1.1  Under the PDPA, business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.

1.2 Personal information is only collected by lawful and fair means and not collected ‘just in case it may be useful in the future. We conduct regular reviews to ensure that the purposes for which the collection of personal data are still necessary and appropriate.

1.3 We collect personal data when you:

• Enter into an agreement or contract with us to provide you with our services;
• Respond to our electronic direct mails (EDMs) sent by us as part of our services;
• Are referred to us for our services by one of our clients;
• Enquire about our range of services;
• Visit our websites and leave behind contact information through our enquiry email.
• Communicate with us via calls, emails, or written correspondences;
• Submit your resume and cover letter to us in response to our recruitment advertisements;
• While conducting or completing of transactions with us.

1.4 We may collect, disclose or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations; 

• To respond to an emergency that threatens your life, health and safety or that of another individual; and
• Necessary in the national interest, for any investigation or proceedings.

In general, subject to the applicable exceptions permitted in the PDPA, before we collect the above personal data from you, we will notify you of the purposes for which your personal data may be collected, used and/or disclosed.

2.1  Before we collect, use or disclose personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of the personal data has changed.

2.2 You have a choice regarding our collection, use and disclosure of Personal Data. If you choose not to provide us with the personal data described in this Notice, we may not be able to fulfill our contractual duties towards you or facilitate your request or provide the service to you.

2.3 By providing personal data relating to a third party (e.g. spouse, children, parents, referees and/or employees), the individual shall represent and warrant that prior consent is obtained from such third party for the collection, use or disclosure of personal data.

2.4 We usually obtain consent from you who will be dealing directly with us. If you appoint a representative to provide consent on your behalf, you are required to provide an authorisation letter indicating the appointment. Do include the full name and type of valid document used to prove the identity of the appointed representative in the authorisation letter.

2.5 Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when seeking our services or applying for a job with us via email. We will not obtain your consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances.

• The personal data is publicly available;
• The personal data is disclosed by a public agency or disclosed to a public agency;
• The personal data is necessary for any investigation or proceedings;
• The personal data is necessary for legitimate interests, including evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for);
• The personal data is necessary for the purpose of managing or terminating an employment relationship;
• The personal data is necessary for a business asset transaction.
• The personal data is necessary for the purpose that is clearly in the interest of the individual or necessary to protect the vital interest of the individual;
• The personal data is necessary for business improvement, such as improving, enhancing or developing new goods or services.

3.1 The types of personal data we collect about an individual may include:

• Contact information (Name, Address, Phone No., Email Address);
• Personal details (Name, Country of Birth, Country of Residence, Citizenship, Nationality);
• Personal and professional details contained in the curriculum vitae and cover letter when you apply to us for a job.

4.1 We use the personal data provided to us for one or more of the following purposes;

• For services which we may offer to you or that you may request or obtain;
• For identification and verification purposes in connection with any of our services that you may request from us;
• To facilitate and/or deal with payment for the services provided by us;
• Process billing, payment and other credit-related activities;
• Conduct direct marketing activities through advertisements and EDMs on events managed by us;
• Communicate with clients / potential clients and website visitors;
• Respond to inquiries and feedback by an individual to improve our quality of services;
• Process employment passes of our employees/clients with the relevant government agencies;
• Process visa applications of our employees/clients with the relevant government agencies;
• Process job applications, recruitment and selection;
• Carry out our obligations arising from any contracts entered between our clients/contractors and us;
• Comply with or fulfill legal obligations and regulatory requirements;

5.1 We disclose some of the personal data provided to us to the following entities or
organisations outside our Company in order to fulfil our services to you:

• Government Agencies – MOM, CPF Board, IRAS, IMDA, HPB (employees only);
• Third parties who require the data in order to complete the service delivery process.

5.2 We will seek fresh consent from you if the original purpose for the disclosure of the personal data has changed. Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.

6.1 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you. A request for withdrawal of consent can be made in the form of an email or letter to us.

6.2 You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing.

6.3 Upon receipt of your written request to withdraw your consent, we may require a reasonable time depending on the complexity of the request) to process your request and notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 10 working days of receiving it.

6.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

7.1 We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.

7.2 If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in contact number, email and mailing address).

8.1 We have implemented appropriate administrative, physical and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.

8.2 We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data. We will only share your data with authorised persons on a need to know’ basis.

8.3 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your data and are constantly reviewing and enhancing our information security measures.

9.1 We have a document retention policy that keeps track of the retention schedules of the personal data provided to us, in paper or electronic forms. We will not retain any personal data when it is no longer needed for any business or legal purposes.

9.2 We will dispose of or destroy such documents containing personal data in a proper and secure manner when the retention limit is reached.

10.1 If you wish to make:

• An access request for access to:
• a copy of the personal data which we hold about you or
• information about the ways in which we use or disclose your personal data.
• a correction request to correct or update any of the personal data that we hold about you.

10.2 Request for to access and make correction can take the form of an email or letter to us. We will respond to your request as soon as reasonably possible, or within 21 working days. If we are unable to do so within the 21 working days, we will let you know and give an estimate of how much longer we require. We may also charge a reasonable fee for the cost involved in processing your access request.

11.1 Our data is stored in the cloud, in the Asia Pacific region with Microsoft SharePoint and Microsoft supports compliance with Singapore PDPA.

11.2 Besides using cloud storage, we do not transfer personal data to countries outside of Singapore. When there is such a need, we will obtain consent from the individual for the transfer to be made and we will take steps to ensure that his/her personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

12.1 We may use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit our website.

12.2 Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of the person computer at the end of the session.

12.3 You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.

13.1  You may contact our Data Protection Officer (DPO) via email if you have any enquiries, complaints or feedback on our personal data protection policies and procedures, or if you wish to make any requests.

13.2 Our DPO can be contacted via email: dpo@pohheng.com.sg

13.3  We treat all enquiries, complaints, feedback and requests seriously and will deal with them confidentially and within a reasonable time.

14.1  This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.

14.2   We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgment and acceptance of such changes.

Last updated 3rd March 2025