Country Addendum List
Brazil Addendum
This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Brazil. The terms set out in this Brazil Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this Brazil Addendum, this Brazil Addendum shall govern and prevail.
1. Protection of Personal Data
1.1 We will at all times keep your Personal Data confidential, unless we are required to disclose such Personal Data by court order.
1.2 The security of your Personal Data is important to us. We have adopted reasonable security practices and procedures to safeguard the Personal Data under our control against unauthorised access, disclosures and other similar risks. Access to your Personal Data is restricted to those parties who need to know such Personal Data in relation to the purposes specified in this Personal Data Protection Policy.
1.3 Whilst we will endeavour to take all reasonable and appropriate steps to keep secure any Personal Data under our control, you acknowledge and agree that we cannot provide any absolute guarantees regarding the security of your Personal Data.
China Addendum
This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in China. The terms set out in this China Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this China Addendum, this China Addendum shall govern and prevail.
1. Deletion of Personal Data
1.1 If you would like to request the deletion of your Personal Data (subject to GIC’s rights at law), please contact GIC as follows:
Email:GrpLCD_PersonalData@gic.com.sg
Call: +65 6889 8888
2. Transfer of Personal Data
2.1 You consent to us transferring all or any of your Personal Data to the parties specified in this Personal Data Protection Policy (whether located in China or overseas) for the purposes specified in this Personal Data Protection Policy (where applicable).
India Addendum
This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in India. The terms set out in this India Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this India Addendum, this India Addendum shall govern and prevail.
1. Personal Data
1.1 For the purposes of this India Addendum, references to “Personal Data ” in the Personal Data Protection Policy and this India Addendum shall be read to mean “Sensitive Personal Data or Information” (SPDI).
1.2 SPDI is defined under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 as personal information which consists of information relating to the following: (i) password; (ii) financial information such as bank account or credit card or debit card or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses; and (viii) any information received under the above clauses. “Personal information” in turn means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
1.3 Some examples of the kinds of Personal Data which we may collect about you include but are not limited to the following:
(a) Name;
(b) Birthdate;
(c) Passwords;
(d) Email address;
(e) Bank account information;
(f) Other financial information;
(g) Criminal activities records;
(h) Declarations regarding financial standing;
(i) Background verification information;
(j) Biometric information; and
(k) Medical records and history.
2. Transfer of Personal Data
2.1 You consent to us transferring all or any of your Personal Data to the parties specified in this Personal Data Protection Policy (whether located in India or overseas) for the purposes specified in this Personal Data Protection Policy (where applicable).
2.2 You acknowledge that some countries to which we may transfer your Personal Data may not have data protection laws which are as stringent as the data protection laws of India. You acknowledge and agree that it is adequate that when we transfer your Personal Data to any other entity overseas, we will put in place contractual obligations on the transferee which will oblige the transferee to adhere to the same levels of data protection which are adopted by us.
3. Protection of Personal Data
3.1 The security of your Personal Data is important to us. We have adopted reasonable security practices and procedures to safeguard the Personal Data under our control against unauthorised access, disclosures and other similar risks. Access to your Personal Data is restricted to those parties who need to know such Personal Data in relation to the purposes specified in this Personal Data Protection Policy.
3.2 Whilst we will endeavour to take all reasonable and appropriate steps to keep secure any Personal Data under our control, you acknowledge and agree that we cannot provide any absolute assurance regarding the security of your Personal Data.
4. Contacting Us – Access To your Personal Data for Review
4.1 In addition to the rights granted to you in the main Personal Data Protection Policy, if you would like to obtain access to review your Personal Data, please contact the Grievance Officer at the contact details set out below.
4.2 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, GIC may not be in a position to administer any contractual relationship in place. Depending on the situation, this may also result in the termination of your employment, agreement and/or any other forms of arrangement with GIC. GIC’s legal rights and remedies in such event are expressly reserved.
5. Grievance Officer
5.1 We have appointed a Grievance Officer to address any concerns or grievances that you may have regarding any use of your Personal Data. If you have any such grievances, please write to our Grievance Officer (Head of Compliance) at: GrpLCD_PersonalData@gic.com.sg
Japan Addendum
This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Japan. The terms set out in this Japan Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this Japan Addendum, this Japan Addendum shall govern and prevail.
1. Personal Data
1.1 For the purposes of this Japan Addendum, references to “Personal Data ” in the Personal Data Protection Policy and this Japan Addendum shall, in addition to the definition set out in the main Personal Data Protection Policy, also be read to include: (1) any “Personal Identification Code”, which refers to any biometric data that identifies a specific individual, or any code uniquely assigned to an individual with respect to the receipt of goods or services, or instruments with which to purchase such goods or services, as defined in the Act on the Protection of Personal Information (Act No. 65 of 2015) (“PIPA”) Article 2, Paragraph 2; and (2) “Sensitive Information”, which means sensitive personal information or special care-required personal information, as defined in PIPA Article 2, Paragraph 3. Both defined terms (1) and (2) above are more fully defined in Annex A attached hereto.
2. Compliance with Laws
2.1 GIC (Japan) K.K. (“JPO”) shall comply with the PIPA.
3. Appropriate Acquisition and Use of Personal Data
3.1 JPO shall acquire and use Personal Data in an appropriate and fair manner.
4. Organizational Structure Concerning Personal Data
4.1 JPO shall internally develop adequate organizational structure to ensure appropriate handling of Personal Data under its control and shall respond as promptly as possible to the requests for disclosure and correction, and other inquiries received from the individuals whose Personal Data is held by us.
5. Sensitive Personal Information
GIC Group may acquire Sensitive Personal Information and provide the same to third parties identified in the Data Protection Privacy Policy including this Japan Addendum for the purposes of use set forth in Paragraph 6.2 below.
6. Publicly Announced Matters Regarding Personal Data
6.1 Name of the operator handling Personal Data
GIC (Japan) K.K.
6.2 Purpose of use of Personal Data
(1) Personal Data in general
In addition to the purposes stated in the Personal Data Protection Policy Paragraph 3.1 and 3.2, JPO uses Personal Data for the following purposes:
(a) Creation of staff register, business communication, procedures in relation to benefit packages and social insurance, and other legally required procedures;
(b) Determination and payment of salary, bonus, retirement allowance, other benefits, etc., and withholding tax procedures;
(c) Performance evaluation, decision of promotion/demotion, personnel transfer (including intercompany transfer) and decision of posting destination;
(d) Education and training, and health care for employees, etc., official commendation/ sanctions and implementation of other rules of JPO and that of GIC Pte Ltd;
(e) Outsourcing purposes, including but not limited to, receiving cloud services from a cloud data processor or subprocessor including those located outside Japan, such as (i) setting up, operating, monitoring and otherwise receiving the cloud service for human resource personal data processing, (ii) technical support, (iii) consulting services, and (iv) communication with authorised users.
(2) Individual number (also known as “My Number”)
JPO shall use individual numbers (as provided for in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures) of its employees and their dependents for the purposes below:
(a) Process related to withholding tax that is implemented by an employer under the Income Tax Act;
(b) Process related to individual residence tax that is implemented by an employer under the Local Tax Act;
(c) Process related to employment insurance that is implemented by an employer under the Employment Insurance Act;
(d) Process related to health insurance that is implemented by an employer under the Health Insurance Act (application/payment);
(e) Process related to employees’ pension insurance that is implemented by an employer under the Employees’ Pension Insurance Act (application);
(f) Process related to industrial accident insurance that is implemented by an employer under the Industrial Accident Compensation Insurance Act;
(g) Any process related to (a) through (f) above as well as the purposes of use indicated under Paragraph (1) and section 3.1 and 3.2 of the main policy.
6.3 Joint use
JPO shall jointly use Personal Data with joint users as follows:
(1) Personal Data items for joint use
(a) Business title, location, grade, compensation, working schedule, education level, history of internal moves and other employment contract details.
(b) Names, contact details, addresses, date of birth, marital status, gender, religion, nationality, citizenship, dependent information, passport information, details of military service (if applicable), next-of-kin details, work union membership, national insurance number or other social security details, banking information, employee ID, photos and other employment identification details, pay grade, job code, salary information, benefit election information, number and value of stock rights, educational history and employment history, travel details, corporate card number, bank details, external directorships (if any), employment satisfaction related information, performance information, photographs, videos and information necessary in relation to legal proceedings (whether prospective, pending or current), for obtaining legal advice, or otherwise for establishing, exercising or defending legal rights, which may include Personal Data.
(2) Scope of joint users
GIC Group (i.e., GIC Pte. Ltd. and any and all affiliated companies of GIC Pte. Ltd.)
(3) Purpose of joint users
a) Planning and providing the services to GIC Group entities;
b) Employment management, allocation of human resources, business communications, etc. and
c) Any and all purposes described in Paragraph 6.2 above
(4) Administrator of Personal Data for joint use
GIC (Japan) K.K.
6.4 Contact for complaints
Please address any complaints regarding JPO’s handling of Personal Data to the contact set forth in Paragraph 8.1 below.
7. Transfer of Personal Data
7.1 You consent to us transferring all or any of your Personal Data to the parties specified in this Personal Data Protection Policy (whether located in Japan or overseas) for the purposes specified in this Personal Data Protection Policy (where applicable).
7.2 JPO shall provide all of the Personal Data under its control, in order to manage such information in the cloud, to cloud operators in countries which GIC Pte.Ltd. selects by reasonably considering that legislation thereof has been adequately developed for protection of Personal Data or put in place arrangements to ensure the Personal Data will be adequately protected.
7.3 You acknowledge and agree that some countries to which we may transfer your Personal Data may not have data protection laws which are as stringent as the data protection laws of Japan. You acknowledge and agree that it is adequate that when we transfer your Personal Data to any other entity overseas, we will put in place contractual obligations on the transferee which will oblige the transferee to adhere to the same levels of data protection which are adopted by us.
8. Disclosure, Correction, Suspension of use or Deletion of your Personal Data
8.1 If you have any complaints regarding JPO’s handling of Personal Data or would like to request the disclosure, correction, suspension of use, deletion of your Personal Data (subject to our rights at law), please contact the following personnel of GIC Pte Ltd. A fee may be charged for each request:
Name: Lynn Hew Ooi Lyn
Email: lynnhew@gic.com.sg
Contact number: +65-68898377
Name: Png Seok Hooi
Email: pngseokhooi@gic.com.sg
Contact number: +65-68898820
8.2 No request for disclosure shall be accepted in any of the following cases where:
(a) JPO cannot confirm either identification of the relevant principal individual who requested the disclosure or his/her authorized proxy;
(b) JPO does not possess the Personal Data the disclosure of which was requested;
(c) The disclosure may damage life, body, property or other right and interest of the relevant individual or a third party;
(d) The disclosure may significantly disturb appropriate implementation of JPO’s business operations; or
(e) The disclosure violates any other laws and regulations.
In such cases, JPO will send a notification with the reason for non-disclosure.
9. Exemptions
The provision of the Personal Data Protection Policy Clause 6 does not apply to Personal Data used by JPO.
ANNEX A to Japan Appendum
Definitions of “Individual Identification Code” and “Sensitive Personal Information”
“Individual Identification Code” means (i) any code into which a distinguishing body part of an individual has been converted so that it may be processed by a computer and which can identify the relevant individual: or (ii) any code allocated to an individual for the purchase or use of goods or services, or that is entered or recorded on cards or other documents issued to an individual, as specified by the applicable Cabinet Order (PIPA Article 2, Paragraph 2.
The Cabinet Order specifies Individual Identification Code such as code data regarding DNA base sequence, facies, iris pattern, voice print, gait, hand and finger veins, and fingerprints, as well as passport number, pension beneficiary number, driver’s license number, residential certificate code, individual number so called “My Number”, national welfare and health insurance beneficiary number, welfare and health insurance beneficiary numbers under other Japanese special laws, membership certificate numbers of specified associations formed under Japanese special laws, employment insurance beneficiary number under the employment insurance law, and special permanent residential certificate number issued under Japanese special law regarding the immigration control of persons who renounced the Japanese nationality based on the peace treaty with Japan. (PIPA Enforcement Order Article 1, Paragraph 1).
“Sensitive Personal Information” means the following information:
(1) Race (PIPA Article 2, Paragraph 3);
(2) Creed (PIPA Article 2, Paragraph 3);
(3) Social status (PIPA Article 2, Paragraph 3);
(4) Medical history (PIPA Article 2, Paragraph 3);
(5) Criminal record (PIPA Article 2, Paragraph 3);
(6) Fact of having suffered damage by a crime (PIPA Article 2, Paragraph 3);
(7) Fact of having physical disabilities, intellectual disabilities, mental disabilities (including developmental disabilities), or other physical and mental functional disabilities prescribed in the following (PIPA Enforcement Order Article 2; PIPA Enforcement Rules Article 5):
(i) physical disabilities set forth in an appended table of the Act for Welfare of Persons with Physical Disabilities (Act No.283 of 1949)
(ii) intellectual disabilities referred to under the Act for the Welfare of Persons with Intellectual Disabilities (Act No.37 of 1960)
(iii) mental disabilities referred to under the Act for the Mental Health and Welfare of the Persons with Mental Disabilities (Act No.123 of 1950) (including developmental disabilities prescribed in Article 2, Paragraph 2 of the Act on Support for Persons with Development Disabilities, and excluding intellectual disabilities under the Act for the Welfare of Persons with Intellectual Disabilities)
(iv) a disease with no cure methods established thereof or other peculiar diseases prescribed by cabinet order under Article 4, Paragraph 1 of the Act on Comprehensive Support for Daily and Social Lives of Persons with Disabilities (Act No. 123 of 2005), disability levels of which are equivalent to those prescribed by the Minister of Health, Labor and Welfare under the said Paragraph
(8) Results of a medical check-up or other examination (hereinafter referred to as a “medical check-up etc.”) for the prevention and early detection of a disease conducted on a principal by a medical doctor or other person engaged in duties related to medicine (hereinafter referred to as a “doctor etc.”) (PIPA Enforcement Order Article 2);
(9) Fact that guidance for the improvement of the mental and physical conditions, or medical care or prescription has been given to a principal by a doctor etc. based on the results of a medical check-up etc. or for reason of disease, injury or other mental and physical changes (PIPA Enforcement Order Article 2);
(10) Fact that an arrest, search, seizure, detention, institution of prosecution or other procedures related to a criminal case have been carried out against a principal as a suspect or defendant(PIPA Enforcement Order Article 2);
(11) Fact that an investigation, measure for observation and protection, hearing and decision, protective measure or other procedures related to a juvenile protection case have been carried out against a principal as a juvenile or a person suspected thereof under Article 3, Paragraph 1 of the Juvenile Act (Act No.168 of 1948) (PIPA Enforcement Order Article 2).
Korea Addendum
This addendum to the Personal Data Protection Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Korea. The terms set out in this Korea Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this Korea Addendum, this Korea Addendum shall govern and prevail.
1. Purposes for the Collection, Use and Disclosure of Your Personal Data
1.1 Without prejudice to the generality of the purposes notified to you in the Personal Data Protection Policy above, we may, in addition, also collect, use and disclose the items of your Personal Data specified below for the following specified purposes.
(a) if you are a job applicant:
General Personal Data/Personal credit information
Classification | Purposes of Processing Personal Data | Items of Personal Data to be Processed |
Mandatory |
|
|
Optional |
|
|
[Unique Identification Information]
Classification | Purposes of Processing Personal Data | Items of Personal Data to be Processed |
Mandatory |
|
|
[Sensitive Information]
Classification | Purposes of Processing Personal Data | Items of Personal Data to be Processed |
Mandatory |
|
|
Optional |
|
|
(b) if you are an employee, officer or owner of an external service provider or vendor
General Personal Data/Personal credit information
Classification | Purposes of Processing Personal Data | Items of Personal Data to be Processed |
Mandatory |
|
|
Optional |
|
|
[Unique Identification Information]
Classification | Purposes of Processing Personal Data | Items of Personal Data to be Processed |
Mandatory |
|
|
2. Processing, Retention and Destruction of Personal Data
2.1 GIC will immediately destroy Personal Data when the purposes of processing such Personal Data are accomplished/ completed, in accordance with GIC’s record retention policy, unless the applicable laws and regulations require GIC to preserve such Personal Data.
3. Procedures and Methods of Destroying Personal Data
3.1 GIC will select Personal Data for which the retention period has expired and then destroy such Personal Data in accordance with GIC’s internal policies.
3.2 When GIC destroys Personal Data, it will implement measures to ensure, to the best of its ability, that the information is not restored or regenerated.
3.3 If GIC has to retain Personal Data instead of destroying it, GIC will store and manage such Personal Data or such Personal Data file separately from other Personal Data.
3.4 If the Personal Data that needs to be destroyed is in the form of electronic file, GIC will delete such information and such information will not be restored or regenerated unless required by applicable law or regulation. Any other document, printout, letter and other recorded media will be destroyed by incinerating or shredding them into pieces.
4. Disclosure of Personal Data
4.1 Without prejudice to the general list of third parties to whom your Personal Data may be disclosed as set out in this Personal Data Protection Policy, GIC may, in addition, transfer your Personal Data to the following third parties as summarised below.
(a) if you are job applicant:
General Personal Data – Mandatory
Recipient Name | Country where Recipient is Located | Recipient’s Purpose of Using the Personal Data | Items of Personal Data to be Transferred | Period of Retention and Use by Recipient |
GIC PRIVATE LIMITED and affiliates (including GIC REAL ESTATE PRIVATE LIMITED, GIC SPECIAL INVESTMENTS PRIVATE LIMITED, and GIC ASSET MANAGEMENT PRIVATE LIMITED) | Various* |
|
All items of general Personal Data / personal credit information collected by GIC as above | Until the purposes of using the Personal Data are attained |
SAP ASIA PTE LTD | Various** | Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC | All items of general Personal Data / personal credit information collected by GIC as above | Until the purposes of using the Personal Data are attained |
Symphony Communication Services, LLC | Various*** | Operating and managing servers that store the unique identification information collected by GIC and providing technical support to GIC | All items of unique identification information collected by GIC as above | Until the purposes of using the unique identification information are attained |
Microsoft Operations Pte Ltd | Various**** | Operating and managing servers that store the Personal Data collected by GIC and providing technical support to GIC | All items of general Personal Data / personal credit information collected by GIC as above | Until the purposes of using the Personal Data are attained |
* GIC has been transferring sensitive information to third party recipients including GIC headquarters/affiliates. Please see http://www.gic.com.sg/contact-us for information on the GIC headquarters/affiliates
** SAP ASIA Pte Ltd has various affiliates and subsidiaries assisting with the processing of sensitive information. For more information, please see https://www.sap.com/corporate/en/company/office-locations.html
*** Symphony Communication Services, LLC has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://symphony.com/contact-us
**** Microsoft Operations Pte Ltd has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://www.microsoft.com/en-us/about/officelocator/all-offices
Unique Identification Information – Mandatory
Recipient Name | Country where Recipient is Located | Recipient’s Purpose of Using the Unique Identification Information | Items of Unique Identification Information to be Transferred | Period of Retention and Use by Recipient |
GIC PRIVATE LIMITED and affiliates(including GIC REAL ESTATE PRIVATE LIMITED, GIC SPECIAL INVESTMENTS PRIVATE LIMITED, and GIC ASSET MANAGEMENT PRIVATE LIMITED) | Various* |
|
All items of unique identification information collected by GIC as above | Until the purposes of using the unique identification information are attained |
SAP ASIA PTE LTD | Various** | Operating and managing the server that stores the unique identification information collected by GIC and providing technical support to GIC | All items of unique identification information collected by GIC as above | Until the purposes of using the unique identification information are attained |
Symphony Communication Services, LLC | Various*** | Operating and managing servers that store the unique identification information collected by GIC and providing technical support to GIC | All items of unique identification information collected by GIC as above | Until the purposes of using the unique identification information are attained |
Microsoft Operations Pte Ltd | Various**** | Operating and managing servers that store the unique identification information collected by GIC and providing technical support to GIC | All items of unique identification information collected by GIC as above | Until the purposes of using the unique identification information are attained |
* GIC has been transferring sensitive information to third party recipients including GIC headquarters/affiliates. Please see http://www.gic.com.sg/contact for information on the GIC headquarters/affiliates
** SAP ASIA Pte Ltd has various affiliates and subsidiaries assisting with the processing of sensitive information. For more information, please see https://www.sap.com/corporate/en/company/office-locations.html
*** Symphony Communication Services, LLC has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://symphony.com/contact-us
**** Microsoft Operations Pte Ltd has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://www.microsoft.com/en-us/about/officelocator/all-offices
Sensitive Information – Mandatory
Recipient Name | Country where Recipient is Located | Recipient’s Purpose of Using the Sensitive Information | Items of Sensitive Information to be Transferred | Period of Retention and Use by Recipient |
GIC PRIVATE LIMITED and affiliates(including GIC REAL ESTATE PRIVATE LIMITED, GIC SPECIAL INVESTMENTS PRIVATE LIMITED, and GIC ASSET MANAGEMENT PRIVATE LIMITED)* | Various* |
|
All items of sensitive information collected by GIC as above | Until the purposes of using the sensitive information are attained |
SAP ASIA PTE LTD** | Various | Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC | All items of sensitive information collected by GIC as above | Until the purposes of using the sensitive information are attained |
Symphony Communication Services, LLC | Various | Operating and managing servers that store the Personal Data collected by GIC and providing technical support to GIC | All items of sensitive information collected by GIC as above | Until the purposes of using the sensitive information are attained |
Microsoft Operations Pte Ltd | Various | Operating and managing servers that store the Personal Data collected by GIC and providing technical support to GIC | All items of sensitive information collected by GIC as above | Until the purposes of using the sensitive information are attained |
* GIC has been transferring sensitive information to third party recipients including GIC headquarters/affiliates. Please see http://www.gic.com.sg/contact for information on the GIC headquarters/affiliates
** SAP ASIA Pte Ltd has various affiliates and subsidiaries assisting with the processing of sensitive information. For more information, please see https://www.sap.com/corporate/en/company/office-locations.html
*** Symphony Communication Services, LLC has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://symphony.com/contact-us
**** Microsoft Operations Pte Ltd has various affiliates and subsidiaries assisting with the processing of Personal Data. For more information, please see https://www.microsoft.com/en-us/about/officelocator/all-offices
5. Delegation of Personal Data Processing Services
5.1 GIC delegates Personal Data processing services as follows and will notify any changes in the delegatees and the details of delegated services through this Korea Addendum.
Delegatee | Details of Delegated Services |
GIC PRIVATE LIMITED | Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship |
GIC REAL ESTATE PRIVATE LIMITED | Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship |
GIC SPECIAL INVESTMENTS PRIVATE LIMITED | Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship |
GIC ASSET MANAGEMENT PRIVATE LIMITED | Reviewing and processing the job applicant’s application; reviewing the vendor’s profile and managing the vendor relationship |
SAP ASIA PTE LTD | Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC |
Symphony Communication Services, LLC | Operating and managing the server that stores the Personal Data collected by GIC and providing technical support to GIC |
Microsoft Operations Pte Ltd | Operating and managing the servers that store the Personal Data collected by GIC and providing technical support to GIC |
6. Protection of Personal Data
6.1 The security of your Personal Data is important to us. In accordance with privacy laws, we have adopted reasonable security practices and procedures to safeguard the Personal Data under our control against unauthorised access, disclosures and other similar risks. Access to your Personal Data is restricted to those parties who need to know such Personal Data in relation to the purposes specified in this Personal Data Protection Policy.
6.2 While we will endeavour to take all reasonable and appropriate steps to keep secure any Personal Data under our control, you acknowledge and agree that we cannot provide any absolute guarantees regarding the security of your Personal Data.
7. Deletion of Personal Data; Suspension of Processing of Personal Data
7.1 In addition to the rights granted under the main Personal Data Protection Policy, if you would like to request the deletion of your Personal Data or the suspension of the processing of your Personal Data or would like to contact us with complaints or to seek relief regarding your Personal Data (subject to our rights at law), please contact GIC as follows:
Department : Legal and Compliance
Email: GrpLCD_PersonalData@gic.com.sg
Number: +65 6889 8888
7.2 In any of the following cases, GIC may refuse the request for suspension of processing of Personal Data made by an individual:
(a) if there is a special provision in law or if denying the request is necessary to comply with legal obligations;
(b) if such an act is likely to inflict damages upon another person’s life or body or unfairly infringe upon another person’s property and other rights; or
(c) if performing the contract becomes difficult (i.e. unable to provide the agreed services) unless the Personal Data is processed, and the individuals have not expressed a clear intention to terminate such contract.
UK Addendum
This addendum to the Personal Data Protection Policy applies to you if your Personal Data (as defined in Clause 1.1(a) of the Personal Data Protection Policy) is being collected, used, disclosed or processed by us in the UK. The terms set out in this UK Addendum are in addition to the terms set out in the Personal Data Protection Policy and form an integral part of the Personal Data Protection Policy. In the event of any conflict or inconsistency between the Personal Data Protection Policy and the terms of this UK Addendum, this UK Addendum shall govern and prevail.
1. General
1.1 For the purposes of the Data Protection Act 1998, the data controllers of your Personal Data will be your employer or the entity you have submitted a job application to, which will be GIC Private Limited, GIC (London) Private Limited or GIC Real Estate International Pte Ltd, London Office (collectively termed as “GIC” in this UK Addendum). GIC Private Limited (where GIC’s Head Office is located), may also be a joint data controller of your Personal Data.
1.2 For the purposes of this UK Addendum, references to “Personal Data ” in the Personal Data Protection Policy and “Personal Data” in this UK Addendum shall, in addition to the definition set out in the main Personal Data Protection Policy, also be read to include “Sensitive Personal Data” and “Special Categories of Personal Data” under the GDPR. “Sensitive Personal Data” are personal data revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade-union membership; data concerning health or sex life or the commission of, or proceedings relating to any criminal offence. “Special Categories of Personal Data” are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
2. Purposes for the Collection, Use and Disclosure of Your Personal Data
2.1 GIC may collect, use, disclose and process your Personal Data for the purposes set out in paragraphs 3.1 and 3.2 of the main Personal Data Protection Policy.
2.2 The legal basis for GIC’s processing of such Personal Data is that it is necessary for the legitimate interest pursued by GIC or a third party which is described in the relevant paragraph in 3.1 or 3.2 of the main Personal Data Protection Policy. This may include GIC’s internal business operations and administrative purposes, fraud prevention, ensuring network and information security, reporting possible criminal acts or threats to public security and/or managing the relationship between GIC and the data subject.
2.3 In some cases, the provision of your Personal Data may be a statutory and/or a contractual requirement, or may be necessary to enter into a contract.
2.4 In many cases, you will be obliged to provide your Personal Data to us, because we will need it in order to manage your employment relationship or to process your job application. For example, if you do not provide us with your bank payment details, we may not be able to process your salary. However, there may be some instances where the provision of your Personal Data is voluntary and we will notify you of this at the point of data collection.
3. Sensitive Personal Data
3.1 In addition, GIC may also, where permitted under applicable law, collect, use and/or disclose the following categories of Sensitive Personal Data for the following purposes, depending on the nature of our relationship with you (unless otherwise stated, these data have been obtained directly from you).
(a) If you are a job applicant:
Type of Personal Data | Obtained from | Purpose /Legal basis |
Data relating to proceedings for any criminal offences or details of criminal convictions | Companies which provide background check services, due diligence agents | Processing is necessary for the purposes of performing an obligation and/or exercising specific rights of the controller in the field of employment law (DPA) or is authorised by EU or UK law (GDPR).
Processing is required as part of our background checks conducted during employee enrolment and where the offences searched for are relevant to the role you is applying for. On an ongoing basis, further checks on such data may be carried out by us if there are any acts of misconduct, disciplinary proceedings, investigations or criminal proceedings involving or relating to you or which would otherwise require further investigations into your Personal Data. |
Data concerning the health of job applicants during enrolment as an employee of GIC | Data subject, clinic for the pre-employment health check | Processing is required for health and safety reasons in order for GIC to comply with an obligation or to exercise a right in connection with employment. |
4. Transfer of Personal Data
4.1 Your Personal Data will be stored in external servers located in Australia, Singapore, Hong Kong, Germany and Netherlands. We may also transfer your Personal Data for the purposes stated in this Personal Data Protection Policy to parties located in other countries and territories outside the UK or outside the EEA (e.g. to the GIC head office in Singapore). Where your Personal Data is transferred to locations outside the EEA, we have entered into a special type of contract (called Model Clauses) with the recipients of your Personal Data to ensure that they will provide adequate levels of protection for your Personal Data. The transfer of Personal Data within GIC entities are also governed by our intra-group transfer agreement which abides by the Model Clauses requirement If you wish, you may request for more information about the transfers of your Personal Data and/or a copy of the Model Clauses by contacting the Legal and Compliance Department who can provide the relevant information.
5. Retention of Personal Data
5.1 We may retain your Personal Data for as long as it is necessary for the purposes it has been collected and as required by applicable law. Where we no longer require your Personal Data for those purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.
6. Security
6.1 We maintain appropriate administrative, technical and physical safeguards to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.
7. Cookies
7.1 Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our sites, and also allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy at this link.
8. Your Rights
8.1 You have the following rights under applicable data protection laws which can be exercised by contacting us at the contact details below:
(a) To ask us not to process your Personal Data for marketing purposes;
(b) To access Personal Data held about you and to obtain a copy of it;
(c) To prevent any processing of Personal Data that is causing or is likely to cause unwarranted and substantial damage or distress to you or another individual;
(d) To obtain without undue delay the rectification or completion of Personal Data which are inaccurate or incomplete;
(e) To restrict or object to the processing of your Personal Data and to request its erasure under certain circumstances;
(f) To receive your Personal Data, which you have provided to us, in a structured, commonly-used and machine readable format and the right to transmit that data to another data controller without hindrance, or to have that Personal Data transmitted to another data controller, where technically feasible;
(g) To be informed about any use of your Personal Data to make automated decisions about you, and to obtain meaningful information about the logic involved, as well as the significance and the envisaged consequences of this processing; and
(h) To lodge a complaint about the way in which your Personal Data is being used with a supervisory authority.
8.2 GIC’s contact details are as follows:
Name: Brian Guthrie
Email: GrpLCD_PersonalData@gic.com.sg
Number: +44-207-7253732
8.3 Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time.