Hilda Loe Associates Privacy Notice
This notice applies across all websites that we own and operate and all services we provide, including our online and offline services. For the purpose of this notice, we’ll just call them our ‘services’.
When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, NRIC Number, Passport number, bank account details, payment information, support queries, community comments and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply.
We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know if you are one of our clients – usually by sending you an email.
Who are ‘we’?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Hilda Loe Associates (HLA for short). Our headquarters are in Singapore but we have associates all over the world. Address details for our offices are available on our Contact us page.
We provide a variety of business services, some of which entail the use of software based on a cloud server and where the client's data will be stored after inputting. We will also store physical records and digital records in our headquarters and associates' offices.
Our principles of data protection
Controlling Regulations Our policy is developed to be incompliance with the Singapore Government PDPA and the EU Commission GDPR.
Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal data.
Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
Enablement: We enable connections and efficient use of personal data to empower productivity and growth.
Security: We champion industry leading approaches to securing the personal data entrusted to us.
Stewardship: We accept the responsibility that comes with processing personal data.
How we collect your data
When you visit our websites or use our services, we collect personal data as follows:
When you visit or use some parts of our websites and/or request services we might ask you to provide personal data to us. For example, we ask for your contact information when you request information about a service, respond to an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it will mean you can’t use some parts of our websites or services.
Where we collect personal data, we’ll only process it:
If you’re someone who doesn’t have a relationship with us, but believe that an HLA client has entered your personal data into our websites or services, you’ll need to contact that HLA client for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
How we use your data
We use your personal data, to provide you with any services you’ve requested, and to manage our relationship with you. This may include some or all of the following:
To assist you obtain products and services
To communicate with you. This may include:
To support you. This may include: assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
To analyse, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where some of our third-party data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like the USA), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out on our contact page.
All data on our in-house servers is encrypted to ensure it is inaccessible to anyone who might physically access the servers. We use SSL with RSA encryption for all web transactions. We require clients sending us confidential/private information do so via encrypted email or encrypted chat applications.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just send your request to us through our contact page..
You also have rights to:
You can exercise these rights at any time by contacting us here.
If you’re not happy with how we are processing your personal data, please let us know by contacting us here. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to contact us
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch here.