Data Protection and Privacy Policy

This Policy (the “DPPP”) applies to all Personal Data collected by Nodescorp Pte. Ltd. The DPPP is issued on behalf of Nodes, its subsidiaries and its affiliates (referred to herein as “Nodes”, “us”, “we” or “our”).

The purpose of the DPPP is to inform our stakeholders (including clients, experts and visitors to our sites, together referred to as “you” or “your”) how Nodes manages Personal Data. Please take a moment to read the DPPP so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

The DPPP is displayed on this website and may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law.

1. 1. PURPOSES FOR THE PROCESSING OF PERSONAL DATA

Generally, we may process your Personal Data for the following purposes, subject to applicable law:

• For verifying your identity.
• For the provision of services (e.g. when we are providing you with the use of our Websites, when we provide services on request, and when we communicate with you in relation to those services)
• For the purpose of operating or managing our Websites (e.g. to provide content to you, and when we communicate with you via our Websites)
• For facilitating the commercial relationship with experts (e.g. communicating with you regarding your NEN membership or application for membership, and to keep you up to date with Nodes’ business developments. Additionally, Nodes may share your information with Clients and other external parties for the purpose of providing services and for Nodes’ business development, including without limitation displaying such information on the website, print media and other materials. You may opt-out of this promotional use by contacting Nodes’ Data Protection Officer (“DPO”).
• For communication with you via any means (including via email, telephone, text message, social media, post or in-person). This includes communicating information such as Nodes’ events, new services that may be of interest to you or other information relevant to you as a client or expert. We will ensure that such communications are provided to you in compliance with the applicable laws.
• For direct marketing. If we provide existing services to you, we may send information to you regarding our other services, upcoming promotions and any other information that may be of interest to you, in compliance with the applicable law. You may unsubscribe from a promotional email list at any time. After you unsubscribe, we will not send you further promotional emails, but we may continue to contact you to the extent necessary for the purposes of any existing services you have requested.
• For management of our financial systems, communication systems or information technology operations.
• For engaging with you, requesting your feedback or participation in surveys for obtaining your views on our services, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to review, develop and improve their quality.
• For the physical security of our premises and facilities management (this includes records of visits, CCTV footage) and electronic security (records of electronic activities such as logins and access details).
• For conducting investigations into any disputes, billings or fraud.
• For establishing, protecting and/or defending or enforcing our legal rights in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution).
• For compliance with any other legal and regulatory obligations under the applicable laws.
• For identifying issues with and making improvements to our Websites or our services, or for creating new websites or services.
• For facilitating recruitment activities and job applications such as advertising of positions, interview proceedings and records, records of hiring activities and offers and acceptances.

We will take all reasonable steps to ensure that your Personal Data that we collect, use and disclose are limited to the Personal Data reasonably necessary in connection with the purposes set out above.

2. 2. DISCLOSURE OF PERSONAL DATA

We may disclose your Personal Data to other entities within Nodes, for the purposes listed above (where applicable) and in accordance with the applicable laws. In addition, subject to the applicable laws, we may disclose your Personal Data to the following entities or parties, whether they are located overseas or in Singapore:

• You and, where appropriate, your appointed representatives
• External companies and their agents or contractors who provide services to us, including insurers, marketing consultancies, payment services providers; survey partners, data storage and information technology providers.
• Any relevant government ministries, regulatory authorities, and statutory boards or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority.
• Our professional advisors, including consultants, auditors and lawyers, subject to applicable laws or binding contractual obligations of confidentiality.
• Any relevant parties, law enforcement agencies or legal institutions, to the extent necessary for establishing, protecting and/or defending or enforcing our legal rights.
• Any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties.
• Any relevant party if we believe disclosure is necessary and appropriate to prevent physical, financial, or other harm, injury, or loss.
• Any business partner, investor, assignee or transferee (actual or prospective) in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
• Any relevant external provider, where our Websites use external advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant external provider. We recommend that you review that external party’s privacy and/or data protection policy before interacting with its advertising, plugins or content.
• Any external digital payments serviced, financial providers, banks, credit card companies and their respective service providers.
• Any other party whom you authorize us to disclose your Personal Data to.

In the event that we engage any external party to be involved in collecting, using or disclosing your Personal Data, this party will be subject to contractual obligations to (i) only collect, use or disclose your Personal Data in accordance with our prior written instructions, and (ii) use all reasonable measures to protect the confidentiality and security of your Personal Data, together with any requirements stipulated under the applicable law.

Additionally, if you are an Expert in the NEN, we may disclose your Personal Data to the following parties:

• Clients, however, we may have certain confidentiality obligations to the same clients which may prevent us from disclosing their identity to you until a written agreement is obtained.
• External parties, such as current and former employers and companies that you have provided services to or contracted with, for the purpose of confirming any consents or approvals that you may need to join in the NEN or be involved in specific Engagements.
• Providers with whom we have partnered to facilitate surveys, compliance checks, and screenings.
• Our Clients (to the extent required by law, or by the relevant Client’s compliance policies) may disclose information about Engagements in which you were involved, for example, your name and the amount you were paid for the Engagement.

3. 3. INTERNATIONAL TRANSFER OF PERSONAL DATA

Due to the international nature of our business, we may need to transfer your Personal Data to clients, Experts or external parties to countries that have different laws and data protection compliance requirements than the countries that we are registered in (Singapore) or the country that you are located.

Where we transfer your Personal Data to a different jurisdiction, we will endeavor to abide by the data protection and privacy laws of that jurisdiction, and while some jurisdictions may not have laws as protective as Singapore, we will nevertheless collect, use and disclose your personal data in accordance with the provisions in the DPPP and provide protection in a manner comparable to the protection provided under Singapore law even in a different jurisdiction.

4. 4. DATA SECURITY

We will make reasonable efforts to protect Personal Data in our possession or control, by implementing appropriate security measures to prevent unauthorized processing or similar risks.

However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, given that our services depend on the usage of Websites, the use of digital services and the transmission of information via the internet, and these are susceptible to risk, including cyber-attacks, malware and bugs. You should be aware of the risks associated with using websites, applications, and digital services. We urge you to take every precaution to protect your Personal Data when you are on the Internet, when you browse our Websites, or use our applications and/or digital services.

5. DATA ACCURACY

We will take every reasonable step to ensure that:

• Your Personal Data that we collect, use or disclose is accurate and, where necessary, kept up to date; and
• Any of your Personal Data that we process that are inaccurate (having regard to the purposes for which they are processed) are erased or rectified without delay.
• From time to time we may ask you to confirm the accuracy of your Personal Data.

6. 6. DATA RETENTION

We will take reasonable steps to ensure that your Personal Data is only retained for the minimum period necessary for the purposes set out above. Generally, we will cease to retain Personal Data (e.g. delete or destroy) or remove the means by which the Personal Data can identify you (e.g. anonymize) when the purposes set out above are no longer being served by the retention of Personal Data or when retention is no longer necessary for legal or business purposes.

We have some criteria for determining the duration for the retention of Personal Data:

• We may retain Personal Data in a form that can identify you for as long as we maintain any form of relationship with you (e.g. when you use our Websites or service, while you are a member of the NEN or have applied to be a member, or if you have subscribed to be included in our mailing list).
• If you cease to be a NEN member, we may retain your data for six (6) years from your most recent Engagement with a Client.
• We may continue to retain your Personal Data for the legitimate purposes set out in this DPPP (e.g. where we have a legitimate interest in continuing to collect, use or disclose your Personal Data, or when there are legal reasons to so do).
• We may also retain your Personal Data for a reasonable period beyond any applicable limitation period under the applicable law (i.e. in the event any legal claim is brought against us in connection with your Personal Data or claim where your Personal Data may be relevant). In the event such a legal claim us brought, we will also continue to collect, use and disclose your Personal Data to the extent that it is necessary in connection with that claim. We will continue storing and maintaining the security of such Personal Data during this period.

7. 7. YOUR LEGAL RIGHTS

Subject to applicable law, you may have a number of rights regarding the protection of your Personal Data, including:

• The right not to consent or object, on legitimate grounds, to the processing of your Personal Data by us or on our behalf (however this may affect your use of our Websites or our services).
• After providing consent, the right to withdraw consent with a reasonable notice and to be informed of any consequences of the withdrawal of consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal).
• The right to request access to, or copies of, your Personal Data, together with information regarding the nature and processing of those Personal Data.
• The right to request correction of any inaccuracies or omissions in your Personal Data.
• The right to request, on legitimate grounds, deleting or destroying your Personal Data; or restrictions on the processing of your Personal Data.
• The right to have your Personal Data transferred to another Data Controller of your choosing.
• The right to lodge complaints regarding the processing of your Personal Data with the applicable Data Protection Authority.
• Any other rights you may have under the applicable law.
• We may require proof of your identity before we can give effect to these rights. Where your request requires the establishment of additional facts, we will investigate your request reasonably promptly, before deciding what action to take.

8. 8. USE OF COOKIES AND RELEVANT TECHNOLOGY

When you visit our Websites, we may collect, use or disclose your data through cookies and similar technologies. The cookies placed by the servers hosting our websites are readable only by us, and cookies cannot access, read or modify any other data on an electric device, nor does it capture any data which allows us to identify you individually. The use of cookies is subject always to your consent, where it is required, under the applicable law. All web-browsers also offer the option to refuse or disable any cookie. However, you may not be able to enter certain part(s) of our websites once these cookies are disabled.

9. 9. CONTACT DETAILS

If you have any comments, questions or concerns about any of the information in the DPPP, or any other issues relating to the processing of Personal Data carried out by us, or on our behalf, please contact John Liau, our DPO at [email protected].

1. DEFINITIONS