Huku Kwetu Stays adheres to Singapore’s Personal Data Protection Act (PDPA), a cornerstone for data privacy protection within the country. The PDPA complements industry-specific regulations like the Banking Act and Insurance Act. It establishes various requirements governing the collection, use, disclosure, and security of personal data in Singapore. For more information on the PDPA, visit the Personal Data Protection Commission’s website at https://www.pdpc.gov.sg/.

Scope

The PDPA applies to personal data stored electronically and in physical formats.

Data Obligations

Huku Kwetu Stays complies with the following PDPA obligations to safeguard personal information entrusted to us by our Singaporean customers and employees:

• Accountability: We take measures to uphold our PDPA obligations, including providing information about our data protection practices and complaint process upon request. We have also designated a Data Protection Officer (DPO) whose contact information is publicly available.
• Notification: Our online privacy policy [Privacy Policy] informs individuals about the purposes for which we collect, use, or disclose their personal data.
• Consent: We only collect, use, or disclose personal data with an individual’s consent. Individuals have the right to withdraw consent with reasonable notice and be informed of the consequences of such withdrawal. Upon consent withdrawal, we cease to collect, use, or disclose their personal data.
• Purpose Limitation: We only collect, use, or disclose personal data for purposes deemed reasonable under the circumstances and for which the individual has provided consent. We will not require consent exceeding what’s necessary to provide a product or service.
• Accuracy: We make reasonable efforts to ensure the accuracy and completeness of collected data, particularly when used for decision-making or disclosure to other organisations.
• Protection: We implement security measures to safeguard personal data in our possession from unauthorised access, collection, use, disclosure, or similar risks.
• Retention Limitation: We retain personal data only for as long as necessary for business or legal purposes. Once no longer needed, we dispose of the data securely.
• Transfer Limitation: Personal data transfers to other countries adhere to PDPA regulations to ensure a standard of protection comparable to Singapore’s. Exceptions may apply based on approval from the Personal Data Protection Commission (PDPC).
• Access and Correction: Upon request, we provide individuals with access to their personal data and information about how it was used or disclosed within the past year. We will also correct any errors or omissions in an individual’s data as soon as practicable and send the corrected data to organisations to which the data was disclosed, if applicable.
• Data Breach Notification: In the event of a data breach that is likely to result in significant harm to individuals or is of significant scale, we will notify the PDPC and affected individuals as soon as practicable.
• Data Portability: At an individual’s request, we can transmit their data in a commonly used machine-readable format to another organisation.

Changes to this Statement

We may modify this statement from time to time to reflect changes in laws, the PDPA, or our business practices. We reserve the right to amend this statement at any time.

Contact Information

For questions or comments regarding this statement, how we handle your personal information, or to update your information, please contact our Data Protection Officer: [email protected]