pdpc_decisions_version_detail (view)
2 rows where nature = "Consent, Notification, Purpose Limitation"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 14 | 14 | 1 | 952 | RedMart had failed to obtain consent and inform its suppliers of the purpose for collecting images of the physical NRICs and other identification documents. However, the Commission had subsequently assessed that RedMart had met the requirements for reliance on the Legitimate Interests Exception and complied with the proposed direction. As such, no direction was issued to RedMart. | [
"Consent",
"Notification",
"Purpose Limitation",
"No Further Action",
"Wholesale and Retail Trade"
] |
2023-02-10 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---RedMart-Limited---18012023.pdf | Consent, Notification, Purpose Limitation | Breach of the Consent, Notification and Purpose Limitation Obligations by RedMart | https://www.pdpc.gov.sg/all-commissions-decisions/2023/02/breach-of-the-consent,-notification-and-purpose-limitation-obligations-by-redmart | 2023-02-10 | PERSONAL DATA PROTECTION COMMISSION Case No. DP-2105-B8405 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And RedMart Limited … Organisation DECISION Page 1 of 11 RedMart Limited [2023] SGPDPC 1 Yeong Zee Kin, Deputy Commissioner — Case No. DP-2105-B8405 18 January 2023 Introduction 1 On 31 May 2021, the Personal Data Protection Commission (the “Commission”) received a complaint that RedMart Limited (the “Organisation”) was collecting images of the physical NRICs and other identification documents of suppliers making deliveries to its warehouses (the “Incident”), and that this practice did not appear to be in compliance with the Personal Data Protection Act 2012 (“PDPA”). Facts of the Case 2 Investigations revealed that the Organisation operated two warehouses at 47 Jalan Buroh, CWT Distripark, Singapore 619491 (“Warehouses”) which were used to store goods and produce sold by the Organisation. The Warehouses were regularly visited by suppliers delivering goods and produce (“Visitors”), and the Organisation implemented measures to regulate such Visitors’ access to the Warehouses. Security checkpoints at the Warehouses used an Organisation-issued tablet computer Page 2 of 11 (“Tablet”) to take photographs of Visitors’ NRIC or other identification documents (“ID Photographs”). The Organisation said it collected ID Photographs to Visitors seeking access to areas where food safety risks had to be managed. The Organisation explained that these measures are intended to deter acts that could compromise food safety and facilitate investigations of food safety incidents. 3 Prior to the Incident, there were no notices at the Warehouses’ security checkpoints informing Visitors of the purpose for collection of ID Photographs. After being notified by the Commission of the Incident, the Organisation put up notices at the Warehouses’ security checkpoints to inform Visitors of the purpose of collection of ID Photographs. Findings and Basis for Determination … | No further action | 4eaff99c5b7557a88a0ca128e03e4b18ea52c953 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-12-14T14:54:52+00:00 | 0e20feac9c1e16c30580baa727a897e3bfcf8791 | 483 | 243 | 1 | 958 | Directions were issued to Tipros for failing to use or disclose personal data about an individual only for purposes that a reasonable person would consider appropriate. | [
"Consent",
"Notification",
"Purpose Limitation",
"Directions",
"Others"
] |
14 Dec 2023 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/GD_TIPROS_080623.pdf | Consent, Notification, Purpose Limitation | Breach of the Purpose Limitation Obligation by Tipros | https://www.pdpc.gov.sg/all-commissions-decisions/2023/12/breach-of-the-purpose-limitation-obligation-by-tipros | 2023-12-14 | PERSONAL DATA PROTECTION COMMISSION [2023] SGPDPC 7 Case No. DP-2207-C0019 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Tipros … Organisation DECISION Page 1 of 8 Tipros Yeong Zee Kin, Deputy Commissioner — Case No. DP-2207-C0019 8 June 2023 Introduction 1. On 21 July 2022, the Personal Data Protection Commission (the “Commission”) received a complaint that Tipros (the “Organisation”), a sole proprietorship in the wholesale of and repair of electrical appliances, had unreasonably disclosed the personal data of the complainant when responding to the complainant’s review on the Organisation’s Google reviews page (the “Incident”). 2. The Commission commenced investigations to determine the Organisation’s compliance with the Personal Data Protection Act 2012 (“PDPA”) and for suspected breaches of the same. Facts of the Case 3. The complainant had engaged the Organisation to repair a refrigerator. Following the repairs made, the complainant gave a “1-star” review on a Google reviews page “24hr fridge refrigerator #1 Quick repair service Trusted in Singapore”, which has since been renamed “Tipros.sg”. 4. The Organisation promptly responded to the complainant’s review. What is problematic was that the Organisation included the complainant’s personal data, including the complainant’s residential address and mobile number in their Page 2 of 8 response. The complainant filed a complaint with the Commission as the complainant was of the view that there was no reason for the Organisation to disclose her personal data in the course of responding to the review she left on the Organisation’s Google reviews page. 5. Apart from the Organisation’s response to the complainant’s review, the Commission found 13 other responses on the Organisation’s Google reviews page which disclosed, in a similar fashion, the personal data of other customers who had given reviews. Our Investigations 6. The Commission commenced investigations. In the course of investigations, it was … | Directions | acd36e3274c5e29fe0627b24b99136461cdd6c47 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;