lawful manner, and is committed to comply with its obligations.

By accessing or continuing to use the websites and/or services of any Impetus Group entity, you are considered to have given your consent, accepted, and agreed to be bound by the terms of this Statement, including the use of your personal data for the purposes outlined herein. This Statement serves as a supplement to, and does not override or replace, any prior consent you may have provided regarding your personal data.

This Statement is an integral part of the terms and conditions, if applicable, governing your relationship with any Impetus Group entity and should be read alongside those terms. In the event of any conflict or inconsistency between this Statement and the terms of engagement, the latter shall take precedence to the fullest extent permitted by law.

We may amend or update this Statement from time to time. You are advised to refer to our website (at www.impetusgroup.com.sg) for the latest version.

COLLECTION AND USE

1. We may collect personal data from you which we require in order for us to provide our services to you, such as but not limited to:

• your name, nationality, date of birth, gender, marital status, company name, job title, signature, personal contact number, personal email address, bank account number, employment history, and academic qualifications;
• NRIC, passport and/or other identification numbers (to the extent permissible or required by law);
• Photographs, film, closed-circuit television and/or video recording(s) of you;
• your online data when you access our website (including cookie information, your IP address, etc); and
• any information about you which you have provided us in any forms you may have submitted to us, or in other forms of interaction with you.

2. We may process and/or use the personal data for the following purposes:

• conducting regulatory checks and independence/conflict checks, due diligence and background screening;
• administering and managing our relationship with you, including, without limitation, dealing with any requests or inquiries which you may have and providing services to you (including without limitation, mandatory client due diligence checks and for processing of payments, and following up on unpaid receivables and in legal proceedings to recover receivables);
• conducting research, analysis and development activities (including without limitation, data analytics, surveys and/or profiling) to improve our services and facilities so as to enhance your relationship with us or to improve our services for your benefit;
• conducting our recruitment and selection process;
• contacting you regarding any updates, events (including seminars and/or webinars) or publications which may be of interest to you;
• managing our business and website (including without limitation, storing, hosting and/or backing up of the personal data in and/or outside Singapore);
• meeting any legal, governmental or regulatory requirements, directives and guidelines; and
• such other purposes as permitted by applicable law or with your consent.

3. We have established reasonable security arrangements to ensure that your personal data is adequately protected and secured and to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data.

4. Subject to our compliance with the PDPA and the maximum extent permitted by applicable law, we assume no responsibility for any unauthorised use of your personal data by any third party.

5. We will take reasonable efforts to ensure that personal data collected by Impetus Group is accurate and complete, if such personal data is likely to be used by us in order to make a decision affecting you and/or to be disclosed by us to another organisation. This may require that you update us of any changes in your personal data that you have provided to us on any earlier occasion. We will not be liable for relying upon incomplete and/or inaccurate personal data that you have provided to us.

6. Before sharing the personal data of another individual with us, you must obtain their consent for both the disclosure and the processing of that data in line with the terms of this Statement. If you fail to do so or if the personal data you provide is incomplete, inaccurate, or incorrect, we may not be able to offer you the services you have requested or require.

DISCLOSURE TO THIRD PARTIES

1. We will not disclose your personal data except:

• To individuals or entities for whom disclosure is necessary to provide our services to you or for the management, operation, and administration of our business, and who are similarly obliged to keep your data confidential;
• When required by law or when we believe in good faith that disclosure is necessary: (i) to our professional advisers, such as lawyers; (ii) to comply with legal requirements from courts, tribunals, regulators, government bodies, agencies, ministries, statutory boards, or other relevant authorities; (iii) to address claims that the personal data we hold infringes on the rights of third parties; or (iv) to safeguard our rights, property, or personal safety, as well as that of our clients or the public;
• Where disclosure has been authorised, agreed upon, or consented to by you.

2. We may share your personal data with our subsidiaries and affiliates (“Group Entities”) and with other third parties from time to time for the purposes and means described in this Statement. We may disclose your information to:

• Group Entities– we may share your personal data among our Group Entities for the purposes of delivery and operation of our Services, as well as fulfilling requests from you; and
• Third Party Service Providers – we may disclose your personal data to third parties who provide services, software, and content made available for use on or through our Services (including add-ons and integrated services). We endeavour to ensure that these third parties use your Personal Data only to the extent necessary to perform their functions. These third parties include business partners, suppliers, affiliates, agents and/or subcontractors for the performance of any contract we enter into with you.

RETENTION OF PERSONAL DATA

1. We have established measures such that your personal data in our possession and/or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that:

• the purpose for which the personal data was collected, is no longer being served by the retention of such personal data; and
• retention of personal data is no longer necessary for any legal purposes.

TRANSFER OF PERSONAL DATA

1. Where we are required to transfer your personal data out of Singapore for any of the abovementioned purposes, we will ascertain that the standard of protection provided to your personal data is comparable to that under the PDPA in Singapore.

REVIEW AND CORRECTION

1. If you wish to make a request to obtain a copy of your personal data that is in our possession and/or control, or make a request for your personal data to be updated or corrected, please contact our Data Protection Officer to make the relevant request. We may fulfil or reject your request in accordance with the PDPA.

2. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

3. Please allow us reasonable time to respond and/or effect any correction.

WITHDRAWAL

1. Subject to applicable laws, regulations, and professional standards, you may withdraw your consent for the collection, use, or disclosure of your personal data by providing us with reasonable written notice. However, please be aware that if you withdraw your consent, whether partially or entirely, we may no longer be able to provide you with our services. Additionally, such withdrawal may lead to the termination of any agreement you have with us.

DATA INTERMEDIARY

1. We act as a Data Intermediary when processing personal data on behalf of and for the purposes of another organisation (referred to as the “Data Controller”). Without affecting the terms of engagement agreed upon between the parties, this section applies whenever we process personal data in this capacity.

2. When acting as a Data Intermediary, we will process personal data only as necessary for the specified purposes outlined in the relevant engagement and strictly in accordance with the written instructions provided by the Data Controller. We will not process personal data for any other purpose.

3. Additionally, we will:

• Comply with applicable laws and take appropriate administrative and technical security measures to safeguard personal data in line with this Statement;
• Promptly notify the Data Controller in writing if we become aware of any accidental or unauthorized disclosure, modification, destruction, or loss of personal data (“Incident”), unless legally prohibited from doing so;
• Take reasonable and timely action to address an Incident, including investigating, mitigating its impact, and implementing necessary recovery measures; and
• Retain personal data only for as long as necessary to fulfil its intended purpose or as required by law.

4. To fulfil our obligations as a Data Intermediary, we may share personal data with our subsidiaries, affiliates, and subcontractors who require access to perform the engagement. In such cases, we will ensure they maintain strict security and confidentiality measures in accordance with this Statement.

5. At all times, the Data Controller remains accountable to individual data subjects regarding their personal data. Accordingly, the Data Controller shall:

• Ensure that personal data is lawfully obtained from the relevant individuals (including officers, employees, and contractors), has the necessary legal basis and authorisations, and is accurate and securely transmitted to us;
• Provide clear written instructions regarding the processing of personal data, with oral instructions from authorised representatives accepted only in emergencies and subject to immediate written confirmation;
• Promptly inform us in writing of any changes, errors, or omissions related to the lawful processing and use of personal data; and
• Handle and respond to any requests from individuals regarding access to or correction of their personal data and notify us as soon as reasonably possible of any such requests.

COOKIES & THIRD-PARTY LINKS

1. Our website employs cookies, which are small text files stored on your computer with your consent. Impetus Group utilises Google Analytics, and these cookies help improve the functionality of the site and track user activity.
2. By accessing our website, you agree that we can place cookies on your device.
3. Our website may contain links to external websites (e.g. LinkedIn). Please note that our Statement does not apply to such external websites and the operations you perform on those websites.
4. You can manage cookie settings through most browsers, but please note that doing so may affect your experience on this and other websites.

CONTACT US

1. If you have a complaint or require more information about how we manage your personal data, please contact our Data Protection Officer at:

Data Protection Officer
Impetus Group of Companies
11 Collyer Quay, #16-02, The Arcade, Singapore 049317
Email: enquiry@impetusgroup.com.sg