Country Addendum List

Brazil Addendum

This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Brazil. The terms set out in this Brazil Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this Brazil Addendum, this Brazil Addendum shall govern and prevail.

1. Protection of Personal Data

1.1 We will at all times keep your Personal Data confidential, unless we are required to disclose such Personal Data by court order.

1.2 The security of your Personal Data is important to us. We have adopted reasonable security practices and procedures to safeguard the Personal Data under our control against unauthorised access, disclosures and other similar risks. Access to your Personal Data is restricted to those parties who need to know such Personal Data in relation to the purposes specified in this Personal Data Protection Policy.

1.3 Whilst we will endeavour to take all reasonable and appropriate steps to keep secure any Personal Data under our control, you acknowledge and agree that we cannot provide any absolute guarantees regarding the security of your Personal Data.

China Addendum

This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in China. The terms set out in this China Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this China Addendum, this China Addendum shall govern and prevail.

1. Deletion of Personal Data

1.1 If you would like to request the deletion of your Personal Data (subject to GIC’s rights at law), please contact GIC as follows:

Email:GrpLCD_PersonalData@gic.com.sg

Call: +65 6889 8888

2. Transfer of Personal Data

2.1 You consent to us transferring all or any of your Personal Data to the parties specified in this Personal Data Protection Policy (whether located in China or overseas) for the purposes specified in this Personal Data Protection Policy (where applicable).

India Addendum

This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in India. The terms set out in this India Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this India Addendum, this India Addendum shall govern and prevail.

1. Personal Data

1.1 For the purposes of this India Addendum, references to “Personal Data ” in the Personal Data Protection Policy and this India Addendum shall be read to mean “Sensitive Personal Data or Information” (SPDI).

1.2 SPDI is defined under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 as personal information which consists of information relating to the following: (i) password; (ii) financial information such as bank account or credit card or debit card or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses; and (viii) any information received under the above clauses. “Personal information” in turn means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

1.3 Some examples of the kinds of Personal Data which we may collect about you include but are not limited to the following:

(a) Name;

(b) Birthdate;

(d) Email address;

(e) Bank account information;

(f) Other financial information;

(g) Criminal activities records;

(h) Declarations regarding financial standing;

(i) Background verification information;

(j) Biometric information; and

(k) Medical records and history.

2. Transfer of Personal Data

2.1 You consent to us transferring all or any of your Personal Data to the parties specified in this Personal Data Protection Policy (whether located in India or overseas) for the purposes specified in this Personal Data Protection Policy (where applicable).

2.2 You acknowledge that some countries to which we may transfer your Personal Data may not have data protection laws which are as stringent as the data protection laws of India. You acknowledge and agree that it is adequate that when we transfer your Personal Data to any other entity overseas, we will put in place contractual obligations on the transferee which will oblige the transferee to adhere to the same levels of data protection which are adopted by us.

3. Protection of Personal Data

3.1 The security of your Personal Data is important to us. We have adopted reasonable security practices and procedures to safeguard the Personal Data under our control against unauthorised access, disclosures and other similar risks. Access to your Personal Data is restricted to those parties who need to know such Personal Data in relation to the purposes specified in this Personal Data Protection Policy.

3.2 Whilst we will endeavour to take all reasonable and appropriate steps to keep secure any Personal Data under our control, you acknowledge and agree that we cannot provide any absolute assurance regarding the security of your Personal Data.

4. Contacting Us – Access To your Personal Data for Review

4.1 In addition to the rights granted to you in the main Personal Data Protection Policy, if you would like to obtain access to review your Personal Data, please contact the Grievance Officer at the contact details set out below.

4.2 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, GIC may not be in a position to administer any contractual relationship in place. Depending on the situation, this may also result in the termination of your employment, agreement and/or any other forms of arrangement with GIC. GIC’s legal rights and remedies in such event are expressly reserved.

5. Grievance Officer

5.1 We have appointed a Grievance Officer to address any concerns or grievances that you may have regarding any use of your Personal Data. If you have any such grievances, please write to our Grievance Officer (Head of Compliance) at: GrpLCD_PersonalData@gic.com.sg

Japan Addendum

This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Japan. The terms set out in this Japan Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this Japan Addendum, this Japan Addendum shall govern and prevail.

1. Personal Data

1.1 For the purposes of this Japan Addendum, references to “Personal Data ” in the Personal Data Protection Policy and this Japan Addendum shall, in addition to the definition set out in the main Personal Data Protection Policy, also be read to include: (1) any “Personal Identification Code”, which refers to any biometric data that identifies a specific individual, or any code uniquely assigned to an individual with respect to the receipt of goods or services, or instruments with which to purchase such goods or services, as defined in the Act on the Protection of Personal Information (Act No. 65 of 2015) (“PIPA”) Article 2, Paragraph 2; and (2) “Sensitive Information”, which means sensitive personal information or special care-required personal information, as defined in PIPA Article 2, Paragraph 3. Both defined terms (1) and (2) above are more fully defined in Annex A attached hereto.

2. Compliance with Laws

2.1 GIC (Japan) K.K. (“JPO”) shall comply with the PIPA.

3. Appropriate Acquisition and Use of Personal Data

3.1 JPO shall acquire and use Personal Data in an appropriate and fair manner.

4. Organizational Structure Concerning Personal Data

4.1 JPO shall internally develop adequate organizational structure to ensure appropriate handling of Personal Data under its control and shall respond as promptly as possible to the requests for disclosure and correction, and other inquiries received from the individuals whose Personal Data is held by us.

5. Sensitive Personal Information

GIC Group may acquire Sensitive Personal Information and provide the same to third parties identified in the Data Protection Privacy Policy including this Japan Addendum for the purposes of use set forth in Paragraph 6.2 below.

6. Publicly Announced Matters Regarding Personal Data

6.1 Name of the operator handling Personal Data

GIC (Japan) K.K.

6.2 Purpose of use of Personal Data

(1) Personal Data in general

In addition to the purposes stated in the Personal Data Protection Policy Paragraph 3.1 and 3.2, JPO uses Personal Data for the following purposes:

(a) Creation of staff register, business communication, procedures in relation to benefit packages and social insurance, and other legally required procedures;

(b) Determination and payment of salary, bonus, retirement allowance, other benefits, etc., and withholding tax procedures;

(c) Performance evaluation, decision of promotion/demotion, personnel transfer (including intercompany transfer) and decision of posting destination;

(d) Education and training, and health care for employees, etc., official commendation/ sanctions and implementation of other rules of JPO and that of GIC Pte Ltd;

(e) Outsourcing purposes, including but not limited to, receiving cloud services from a cloud data processor or subprocessor including those located outside Japan, such as (i) setting up, operating, monitoring and otherwise receiving the cloud service for human resource personal data processing, (ii) technical support, (iii) consulting services, and (iv) communication with authorised users.

(2) Individual number (also known as “My Number”)

JPO shall use individual numbers (as provided for in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures) of its employees and their dependents for the purposes below:

(a) Process related to withholding tax that is implemented by an employer under the Income Tax Act;

(b) Process related to individual residence tax that is implemented by an employer under the Local Tax Act;

(d) Process related to health insurance that is implemented by an employer under the Health Insurance Act (application/payment);

(e) Process related to employees’ pension insurance that is implemented by an employer under the Employees’ Pension Insurance Act (application);

(f) Process related to industrial accident insurance that is implemented by an employer under the Industrial Accident Compensation Insurance Act;

(g) Any process related to (a) through (f) above as well as the purposes of use indicated under Paragraph (1) and section 3.1 and 3.2 of the main policy.

6.3 Joint use

JPO shall jointly use Personal Data with joint users as follows:

(1) Personal Data items for joint use

(a) Business title, location, grade, compensation, working schedule, education level, history of internal moves and other employment contract details.

(b) Names, contact details, addresses, date of birth, marital status, gender, religion, nationality, citizenship, dependent information, passport information, details of military service (if applicable), next-of-kin details, work union membership, national insurance number or other social security details, banking information, employee ID, photos and other employment identification details, pay grade, job code, salary information, benefit election information, number and value of stock rights, educational history and employment history, travel details, corporate card number, bank details, external directorships (if any), employment satisfaction related information, performance information, photographs, videos and information necessary in relation to legal proceedings (whether prospective, pending or current), for obtaining legal advice, or otherwise for establishing, exercising or defending legal rights, which may include Personal Data.

(2) Scope of joint users

GIC Group (i.e., GIC Pte. Ltd. and any and all affiliated companies of GIC Pte. Ltd.)

(3) Purpose of joint users

a) Planning and providing the services to GIC Group entities;

b) Employment management, allocation of human resources, business communications, etc. and

c) Any and all purposes described in Paragraph 6.2 above

(4) Administrator of Personal Data for joint use
GIC (Japan) K.K.

6.4 Contact for complaints

Please address any complaints regarding JPO’s handling of Personal Data to the contact set forth in Paragraph 8.1 below.

7. Transfer of Personal Data

7.1 You consent to us transferring all or any of your Personal Data to the parties specified in this Personal Data Protection Policy (whether located in Japan or overseas) for the purposes specified in this Personal Data Protection Policy (where applicable).

7.2 JPO shall provide all of the Personal Data under its control, in order to manage such information in the cloud, to cloud operators in countries which GIC Pte.Ltd. selects by reasonably considering that legislation thereof has been adequately developed for protection of Personal Data or put in place arrangements to ensure the Personal Data will be adequately protected.

7.3 You acknowledge and agree that some countries to which we may transfer your Personal Data may not have data protection laws which are as stringent as the data protection laws of Japan. You acknowledge and agree that it is adequate that when we transfer your Personal Data to any other entity overseas, we will put in place contractual obligations on the transferee which will oblige the transferee to adhere to the same levels of data protection which are adopted by us.

8. Disclosure, Correction, Suspension of use or Deletion of your Personal Data

8.1 If you have any complaints regarding JPO’s handling of Personal Data or would like to request the disclosure, correction, suspension of use, deletion of your Personal Data (subject to our rights at law), please contact the following personnel of GIC Pte Ltd. A fee may be charged for each request:

Name: Lynn Hew Ooi Lyn
Email: lynnhew@gic.com.sg
Contact number: +65-68898377

Name: Png Seok Hooi
Email: pngseokhooi@gic.com.sg
Contact number: +65-68898820

8.2 No request for disclosure shall be accepted in any of the following cases where:

(a) JPO cannot confirm either identification of the relevant principal individual who requested the disclosure or his/her authorized proxy;

(b) JPO does not possess the Personal Data the disclosure of which was requested;

(c) The disclosure may damage life, body, property or other right and interest of the relevant individual or a third party;

(d) The disclosure may significantly disturb appropriate implementation of JPO’s business operations; or

(e) The disclosure violates any other laws and regulations.

In such cases, JPO will send a notification with the reason for non-disclosure.

9. Exemptions

The provision of the Personal Data Protection Policy Clause 6 does not apply to Personal Data used by JPO.

ANNEX A to Japan Appendum

Definitions of “Individual Identification Code” and “Sensitive Personal Information”

“Individual Identification Code” means (i) any code into which a distinguishing body part of an individual has been converted so that it may be processed by a computer and which can identify the relevant individual: or (ii) any code allocated to an individual for the purchase or use of goods or services, or that is entered or recorded on cards or other documents issued to an individual, as specified by the applicable Cabinet Order (PIPA Article 2, Paragraph 2.

The Cabinet Order specifies Individual Identification Code such as code data regarding DNA base sequence, facies, iris pattern, voice print, gait, hand and finger veins, and fingerprints, as well as passport number, pension beneficiary number, driver’s license number, residential certificate code, individual number so called “My Number”, national welfare and health insurance beneficiary number, welfare and health insurance beneficiary numbers under other Japanese special laws, membership certificate numbers of specified associations formed under Japanese special laws, employment insurance beneficiary number under the employment insurance law, and special permanent residential certificate number issued under Japanese special law regarding the immigration control of persons who renounced the Japanese nationality based on the peace treaty with Japan. (PIPA Enforcement Order Article 1, Paragraph 1).

“Sensitive Personal Information” means the following information:

(1) Race (PIPA Article 2, Paragraph 3);

(2) Creed (PIPA Article 2, Paragraph 3);

(3) Social status (PIPA Article 2, Paragraph 3);

(4) Medical history (PIPA Article 2, Paragraph 3);

(5) Criminal record (PIPA Article 2, Paragraph 3);

(6) Fact of having suffered damage by a crime (PIPA Article 2, Paragraph 3);

(7) Fact of having physical disabilities, intellectual disabilities, mental disabilities (including developmental disabilities), or other physical and mental functional disabilities prescribed in the following (PIPA Enforcement Order Article 2; PIPA Enforcement Rules Article 5):

(i) physical disabilities set forth in an appended table of the Act for Welfare of Persons with Physical Disabilities (Act No.283 of 1949)

(ii) intellectual disabilities referred to under the Act for the Welfare of Persons with Intellectual Disabilities (Act No.37 of 1960)

(iii) mental disabilities referred to under the Act for the Mental Health and Welfare of the Persons with Mental Disabilities (Act No.123 of 1950) (including developmental disabilities prescribed in Article 2, Paragraph 2 of the Act on Support for Persons with Development Disabilities, and excluding intellectual disabilities under the Act for the Welfare of Persons with Intellectual Disabilities)

(iv) a disease with no cure methods established thereof or other peculiar diseases prescribed by cabinet order under Article 4, Paragraph 1 of the Act on Comprehensive Support for Daily and Social Lives of Persons with Disabilities (Act No. 123 of 2005), disability levels of which are equivalent to those prescribed by the Minister of Health, Labor and Welfare under the said Paragraph

(8) Results of a medical check-up or other examination (hereinafter referred to as a “medical check-up etc.”) for the prevention and early detection of a disease conducted on a principal by a medical doctor or other person engaged in duties related to medicine (hereinafter referred to as a “doctor etc.”) (PIPA Enforcement Order Article 2);

(9) Fact that guidance for the improvement of the mental and physical conditions, or medical care or prescription has been given to a principal by a doctor etc. based on the results of a medical check-up etc. or for reason of disease, injury or other mental and physical changes (PIPA Enforcement Order Article 2);

(10) Fact that an arrest, search, seizure, detention, institution of prosecution or other procedures related to a criminal case have been carried out against a principal as a suspect or defendant(PIPA Enforcement Order Article 2);

(11) Fact that an investigation, measure for observation and protection, hearing and decision, protective measure or other procedures related to a juvenile protection case have been carried out against a principal as a juvenile or a person suspected thereof under Article 3, Paragraph 1 of the Juvenile Act (Act No.168 of 1948) (PIPA Enforcement Order Article 2).

Korea Addendum

This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Korea. The terms set out in this Korea Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this Korea Addendum, this Korea Addendum shall govern and prevail.

1. Purposes for the Collection, Use and Disclosure of Your Personal Data

1.1 Without prejudice to the generality of the purposes notified to you in the Personal Data Protection Policy above, we may, in addition, also collect, use and disclose the items of your Personal Data specified below for the following specified purposes.

(a) if you are a job applicant:

General Personal Data/Personal credit information

Classification	Purposes of Processing Personal Data	Items of Personal Data to be Processed
Mandatory	HR management and job assignment: recruitment, processing your application, conducting background checks and due diligence, evaluating your application, making a hiring decision, assignment to departments, transfer to affiliates, etc. Handling of tax/insurance: subscription to, maintenance, procurement, and forfeiture of, and withdrawal from social insurances (National Pension, National Health Insurance, Unemployment Insurance, Workers’ Compensation Insurance, etc.) and payment and refund of premium of concerned insurance, etc. Compliance with law/performance of contracts: performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including compliance with labor laws including the Labor Standards Act and Industrial Safety and Health Act, compliance with internal regulations of GIC, and any obligations with regard to employee health and safety pursuant to the applicable laws and regulations, etc.; compliance with foreign workers related laws and regulations; performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including issuance and delivery of the receipt and tax invoices.	Name, gender, date of birth, age, address, home telephone number, mobile phone number, e-mail address, registered identification (ID), IP address, MAC address, nationality, photo, visual information, securities account number (including the name of account holder and financial institution), veteran & patriot information (registration number, classification, grade, relationship), other information specified in a bankbook such as bank account number, name of account holder and financial institution. Educational background (school name, location, major, year of entrance and year of graduation, graduation status, GPA, etc.), work experiences (company, title, responsible area, annual salary, details of salary payment, date of commencement of previous employment and date of retirement, service period, etc.), language skills (language, score/rank and date when such score/rank was achieved, and degree of fluency). Qualification/licenses (type, date of qualification/license, issuer), education/training (name of education/training program, certificate of completion), history of awards and/or disciplinary actions received (history of promotion, awards, disciplinary actions, performance evaluation records and details). Matters related to military service (military branch, classification of military service, service period, occupational specialty). Employment history, including dates of commencement of each employment period, responsible division, title, job descriptions, type of employment (including the date of change and contents thereof), details of salary payment(monthly base salary (gross and net), annual salary (gross and net), fixed bonuses, allowances, severance payment, retroactive salary, overtime data, etc.), work performance evaluation, etc. Social insurance (status of subscription, insurance certificate number, date of acquisition, date of forfeiture, expiry date, status and period of reduction, beneficiary information, amount of benefit, etc.), group term life insurance. Tax information: income tax, severance pay tax, resident tax. Matters related to family members (information specified in the certificate of family relations including family relations, names and dates of birth), emergency contact info and addresses of family members. Personal Data/Personal credit information of the job applicant or officer concerned and/or other third parties (name, department and job title, office address, e-mail address, telephone number, fax number, log-in records, etc. of third parties). Professional Association Membership Details (e.g. Chartered Financial Analyst membership details). Character referees.
Optional	Evaluating your application, making a hiring decision. Confirm whether you conduct your financial affairs properly so as to maintain financial soundness and to avoid financial embarrassment. Obtain a declaration as to your financial soundness and monitor changes in such declaration. Use as reference materials for personnel administration, work allocation, and salary management, etc. Confirmation of persons subject to veterans’ compensation and provision of appropriate treatment. Communicating with you to inform you of changes and developments to GIC’s policies, terms and conditions and other administrative information. Sending you updates and alerts related to job applications which you may have requested for. Conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you; managing the infrastructure and business operations of GIC and complying with internal policies and procedures, including providing you with access and/or use of websites, systems and infrastructure. Conducting data analytics for the purpose of (i) system and process improvements, (ii) risk/fraud management, (iii) regulatory and compliance risk management, (iv) investment insights and (v) enhancements to human resources processes. Dispute resolution, preventing, detecting and investigating non-compliance with laws, regulations, and internal corporate policies, including fraud and financial crimes, analysing and managing other commercial risks and risks arising from GIC’s operations and investment activities. Protecting and enforcing our contractual and legal rights and obligations. Conducting audits, reviews and analysis of our internal processes.	Personal data indicated under the mandatory collection and use. History on prior refusals to applications for trade, business or professional license or restrictions thereto, prohibition or similar order in relation to financial services, dismissal or request to resign from office, employment or trust or fiduciary position, internal employment disciplinary proceedings or disqualifications from being a director or being engaged in any managerial capacity. Personal financial standing, including matters related to unsatisfied judgment debts, bankruptcy petitions or compromise or scheme of arrangement with creditors. Regulatory complaints, investigations, proceedings, warnings, convictions, sanctions, penalty, or matters relating to company or business in capacity as director or officer. Financial affairs: whether job applicant is unable to repay any debt as it falls due, whether a statutory demand has been served on job applicant, whether there is any outstanding judgment debt against job applicant, etc. Personal interests. National merits, if any.

[Unique Identification Information]

Classification	Purposes of Processing Personal Data	Items of Personal Data to be Processed
Mandatory	Handling of tax/insurance: subscription to, maintenance, procurement, and forfeiture of, and withdrawal from social insurances (National Pension, National Health Insurance, Unemployment Insurance, Workers’ Compensation Insurance, etc.) and payment and refund of premium of concerned insurance, etc. Compliance with law/performance of contracts: performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including compliance with labor laws including the Labor Standards Act and Industrial Safety and Health Act, such as performance of employment agreement, compliance with internal regulations of GIC, and any obligations with regard to employee health and safety pursuant to the applicable laws and regulations, etc. issuance of a corporate card and fuel card. HR management and job assignment: recruitment, processing your application, conducting background checks and due diligence, evaluating your application, assignment to departments, transfer to affiliates, etc. Calculation of labor statistics data.	Passport number, resident registration numbers, in the event the job applicant is a foreigner, his/her alien registration number. Driver’s license number (for positions that require a driver’s license). Unique Identification information (passport number, alien registration number, driver’s license number) of the job applicant processed or monitored by the company through data processing and communications system, data processing devices including computers and smart phones, etc., data storage media, and e-mail accounts, etc.

[Sensitive Information]

Classification	Purposes of Processing Personal Data	Items of Personal Data to be Processed
Mandatory	Medical checkup. Personnel administration. Access, review, search, monitoring and retrieval of information assets including various electronic records, etc. and the status of processing thereof for the purpose of protection of fair profits of GIC such as protection of information processed in GIC and prevention of accidents, etc.; maintenance, upgrade and inspection of the security system; issuance of access card and maintenance and management of the access system; installation, management and operation of the visual information processing system for the prevention of crime, safety of facilities and prevention of fire, etc.; prevention of crime, violation of the company rules and other illegal acts, etc. that may arise in connection with work and procurement of evidence thereof, etc.	Medical checkup results, medical certificates. Physical and/or mental disability, types and level of disability, (if applicable) disabled registration number, registered matters of disability, information related to illness and injury(medical treatment information). Health information, criminal records of the job applicant concerned.
Optional	Personnel administration and improvement of working environment, etc.	Body measurements (height, weight, chest measurement, eyesight, hearing).

(b) if you are an employee, officer or owner of an external service provider or vendor

General Personal Data/Personal credit information

Classification	Purposes of Processing Personal Data	Items of Personal Data to be Processed
Mandatory	Vendor management: processing applications, conducting background checks and due diligence, evaluating your application, managing the vendor relationship, including creating and maintaining the profiles of GIC’s vendors and service providers in the systems databases etc. Compliance with law/performance of contracts: performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including compliance with labor laws including the Labor Standards Act and Industrial Safety and Health Act, compliance with internal regulations of GIC; compliance with foreign workers related laws and regulations; performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including issuance and delivery of the receipt and tax invoices. Handling of tax/insurance: subscription to, maintenance, procurement, and forfeiture of, and withdrawal from such insurance as may be required.	Name, gender, date of birth, age, address, home telephone number, mobile phone number, e-mail address, registered identification (ID), nationality, photo, visual information. Personal Data/Personal credit information of the individual concerned (name, department and job title, office address, e-mail address, telephone number, fax number, log-in records, etc.).
Optional	Confirm whether you conduct your financial affairs properly so as to maintain financial soundness and to avoid financial embarrassment. Obtain a declaration as to your financial soundness and monitor changes in such declaration. Use as reference materials for vendor administration and management. Communicating with you to inform you of changes and developments to GIC’s policies, terms and conditions and other administrative information. Managing project tenders and quotations, processing orders or managing the supply of goods and services. Creating and maintaining profiles of our service providers and vendors in our system database. Processing and payment of vendor invoices and bills. Conducting data analytics for the purpose of (i) system and process improvements, (ii) risk/fraud management, (iii) regulatory and compliance risk management, (iv) investment insights and (v) enhancements to human resources processes. Dispute resolution, preventing, detecting and investigating non-compliance with laws, regulations, and internal corporate policies, including fraud and financial crimes, analysing and managing other commercial risks and risks arising from GIC’s operations and investment activities. Protecting and enforcing our contractual and legal rights and obligations. Conducting audits, reviews and analysis of our internal processes.	Personal data indicated under the mandatory collection and use. Financial affairs: whether individual is unable to repay any debt as it falls due, whether a statutory demand has been served on individual, whether there is any outstanding judgment debt against individual, etc.

[Unique Identification Information]

Classification	Purposes of Processing Personal Data	Items of Personal Data to be Processed
Mandatory	Handling of tax/insurance: subscription to, maintenance, procurement, and forfeiture of, and withdrawal from such insurance as may be required. Compliance with law/performance of contracts: performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including compliance with labor laws including the Labor Standards Act and Industrial Safety and Health Act, compliance with internal regulations of GIC; compliance with foreign workers related laws and regulations; performance of any and all legal and administrative obligations imposed on GIC by the applicable laws and regulations, including issuance and delivery of the receipt and tax invoices.	Passport number, resident registration numbers, in the event the individual is a foreigner, his/her alien registration number. Unique Identification information (passport number, alien registration number, driver’s license number) of individual.

2. Processing, Retention and Destruction of Personal Data

2.1 GIC will immediately destroy Personal Data when the purposes of processing such Personal Data are accomplished/ completed, in accordance with GIC’s record retention policy, unless the applicable laws and regulations require GIC to preserve such Personal Data.

3. Procedures and Methods of Destroying Personal Data

3.1 GIC will select Personal Data for which the retention period has expired and then destroy such Personal Data in accordance with GIC’s internal policies.

3.2 When GIC destroys Personal Data, it will implement measures to ensure, to the best of its ability, that the information is not restored or regenerated.

3.3 If GIC has to retain Personal Data instead of destroying it, GIC will store and manage such Personal Data or such Personal Data file separately from other Personal Data.

3.4 If the Personal Data that needs to be destroyed is in the form of electronic file, GIC will delete such information and such information will not be restored or regenerated unless required by applicable law or regulation. Any other document, printout, letter and other recorded media will be destroyed by incinerating or shredding them into pieces.

4. Disclosure of Personal Data

4.1 Without prejudice to the general list of third parties to whom your Personal Data may be disclosed as set out in this Personal Data Protection Policy, GIC may, in addition, transfer your Personal Data to the following third parties as summarised below.

(a) if you are job applicant:

General Personal Data – Mandatory

Recipient Name	Country where Recipient is Located	Recipient’s Purpose of Using the Personal Data	Items of Personal Data to be Transferred	Period of Retention and Use by Recipient
GIC PRIVATE LIMITED and affiliates (including GIC REAL ESTATE PRIVATE LIMITED, GIC SPECIAL INVESTMENTS PRIVATE LIMITED, and GIC ASSET MANAGEMENT PRIVATE LIMITED)	Various*	To fulfill of administrative/regulatory requirements Personnel management	All items of general Personal Data / personal credit information collected by GIC as above	Until the purposes of using the Personal Data are attained
SAP ASIA PTE LTD	Various**	Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC	All items of general Personal Data / personal credit information collected by GIC as above	Until the purposes of using the Personal Data are attained
Symphony Communication Services, LLC	Various***	Operating and managing servers that store the unique identification information collected by GIC and providing technical support to GIC	All items of unique identification information collected by GIC as above	Until the purposes of using the unique identification information are attained
Microsoft Operations Pte Ltd	Various****	Operating and managing servers that store the Personal Data collected by GIC and providing technical support to GIC	All items of general Personal Data / personal credit information collected by GIC as above	Until the purposes of using the Personal Data are attained

* GIC has been transferring sensitive information to third party recipients including GIC headquarters/affiliates. Please see http://www.gic.com.sg/contact-us for information on the GIC headquarters/affiliates

** SAP ASIA Pte Ltd has various affiliates and subsidiaries assisting with the processing of sensitive information. For more information, please see https://www.sap.com/corporate/en/company/office-locations.html

*** Symphony Communication Services, LLC has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://symphony.com/contact-us

**** Microsoft Operations Pte Ltd has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://www.microsoft.com/en-us/about/officelocator/all-offices

Unique Identification Information – Mandatory

Recipient Name	Country where Recipient is Located	Recipient’s Purpose of Using the Unique Identification Information	Items of Unique Identification Information to be Transferred	Period of Retention and Use by Recipient
GIC PRIVATE LIMITED and affiliates(including GIC REAL ESTATE PRIVATE LIMITED, GIC SPECIAL INVESTMENTS PRIVATE LIMITED, and GIC ASSET MANAGEMENT PRIVATE LIMITED)	Various*	To fulfill of administrative/regulatory requirements Personnel management	All items of unique identification information collected by GIC as above	Until the purposes of using the unique identification information are attained
SAP ASIA PTE LTD	Various**	Operating and managing the server that stores the unique identification information collected by GIC and providing technical support to GIC	All items of unique identification information collected by GIC as above	Until the purposes of using the unique identification information are attained
Symphony Communication Services, LLC	Various***	Operating and managing servers that store the unique identification information collected by GIC and providing technical support to GIC	All items of unique identification information collected by GIC as above	Until the purposes of using the unique identification information are attained
Microsoft Operations Pte Ltd	Various****	Operating and managing servers that store the unique identification information collected by GIC and providing technical support to GIC	All items of unique identification information collected by GIC as above	Until the purposes of using the unique identification information are attained

* GIC has been transferring sensitive information to third party recipients including GIC headquarters/affiliates. Please see http://www.gic.com.sg/contact for information on the GIC headquarters/affiliates

*** Symphony Communication Services, LLC has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://symphony.com/contact-us

Sensitive Information – Mandatory

Recipient Name	Country where Recipient is Located	Recipient’s Purpose of Using the Sensitive Information	Items of Sensitive Information to be Transferred	Period of Retention and Use by Recipient
GIC PRIVATE LIMITED and affiliates(including GIC REAL ESTATE PRIVATE LIMITED, GIC SPECIAL INVESTMENTS PRIVATE LIMITED, and GIC ASSET MANAGEMENT PRIVATE LIMITED)*	Various*	To fulfill of administrative/regulatory requirements Personnel management	All items of sensitive information collected by GIC as above	Until the purposes of using the sensitive information are attained
SAP ASIA PTE LTD**	Various	Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC	All items of sensitive information collected by GIC as above	Until the purposes of using the sensitive information are attained
Symphony Communication Services, LLC	Various	Operating and managing servers that store the Personal Data collected by GIC and providing technical support to GIC	All items of sensitive information collected by GIC as above	Until the purposes of using the sensitive information are attained
Microsoft Operations Pte Ltd	Various	Operating and managing servers that store the Personal Data collected by GIC and providing technical support to GIC	All items of sensitive information collected by GIC as above	Until the purposes of using the sensitive information are attained

*** Symphony Communication Services, LLC has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://symphony.com/contact-us

5. Delegation of Personal Data Processing Services

5.1 GIC delegates Personal Data processing services as follows and will notify any changes in the delegatees and the details of delegated services through this Korea Addendum.

Delegatee	Details of Delegated Services
GIC PRIVATE LIMITED	Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship
GIC REAL ESTATE PRIVATE LIMITED	Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship
GIC SPECIAL INVESTMENTS PRIVATE LIMITED	Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship
GIC ASSET MANAGEMENT PRIVATE LIMITED	Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship
SAP ASIA PTE LTD	Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC
Symphony Communication Services, LLC	Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC
Microsoft Operations Pte Ltd	Operating and managing the servers that store the Personal Data collected by GIC and providing technical support to GIC

6. Protection of Personal Data

6.1 The security of your Personal Data is important to us. In accordance with privacy laws, we have adopted reasonable security practices and procedures to safeguard the Personal Data under our control against unauthorised access, disclosures and other similar risks. Access to your Personal Data is restricted to those parties who need to know such Personal Data in relation to the purposes specified in this Personal Data Protection Policy.

6.2 While we will endeavour to take all reasonable and appropriate steps to keep secure any Personal Data under our control, you acknowledge and agree that we cannot provide any absolute guarantees regarding the security of your Personal Data.

7. Deletion of Personal Data; Suspension of Processing of Personal Data

7.1 In addition to the rights granted under the main Personal Data Protection Policy, if you would like to request the deletion of your Personal Data or the suspension of the processing of your Personal Data or would like to contact us with complaints or to seek relief regarding your Personal Data (subject to our rights at law), please contact GIC as follows:

Department : Legal and Compliance
Email: GrpLCD_PersonalData@gic.com.sg
Number: +65 6889 8888

7.2 In any of the following cases, GIC may refuse the request for suspension of processing of Personal Data made by an individual:

(a) if there is a special provision in law or if denying the request is necessary to comply with legal obligations;

(b) if such an act is likely to inflict damages upon another person’s life or body or unfairly infringe upon another person’s property and other rights; or

(c) if performing the contract becomes difficult (i.e. unable to provide the agreed services) unless the Personal Data is processed, and the individuals have not expressed a clear intention to terminate such contract.

UK Addendum

This addendum to the Personal Data Protection Policy applies to you if your Personal Data (as defined in Clause 1.1(a) of the Personal Data Protection Policy) is being collected, used, disclosed or processed by us in the UK. The terms set out in this UK Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this UK Addendum, this UK Addendum shall govern and prevail.

1. General

1.1 For the purposes of the Data Protection Act 1998, the data controllers of your Personal Data will be your employer or the entity you have submitted a job application to, which will be GIC Private Limited, GIC (London) Private Limited or GIC Real Estate International Pte Ltd, London Office (collectively termed as “GIC” in this UK Addendum). GIC Private Limited (where GIC’s Head Office is located), may also be a joint data controller of your Personal Data.

1.2 For the purposes of this UK Addendum, references to “Personal Data ” in the Personal Data Protection Policy and “Personal Data” in this UK Addendum shall, in addition to the definition set out in the main Personal Data Protection Policy, also be read to include “Sensitive Personal Data” and “Special Categories of Personal Data” under the GDPR. “Sensitive Personal Data” are personal data revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade-union membership; data concerning health or sex life or the commission of, or proceedings relating to any criminal offence. “Special Categories of Personal Data” are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

2. Purposes for the Collection, Use and Disclosure of Your Personal Data

2.1 GIC may collect, use, disclose and process your Personal Data for the purposes set out in paragraphs 3.1 and 3.2 of the main Personal Data Protection Policy.

2.2 The legal basis for GIC’s processing of such Personal Data is that it is necessary for the legitimate interest pursued by GIC or a third party which is described in the relevant paragraph in 3.1 or 3.2 of the main Personal Data Protection Policy. This may include GIC’s internal business operations and administrative purposes, fraud prevention, ensuring network and information security, reporting possible criminal acts or threats to public security and/or managing the relationship between GIC and the data subject.

2.3 In some cases, the provision of your Personal Data may be a statutory and/or a contractual requirement, or may be necessary to enter into a contract.

2.4 In many cases, you will be obliged to provide your Personal Data to us, because we will need it in order to manage your employment relationship or to process your job application. For example, if you do not provide us with your bank payment details, we may not be able to process your salary. However, there may be some instances where the provision of your Personal Data is voluntary and we will notify you of this at the point of data collection.

3. Sensitive Personal Data

3.1 In addition, GIC may also, where permitted under applicable law, collect, use and/or disclose the following categories of Sensitive Personal Data for the following purposes, depending on the nature of our relationship with you (unless otherwise stated, these data have been obtained directly from you).

(a) If you are a job applicant:

Type of Personal Data

Obtained from

Purpose /Legal basis

Data relating to proceedings for any criminal offences or details of criminal convictions

Companies which provide background check services, due diligence agents

Processing is necessary for the purposes of performing an obligation and/or exercising specific rights of the controller in the field of employment law (DPA) or is authorised by EU or UK law (GDPR).

Processing is required as part of our background checks conducted during employee enrolment and where the offences searched for are relevant to the role you is applying for.

On an ongoing basis, further checks on such data may be carried out by us if there are any acts of misconduct, disciplinary proceedings, investigations or criminal proceedings involving or relating to you or which would otherwise require further investigations into your Personal Data.

Data concerning the health of job applicants during enrolment as an employee of GIC

Data subject, clinic for the pre-employment health check

Processing is required for health and safety reasons in order for GIC to comply with an obligation or to exercise a right in connection with employment.

4. Transfer of Personal Data

4.1 Your Personal Data will be stored in external servers located in Australia, Singapore, Hong Kong, Germany and Netherlands. We may also transfer your Personal Data for the purposes stated in this Personal Data Protection Policy to parties located in other countries and territories outside the UK or outside the EEA (e.g. to the GIC head office in Singapore). Where your Personal Data is transferred to locations outside the EEA, we have entered into a special type of contract (called Model Clauses) with the recipients of your Personal Data to ensure that they will provide adequate levels of protection for your Personal Data. The transfer of Personal Data within GIC entities are also governed by our intra-group transfer agreement which abides by the Model Clauses requirement If you wish, you may request for more information about the transfers of your Personal Data and/or a copy of the Model Clauses by contacting the Legal and Compliance Department who can provide the relevant information.

5. Retention of Personal Data

5.1 We may retain your Personal Data for as long as it is necessary for the purposes it has been collected and as required by applicable law. Where we no longer require your Personal Data for those purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.

6. Security

6.1 We maintain appropriate administrative, technical and physical safeguards to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

7. Cookies

7.1 Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our sites, and also allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy at this link.

8. Your Rights

8.1 You have the following rights under applicable data protection laws which can be exercised by contacting us at the contact details below:

(a) To ask us not to process your Personal Data for marketing purposes;

(b) To access Personal Data held about you and to obtain a copy of it;

(c) To prevent any processing of Personal Data that is causing or is likely to cause unwarranted and substantial damage or distress to you or another individual;

(d) To obtain without undue delay the rectification or completion of Personal Data which are inaccurate or incomplete;

(e) To restrict or object to the processing of your Personal Data and to request its erasure under certain circumstances;

(f) To receive your Personal Data, which you have provided to us, in a structured, commonly-used and machine readable format and the right to transmit that data to another data controller without hindrance, or to have that Personal Data transmitted to another data controller, where technically feasible;

(g) To be informed about any use of your Personal Data to make automated decisions about you, and to obtain meaningful information about the logic involved, as well as the significance and the envisaged consequences of this processing; and

(h) To lodge a complaint about the way in which your Personal Data is being used with a supervisory authority.

8.2 GIC’s contact details are as follows:

Name: Brian Guthrie
Email: GrpLCD_PersonalData@gic.com.sg
Number: +44-207-7253732

8.3 Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time.