Data Governance

  1. Introduction

Hong Teck Hin Hardware & Machinery Pte Ltd ("the Company") is committed to protecting and managing personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore. This Data Governance Policy establishes the principles, practices, and guidelines for the collection, use, disclosure, protection, and management of personal data within the Company.

The policy applies to all employees, third-party service providers, and any other personnel involved in handling personal data for the Company. The Company collects personal data as part of its operations in distributing and wholesaling products such as Henkel Loctite and equipment, and ITW’s polymer Devcon metal repair putty and coating.

This policy governs all activities related to the processing of personal data by the Company and ensures compliance with the PDPA.

  1. Scope

This policy applies to all forms of personal data that are collected, processed, stored, transferred, or disclosed by the Company, including personal data of:

  • Customers
  • Suppliers
  • Employees
  • Third-party service providers
  • Other individuals with whom the Company interacts in the course of business operations.
  1. Personal Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer (DPO) who is responsible for overseeing the Company's compliance with the PDPA. The DPO is also responsible for implementing this policy, handling personal data-related queries or complaints, and ensuring that all employees understand and comply with the policy.

DPO Contact Information:

  • Email: ian@hongteckhin.com.sg
  • Telephone: +65 6294 3600
  • Address: Block 4010, Ang Mo Kio Ave 10, #04-03 Techplace 1, Singapore 569626
  1. Key Principles

The following principles guide the Company’s data governance practices:

4.1 Lawful Purpose

Personal data shall only be collected, used, or disclosed for purposes that are specific, clearly defined, and lawful, and only after consent has been obtained from the individual unless otherwise required by law.

4.2 Consent

Consent will be obtained from individuals before the collection, use, or disclosure of their personal data, except where required or permitted by law. Individuals may withdraw their consent at any time by providing reasonable notice to the Company.

4.3 Notification

The Company shall notify individuals of the purposes for which their personal data is being collected, used, or disclosed, either at the time of collection or before such actions take place.

4.4 Data Minimization

Only personal data that is necessary to fulfill the identified purposes shall be collected. The Company will ensure that the data collected is adequate and not excessive.

4.5 Accuracy

The Company will take reasonable steps to ensure that the personal data collected is accurate, complete, and up to date, especially where the data is likely to be used to make decisions that affect the individual.

4.6 Access and Correction

Individuals have the right to access and correct their personal data held by the Company. Requests for access or corrections should be directed to the DPO, and the Company will respond to such requests within a reasonable time.

4.7 Retention

Personal data will only be retained for as long as it is necessary to fulfill the purposes for which it was collected or as required by law. Once the data is no longer required, it will be securely disposed of or anonymized.

4.8 Security

The Company will implement appropriate security measures to protect personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.

4.9 Accountability

The Company will be responsible for ensuring compliance with the PDPA and this Data Governance Policy. Employees and service providers handling personal data must adhere to this policy and are accountable for ensuring that personal data is managed responsibly.

  1. Collection of Personal Data

Personal data may be collected from individuals through various means, including but not limited to:

  • Forms on our Website (e.g., contact forms, inquiry forms)
  • Direct interactions via email or telephone
  • Contracts, purchase orders, and other business documents

The types of personal data the Company may collect include:

  • Name, contact details (email, phone number), and address
  • Employment information (for employees and job applicants)
  • Billing and shipping information (for customers)
  • Transactional information related to purchases and services provided
  1. Use of Personal Data

The Company will use personal data only for the purposes for which it was collected or for any other purpose consented to by the individual. Examples of uses include:

  • Processing and fulfilling orders
  • Communicating with customers regarding inquiries or orders
  • Conducting marketing campaigns (with consent)
  • Managing business operations such as invoicing and payment processing
  • Legal compliance
  1. Disclosure of Personal Data

The Company may disclose personal data to third parties for purposes that are necessary to fulfill the service or transaction, such as:

  • Service providers (e.g., logistics providers, IT services)
  • Regulatory bodies or government agencies as required by law
  • Business partners or subcontractors engaged to provide services

The Company will take appropriate steps to ensure that third parties to whom personal data is disclosed are bound by similar data protection obligations.

  1. Protection of Personal Data

The Company shall implement appropriate security measures to protect personal data, including:

  • Physical security measures such as access control systems for physical data storage
  • Digital security measures such as encryption, firewalls, and secure servers
  • Regular review and updates of security practices to mitigate risks

Employees are required to comply with internal security policies and practices and must report any suspected data breaches or security incidents to the DPO.

  1. Data Breach Notification

In the event of a data breach or security incident involving personal data, the Company will take immediate steps to contain and investigate the breach. The DPO will assess the breach’s severity and determine whether it must be reported to the Personal Data Protection Commission (PDPC) and affected individuals, in accordance with the PDPA’s breach notification requirements.

  1. Retention of Personal Data

The Company shall retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once personal data is no longer needed, the Company will take steps to ensure that it is securely disposed of or anonymized.

  1. Access and Correction of Personal Data

Individuals may submit requests to access or correct their personal data by contacting the DPO. The Company will respond to such requests within a reasonable timeframe, typically within 30 days, unless additional time is needed due to the complexity of the request.

If the Company is unable to fulfill a request, it will provide a reasonable explanation for the denial, as permitted by law.

  1. Review of Policy

The Company will review and update this Data Governance Policy periodically to ensure its relevance and compliance with legal and regulatory developments. Employees will be notified of any significant changes to this policy, and the updated policy will be made available on the Company’s website.

  1. Training and Awareness

The Company will provide regular training to employees to ensure that they are aware of their responsibilities under the PDPA and this Data Governance Policy. Employees handling personal data will be required to comply with all internal policies, standards, and procedures related to personal data protection.

  1. Queries and Complaints

If you have any queries, concerns, or complaints regarding how your personal data is handled, please contact our DPO at:

  • Email: ian@hongteckhin.com.sg
  • Telephone: +65 6294 3600
  • Address: Block 4010, Ang Mo Kio Ave 10, #04-03 Techplace 1, Singapore 569626

We will strive to address and resolve any complaints in a timely and satisfactory manner.

By interacting with us, providing your personal data, or using our Website, you acknowledge that you have read, understood, and agree to this Data Governance Policy.