DATA PROTECTION POLICY

Introduction:

At Wildlings Pte. Ltd. ("Wildlings"), we are committed to safeguarding the personal data of our clients, employees, and partners. This Data Protection Policy outlines our approach to data protection to ensure that we handle personal data in accordance with the Personal Data Protection Act (PDPA).

 

Scope of Policy: This policy applies to all personal data collected, stored, and processed by Wildlings across all platforms and interactions, including our website hosted by Wix, data stored in Microsoft Cloud SharePoint, and any information we receive from third parties.

​

1. Definition of Personal Data: Personal Data refers to any information about an individual who can be identified from that data. This includes, but is not limited to, names, identification numbers, contact information, and any other pertinent personal details provided to us.

​

2. Collection of Personal Data: Wildlings collects personal data through:

• Direct interactions with clients via face-to-face meetings, emails, phone calls, and other communication channels.

• Electronic submissions through our website hosted on Wix.

• Information received from third parties, such as educational institutions or event partners.

​​

3. Purpose of Data Collection: The collection, use, and disclosure of personal data by Wildlings are intended for the following purposes:

• To deliver and improve the services provided by Wildlings.

• To facilitate the administration and management of our clients' relationships with us.

• To comply with legal and regulatory obligations.

• To support marketing and promotional campaigns, subject to obtaining explicit consent.

​​

4. Data Protection Measures: Security Measures:

​

a) Microsoft SharePoint Cloud Storage:

• Wildlings securely manages sensitive data provided by third parties using Microsoft SharePoint, a cloud-based service known for its robust security measures. SharePoint ensures the safety of our documents and data with features such as data encryption both at rest and in transit, advanced threat protection, strict access controls, and compliance with major global security standards. This comprehensive security framework helps us maintain compliance with industry-standard security measures and data protection laws, providing a secure and reliable environment for managing our clients' sensitive information.

​

b) Wix Platform Security:

• Wildlings utilizes the Wix platform for our website operations, including the secure collection and management of user data. Wix is committed to protecting user information with robust security measures. These measures include advanced data encryption to safeguard data both at rest and in transit, ensuring comprehensive protection against unauthorized access, data breaches, and other potential security threats. Additionally, Wix regularly updates its security protocols and follows industry best practices to prevent data alteration or destruction. This proactive approach ensures that our website remains a secure portal for managing our interactions and transactions with clients.

​

5. Data Retention and Disposal Procedure

 

a) Data Retention:

• Purpose and Duration:

  • Personal data should be retained only for the duration necessary to fulfill the purposes outlined when the data was collected. This includes providing services, complying with legal obligations, resolving disputes, and enforcing our agreements.

  • Establish specific retention periods for different categories of personal data based on legal, contractual, and operational requirements.

• Review and Audit:

  • Conduct periodic reviews of all data retained to determine if the data is still necessary for the purpose for which it was collected.

  • Keep an inventory of all data categories and their corresponding retention timelines to streamline the review process.

• Legal Compliance:

  • Ensure that retention policies are in compliance with applicable laws and regulations regarding data retention. This includes sector-specific requirements that may dictate longer retention periods.

​b) Data Disposal:

• Secure Disposal Methods:

  • Implement secure disposal methods to ensure that personal data is permanently destroyed and cannot be reconstructed or read. Data disposal methods may include:

    • Physical destruction: Use of cross-cut shredders or incineration for paper records.

    • Digital wiping: Employ software designed to completely erase data from storage devices, adhering to industry standards for data deletion.

• Certification of Disposal:

  • For sensitive data, consider using a certified disposal service that can provide a certificate of destruction, ensuring that the data has been disposed of in accordance with regulatory requirements and industry standards.

• Disposal Documentation:

  • Maintain records of the disposal process, including the type of data disposed, the disposal method used, the date of disposal, and the personnel responsible. This documentation will provide an audit trail and proof of compliance with the disposal policy.

• Training and Awareness:

  • Train staff involved in data handling and disposal on secure disposal procedures and the importance of protecting personal data. Regularly update training to reflect any changes in legal requirements or best practices.

• Regular Policy Review:

  • Regularly review and update the disposal procedures to adapt to new technologies, changes in regulatory requirements, and operational needs.

​

6. Third-Party Data Sharing:

• The sharing of personal data to third parties will be avoided wherever possible and will only be permitted when it is essential for safety or the delivery of the service or product. 

• In the event that personal data is provided to third parties, all third parties are obligated to adhere to our data protection standards and are required to provide evidence of their compliance.

​​

7. Consent Management:

• Consent for the collection, use, and disclosure of personal data is obtained prior to or at the time of data collection. Clients may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

• To withdraw consent, clients may do any of the following:

  • Unsubscribe from email communications using the function in Wix.​

  • Email hello@wildlings.sg and request that all data is disposed of. 

  • Send a WhatsApp message to Wildlings with their request. 

​​

8. Access and Correction Requests:

• Individuals have the right to access and correct their personal data held by Wildlings. Requests for access or correction can be made through our designated Data Protection Officer who can be reached at caroline@wildlings.sg. 

​

9. Notifiable Data Breach

 

a) Definition of a Notifiable Data Breach:

Under the PDPA, a notifiable data breach is a data breach that:

• Results in significant harm to the individuals whose personal data has been affected; or

• Is of significant scale, affecting 500 or more individuals.

 

Significant harm could include identity theft, damage to reputation, loss of employment or business opportunities, financial loss, and any other significant emotional or physical harm.

Procedure for Managing Notifiable Data Breaches:

 

b) Detection and Assessment:

• Implement measures to quickly identify potential data breaches. This includes monitoring for security incidents and anomalies in data handling.

• Once a breach is detected, assess promptly to determine if it qualifies as a notifiable data breach under the PDPA guidelines. 

• Contact for more information; PDPC General Enquiries at +65 6377 3131.

​​

c) Containment and Remediation:

• Take immediate action to contain the breach. This might involve disabling affected systems, revoking or changing access credentials, or isolating the affected data segments to prevent further unauthorized access.

• Identify the root cause of the breach and take steps to prevent recurrence.

​​

d) Notification to the PDPC:

• If the breach is determined to be notifiable, notify the Personal Data Protection Commission (PDPC) no later than 72 hours after establishing that the breach is indeed notifiable.

• The notification to the PDPC should include details of the breach such as the nature and extent of the breach, type of personal data involved, possible consequences of the breach, and measures taken or to be taken by the organization in response to the breach.

​​

e) Communication to Affected Individuals:

• Inform affected individuals without undue delay if the breach is likely to result in significant harm to them.

• The notification should be clear about the nature of the breach, the possible harm, the steps taken to safeguard their interests, and how they can mitigate possible adverse effects.

​​

f). Documentation:

• Document all data breaches (notifiable and non-notifiable) to assess patterns or weaknesses in data protection practices.

• Maintaining records of data breaches helps in compliance with PDPA and aids in any legal or regulatory assessments.

​​

g) Review and Preventive Measures:

• After managing and resolving the data breach, review the incident and the effectiveness of the response strategy.

• Update security practices, employee training, and breach detection and management processes based on lessons learned.

​​

h) Training and Awareness:

• Regularly train staff on how to prevent, detect, and respond to data breaches.

• Increase awareness about the importance of safeguarding personal data and the implications of data breaches.

​​

10. Updates to Policy:

• This policy may be updated periodically to reflect changes in our data protection practices or relevant laws. The most current version of the policy is this version posted on our website.

 

11. Contact Information:

 

For any inquiries or complaints regarding data protection, please contact our Data Protection Officer at caroline@wildlings.sg, +65 8875 5919. 

​

This Data Protection Policy is part of the Terms and Conditions governing the use of Wildlings' services and should be read in conjunction with those Terms and Conditions. By continuing to use our services and providing us with your personal data, you acknowledge and agree that you understand and consent to the practices described in this policy.

​