Division 1 - Consent
13. - Consent required14. - Provision of consent15. - Deemed consent16. - Withdrawal of consent17. - Collection, use and disclosure without consentDivision 2 - Purpose
18. - Limitation of purpose and extent19. - Personal data collected before appointed day20. - Notification of purposeDivision 1 - Preliminary
36. - Interpretation of this Part37. - Meaning of “specified message”38. - Application of this PartDivision 2 - Administration
39. - Register40. - Applications41. - Evidence42. - Information on terminated Singapore telephone numberDivision 3 - Specified message to Singapore telephone number
43. - Duty to check register44. - Contact information45. - Calling line identity not to be concealed46. - Consent47. - Withdrawal of consent48. - Defence for employee49. - Advisory guidelines50. - Powers of investigation51. - Offences and penalties52. - Offences by bodies corporate, etc.53. - Liability of employers for acts of employees54. - Jurisdiction of court55. - Composition of offences56. - General penalties57. - Public servants and public officers58. - Evidence in proceedings59. - Preservation of secrecy60. - Protection from personal liability61. - Symbol of Commission62. - Power to exempt63. - Certificate as to national interest64. - Amendment of Schedules65. - Power to make regulations66. - Rules of Court67. - Saving and transitional provisions68. - Dissolution
1. - An organisation may collect personal data about an individual without the consent of the individual or from a source other2. - In this paragraph and paragraph 1(h) —3. - (1) The conditions in this paragraph shall apply if the personal data is collected under paragraph 1(p).4. - For the avoidance of doubt, personal data disclosed before the appointed day in the circumstances and conditions set out in
1. - An organisation may disclose personal data about an individual without the consent of the individual in any of the following2. - In the case of disclosure under paragraph 1(c), the organisation shall, as soon as may be practicable, notify the individual3. - (1) The conditions in this paragraph shall apply to personal data disclosed under paragraph 1(p).4. - Paragraph 1(q) shall not apply unless —5. - For the avoidance of doubt, personal data collected before the appointed day in the circumstances and conditions set out in
“business” includes the activity of any organisation, whether or not carried on for purposes of gain, or conducted on a regular, repetitive or continuous basis, but does not include an individual acting in his personal or domestic capacity;
“business contact information” means an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes;
(b) provides credit reports on a routine, non-profit basis as an ancillary part of a business carried on for gain or profit;
(b) resident, or having an office or a place of business, in Singapore;
(5) Except where business contact information is expressly referred to, Parts III to VI shall not apply to business contact information.
(5) An organisation shall make available to the public the business contact information of at least one of the individuals designated under subsection (3) or delegated under subsection (4).
(c) on request by the individual, the business contact information of a person who is able to answer on behalf of the organisation the individual’s questions about the collection, use or disclosure of the personal data.
(b) on request by the individual, the business contact information of a person who is able to answer the individual’s questions about that collection, use or disclosure on behalf of the organisation.
(b) subject to subsection (3), send the corrected personal data to every other organisation to which the personal data was disclosed by the organisation within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
(b) retention is no longer necessary for legal or business purposes.
(b) a membership in any club or organisation if the club or organisation is a business formed to make a profit for its owners;
(vii) to offer to provide a business opportunity or an investment opportunity;
(viii) to advertise or promote a business opportunity or an investment opportunity;
(ix) to advertise or promote a provider, or prospective provider, of a business opportunity or an investment opportunity; or
(i) produced in the course, and for the purposes, of the individual’s employment, business or profession; and
(i) is collected by an organisation, being a party or a prospective party to a business asset transaction with another organisation, from that other organisation;
(iii) relates directly to the part of the other organisation or its business assets with which the business asset transaction is concerned;
(i) the business of which consists, in whole or in part, of news activity carried out in relation to a relevant broadcasting service, a newswire service or the publication of a newspaper; and
(2) If the organisation is a prospective party to a business asset transaction —
(a) the personal data collected must be necessary for the organisation to determine whether to proceed with the business asset transaction; and
(b) the organisation and the other organisation must have entered into an agreement that requires the prospective party to use or disclose the personal data solely for purposes related to the business asset transaction.
(3) If an organisation enters into the business asset transaction with another organisation —
(b) if any of the personal data collected does not relate directly to the part of the other organisation or its business assets with which the business asset transaction entered into is concerned, the organisation shall destroy, or return to the other organisation, any such personal data; and
(i) the business asset transaction has taken place; and
(4) If a business asset transaction does not proceed or is not completed, the organisation shall destroy, or return to the other organisation, all the personal data collected.
(5) In this paragraph and paragraph 1(p), “business asset transaction” has the same meaning as in paragraph 3(4) of the Fourth Schedule.
(i) is disclosed to a party or a prospective party to a business asset transaction with the organisation;
(iii) relates directly to the part of the organisation or its business assets with which the business asset transaction is concerned;
(2) In the case of disclosure to a prospective party to a business asset transaction —
(a) the personal data must be necessary for the prospective party to determine whether to proceed with the business asset transaction; and
(b) the organisation and prospective party must have entered into an agreement that requires the prospective party to use or disclose the personal data solely for purposes related to the business asset transaction.
(3) If the organisation enters into the business asset transaction, the employees, customers, directors, officers and shareholders whose personal data is disclosed shall be notified that —
(a) the business asset transaction has taken place; and
“business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation other than the personal data to be disclosed under paragraph 1(p);
“party” means another organisation that enters into the business asset transaction with the organisation.
