AIKIDO KENSHIN-KAI PTE LTD
DATA PROTECTION POLICY
Aikido Kenshin-Kai Pte Ltd ("KSK" or the "Company") hereby demonstrate our commitment to privacy by establishing a Data Protection Policy to support compliance with applicable privacy laws and standards for protecting Personal Data. The obligation to safeguard Personal Data rests with the Director, Instructors, Volunteers, or any other persons who has access to Personal Data. The Director is responsible for ensuring that privacy requirements are assessed at an early stage and appropriate privacy controls are in place. Instructors and Volunteers are encouraged to consult with the Director whenever in doubt about the best course of action in a particular situation.
Because this Policy cannot address every issue that may arise, we expect that Instructors and Volunteers will use their common sense, act prudently, professionally, and with clarity of intention. Always consider what a reasonable person would consider appropriate in the circumstances.
1. Definitions
“Individual” means a natural person, whether living or (where appropriate) deceased. Examples of Individuals are our (i) Instructors, Volunteers and their family members and other individuals about whom KSK has Personal Data as a result of the relationships those individuals have with them, (ii) Members of KSK (iii) contractors/suppliers, This Policy shall apply to the Personal Data of a deceased person at least to the extent required by applicable laws.
“Personal Data” means any data about an Individual who can be identified: (a) from that data; or (b) from that data and other information to which KSK has or is likely to have access. It does not include business contact information (such as name, title, business telephone number, business address, business electronic mail address or fax number) or any other information provided for business purposes, and not provided solely for personal or family purposes.
“Processing” means the carrying out of any operation on Personal Data, and includes, without limitation, collecting, using, disclosing, recording, holding, storing, copying, organising, adapting, altering, retrieving, consulting, using, combining, transmitting, transferring, disclosing, disseminating, making available, correcting, erasing or destroying.
"Data Protection Officer" ("DPO") refers to the officer appointed (Mr. Kelly Tan) to oversee the data protection responsibilities within the organisation and ensure compliance with the applicable data protection obligations. The DPO can be contacted at aikidokenshinkai@gmail.com
"Volunteers" means members who are appointed by the Director to assist Instructors.
2. Data Collection and Minimisation
Personal Data must only be collected by fair and lawful means and in a transparent manner. Only the minimum amount of Personal Data required to support a business activity should be collected, disclosed or otherwise Processed. Personal Data must not be made available to anyone, including fellow Instructors and Volunteers within KSK, who are not authorised to have the information or have no business reason to access it.
The means by which we may collect Personal Data may include, without limitation, the following ways:
a. directly, via the completion of forms or submission of information to KSK in any way;
b. automatically, when an Individual visits our websites, using technologies such as cookies
(either by KSK or a third party);
d. from other sources, such as, law enforcement agencies and/or other public agencies;
e. from any public sources or records;
f. by other lawful means.
3. Getting Consent for Data Processing
KSK will only collect, receive, use, share or otherwise Process such Personal Data in accordance with applicable laws, this Policy, in connection with employment-related purposes or to support business purposes, which may include, without limitation, the list of purposes as set out in Appendix A. Examples of the types of Personal Data that we may Process may include, without limitation, the list set out in Appendix A. Examples of the classes of persons to whom Personal Data may be disclosed include, without limitation, the list set out in Appendix A.
Unless permitted by applicable laws, KSK shall not Process Personal Data for any purpose without the consent of the Individual. Consent may be oral or written, but Instructors and Volunteers are encouraged to be prudent and to obtain consent in writing whenever possible, this may be in the form of, but not limited to, email or digital messaging. In getting consent, KSK shall provide appropriate information of the purpose for which Personal Data is to be Processed. Individuals should note that some of the activities above may occur on a periodic basis, thereby warranting the periodic Processing of Personal Data; in such situations, and, it is sufficient that KSK obtains consent prior to the first collection or use of the data. Where KSK wishes to use Personal Data for a new purpose that has not been notified to the Individual, unless exempted under applicable laws, KSK shall notify the Individual of the new purpose and gain his/her consent.
To the fullest extent permitted under applicable laws, every Individual who deals with KSK is required to consent to the Processing of Personal Data for the reasons and purposes set out above and to the extent necessary depending on the relationship between KSK and such Individual.
4. Retention and Security of Personal Data
KSK may only retain Personal Data for as long as such Personal Data is necessarily required or relevant for business or legal purposes. KSK shall not retain Personal Data longer than is necessary and shall securely return, dispose or destroy such Personal Data in a permanent and complete manner when it is no longer required. KSK shall maintain reasonable and appropriate safeguards and security measures to protect personal Data in accordance with its sensitivity, from: (a) loss or theft, (b) unauthorized access, use or disclosure, (c) improper copying, modification or tampering, (d) improper retention or destruction, and (e) loss of integrity. In the event of information security breaches, KSK shall respond promptly and effectively.
5. Accuracy
An Individual must recognise that he is the main and critical source of Personal Data that is disclosed by him, or upon his instructions, to KSK. As such, an Individual dealing with KSK:
a. warrants and represents to KSK that the Personal Data which he discloses (or instructs a third party to disclose) to KSK, is authentic, accurate and complete;
b. warrants and represents to KSK that the Personal Data of another natural person which the Individual discloses (or instructs a third party to disclose) to KSK is authentic, accurate and complete, and that the Individual is authorized by such other person to make such disclosure; and
c. shall inform KSK when there are any changes to the Personal Data which was previously disclosed to KSK, so as to ensure that KSK has the most current, accurate and complete information. KSK shall use reasonable efforts to ensure that the Personal Data it uses is sufficiently accurate and complete to minimise the possibility that incorrect Personal Data may be used to make a decision that impacts the Individual to whom the Personal Data relates, or if such Personal Data is likely to be disclosed to a third party. When relying on Personal Data from a third party, KSK may, in appropriate circumstances, conduct independent verification or obtain confirmation from the third party that it has adequately verified accuracy and completeness.
6. Access and Correction of Personal Data
Upon an Individual's written request, KSK shall, within a reasonable time frame, provide the Individual with information about the Personal Data relating to, or provided by, the Individual, in KSK's possession or control, as well as information about the ways in which the Personal Data has been or may have been used or disclosed by KSK (excluding disclosure to a law enforcement agency lawfully made without the Individual's consent) within a year before the date of the request. KSK has the right to charge to the Individual any fees and costs incurred by KSK.
KSK may refuse a data access request if:
a. the requested information pertains to opinion data for evaluative purposes or may disclose confidential commercial information;
b. the requested information may disclose Personal Data of another Individual or identify another Individual who does not wish to be so identified;
c. the request is frivolous or vexatious;
d. provision could threaten the safety or physical or mental health of any Individual;
e. the requested information is trivial or cannot be found or if it imposes an unreasonable burden or expense on KSK;
f. KSK has disclosed data to a law enforcement agency; or
g. as may be allowed under any applicable laws.
Upon written request, KSK will, as soon as reasonably practicable, correct or complete any Personal Data relating to, or provided by, an Individual, in KSK's possession or control, which is inaccurate or incomplete.
KSK may choose not to undertake correction or completion if:
a. KSK is unable to agree that the Personal Data is incorrect or should be completed
b. such data constitutes opinion data for evaluative purposes
g. this is allowed under any applicable laws.
7. Withdrawal of Consent
At any point in time, any Individual who wishes to revoke his/her consent where Personal Data is already being Processed, shall notify KSK that he wishes to withdraw consent to KSK's continued Processing of any of his/her Personal Data. Withdrawal may pertain to a part, or all, of an Individual's Personal Data and/or a specific part, or all, of the Processing. To request for withdrawal, an Individual shall give reasonable notice in writing to the DPO stating the specific part(s) of the Personal Data, the objected area(s) of Processing, and, where applicable, the reasons behind the withdrawal. On receipt of notice, KSK shall, within a reasonable time frame, inform the Individual of the likely consequences of withdrawal, even if this is already known to the Individual or set out in any applicable contract or corporate policy. This may include, but shall not be limited to, termination of KSK's relationship (at KSK's option) with the Individual concerned. KSK shall not prohibit withdrawals except where permitted to do so in accordance with applicable laws and to further a legitimate business or legal purpose. Upon receiving a notice of withdrawal, KSK shall, within a reasonable time frame, cease Processing the relevant Personal Data. It should be noted that a withdrawal of consent to the Processing of Personal Data shall not restrict KSK's right to Process Personal Data where it has the right to do so under applicable law without consent.
8. Third Parties
When dealing with third parties, KSK remains responsible to protect Personal Data. Notwithstanding anything in this paragraph entitled “Third Parties”, to the fullest extent permitted under applicable laws, KSK cannot be responsible for a third party's acts, omissions, data policies or their use of cookies, nor the content or security of any third party websites or software, even if linked to its website, and any such liability is expressly disclaimed and excluded.
9. General
Any waivers of this Policy must be approved by the DPO. Subject to applicable law, KSK may revise and/or amend and/or supplement this Policy at its discretion at any time or from time to time. Such changes will be published on our website. Individuals are advised to check periodically to ensure that they are aware of any change, and to the fullest extent permissible under applicable laws, an Individual who deals with KSK agrees to be bound by the latest online version of this Policy.
Appendix A
Non-exhaustive examples of Purposes
1. Activity related injuries or illness reporting
2. Problem resolution (grievances), internal investigations
3. Any activity in connection with the managing or terminating of an Member/Volunteer relationship
4. Member/Volunteer communications, newsletters, corporate displays and publications, corporate
videos and photographs, participation in any KSK event (whether of a professional, social, recreational or other nature)
5. Administration of activities (e.g. programs, workshops, seminars, demonstrations)
6. Conduct and behavioural evaluation and management
7. Auditing, compliance, risk management, emergency management
8. Corporate, statutory or governmental registration, reporting, filing, declaration or other
requirements
9. Legal proceedings
10. Governmental, regulatory or other investigations
11. Any activity as required or authorized under applicable laws or regulations
Non-exhaustive examples of Personal Data
1. Contact information (e.g. name, home or other mailing addresses, mobile or home contact numbers, fax numbers, personal email addresses, emergency contact information)
2. Personal information (e.g. date of birth, personal identification number(s) or other social/national identification number(s), marital status, country of birth, nationality, citizenship, permanent residence status, race, gender, religion, preferred language, health condition(s)
3. Photographs and other visual images or recordings
4. Agreements executed with KSK
5. Education and Training (e.g. education level and qualifications, field and institution,
competency assessments, professional licenses, certifications and awards, training courses,
records and test results)
Non-exhaustive examples of Classes of Persons to whom Personal Data may be disclosed
1. Persons to whom disclosure of information is necessary or desirable to enable KSK to fulfill
employment-related purposes or to support business purposes
2. Persons to whom KSK is compelled or required to disclose information by law or in response
to a Court order or a governmental or regulatory agency
3. Any person where public interest or KSK's interests require disclosure
4. A person seeking employment references
Last updated: December 2014