Privacy Policy

1 – Introduction

At Quals Business Consultants Pte Ltd (hereinafter referred to as “we,” “us,” or “our”) we respect the privacy and confidentiality of the personal data of our clients, associates, and others whom we interact with in the course of providing our services. We are committed to implementing policies, practices, and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.

We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.

 

2 – How We Collect Your Personal Data

Personal data refers to any information that can uniquely identify an individual person (a) on its own, or (b) when combined with other information. Under the PDPA, business contact information (e.g., full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.

We collect your personal data in the following scenarios.

Human Resources (HR)
  • When you apply for job positions through our recruitment process, whether as an employee, volunteer, or contractor,
  • When you engage in employee or HR-related activities, such as submitting medical or insurance claims, leave requests, or other employment-related forms,
  • Through employer-provided sources, such as when your employer provides your details for insurance, training, or other employee benefits

 

Sales
  • When you request information, quotes, or customer service through our website’s contact forms or digital tools.
  • When you make inquiries about our products or services, through website forms, emails, or customer support channels

 

Marketing
  • During the registration process for any events, training courses, or programmes conducted by us, including any online sign-ups or applications,
  • When you subscribe to our newsletters, marketing materials, or promotional emails via EDMs or through a third-party EDM service provider,
  • When you interact with us through social media platforms, by following our pages, liking our posts, or engaging in direct messages (DMs),
  • Through referral programmes, where a third party refers your contact details to us,
  • When you request to be placed on our mailing lists for any type of notification or communication

 

IT & Data Security
  • When you visit our websites or interact with us through social media platforms or online forums,
  • When you connect to our public or private Wi-Fi networks, through the use of your device’s network information,
  • Through surveillance and security systems, such as CCTV monitoring within our premises or event locations

 

Legal & Compliance
  • During the submission of corporate documents, personal information provided in the process of KYC (Know Your Customer) compliance, due diligence, or regulatory reporting,
  • From third-party sources, such as credit reporting agencies, market research organizations, or government agencies,
  • When you submit personal data as part of compliance with legal obligations (e.g., for tax purposes, statutory reporting, or regulatory filing),
  • When you submit documents required for legal or regulatory purposes (e.g., copies of identification documents, contracts, or financial information)

 

Customer Support
  • When you provide information to us through customer service or support requests via email, phone, chat, or other communication channels.

 

Administration / Operations
  • When you visit our physical locations and sign in as a visitor or log attendance through visitor management systems,
  • Through collaboration or partnerships, where your information is shared with us as part of joint ventures or business alliances.

 

Other Scenarios
  • When you enter into an agreement or contract with us for our consultancy, advisory, or other services,
  • When you attend webinars, live events, or workshops that we conduct either online or in person,
  • When we collect data from publicly accessible sources, such as public directories or databases, in line with lawful and legitimate use,
  • When you interact with us via messaging platforms (e.g., WhatsApp, WeChat, Telegram) as part of our communications with customers or clients,
  • When you fill out forms during events, roadshows, webinars, or physical consultations, including any QR code scans that direct you to sign-up forms.

 

3 – Types of Personal Data We Collect About You

The types of personal data we collect about you include the following.

Employment and HR-Related Activities 

Personal Data collected for managing and administering employment relationships:

  • Full Name,
  • NRIC/FIN/Passport Number (Full or last four characters),
  • Date of Birth,
  • Nationality,
  • Gender,
  • Home Address,
  • Personal Email Address,
  • Phone Number (Mobile, Home),
  • Emergency Contact Information,
  • Marital Status,
  • Number of Dependents,
  • Employee Identification Number,
  • Employment History,
  • Salary Information,
  • Bank Account Details (for salary disbursement),
  • CPF (Central Provident Fund) Details,
  • Work Permit Number,
  • Professional Qualifications and Certifications,
  • Performance Reviews and Feedback,
  • Medical or Health Insurance Information,
  • Medical Leave and Absence Records,
  • Disciplinary Records,
  • Background Check Information,
  • Criminal Record (if applicable),
  • Work-Related Travel Data (e.g., passport information, travel history),
  • Tax Information (e.g., tax residency, income tax records)

 

Provision and Usage of Our Products and Services 

Personal Data collected for the purpose of providing, improving, and facilitating customer interaction with our products and services:

  • Full Name,
  • Phone Number (Mobile, Work, Home),
  • Billing Address,
  • NRIC/FIN/Passport Number (for verification or regulatory compliance),
  • Date of Birth

 

Visitor and Communication Management

Personal Data collected for security, communication, and interaction with our premises or digital platforms:

  • Full Name, CCTV Footage (on-site surveillance),
  • Wi-Fi Network Information (device name, MAC address, IP address),
  • Online Form Submissions (e.g., contact forms, service inquiries),
  • Correspondence via Email,
  • Social Media, or Chat Platforms,
  • Event Registration Data (for webinars, workshops, or conferences)

 

4 – How We Use Your Personal Data

We use the personal data you provide us for one or more of the following purposes.

Service Delivery and Management:
  • Enrolling you in training programs, courses, and workshops that you have registered for,
  • Providing consultancy and advisory services tailored to your needs,
  • Executing transactions and managing accounts, including processing payments, billing, subscriptions, and handling account receivables,
  • Fulfilling orders and delivering products or services you purchased,
  • Providing customer support and assistance, including handling inquiries, complaints, and feedback,
  • Managing contracts and agreements between you and our organization

 

Marketing and Communications:
  • Sending marketing communications and promotional offers via emails, newsletters, etc.
  • Organizing promotional events such as webinars, live demos, and industry conferences,
  • Joint marketing initiatives with other companies and service providers, leveraging combined resources to offer broader services,
  • Responding to inquiries, feedback, or requests to maintain high-quality service.

 

Compliance and Legal Obligations: 
  • Ensuring compliance with legal, regulatory, and fiscal obligations, which may include auditing and reporting functions,
  • Supporting law enforcement bodies or regulatory authorities as per the requirements under applicable laws,
  • Implementing and maintaining security measures, including monitoring to protect against fraud, unauthorized transactions, claims, and other liabilities,
  • Handling legal disputes, which may include resolving claims or controversies

 

Safety and Security:
  • Ensuring the physical security of our premises, which may include the use of CCTV surveillance and visitor logs,
  • Protecting our digital platforms and services against unauthorized access or cyberattacks

 

Technical and Website Administration:
  • Maintaining the integrity of our websites and IT systems, ensuring they operate effectively and efficiently,
  • Managing and configuring information technology applications and web services, including system management and setup.

 

Human Resources and Employment:
  • Managing employment-related services such as payroll, benefits, and employee performance,
  • Developing and training employees through internal programs and performance review mechanisms.

 

Product and Service Enhancement:
  • Improving and customizing our products and services based on user preferences and past interactions,
  • Developing new offerings, features, or enhancements to meet evolving customer needs.

 

Stakeholder Engagement: 
  • Communicating with stakeholders, including investors, partners, and local communities, to ensure transparent and effective engagement.

 

5 – Who We Disclose Your Personal Data To

We disclose some of the personal data you provide us to the following entities or organisations in order to fulfil our services to you.

Service Providers and Contractors:
  • External Professional Service Providers (e.g., accountants, auditors, bookkeepers, tax advisors),
  • Law Firms or Legal Advisors (for legal advice or dispute resolution),
  • Consultants (e.g., business consultants, HR consultants, cybersecurity consultants),
  • Marketing and Advertising Agencies (e.g., for promotional campaigns, brand management),
  • Event Organizers (for conferences, seminars, or webinars)

 

IT, Data, and Communication Services:
  • Cloud Service Providers (e.g., Dropbox, Microsoft SharePoint, Google Drive),
  • Email Service Providers and EDM Vendors (e.g., Mailchimp, Constant Contact, ActiveCampaign),
  • Data Backup and Recovery Services (e.g., third-party storage solutions),
  • IT Infrastructure Providers (e.g., web hosting companies, data centres),
  • Website Maintenance and Development Contractors,
  • Telecommunications Providers (e.g., for customer support or internal communications).

 

Educational and Training Institutions:
  • Accreditation Bodies and Educational Regulators (e.g., SkillsFuture Singapore, Ministry of Education),
  • Training and Certification Partners (e.g., external trainers, certification bodies).

 

Financial Institutions and Payment Processors:
  • Banks and Financial Institutions (e.g., for transaction processing)

 

Business Partners and Affiliates:
  • Joint Venture Partners or Collaborators (for co-branded initiatives),
  • Partner Companies (for joint marketing campaigns or shared services)

 

Government Agencies and Regulators:
  • Law Enforcement Agencies (for investigations, as required by law),
  • Regulatory Bodies (e.g., Personal Data Protection Commission, Monetary Authority of Singapore),
  • Tax Authorities (for compliance with tax regulations),
  • Immigration Authorities (e.g., Ministry of Manpower for work permit applications),
  • Statutory Boards (e.g., for reporting requirements or compliance).

 

Health and Insurance Providers:
  • Health and Medical Service Providers (e.g., clinics, hospitals for medical assessments),
  • Life/Health Insurance Companies (e.g., for claims processing or employee benefits administration),
  • Occupational Health Providers (e.g., for workplace health assessments)

 

Recruitment and Human Resources:
  • Background Screening Providers (e.g., for reference checks, criminal record checks)

 

Security and Risk Management Providers:
  • External Service Provider (e.g., IT Vendors, Data Protection Vendor)

 

Third-Party Platforms and Software:
  • Third-Party Vendors (who provide services related to your account or purchase),
  • Travel Agencies or Event Management Companies (for logistics and booking purposes).

Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.

 

6 – How We Manage the Collection, Use and Disclosure of Your Personal Data

6.1       Obtaining Consent

 Before we collect, use, or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g., when you apply for a job with us by sending in your resume/CV containing personal information.

We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances (only those relevant to us are included):

  • the personal data is publicly available;
  • the personal data is disclosed by a public agency or disclosed to a public agency;
  • the personal data is necessary for any investigation or proceedings;
  • the personal data is necessary for evaluative purposes (e.g., determining the suitability of a job applicant for the job applied for);
  • the personal data is necessary for the purpose of managing or terminating an employment relationship; and
  • the personal data is necessary for a business asset transaction.

 

6.2       Withdrawal of Consent

 If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g., without your personal contact information we may not be able to inform you of future services offered by us.

Your request for withdrawal of consent can take the form of an email or letter to us, or through the “Unsubscribe” feature in an online service.

 

6.3       Use of Cookies

 We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences.

The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms.

Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.

You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.

 

6.4       Third-Party Consent

 We do not get consent on behalf of another individual. We only get consent from the individual who will be dealing directly with us.

 

7 – How We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.

From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

 

8 – How We Protect Your Personal Data

We have implemented appropriate information security and technical measures to protect the personal data we hold about you against loss, misuse, destruction, unauthorised alteration/modification, access, disclosure, or similar risks.

We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.

When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures and have taken reasonable steps to comply with these measures.

 

9 – How We Retain Your Personal Data

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

 

10 – How You Can Access and Make Correction to Your Personal Data

You may write in to us to find out how we have been using or disclosing your personal data over the past year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

If you find that the personal data, we hold about you is inaccurate, incomplete, misleading or not up-to-date, you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.

 

11 – Transfer of Personal Data

Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.

 

12 – Mandatory Data Breach Notification

 In the unlikely event that we suffer a data breach pertaining to unauthorised access or disclosure of personal data being stored or processed by us, we will meet the PDPA’s breach notification timelines and requirements to perform the needful, including but not limited to informing relevant authorities and affected individuals, based on the Significant Harm or Significant Scale definitions as set out by the PDPA.

 

13 – Contacting Us

If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: dpo@qualsbiz.com

Any query or complaint should include, at least, the following details:

  • your full name and contact information; and
  • brief description of your query or complaint.

We treat such queries and feedback seriously and will deal with them confidentially and within a reasonable time.

 

14 – Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.

Changes to this Notice take effect when they are posted on our website.


Last updated: 20 Nov 2025