Privacy Policy

DATA PROTECTION NOTICE

In compliance with the Singapore Personal data Protection Act (“PDPA”) 2012, Tristar Management Services Pte Ltd (“Tristar”) is committed to respecting the privacy and confidentiality of the personal data of our clients, associates, employees and other individuals. We are dedicated to implementing data protection best practices and have established strict processes to safeguard the collection, use, disclosure, and processing of personal data in our possession or under our control.

This Data Privacy Notice outlines the basis on which Tristar (“we”, “us”, or “our”) may collect, use, disclose, process, protect, and/or retain personal data in the course of our professional engagements. All other terms used in this notice shall have the meanings ascribed to them under the PDPA, where applicable.

“Personal data” refers to any information that can uniquely identify an individual, either (a) directly from that data, or (b) in combination with other information to which we have, or likely to have access.

“Data subject” refers to you or any individual who is the owner of the personal data in question.

We generally do not collect personal data unless it is voluntarily provided by the data subject, or (b) an authorized party, after the data subject or their representative has been informed of the purpose(s) for which the data is being collected, and written consent has been obtained. This excludes situations where the collection and use of personal data without consent is permitted by the PDPA or other applicable laws. We will seek consent for any new purposes before using the data subject’s personal data, including any additional data collection.

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

1. Mode of Data Collection
We collect your personal data through various methods, including, but not limited to:

1. When you contact us for our services or enquiries via your selected mode of communication.

2. When you request us to contact you.

3. When you submit your personal data for recruitment and/or employment purposes.

4. When we receive your personal data from authorized third parties, including but not limited to service providers and employment agencies.

2. Purpose of Data Collection
In our capacity as a provider of corporate professional services, we may collect, use, and disclose personal data for various purposes, including but not limited to:

1. Verifying identity

2. Conducting security clearances and related matters

3. Managing relationships with clients, employees, and other stakeholders

4. Fulfilling obligations related to the provision of goods and/or services as requested

5. Processing payments, credits, or financial transactions

6. Responding to and processing queries, requests, applications, complaints, and feedback

7. Complying with applicable laws, regulations, codes of practice, guidelines, and rules, or responding to law enforcement requests or investigations by governmental or regulatory authorities

8. Communicating with individuals via unsolicited emails, written correspondences, or through personal inquiries made via our website contact form

9. Any other purposes for which the data subject has provided their personal data

10. Any other incidental business purposes related to or in connection with the above

The purposes outlined above may continue to apply even after the data subject’s relationship with us, such as through a contract, has been terminated or altered. This includes retaining personal data for a reasonable period to enable or enforce our rights under any contractual agreement with the data subject.

Please note that under the PDPA, business contact information (e.g., full name, business address, business telephone number, corporate email) is not considered personal data when used for business-to-business (B2B) communication.

3. Types of Personal Data We Collect
The personal data we collect may include, but is not limited to, the following information:

1. Contact Information (Personal contact number(s), personal email)

2. Personal Details (Name, gender, date of birth, residential address , nationality etc.)

3. Documentation and Details Provided (Photographs, financial information, bank accounts, religion, academic background, medical declaration, marital status, next of kin, family members’ and dependents’ details, including minors, etc.)

4. Work Experience (Employment history, job titles, professional qualifications, performance reviews and other relevant details)

5. Biometric Data

6. Any Other Incidental Details relevant to or in connection with the above

4. Usage of Personal Data
We use the personal data provided to us for one or more of the following purposes, including but not limited to:

1. To provide our corporate secretarial and tax services.

2. Processing job applications and employment opportunities.

3. Managing human resource matters.

4. Handling salary, remuneration, and benefits.

5. Communicating with website visitors.

6. Fulfilling contractual obligations with our clients.

7. Complying with legal obligations and regulatory requirements.

8. Conducting due diligence.

9. Facilitating audits and assessments.

10. Any other necessary processing related to or connected with the above purposes.

5. Disclosure of Personal Data
We may disclose your personal data under the following circumstances:

1. Where such disclosure is required to fulfill obligations during, or in connection with, the provision of the goods or services requested by you.

2. To third party service providers, agents and organizations we engaged to perform functions on our behalf.

We will not collect sensitive personal data such as NRIC, FIN, Passport numbers, unless it is permitted by the PDPA or applicable laws and regulations.

We do not disclose personal data to third parties except when

1. Required or permitted by law.

2. With the individual’s consent or deemed consent.

3. To third parties we engage to assist with in business activities, such as for recruitment processes where candidate information is shared in resumes.

When engaging third party data intermediaries to process personal data on our behalf, we ensure they are reputable and comply with the PDPA. We will enter into contractual agreements with these data intermediaries to define their responsibilities and obligations, ensuring that they adhere to data protection requirements and maintain appropriate security standards.

OBTAINING YOUR CONSENT

Before we collect, use or disclose your personal data, we will notify you of the intended purpose(s) and obtain your expressed written consent . By providing your personal data to us, you agree that you have fully read and understood the policy and consent to the collection, use and/or disclosure of your personal data by the Company for a part or all the purposes set out in this policy.

We will not collect personal data beyond what is necessary to fulfill the stated purpose. Should the original purpose for collecting, using, or disclosing the data change, we will seek further consent from the data subject.

Exceptions to Obtaining Consent
In certain situations, we may collect, use, or disclose your personal data without obtaining explicit consent, in accordance with the Personal Data Protection Act (PDPA). These exceptions include:

1. Deemed Consent
You may be considered to have provided consent in situations where your actions or behavior indicate that you voluntarily provided your personal data for a specific purpose. For example, when you submit your personal data to us as part of a job application, or when you voluntarily provide data while engaging with our services, we may rely on deemed consent to collect, use, or disclose your data for the relevant purposes.

2. Legitimate Interests Exception
We may also rely on the legitimate interests exception, where the collection, use, or disclosure of personal data is necessary for our legitimate business interests or those of a third party. In such cases, we will carefully assess any potential adverse impact on your privacy rights and ensure that our legitimate interests are not outweighed by any negative effects on you. Examples of legitimate interests include fraud detection, network security, or preventing misuse of our services.

Please note that even when relying on these exceptions, we will take appropriate measures to ensure your personal data is protected and handled in compliance with the PDPA.

USE OF COOKIES ON CORPORATE WEBSITE

We use cookies to collect information about online activity on our corporate website. A cookie is a small text file stored on your device by the website, allowing it to recognize users and track preferences. This helps improve your experience by, for example, eliminating the need to re-enter information when revisiting our site or filling out electronic forms.

Most of the cookies we use are “session cookies,” which are automatically deleted from your device at the end of your browsing session. You can choose to disable cookies through your web browser settings. However, please note that this may impact the functionality and availability of certain features on our website

THIRD-PARTY CONSENT

We do not request or obtain consent for personal data on behalf of any third party. If personal data is provided to us by someone other than the data subject, we reserve the right to require proof of authorization from the individual submitting the information.

WITHDRAWING YOUR CONSENT

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until it is withdrawn by you in writing. You may withdraw consent at any time submitting a written request or via email toour Data Protection Officer using the contact details provided below, specifying whether the withdrawal applies to some or all of the purposes listed.

Upon receiving your written request to withdraw consent, we may require a reasonable amount of time to process your request, depending on its complexity and potential impact on our relationship with you. During this time, we will inform you of any consequences of your withdrawal, including legal implications that may affect your rights and obligations with us. In general, we aim to process such requests within thirty (30) business days of receipt .

While we respect the decision to withdraw consent, please note that depending on the nature and scope of our request, we may no longer be able to provide certain goods or services. If this is the case, we will notify you before proceeding with the withdrawal. Should you wish to cancel your withdrawal, please inform us in writing.

Please note that withdrawing consent does not affect our right to continue collecting, using, or disclosing personal data where such actions without consent are permitted or required under applicable laws.

ACCESS TO AND CORRECTION OF PERSONAL DATA

Under the Personal Data Protection Act (PDPA), you have the right to request access to the personal data we hold about you. Upon request, and after verifying your identity, we will provide you with a copy of your personal data, as well as information about how your data has been or is being used and disclosed, subject to certain exceptions under the PDPA.

In certain cases, we may not be able to fulfil an access request, such as when providing the data would:

• Reveal confidential commercial information,

• Endanger the safety or health of another individual,

• Affect another person's privacy.

If you wish to correct or update any of your personal data, you may submit a written request to our Data Protection Officer using the contact details provided below. We will also require identity verification before processing any correction requests to ensure the security of your personal data.

Please note that a reasonable fee may be charged to cover the administrative cost of processing access requests. Upon receiving your written request and your acceptance of the fee, we will respond within thirty (30) days. During this period, the company will either:

1. Correct your personal data and inform you that the relevant correction has been made; or

2. Notify you if your request for access or correction has been rejected, along with the reasons for the rejection.

PROTECTION OF PERSONAL DATA

We have implemented appropriate administrative, physical and technical measures to protect the personal data we hold from unauthorized access, accidental loss, modification, unlawful destruction, improper collection, use or disclosure.

In addition to limiting the collection of personal data to what is necessary for our professional obligations, we take various security steps, including regular patching of operating systems and software, web security measures, security reviews, a clean desk policy, locked cabinets, CCTV monitoring, employee training, and the use of approved security disposal services for IT assets and documentation.

We maintain the confidentiality and integrity of personal data through appropriate organizational measures. Access to personal data is restricted to authorized personnel on a "need-to-know" basis, ensuring effective segregation of access and control.

When engaging third-party vendors (e.g., auditors) who may handle personal data, we ensure they have implemented the necessary organizational and technical security measures and have taken reasonable steps to comply with applicable security standards.

Please note that while we strive to protect the personal data we hold, no method of transmission over the internet or electronic storage is completely secure. While security cannot be guaranteed, we continuously review and enhance our information security measures to safeguard personal data as effectively as possible.

ACCURACY OF PERSONAL DATA

We take reasonable steps to ensure that the personal data we collect is accurate, complete, and up to date. While we generally rely on the information provided by the data subject, we may also conduct periodic data verification exercises to update any changes to the personal data we hold. Please notify us of any changes to your personal data by sending a written update to our Data Protection Officer using the contact details provided below.

RETENTION OF PERSONAL DATA

We may retain your personal data for as long as it is necessary to fulfil the purpose(s) for which it was collected, or as required or permitted by applicable laws.

We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that the data is no longer needed for the purpose it was collected, and is no longer required for legal or business purposes. Any personal data that no longer serves a business or legal purpose will be securely destroyed or disposed of This applies to both physical documents and electronic data stored in our database.

TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

We generally do not transfer your personal data to countries outside of Singapore. However, if the need arises to do so, we will obtain your consent for the transfer and ensure that the recipient country maintains a data protection standard comparable to Singapore's PDPA. If the recipient country does not meet this standard, we will enter into a contractual agreement with the receiving party to ensure similar levels of data protection as required under Singapore law.

DATA PROTECTION OFFICER

For any enquiries or feedback regarding our Personal Data Protection policy or pertaining to the requests as mentioned in this notice, please contact our Data Protection Officer at:
Data Protection Officer: Ms Amerlyn Toh
Phone number: +65 6423 1611
Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

EFFECT OF NOTICE AND CHANGES TO NOTICE

This data privacy notice applies in conjunction with any other notices, contractual terms and consent clauses that govern the collection, use and disclosure of personal data by us.

We reserve the right to amend or modify the terms of this policy from time to time without any prior notice at our discretion. Please visit our corporate website at https://tristar.sg for the latest updates on our Data Privacy Notice. Continued use of our services constitutes the acknowledgement and acceptance of these changes.

Effective date: 01 January 2020
Last updated: 17 December 2024