June 22, 2016
1. What information will you be collecting from your visitors?
List out specifically the types of information that you may collect and process. This ensures that you are transparent with your website visitors and/or users regarding what information about them that you are collecting and what types of activity you are monitoring.
2. Will you use the collected information in another country?
You have to state explicitly all the countries and/or territories in which you will be storing or using the data.
Note: Be extra careful if your server is located overseas or if you are a using a hosting service provider with overseas servers. You may be subject to additional provisions that restrict transfers of personal information.
3. How will you use the data you collected?
Next, it is crucial to specify the purposes for which you will use the information you have collected from your users. It is recommended that you create the most extensive list possible, to keep possibilities open for the future. Even if you are currently only using the data for record-keeping, there might come a time when you want to do direct marketing!
(a) ensuring that content from our site is presented in the most effective manner for you and for your computer;
(b) providing you with alerts, newsletter, education materials or information that you requested or signed up to;
(c) carrying out our obligations arising from any contracts entered into between you and us;
(d) allowing you to participate in interactive features of our service, when you choose to do so;
(e) designing and conducting surveys/questionnaires for client profiling/segmentation, statistical analysis, improving and furthering the provision our products and services;
(f) complying with laws and regulations applicable to us or any of our affiliates in or outside Singapore;
(g) legal proceedings, including collecting overdue amounts and seeking professional advices;
(h) researching, designing and launching services or products including seminars/events/forums;
(i) promoting and marketing services and products subject to your exercise of the opt-out right (please see further details in clause 2.2 below); or
(j) purposes directly related or incidental to the above.
There are different types of cookies. Some identify users and track website performance in order to provide a more personalised experience for visitors. Others help analyse the effectiveness of website content. The four most common types of cookies are:
|Strictly necessary cookies are cookies that are required for the operation of your website. They include, for example, cookies that enable the user to log into secure areas of your website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies allow you to recognise and count the number of visitors and to see how visitors move around your website when they are using it. This helps you to improve the way your website works, for example by ensuring that users are finding what they are looking for easily.
Functionality cookies are used to recognise the user when the user returns to your website. This enables you to personalise your content for the user, greet the user by name, and remember the user’s preferences (for example the user’s choice of language or region).
Targeting cookies are cookies that record the user’s visit to your website, the pages the user has visited, and the links the user has followed.
It is critical that you specify what type of cookies your website uses and explain what kind of information these cookies will collect.
Not technically-savvy? Me neither! That’s why the Dragon Law app provides helpful and clear definitions that guide you through drafting each agreement.
6. Can customers make payments online via your website? If so, what kind of encryption do you use for web payments?
If you allow customers to make online payments on your website and use technology to encrypt the transactions, you should specify what security technology you use. The most common type of encryption is Secure Sockets Layer (SSL).
7. Who can users get in touch with if they want to access the data?
Remember: Under the law, individuals have the right to check whether you hold personal data about them, the right to access that data, the right to require that inaccurate data is corrected, and the right to request removal or deletion of the data. Therefore, it is essential that you provide a contact person and full contact details (including name, address, telephone number, fax number & email address) that users can get in touch with should they want to assess or correct the data they have provided.
Under the PDPA, organisations in Singapore are required to designate at least one individual, known as the Data Protection Officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.
Appointment of a DPO is also implicitly required in Hong Kong under Data Protection Principle 1.
Last but not least….
Now, preview your document:
And you’re done!
Running a business may be challenging, but with the right processes and documents in place, you can build prudent legal protections and ensure you stay compliant.
Ready to get started?
No commitment, no credit card required.