This Policy applies to the Cushman & Wakefield group of companies (collectively referred to as “Cushman & Wakefield),
At Cushman & Wakefield we respect the privacy and confidentiality of the personal data of our Clients, Partners, Consultants, Contractors, Service Providers, Outsourced Third-Parties and others who have business dealings with us. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Protection Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data with us.
2 How We Collect Your Personal Data
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified a) from that data; or b) from that data and other information to which the organisation has or is likely to have access.”
We collect your personal data in the following ways:
- When you submit your CV and job application form to us
- When you provide your personal contact information to our Contact Centre or website to make enquiries or complaints, or give feedback to us
- When you provide your personal particulars to us for security clearance
- When you provide your personal particulars to us for the sale/lease transaction of commercial/industrial/residential property
- When you provide information on your skills and qualifications, and medical and health status for our competency and fitness assessment based on workplace safety regulations
- When you provide your bank account details to us for payment of your property rental via GIRO
- When you provide your personal contact information in the visitors’ or contractors’ log books in entering our/our clients’ premises
- When your employer, who may be a client or vendor of Cushman & Wakefield’s, provides us with your name, contact information, and role, so that we can contact you in the delivery of our services or in the use of your services
- When you make use of or browse through our Information Technology, including our website, any of our cloud-provided applications and services, and any of our internal applications.
- When you ask to be included into our mailing list to receive updates or information.
- When you respond to our market surveys.
3 Types of Personal Data We Collect About You
The types of personal data we collect about you may include:
- Personal contact information which includes but not limited to name, address, phone no., Email address)
- Personal particulars
- Family background and details
- Educational, work experience and professional qualifications
- Technical information related to access to Cushman & Wakefield systems, including IP address and usage actions
4 How We Use Your Personal Data
We use the personal data we have collected about you for one or more of the following purposes:
- Process job applications and recruitment which includes pre-recruitment checks, to procure reference checks, and/or to conduct background screening
- Follow-up on your enquiry, feedback or complaint
- Facilitate your security clearance by the relevant government authorities
- Record your entry to our/our client’s premises for security purposes
- Process sale/lease transaction of commercial/industrial/residential properties
- Keep you informed of properties for sale/lease
- Provide services relating to property and/or facility management
- Facilitate the opening of your GIRO account with banks for the payment of your property rental
- Collection of rental payments
- Perform valuation of property
- Assess competency and fitness of workers in compliance with work safety regulations
- Conduct surveys to obtain opinions/comments about facilities and services managed by us
- Process energy-related bills and payment on behalf of our clients
- Verify identity and process orders and applications for services at our clients’ facilities
- Process applications and registrations at our clients’ facilities
- Predict, prevent, detect, and recover from threats to the confidentiality, integrity, and availability of data housed in Information Technology assets
- To comply with any applicable laws, rules, regulations or to assist in law enforcement investigations as mandated by relevant authorities within or outside of Singapore
5 Who We Disclose Your Personal Data To
We disclose some of the personal data we have collected about you to the following parties or organisations outside Cushman & Wakefield:
- Government agencies (within or outside of Singapore)
- Registration and licensing authorities
- Property developer/owner
- Property buyer
- Our authorised consultants and vendors
6 Who We Disclose Your Personal Data To:
6.1 Obtaining Consent
To the fullest extent required by the PDPA, before we collect, use or disclose your personal data, we will notify you of the purpose and will also seek your express consent.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you enter into a Tenancy Agreement in the leasing of a property, when you voluntarily browse our websites or use our information technology, when you use our Information Technology as an employee of a client or vendor. or when you submit your job application or resume in relation to job opportunities with us.
6.2 Third-Party Consent
If you have a one-on-one meeting with us or do a transaction with us on behalf of another individual, you must first obtain consent from that individual in order for us to collect, use or disclose his/her personal data.
6.3 Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. However you should be aware that if you withdraw your consent, without your personal contact information we may not be able to inform you of future services offered by us or our clients.
Your request for withdrawal of consent can take the form of an email or letter to us, or through the “UNSUB” feature in an online service.
7 How You Can Access and Make Correction to Your Personal Data
You may write in to us, based on reasonable grounds, to enquire how we have been using or disclosing your personal data. We are obligated under the PDPA to allow you access to your personal data of the past one year, and to make any correction if there is any error or omission. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request within 30 days. By which time we will give you an estimate of how long it is going to take to retrieve all the relevant data, and the cost of processing the request (if applicable).
8 How We Ensure the Accuracy of Your Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data we have collected from you is reasonably accurate, complete and up-to-date. From time to time, we may do a verification exercise with you to update us on any changes to your personal data.
9 How We Protect Your Personal Data
We will take reasonable security arrangements to protect your personal data that is in our possession. We will take reasonable measures to maintain the confidentiality and integrity of your personal data.
External Data Intermediaries who process and maintain your personal data on our behalf will be bound by reasonable contractual information security arrangements we have with them.
We may link to other websites but we are not responsible in any way for the content or privacy policies of those websites in the way in which information about their users are being treated.
10 How We Retain Your Personal Data
We do not retain personal data for the period longer than it is necessary for any business or legal purposes. Personal data that is no longer needed by us will be destroyed or disposed of in an appropriate manner.
11 How We Transfer Your Personal Data
If there is a need for us to transfer your personal data to another country, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
12 How We Handle the Do-Not-Call (DNC) Provisions
Before we make any ‘cold calls’ in telemarketing activities, we will check the National DNC Registry before we make the phone call, send text messages or faxes to you, unless you have given us your clear and unambiguous consent.
13 How We Handle Queries and Complaints
If you have any query or feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer at the following contact:
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.
14 Review of the Policy
This policy is reviewed and updated periodically at our sole discretion.