FT Synergist Privacy Policy
FT Synergist and its affiliates ("FT Synergist," "we," or "us") are committed to protecting your privacy and personal data in strict compliance with the Singapore Personal Data Protection Act 2012 (PDPA). This Privacy Policy describes how we collect, use, disclose, and manage your personal data when you interact with our websites, digital platforms (collectively, our "Sites"), and through our external business activities, and how we uphold the principles of data protection and accountability.
By interacting with our Sites or providing your personal data, you acknowledge and consent to the practices described in this Privacy Policy.
FT Synergist Data Protection Officer (DPO) Contact
In accordance with the PDPA Accountability Obligation, FT Synergist has designated a Data Protection Officer (DPO) whose business contact information is publicly available to facilitate access, correction, and withdrawal of consent requests.
For all enquiries, feedback, or to exercise your statutory data protection rights, please contact the DPO directly:
- Designated DPO: Frederick Tan
- DPO Email: fredtan@ftsynergist.com
- DPO Phone: +65 98628906
- Mailing Address: 6 Eu Tong Sen St, #10-20 The Central, Singapore 059817
1. Definitions and Scope
A. Personal Data Defined
"Personal data" means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Examples we may collect include name, contact information, employment information, and digital identifiers (IP address, device ID).
B. Business Contact Information (BCI) Exemption
Under the PDPA, Business Contact Information (BCI) (e.g., an individual's full name, job title, business contact number, business address, business email address) is generally not considered personal data when collected, used, or disclosed solely for business-to-business (B2B) transactions.
C. Data Controller and DPO
FT Synergist acts as the Data Controller for the personal data collected, determining the purposes and means of processing your data. The DPO is responsible for overseeing compliance with the PDPA.
2. How We Collect Your Personal Data
We collect personal data that identifies or can reasonably be used to identify you. We will only collect data that has been provided to us voluntarily by you directly or via a duly authorised third party, after you have been notified of the purposes for which the data is collected and consent has been obtained.
A. Data Collected Directly From You
We collect this data when you voluntarily provide it through:
- Forms and Submissions: Contact forms, service requests, and registration forms.
- Correspondence: Email, phone, or in-person interactions.
- Job Applications: Information submitted for employment or internship purposes (with specific retention limits outlined in Section 7).
B. Data Collected Indirectly and Automatically (Digital Mechanisms)
We collect digital data automatically when you interact with our Sites. This includes data collected through cookies and tracking technologies, such as IP address, browser type, and usage patterns. We rely on your explicit consent via a Consent Management Platform (CMP) for the collection of this data for non-essential purposes (e.g., targeted advertising, analytics) before it is processed.
3. Purposes for Using Your Personal Data (Notification and Purpose Limitation)
We will only collect, use, and disclose your personal data for purposes that we have notified you of and for which you have consented, or where otherwise authorized by the PDPA.
| Purpose Category | Categories of Personal Data Used | Legal Basis (PDPA) |
|---|---|---|
| Service Delivery & Relationship Management | Name, Contact Information, Company, Job Title, Inquiry Details, Billing Information | Legitimate Interest; Contract Fulfillment |
| Recruitment and Human Resources | CV, Educational Background, Employment Information | Consent; Legitimate Interest (Job processing) |
| Marketing and Communications | Name, Email Address, Subscription Preferences, Browsing Behavior (with consent) | Consent (Opt-In Required) |
| Website Performance & Security | IP Address, Device ID, Aggregate Usage Data, Activity Logs | Legitimate Interest (Ensuring security and functionality) |
| Compliance and Legal | Data specific to the legal requirement | Legal Obligation (e.g., assisting in law enforcement) |
We will notify you and obtain fresh consent before using your personal data for any new purpose that has not been previously notified.
4. Consent and Withdrawal of Consent (Opt-Out Rights)
A. Valid Consent
Consent is required before collecting, using, or disclosing your personal data unless permitted by law. Consent is not valid if it is obtained through deception or if it is a mandatory condition for providing a product or service beyond what is reasonably necessary.
B. Withdrawal of Consent
You maintain the statutory right to withdraw your consent to the collection, use, or disclosure of your personal data for any purpose, or all purposes, at any time.
- Submission of Request: Withdrawal requests must be submitted in writing (email is acceptable) to the Data Protection Officer (DPO) using the contact information provided in this Policy.
- Processing Timeline: We will seek to process your request within ten (10) business days of receiving it. Should we require a longer time (up to 30 days) due to complexity, we will notify you of the expected timeline.
- Legal Exception: Withdrawal of consent does not affect our right to continue to collect, use, or disclose personal data where such processing without consent is permitted or required under applicable laws.
Manage Your Cookie Preferences
You can manage your digital consent preferences directly through our Consent Management Platform.
5. Disclosure of Personal Data and International Transfers
A. Disclosure to Third Parties
We may disclose your personal data with your consent to third-party service providers, agents, and other organizations we have engaged to perform functions on our behalf (e.g., IT support, marketing agencies). Any third party engaged by us will be contractually bound to keep all personal data confidential and implement necessary security measures.
B. Data Intermediary Clause
If your request (access, correction, or withdrawal) relates to personal data which we are processing on behalf of another organization (acting as a Data Intermediary), we will forward your request to the relevant organization for their necessary action.
C. Transfer Limitation Obligation
Unless for necessary business-related needs, we generally do not transfer your personal data outside of Singapore. If we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, including entering into an agreement with the receiving party to accord similar levels of data protection as those in Singapore.
6. Data Protection and Security
We adhere to the Protection Obligation by implementing appropriate administrative, physical, and technical measures to safeguard personal data from unauthorized risks. These measures include up-to-date antivirus protection, encryption, and the use of privacy filters to secure data storage and transmission, and we disclose personal data only on a need-to-know basis. We are constantly reviewing and enhancing our information security measures.
7. Retention Limitation and Unsolicited Data
A. Retention Limitation
We will retain your personal data only for as long as it is necessary to fulfil the purpose(s) for which it was collected, or as required or permitted by applicable laws. Once the retention limit is reached, we dispose of or destroy the data in a secure manner.
- Post-Termination: The purposes for which we collect data may continue to apply even if your relationship with us has been terminated, for a reasonable period thereafter (e.g., to enforce our rights under a contract).
- Job Applicants: Personal data submitted for job applications will be retained for a maximum of six (6) months from the application date, after which it will be securely disposed of, unless specific consent for longer retention is obtained.
B. Handling Unsolicited Data
In the case where we receive unsolicited personal data via email or any other communication channels, the unsolicited personal data will not be retained and will be securely disposed of immediately.
8. Your Data Protection Rights (Access, Correction, and Portability)
You may submit a request in writing or via email to our Data Protection Officer (DPO) to exercise the following statutory rights:
- Access Request: To request access to a copy of the personal data we hold about you or information about the ways we use or disclose it. A reasonable administrative fee may be charged for an access request, and you will be informed of this fee before we process the request.
- Correction Request: To correct or update any of your personal data which we hold about you, ensuring adherence to the Accuracy Obligation. We generally rely on personal data provided by you, and you must update us if there are changes to your personal data.
- Data Portability Request: To request a copy of your personal data in a structured, commonly used, and machine-readable format to transmit to another organization.
Response Timeline: We will respond to your access or correction request as soon as reasonably possible, and within thirty (30) days of receiving your request. If we require more time, we will inform you in writing of the time by which we will be able to respond.
9. Data Breach Notification
In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we will promptly assess the impact. Where the data breach is determined to be notifiable, we will report it to the Personal Data Protection Commission (PDPC) within 3 calendar days of becoming aware of the breach and notify affected parties if the breach is likely to result in significant harm to them.