PERSONAL DATA PRIVACY STATEMENT

SCOPE

This Personal Data Privacy Statement (“Statement”) describes how we, Stone Forest entities and its affiliates (together “Stone Forest Group”), manage the collection, use, disclosure, processing and protection of your personal data in connection with your use of our websites, applications and services, your interactions with us at Stone Forest facilities or at Stone Forest events, and in the context of other online or offline activities.

We respect the privacy and confidentiality of the personal data of our clients as well as others with whom we interact in the course of providing our services. The security of your personal data is important to us. We adopt the ISO 27001 framework in implementing the appropriate administrative and technical data privacy protection measures to protect personal data.

In using or continuing to use websites and/or services from any Stone Forest entity, you shall be deemed to have consented, accepted and agreed to be bound by the provisions of this Statement and for your personal data to be used for the purposes stated herein.

This Statement supplements but does not supersede nor replace any other consent you may have previously provided to us in respect of your personal data.

This Statement forms part of the terms and conditions, if any, governing your specific relationship with any entity within Stone Forest Group and should be read in conjunction with such terms of engagement. In the event of any conflict or inconsistency between the provisions of this Statement and the terms of engagement, the terms of engagement shall prevail to the fullest extent permissible by law.


1.

COLLECTION AND USE

1.1

We may collect personal data from you which we require in order for us to provide our services to you, such as but not limited to:

  1. your name, personal telephone number(s), personal mailing address, personal email address, bank account number, employment history, and education background;
  2. NRIC, passport or other identification number (to the extent permissible or required by law);
  3. photos, film, closed-circuit television (“CCTV”) and/or video recordings of you;
  4. information about your use of our websites, including cookies, IP addresses, etc.
  5. any other information relating to you which you have provided us in any forms you may have submitted to us, or in other forms of interaction with you.

1.2

Personal data may be collected, used, disclosed and/or shared among our subsidiaries, for the purposes authorised by you and for business purposes including but not limited to:

  1. office management, operations and administration purposes and for independence and conflict clearance, due diligence and background checks in accordance with legal, regulatory and professional requirements;
  2. providing you with information relevant to your business, and to ensure your continuous access to publications, events, news and promotional materials which may be of interest to you;
  3. organising events and seminars, recording or taking photographs of participants at events or functions organised, hosted or participated by us;
  4. generating reports and performance of analytics for the purposes of developing or improving our products, services, security, service quality and marketing strategies; and
  5. to the extent necessary to comply with any laws, regulations, rules, directions and guidelines.

Arrangements are in place to protect the security of any personal data shared.


1.3

Before you disclose to us the personal data of another person, you must obtain that person's consent to both the disclosure and the processing of that personal data in accordance with the terms of this Statement. Failure on your part to do so or to ensure that the personal data for another person is complete, accurate, true and correct may result in us being unable to provide you with the services you have requested or require.



2.

DISCLOSURE TO THIRD PARTIES

2.1

We will not disclose your personal data except:

  1. to those to whom disclosure is necessary to provide our services to you or in the management, operation and administration of our business and who are similarly bound to hold your data in confidence; or
  2. where required to do so by law or in the good faith belief that such disclosure is reasonably necessary: (i) for our professional advisers such as our lawyers, (ii) to comply with legal process as required by any court, tribunal, regulator, government department, agency, ministry, statutory board or relevant authority; (iii) to respond to claims that any of the personal data provided to us violates the rights of third parties; or (iv) protect our rights, property, or personal safety and that of our clients or the public; or
  3. where disclosure has been otherwise authorised, agreed or consented to by you.

3.

SECURITY

3.1

To safeguard your personal data, all electronic storage, hosting, processing, transmission and backup (for disaster recovery or otherwise) of personal and other information are secured with appropriate administrative, physical and technical security measures. You acknowledge and consent that we may make use of cloud services within or outside Singapore (which may be managed by a third party service provider). While we take reasonable efforts to maintain the confidentiality and security of your personal data, we cannot guarantee that any information that is transmitted or stored electronically is completely secure.


4.

RETENTION

4.1

We will retain your personal data for as long as it is necessary to fulfil the purpose(s) for which it was collected, or as required for legal purposes. Any personal data which are no longer needed will be destroyed or anonymised.


5.

INTERNATIONAL TRANSFER

5.1

Your personal data that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this Statement. We will take reasonable steps to ensure that such personal data transferred receives a standard of protection comparable to the protection required under the relevant data protection laws of the jurisdiction from which the personal data is transferred.


6.

WEBSITE

6.1

Our website uses cookies. By using our website, you consent to our use of cookies which will provide you with a more personalised experience.


6.2

We may use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of our website. Google will store this information. If you want to opt out of Google Analytics, you can download and install the add-on for your web browser here - here.
[https://tools.google.com/dlpage/gaoptout]


6.3

Our advertisers, sponsors and content providers may also use cookies and web beacons on our website in order to provide you with information and advertisements which are of interest to you. We do not have control over such third party cookies.


6.4

We may also include third party links on our website for your convenience and information. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites and we encourage you to consult the privacy notices of those sites.


6.5

If you do not wish to have your data collected through any of the above-mentioned technologies you should disable the operation of these technologies on your devices (where possible). You may change the settings on your device to block the use of cookies, web beacons and/or other web analytics. However, if you choose to block such technologies used in our website, you accept that you may not be able to use certain features and functions of our website.


7.

VIRTUAL EVENTS

In addition to and without affecting the generality of the other provisions of this privacy policy, this Paragraph 7 shall apply in relation to virtual events such as, but not limited to, webinars, video-conferences and/or virtual meetings and workshops (“Virtual Events”).

7.1

In the course of Virtual Events, visual and/or audio recordings of you, including but not limited to photographs, videos, images, and recordings of interviews, may be carried out by us or parties appointed by us for the purposes of record and/or post-event publicity on our website, social media platforms, and/or any other publications such as newsletters, and/or any third party’s website, social media platforms and/or other publications approved by us. By participating in these Virtual Events, you consent to the collection, use and disclosure by Stone Forest Group of any visual and audio recordings taken of you including through third-party virtual event facilities during such Virtual Events for the aforementioned purposes.

7.2

By participating in our Virtual Events, you release Stone Forest Group, its officers, employees, and each and all persons involved, from any liability connected with the taking, recording, or publication of the said visual and/or audio recordings.

7.3

The Virtual Events and any of their recordings are to be viewed by the registrant only. Unless otherwise indicated, Stone Forest Group and/or the Virtual Event presenter(s) own the copyright for all content presented, referenced or otherwise used in the Virtual Event. The Virtual Events (and any content therein) must not be recorded, reproduced, modified, redistributed and/or republished in any way (in whole or in part) without the prior written consent of Stone Forest Group and/or the Virtual Event presenter(s).


8.

REVIEW AND CORRECTION

8.1

If you wish to make a request (a) for access to the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) to correct or update such personal data, you may submit your request to our Data Protection Officer (“DPO”) via the email set out in Paragraph 12 below.

8.2

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.


9.

WITHDRAWAL

9.1

You may, subject to applicable law, regulations and professional standards, at any time, give us reasonable written notice of your withdrawal of consent to collect, use or disclose the personal data. If you choose to withdraw your consent to any or all or the disclosure of your personal data, please note that we may not be in a position to continue providing our services to you. Withdrawal may also result in the termination of any agreement you may have with us.


10.

DATA INTERMEDIARY


We are a Data Intermediary when we process personal data on behalf of and for the purposes of another organisation (such organisation shall be referred to as “Data Controller”). Without prejudice to the terms of engagement entered into between the parties, this Paragraph 10 shall apply when we process personal data as a Data intermediary of a Data Controller.

10.1

If we process personal data as a Data Intermediary, we will process the personal data only to the extent necessary for the purposes specified in the relevant engagement and in accordance with the Data Controller’s instructions from time to time given in writing. We will not process the personal data for any other purpose.


10.2

In addition, we will:

  1. observe the relevant obligations under relevant applicable laws in the performance of our services and take appropriate administrative and technical security measures to protect personal data in accordance with the provisions of this Statement;
  2. notify the Data Controller promptly in writing if we become aware of any accidental or unauthorized disclosure, alteration, destruction or loss of personal data (“Incident”) unless prohibited from doing so by law;
  3. take reasonable action within reasonable time to respond to an Incident, including, without limitation, to investigate the Incident, mitigate the impact and scope of the Incident, and to carry out such recovery or other action we determine necessary in the circumstance to remedy the Incident; and
  4. not hold personal data any longer than is necessary for the purpose for which it was collected, or as required by law.

10.3

In order to perform the services as a Data Intermediary, we may share personal data with our subsidiaries, affiliates and subcontractors who need to access such personal data to meet our obligations under the engagement. When doing so, we will require them to ensure that the personal data are kept secure and confidential in accordance with the provisions of this Statement.

10.4

At all relevant times, the Data Controller remains accountable to the individual data subjects in respect of their personal data. In that regard, the Data Controller shall:

  1. have lawfully obtained personal data of the relevant individual data subjects (including any officers, employees and contractors), have sufficient legal grounds, including all necessary authorizations, consents or permissions from such individual data subjects to provide us with such personal data, and that the same are accurate and provided, in any form, to us in a secured way;
  2. provide us with specific written instructions with regard to the processing of personal data. Oral instructions given by the Data Controller’s authorised representatives will be accepted by us in case of emergency only and subject to immediate written confirmation;
  3. inform us immediately in writing of any change, including any error or omission, with regard to the lawful processing and use of any of the personal data; and
  4. be responsible for receiving and responding to any access or correction request made by the individual data subjects related to their personal data, and shall inform us as soon as reasonably possible of any such request.

11.

CHANGES TO PERSONAL DATA PRIVACY STATEMENT

11.1

We may amend this Statement from time to time and the updated versions will be posted on our website and date stamped so that you are aware of when the Statement was last updated. We encourage all users to periodically review our website for the latest information on our privacy practices. Continued use of our services and website following the posting of changes to this Statement shall constitute your consent to such changes.


12.

INQUIRIES

12.1

If you require more information relating to this Statement or require or access to correct or update your personal data or to withdraw your consent, please contact us at:

Data Protection Officer
Email: DPO@StoneForest.com.sg


If your personal data was provided to us by a third party or Data Controller, kindly contact that organisation to make such a request or query on your behalf.



Last updated February 2022