1. INTRODUCTION
      This Data Privacy Policy outlines the commitment of Times Software Pte Ltd to protect the personal data of its employees, customers, partners, and other stakeholders. This policy is aligned with the ISO 27001:2022 standard and relevant data protection regulations, including the Personal Data Protection Commission (PDPC) Singapore.
    2. PURPOSE
      The purpose of this policy is to establish a framework for the processing, storage, and protection of personal data within Times Software Pte Ltd, ensuring compliance with legal obligations and safeguarding the privacy rights of individuals.
    3. SCOPE
      This policy applies to all employees, contractors, and third parties who process personal data on behalf of Times Software Pte Ltd. It covers all data processing activities, including the collection, use, storage, transfer, and disposal of personal data.
    4. DEFINITIONS
      • Personal Data: Any information relating to an identified or identifiable natural person.
      • Data Subject: The individual whose personal data is being processed.
      • Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
      • Data Controller: The entity that determines the purposes and means of processing personal data.
      • Data Processor: The entity that processes personal data on behalf of the Data Controller.
    5. DATA PROTECTION PRINCIPLES
      Times Software Pte Ltd adheres to the following data protection principles:
      5.1 Lawfulness, Fairness, and Transparency
      Personal data will be processed lawfully, fairly, and in a transparent manner.
      5.2 Purpose Limitation
      Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
      5.3 Data Minimization
      Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
      5.4 Accuracy
      Personal data will be accurate and, where necessary, kept up to date.
      5.5 Storage Limitation
      Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
      5.6 Integrity and Confidentiality
      Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
      5.7 Account ability
      Times Software Pte Ltd will be responsible for, and be able to demonstrate compliance with, these principles.
    6. ROLES AND RESPONSIBILITIES
      • Data Protection Officer (DPO): The DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with data protection laws and policies.
      • Information Security Manager: Responsible for the implementation and maintenance of the Information Security Management System (ISMS) in line with ISO 27001:2022.
      • All Employees: Responsible for adhering to this policy and ensuring that personal data is processed in compliance with applicable laws and regulations.
    7. DATA PROCESSING ACTIVITIES
      7.1 Data Collection
      Personal data will be collected directly from the data subject wherever possible. When indirect collection is necessary, data subjects will be informed of the source of the data.
      7.2 Data Use
      Personal data will only be used for the purposes specified at the time of collection or as otherwise permitted by law.
      7.3 Data Storage
      Personal data will be stored securely in compliance with ISO 27001:2022 requirements, with access restricted to authorized personnel only.
      7.4 Data Sharing
      Personal data will not be shared with third parties unless there is a legitimate reason to do so, and appropriate data protection agreements are in place.
      7.5 Data Retention and Disposal
      Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected. When no longer required, data will be securely disposed of in accordance with the data retention policy.
    8. USER PRIVACY IN OUR SOFTWARE AND PRODUCTS
      Times Software Pte Ltd is committed to protecting user privacy in all of its software and products. The following measures are in place to ensure the highest level of privacy protection:
      8.1 Privacy by Design
      From the initial stages of software and product development, Times Software Pte Ltd incorporates privacy and data protection principles into the design and architecture of all systems. This includes minimizing data collection, ensuring anonymization or pseudonymization where possible, and implementing strong access controls.
      8.2 Data Encryption
      All personal data processed by our software and products is encrypted both in transit and at rest using industry-standard encryption algorithms. This ensures that data remains secure and confidential, even in the event of unauthorized access.
      8.3 User Consent and Control
      Users are provided with clear information about what data is being collected and for what purposes. They are given the ability to consent to or opt-out of data processing activities wherever possible. Additionally, users can access, modify, or delete their data through user-friendly interfaces within our software.
      8.4 Regular Security Assessments
      Our software and products undergo regular security assessments, including vulnerability scans and penetration testing, to identify and mitigate potential risks. These assessments are conducted by internal teams as well as independent third party security experts.
      8.5 Data Anonymization
      Wherever possible, personal data is anonymized or pseudonymized to protect user privacy. This reduces the risk of identifying individuals from the data, especially when data is used for analysis or research purposes.
      8.6 Incident Response and Breach Management
      In the event of a data breach, our software and products are designed to detect, respond to, and contain the incident rapidly. Users will be notified of any breaches that may affect their personal data, in accordance with legal requirements and our Data Breach Response Plan.
    9. DATA SUBJECT RIGHTS
      Data subjects have the following rights:

      • Right to Access: The right to request access to their personal data.
      • Right to Rectification: The right to request correction of inaccurate or incomplete data.
      • Right to Erasure: The right to request deletion of their personal data.
      • Right to Restrict Processing: The right to request the restriction of processing of their personal data.
      • Right to Data Portability: The right to request transfer of their personal data to another organization.
      • Right to Object: The right to object to the processing of their personal data.
    10. DATA BREACH MANAGEMENT
      In the event of a data breach, Times Software Pte Ltd will follow the procedures outlined in the Data Breach Response Plan. This includes immediate containment and mitigation measures, notification to affected data subjects, and reporting to relevant authorities as required by law.
    11. TRAINING AND AWARENESS
      All employees will receive regular training on data protection and privacy, including updates on changes to relevant laws and regulations.
    12. MONITORING AND REVIEW
      This policy will be reviewed annually, or more frequently if necessary, to ensure its continued relevance and compliance with applicable laws and standards.
    13. COMPLIANCE AND ENFORCEMENT
      Non-compliance with this policy may result in disciplinary action, up to and including termination of employment. Contractors and third parties who violate this policy may face termination of contracts or legal action.
    14. DATA PROTECTION OFFICER
      You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
      Contact No.      : 62951998
      Email Address  : dpo@timesoftsg.com.sg

EFFECT OF POLICY AND CHANGES TO POLICY

    1. This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
    2. We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective date : 26 Aug 2024
Last updated : 26 Aug 2024