1. Introduction

Events Architects Pte. Ltd. (“Events Architects”, “we”, “our” or “us”) is committed to the observance and fulfilment of the provisions in the Singapore’s Personal Data Protection Act 2012 (“PDPA“), General Data Protection Regulation (“GDPR”) and all relevant data protection laws. We place utmost importance on the proper management, protection and processing of your personal data.

2. About this Policy

This Privacy Policy (“Policy”) intends to assist you in understanding how we collect, use, disclose and/or process your personal data so that you can make an informed decision before providing us with your Personal Data.   The Policy sets out the essential details relating to your Personal Data relationship with Events Architects, particularly under the PDPA and GDPR.

For the purposes of this Policy, “Personal Data” refers to any information, whether true or not, relating to an identified or identifiable natural person.

3. Our role in processing your Personal Data

Under this Policy, a “Data Controller” is an individual or entity (e.g. company, public agency) determines the purposes and means of the processing of your Personal Data.

A “Data Processor” is an individual or entity (such as a company, public authority, agency or other body) which processes Personal Data on behalf of the Data Controller. The terms “process” or “processing” and other similar terms have a broad meaning and include any operation concerning your Personal Data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Depending on the context of personal information you provide, Events Architects may be the Data Controller or Data Processor, as applicable, of your Personal Data under this Policy.  We collect Personal Data via the following:   

a) Organising and managing conferences, exhibitions and incentive trips (each an “Event”);
b)  Facial Recognition portals, applications, products, features, and offerings (“FaceReg”) as part of organising and managing events.
c) For our own business : This includes certain data collected on our websites, such as contact-us forms, job applications, contact details of visitors as well as data collected through other marketing-related efforts (if any).

(Collectively, the “Services”)

When we process any Personal Data as a Data Controller or a Data Processor in relation to the Services, we shall process such information in accordance with this Policy.  If we are Data Processor for your Personal Data (i.e., not the controller), please contact the controller in the first instance to address your rights with respect to such data.

4. How we collect Personal Data

Depending on the nature of your interaction with us, we use different methods to collect Personal Data from and about you, including without limitation, through:

a. Direct Interactions

We may collect your Personal Data when you engage us for employment opportunities and in relation to any of our Services, whether in writing, orally or through our website, and/or attend any of our Events (e.g. registration forms, photographs, videos and/or audio recordings taken by us or our representatives at our Events). We may also collect Personal Data to comply with any Services you request, to correspond with you and/or where you submit your Personal Data to us for any other reason (whether voluntary or otherwise).

b. Automated Interactions

We may automatically collect your Personal Data when you interact with us (e.g. via our website or electronic communications). For more information on cookies, please refer to Clause 10 below. Additionally, we may capture your image through photographs and/or video recordings when you participate in our Events.

c. Deemed Consent

Events Architects may collect the personal data under the scope of “deemed consent” if the following criteria are satisfied:

  • Where the collection, use, or disclosure of personal data is reasonably necessary to conclude or perform a contract or transaction.
  • Where individuals have been notified of the purpose of the intended collection, use, or disclosure of his or her personal data and are given a reasonable opportunity to opt out (and have not opted out).

d. Third Parties

We may collect your Personal Data from third parties (e.g. recruitment/employment agencies, vendors, business partners, regulatory authorities, your employer or other organisations with whom you have dealings with) for the purposes of recruitment, providing our Services and/or in connection with our Events, including Personal Data in publicly available sources.

Where your Personal Data is collected from third parties, we will only use such Personal Data where you have provided your consent to the third party which would also cover our processing of your Personal Data or where Events Architects has a legitimate interest to use the Personal Data in order to evaluate the suitability of your employment with us or provide you with our Services.

If you have supplied third party personal data to us, you represent and warrant that you have obtained all necessary consents and/or have provided any required notices to the individuals except to the extent such consent and/or notice is not required under relevant laws: (i) to collect their personal data; (ii) to disclose their Personal Data to us; (iii) such Personal Data is true and correct; and (iv) we and third parties to use any of their Personal Data in the manner and for the purposes described herein. Alternatively, you may provide Personal Data to us if you have another legal justification to provide such information to us so that we can use it for the purposes and on the bases set out in this Policy.

5. What Personal Data we collect

The type and quantity of Personal Data we collect and how we use it depends on the purpose for which you provided such Personal Data. We will seek to minimise our collection to what is necessary for each relevant function or service.

Events Architects may collect event attendee’s personal data as Data Controller as well as Data Processor. Depending on the context of the engagement, Events Architects shall process the data in accordance to PDPA as well as GDPR (where applicable). If you are unable to provide your personal data, we may not be able to assist you or you will not be able to register for the events.

Generally, we may collect, use, process, store and transfer different kinds of Personal Data about you when you participate in our Events or engage us for our Services or visiting our premises, including but not limited to the following:

  • Identification Information (Name, Email Address, Mobile Number);
  • Photograph of Event Attendees for facial recognition;
  • Video and audio recordings of the event;
  • Contact information;
  • Business or employment information;
  • Special and dietary requirements;
  • Information relating to the usage of our Services and/or in connection with our Events;
  • contact details of visitors; and
  • Other information you may choose to provide us.

When you seek employment with us, we may collect, use, process, store and transfer the following Personal Data:

  • Identification information (Name, Email Address, Mobile Number, DOB, including photographs);
  • Contact information;
  • Resume;
  • Educational qualifications, professional qualifications and certifications;
  • Employment history;
  • Employment references;
  • Employment training history;
  • Work related health issues and disabilities; and
  • Other information you may choose to provide us.

We may collect, use, or disclose personal data without having to obtain consent from the individuals in two additional circumstances:

  • Where it is in the legitimate interests of the organisation and the benefit to the public is greater than any adverse effect on the individual.
  • Where it is for business improvement purposes (e.g., for operational efficiency and service improvements, developing or enhancing products or services, knowing the organisation’s customers). It is also intended that this exception will apply to the collection, use, and disclosure of personal data by related corporations within a group, with additional safeguards and conditions to be satisfied.

6. How do we use your Personal Data

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will only do so if legally permitted and where you are provided with appropriate notice.

To the extent permitted under the PDPA, we may process your Personal Data based on consent. Such consent may be express, based on your agreement to any contract which incorporates these terms or deemed based on the circumstances by which we interact with you. We may also process your Personal Data where permitted by any exception in the relevant schedules to the PDPA.

Notwithstanding the above and where permitted under any other applicable law, and where the GDPR applies, we will generally process your Personal Data in accordance with one or more of the following:

a) it is necessary for the performance of a contract with you;
b) it is necessary in connection with a legal obligation and/or as required by governmental authorities;
c) you have provided us with consent;
d) it is necessary to establish, exercise or defend a legal claim;
e) the information is available in the public domain; and/or
f) it is necessary for our legitimate interest (or those of a third party).

The particular legitimate interest upon which we rely on includes, without limitation, the following:

a) to perform our obligations in connection with an Event or in the course of providing our Services;
b) to manage our relationship with you and facilitate the provision of our Services;
c) to monitor, analyse and protect our business, including the activities of individuals at our Events;
d) to facilitate our internal business operations including but not limited to recruitment and employment purposes;
e) to comply with any requests from you;
f) to comply with any legal, regulatory or professional obligation; and/or
g) to personalise your customer experience, develop our business and/or improve on our Services.

Please note that if you choose not to provide us with your Personal Data or choose not to consent to our processing of your Personal Data, we may not be able to provide some or all of our Services to you or respond to your other requests; for job applicants, we would not be able to evaluate your suitability against our employment opportunities.

These purposes may continue to apply even in situations where your relationship with us has been terminated or altered in any way. In such cases, we may still retain personal data relating to you and use or disclose such information for legal or business purposes, including for compliance with the PDPA, GDPR and/or other applicable laws.

7. Disclosing your Personal Data

We may disclose your Personal Data to third parties from time to time, but will only transfer such Personal Data in these circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. Some of these parties may include:

a) third party service providers (e.g. event venues, hotels, IT services, data analytics);
b) our affiliates or partners;
c) event attendees, exhibitors or sponsors; and/or
d) regulatory or supervisory authorities.

8. Data Protection and Retention

a. Protection and Security

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, and disclosing Personal Data both internally and to our authorised third party service providers and agents only on a need-to-know basis.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. Nevertheless, do note that while we will endeavour to take all reasonable measure to protect your Personal Data, you should similarly take all necessary precautions, such as implementing strong passwords, firewalls and anti-virus programs, and limiting access to your computer and avoiding misplacing any documents or access passes.

b. Retention

We keep your Personal Data only for as long as necessary for recruitment and employment purposes or to provide you with the Services or to fulfil our processing purposes, in accordance with our legal obligations and for legitimate business purposes.

The retention period for your Personal Data may vary based on the specific circumstances. Nevertheless, in determining the appropriate period to lawfully retain your Personal Data, we will consider inter alia, the:

(i) amount, nature and sensitivity of Personal Data;
(ii) purposes for which Personal Data is retained;
(iii) appropriate security measures and, if any, relevant technical constraints; and
(iv) applicable legal requirements.

We currently do not send out any marketing materials as at the date of this Policy.  However, we may send out marketing materials in the future.  In the event that we do, we will obtain consent from you.  However, please note that if you request that we stop sending you marketing materials, we may keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us. In such instances, we will endeavour to retain only minimal Personal Data to effect the above.

Nonetheless, if you withdraw your consent (where we rely on consent as our legal basis) or object to our processing of your Personal Data, you may at any time request that we erase or delete your Personal Data. Upon receipt of such request, we shall, within a reasonable time, delete or anonymise your Personal Data unless we are legally permitted or required to retain such Personal Data (e.g. ongoing dispute, tax or obligations, accounting purposes, compliance with any legal obligations).

9. Transfer to other countries

In the provision of our Services, the Personal Data we collect may be transferred to and processed by third parties in other countries. In all such instances, Events Architects shall ensure that the transfer of your Personal Data is carried out in accordance with any applicable laws, to overseas recipients that provide a comparable standard of data protection in accordance with requirements under the PDPA and that appropriate safeguards (e.g. contractual, technical and organisational measures) are put in place before such transfer takes place.

10. Cookies and Website

a. Cookies

In order to improve our services to you, we sometimes use automated tracking devices such as a “cookie”. For the purposes of this Policy, a cookie is a small amount of data that our web server sends to your web browser when you visit certain parts of our website and the use of which is intended to assist our understanding of your interest in our website. We may use the cookies to personalise the content, recommendations, track, record and analyse data in relation to the activity on our website (e.g. site traffic and volume, site usage statistics, operating system, referral source or device information), or recognise you whenever you return to our website for us to customise your browsing experience based on your preferences.

You can always choose to disable cookies from being stored on your computer by changing your browser settings. Please note that disabling cookies however, may result in a limited experience of our functionality of our website.

b. Website

On our website, we may, from time to time provide links to third party websites. In these instances, please note that Events Architects cannot be held responsible or liable for the privacy practices and policies of the third party. As such, please read the privacy policies of such third parties to find out how they process and collect your Personal Data.

11. How to Access and Control your Personal Data

Individuals are given rights in relation to their Personal Data pursuant to the applicable law. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Where we are Data Processors, we will assist the Data Controller as far as reasonably possible to help them respond to your requests.

For security reasons, kindly note that, in relation to certain rights, we may request for information to verify your identity before processing your request.

In general, the rights afforded to individuals are:

a. Right to Access

The right to be informed of and request access to the Personal Data that we process about you. This will enable you to check what Personal Data we are processing and whether the processing is lawful.

We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your access request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws).

b. Right of Correction/Rectification

The right to request that we amend or update your Personal Data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the Personal Data we collect is accurate and complete, you are responsible for ensuring the accuracy of the Personal Data that you provide to us directly.

We will respond to your correction request as soon as reasonably possible. Should we not be able to perform the correction request within 30 days after receiving your request, we will inform you in writing via email on the time by which we will be able to perform your correction request. If we are unable to perform a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws). If dissatisfied with the refusal to correct the personal data, individuals could email to DPO with other supporting documents to request for correction. DPO may assess the situation on case by case scenario.

c. Right to Withdrawn Consent

You have right to withdraw your consent at any time, where consent is the legal basis of the processing of your Personal Data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with the Event and/or providing the Service to you.

For individuals covered by the GDPR, they also have the following rights (as available and subject to any applicable law):

d. Right to Erasure

The right to request that we temporarily or permanently stop processing all or some of your Personal Data.

e. Right to Object

The right to object to your Personal Data being processed by us for direct marketing purposes, or to, at any time, object to us processing your Personal Data on grounds relating to your particular situation

f. Right to Data Portability

The right to request a copy of your Personal Data in electronic format and the right to transmit that Personal Data for use in another party’s service.

g. Right not to be subject to Automated Decision-making

The right to not be subject to a decision based solely on automated decision-making where the decision would have a legal effect on you or produce a similarly significant effect.

If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection at no cost. The electronic marketing messages you receive from Events Architects will also include an “unsubscribe” option within the message itself to enable you to manage your Personal Data. Please note that if you opt-out of receiving direct marketing materials, we may still send you non-promotional messages, such as receipts or information about the Services we are providing to you.

Additionally, you have the right at any time to lodge a complaint with your local Data Protection Authority if you are unhappy with the way in which we are using your Personal Data.

In order to enable you to exercise these rights with ease and to record your preferences in relation to how Events Architects uses your Personal Data, you may manage your privacy preferences at any time by contacting dpo@eventsarchitects.com.

12. Changes to this Policy

Kindly note that from time to time, we may amend the terms of this Policy in order to respond to changes in any applicable law or where we develop or offer new Services. Where the terms of this Policy change, we will provide you with notice as appropriate under the circumstances, including by displaying the notice within our website or by sending you an email. Additionally, you may also wish to refer to the “last modified” date at the end of this Policy. To the extent permitted under applicable law, by engaging us for our Services after such notice, you consent to our updates to this Policy.

13. Contact Us

With effect from 25 May 2018, the GDPR enters force.  To the extent practically possible, we have largely factored GDPR into this Privacy Policy and data protection practices.

If you have any questions about your privacy, your privacy rights, or how to exercise them, please feel free to contact our Data Protection Officer at dpo@eventsarchitects.com.

We will respond to your request within a reasonable period of time upon verification of your identity (if applicable).

Last modified: 1 September 2020