- In this Agreement, unless the context otherwise requires, the following terms shall have the meanings assigned to them below:
- “Contractor” means [Eversafe Academy];
- “Customer” means [name of the Customer];
- “Customer Personal Data” means Personal Data which the Customer discloses to the Contractor, or which the Contractor processes on behalf of the Customer, including: [you may wish to set out specific instances of personal data for clarity];
- “PDPA” means the Personal Data Protection Act 2012; and
- “Personal Data” means data, whether true or not, about an individual who can be identified:
- from that data alone; or
- from that data and other information which the Contractor has or is likely to have access.
- HANDLING AND PROTECTION OF PERSONAL DATA
- Compliance with PDPA. The Contractor shall comply with all its obligations under the PDPA at its own cost.
- Process, Use and Disclosure. The Contractor shall only process, use or disclose Customer Personal Data:
- strictly for the purposes of [fulfilling its obligations and providing the services required] under this Agreement;
- with the Customer’s prior written consent; or
- when required by law or an order of court, but shall notify the Customer as soon as practicable before complying with such law or order of court at its own costs.
- Transfer of personal data outside Singapore. The Contractor shall not transfer Customer Personal Data to a place outside Singapore without the Customer’s prior written [If the Customer provides consent, the Contractor shall provide a written undertaking to the Customer that the Customer Personal Data transferred outside Singapore will be protected at a standard that is comparable to that under the PDPA. If the Contractor transfers Customer Personal Data to any third party overseas, the Contractor shall procure the same written undertaking from such third party].
- Security Measures.
- The Contractor shall protect Customer Personal Data in the Contractor’s control or possession by making reasonable security arrangements (including, where appropriate, physical, administrative, procedural and information & communications technology measures) to prevent authorized or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of Customer Personal Data, or other similar risks.
2.4.2 The Contractor shall only permit the authorized personnel set out in to access Customer Personal Data on a need-to-know basis.
2.5 Access to Personal Data. The Contractor shall provide the Customer with access to the Customer Personal Data that the Contractor has in its possession or control, as soon as practicable upon Customer’s written request.
2.6 Accuracy and Correction of Personal Data. Where the Customer provides Customer Personal Data to the Contractor, the Customer shall make reasonable effort to ensure that the Customer Personal Data is accurate and complete before providing the same to the Contractor. The Contractor shall put in place adequate measures to ensure that the Customer Personal Data in its possession or control remain or is otherwise accurate and complete. In any case, the Contractor shall take steps to correct any errors in the Customer Personal Data, as soon as practicable upon the Customer’s written request.
- Retention of Personal Data.
- The Contractor shall not retain Customer Personal Data (or any documents or records containing Customer Personal Data, electronic or otherwise) for any period of time longer than is necessary to serve the purposes of this
- The Contractor shall, upon the request of the Customer:
- return to the Customer, all Customer Personal Data; or
- delete all Customer Personal Data in its possession,
- and, after returning or deleting all Customer Personal Data, provide the Customer with written confirmation that it no longer possesses any Customer Personal Data. Where applicable, the Contractor shall also instruct all third parties to whom it has disclosed Customer Personal Data for the purposes of this Agreement to return to the Contractor or delete, such Customer Personal Data.
2.8 Notification of Breach. The Contractor shall immediately notify the Customer when the Contractor becomes aware of a breach of any of its obligations in Clauses [2.2 to 2.7].
2.9 Indemnity. The Contractor shall indemnify the Customer and its officers, employees and agents, against all actions, claims, demands, losses, damages, statutory penalties, expenses and cost (including legal costs on an indemnity basis), in respect of:
- the Contractor’s breach of Clauses [2 to 2.7]; (or)
- any act, omission or negligence of the Contractor or its subcontractor that causes or results in the Customer being in breach of the PDPA