pdpc_decisions_version_detail (view)
12 rows where tags contains "Notification"
This data as json, CSV (advanced)
Suggested facets: _commit_at, _commit_hash, _commit, nature, decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 14 | 14 | 1 | 952 | RedMart had failed to obtain consent and inform its suppliers of the purpose for collecting images of the physical NRICs and other identification documents. However, the Commission had subsequently assessed that RedMart had met the requirements for reliance on the Legitimate Interests Exception and complied with the proposed direction. As such, no direction was issued to RedMart. | [
"Consent",
"Notification",
"Purpose Limitation",
"No Further Action",
"Wholesale and Retail Trade"
] |
2023-02-10 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---RedMart-Limited---18012023.pdf | Consent, Notification, Purpose Limitation | Breach of the Consent, Notification and Purpose Limitation Obligations by RedMart | https://www.pdpc.gov.sg/all-commissions-decisions/2023/02/breach-of-the-consent,-notification-and-purpose-limitation-obligations-by-redmart | 2023-02-10 | PERSONAL DATA PROTECTION COMMISSION Case No. DP-2105-B8405 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And RedMart Limited … Organisation DECISION Page 1 of 11 RedMart Limited [2023] SGPDPC 1 Yeong Zee Kin, Deputy Commissioner — Case No. DP-2105-B8405 18 January 2023 Introduction 1 On 31 May 2021, the Personal Data Protection Commission (the “Commission”) received a complaint that RedMart Limited (the “Organisation”) was collecting images of the physical NRICs and other identification documents of suppliers making deliveries to its warehouses (the “Incident”), and that this practice did not appear to be in compliance with the Personal Data Protection Act 2012 (“PDPA”). Facts of the Case 2 Investigations revealed that the Organisation operated two warehouses at 47 Jalan Buroh, CWT Distripark, Singapore 619491 (“Warehouses”) which were used to store goods and produce sold by the Organisation. The Warehouses were regularly visited by suppliers delivering goods and produce (“Visitors”), and the Organisation implemented measures to regulate such Visitors’ access to the Warehouses. Security checkpoints at the Warehouses used an Organisation-issued tablet computer Page 2 of 11 (“Tablet”) to take photographs of Visitors’ NRIC or other identification documents (“ID Photographs”). The Organisation said it collected ID Photographs to Visitors seeking access to areas where food safety risks had to be managed. The Organisation explained that these measures are intended to deter acts that could compromise food safety and facilitate investigations of food safety incidents. 3 Prior to the Incident, there were no notices at the Warehouses’ security checkpoints informing Visitors of the purpose for collection of ID Photographs. After being notified by the Commission of the Incident, the Organisation put up notices at the Warehouses’ security checkpoints to inform Visitors of the purpose of collection of ID Photographs. Findings and Basis for Determination … | No further action | 4eaff99c5b7557a88a0ca128e03e4b18ea52c953 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 29 | 29 | 1 | 952 | Ngian Wen Hao Dennis, Chua Puay Hwa Melissa and Winarto were found in breach of the PDPA and issued warnings in relation to two incidents involving the unauthorised collection and disclosure of individuals’ personal data in 2019 and 2020. | [
"Consent",
"Notification",
"Warning",
"Finance and Insurance"
] |
2022-06-16 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---Dennis-Ngian--Others---08032022.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by three insurance financial advisers | https://www.pdpc.gov.sg/all-commissions-decisions/2022/06/breach-of-the-consent-and-notification-obligations-by-three-insurance-financial-advisers | 2022-06-16 | PERSONAL DATA PROTECTION COMMISSION Case No. DP-2109-B8857 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Ngian Wen Hao Dennis (2) Chan Puay Hwa Melissa (3) Winarto (4) Aviva Financial Advisers Pte Ltd SUMMARY OF THE DECISION 1. On 7 September 2021, the Personal Data Protection Commission (the “Commission”) was notified of two incidents involving unauthorised disclosure and collection of personal data by three individuals. 2. Ngian Wen Hao Dennis (“Dennis”) was an Aviva Financial Advisers Pte Ltd (“AFA”) representative between December 2017 and February 2019. In March 2019 and August 2020, Dennis approached two insurance financial advisers, Chua Puay Hwa Melissa (“Melissa”) and Winarto, to offer them a list of client leads, stating that he was leaving the insurance industry and looking for a reliable agent 1 to take over his clientele. Melissa and Winarto each said they paid $1,000 to Dennis for the list (the “Incidents”). 3. The list contained approximately 1,000 clients’ names, mailing addresses, contact numbers and the names of organisations underwriting the hospitalisation plans bought by the clients (“Personal Data Sets”). 4. The PDPA defines “organisations” to include individuals. As held in Re Sharon Assya Qadriyah Tang1, individuals who collect, use or disclose personal data otherwise than in a personal or domestic capacity will be treated as organisations within the meaning of the Act, and are obliged to comply with the Data Protection Provisions. In this case, we are of the view that it is clear that Dennis, Melissa and Winarto can be regarded as an “organisation” as defined under the PDPA for a number of reasons. First, the trio had bought and sold the client leads for work and business purposes, with the aim of generating an income or profit, and cannot be said to have been acting in a personal or domestic capacity. 5. Second, Dennis, Melissa and Winarto were not employees. In Re Ang Rui Song2, the Commission found that the respondent, … | Warning | 11afc51e552a655c8c243aa724648b2011a2eb25 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 139 | 139 | 1 | 952 | Amicus Solutions and a financial consultant were issued directions, including to pay financial penalties of $48,000 and $10,000 respectively, for breaches of the PDPA. Amicus Solutions failed to notify and obtain consent for the disclosure of individuals’ personal data that it sold to the financial consultant who used such personal data for telemarketing purposes. | [
"Consent",
"Notification",
"Financial Penalty",
"Admin and Support Services",
"Finance and Insurance"
] |
2019-10-10 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--Amicus-Solutions-Pte-Ltd---Another.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by Amicus Solutions and a Financial Consultant | https://www.pdpc.gov.sg/all-commissions-decisions/2019/10/breach-of-the-consent-and-notification-obligations-by-amicus-solutions-and-a-financial-consultant | 2019-10-10 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC [33] Case No DP-1610-B0290 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Amicus Solutions Pte. Ltd. (UEN No. 201534661R) (2) Ivan Chua Lye Kiat … Organisations DECISION Amicus Solutions Pte. Ltd. & Anor. [2019] SGPDPC 33 Amicus Solutions Pte. Ltd. & Anor. [2019] SGPDPC 33 Tan Kiat How, Commissioner — Case No DP-1610-B0290 30 August 2019 1 The Personal Data Protection Commission (the “Commission”) received a complaint regarding the unauthorised collection and use of personal data to market financial products. Investigations were commenced into the alleged unauthorised sale and disclosure of personal data by a data broker and the unauthorised collection and use of the personal data for telemarketing purposes. Upon conclusion of investigations and consideration of the totality of evidence, the Commissioner found Amicus Solutions Pte. Ltd. (“Amicus”) and Mr Ivan Chua Lye Kiat (“Mr Chua”) to be in breach of the Personal Data Protection Act 2012 (“PDPA”) for the reasons set out in these grounds. Material Facts 2 An independent life insurance brokerage company (the “Insurance Brokerage”) appointed Mr Chua as a financial adviser director to provide financial advisory services and to market financial products distributed by the Insurance Brokerage to prospective clients in accordance with the terms set out in a Financial Adviser Representative Agreement. He oversees a team of financial adviser representatives. Their main products are Eldershield related insurance policies targeted at individuals over 40 years old. 2 Amicus Solutions Pte. Ltd. & Anor. 3 [2019] SGPDPC 33 It is undisputed that Mr Chua and the financial adviser representatives in his team are not employees of the Insurance Brokerage but independent agents. As independent agents, they receive a commission for each sale but are not in an employer-employee relationship with the Insurance Brokerage nor are they entitled to any employe… | Financial Penalty | f9c77b604588fd22b9623d2884cfc03d6a7dbbb3 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 158 | 158 | 1 | 952 | A warning was issued to Skinny’s Lounge for failing to ensure that consent was obtained from its patrons to re-play recorded CCTV footage on a screen in its public lounge. Skinny’s Lounge also failed to provide due notification to its patrons on the full purposes of the CCTV footage recorded at its premises. | [
"Consent",
"Notification",
"Warning",
"Arts, Entertainment and Recreation",
"KTV",
"Karaoke"
] |
2019-06-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Skinnys-Lounge---110619.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by Skinny's Lounge | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-the-consent-and-notification-obligations-by-skinny-s-lounge | 2019-06-11 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 13 Case No DP-1806-B2267 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Skinny’s Lounge … Organisation DECISION Skinny’s Lounge [2019] SGPDPC 13 Skinny’s Lounge Yeong Zee Kin, Deputy Commissioner — Case No DP-1806-B2267 11 June 2019 Background 1 The Organisation is a Karaoke Television (“KTV”) bar located in Boat Quay. The central issue in this case is whether the Organisation had valid consent from its patrons to disclose their images recorded on closed-circuit camera footage (“CCTV Footage”). The disclosure was on a screen in a publicly accessible area of its premises. 2 Following an investigation into the matter, I found the Organisation in breach of section 13(a) read with section 18 and with section 20(1) of the Personal Data Protection Act (“PDPA”). Material Facts 3 The Organisation had one KTV Room on its premise. The KTV Room had a sign beside the TV screen which read “Smile you are being recorded”. Patrons using the KTV Room were then recorded on CCTV Footage streamed “live” onto a screen in the Organisation’s public lounge (“Public Screen”) for general viewing. 4 On or before 19 June 2018, the Complainant and her friends used the KTV Room and their images were live-streamed onto the Public Screen. After the Complainant and her friends left, the CCTV in the KTV Room malfunctioned. With the live streaming disrupted, the Organisation played on the Public Screen randomly selected recorded CCTV Footage. This included CCTV Footage of the Complainant and her friends which was replayed on the Public Screen for “a day or two”. After the Complainant found out about the replaying of the CCTV Footage, she lodged a complaint with the Personal Data Protection Commission (“PDPC”) on 19 June 2018. 2 Skinny’s Lounge [2019] SGPDPC 13 Findings and Basis for Determination 5 The provisions relevant to this case are as follows: (a) Section 13(a) of the PDPA states that organisations are prohibited fro… | Warning | ee7c19d8e4e94c3b494bfbe6567abae917e4cd07 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 185 | 185 | 1 | 952 | Spring College International failed to notify and obtain consent from the parents of young students before disclosing online the students’ personal data for marketing purposes. Directions were issued to Spring College International. | [
"Consent",
"Purpose Limitation",
"Notification",
"Directions",
"Education"
] |
2018-05-24 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Spring_College_International_240518.pdf | Consent, Purpose Limitation, Notification | Breach of Consent and Purpose Limitation Obligations by Spring College International | https://www.pdpc.gov.sg/all-commissions-decisions/2018/05/breach-of-consent-and-purpose-limitation-obligations-by-spring-college-international | 2018-05-24 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 15 Case No DP-1705-B0799 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Spring College International Pte. Ltd. … Organisation DECISION Spring College International Pte. Ltd. Mr Yeong Zee Kin, Deputy Commissioner — Case No DP-1705-B0799 24 May 2018 Background 1 This matter involves a private educational institution that posted information about its students, including their names and photographs, on a public social media page, in order to promote its courses. The Organisation operates a private educational institution, known as “Spring College International Pte. Ltd.” (“SCI”), that offers various academic courses to students of varying ages and levels. A complaint was made to the Personal Data Protection Commission (“PDPC”) regarding the unauthorised disclosure of a student’s personal data on the Organisation’s Facebook page. The complaint was made by the student’s parent (“the Complainant”). 2 The Commissioner’s findings and grounds of decision, based on the investigations carried out in this matter, are set out below. Material Facts 3 Since September 2010, the Organisation has maintained a Facebook page which is accessible to the general public, titled “Spring College International”. In December 2015, the Complainant enrolled her son (“Individual A”) as a student in SCI. Sometime thereafter, the Spring College International Pte. Ltd. [2018] SGPDPC 15 Complainant came across a post on the Organisation’s Facebook page, dated 24 April 2016 (“Post A”). The post contained the following text: Application for Supplementary Admissions Exercise for International Students 1 We are pleased to inform you that your application for admission to a secondary school through the Supplementary Admissions Exercise for International Students is successful. The results of your application are as follows: … 4 Post A further set out the following information about Individual A: full name; partially masked passport num… | Directions | ab610ebd87a5e51bcfa08294b0f5948e87401467 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 193 | 193 | 1 | 952 | A financial penalty of $12,500 was imposed on Aventis for using the personal data of individuals beyond the notified purposes, and for failure to give effect to the withdrawal of consent within a reasonable time. | [
"Consent",
"Purpose Limitation",
"Notification",
"Financial Penalty",
"Directions",
"Education"
] |
2018-04-30 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Aventis_300418.pdf | Consent, Purpose Limitation, Notification | Breach of Notification and Consent Obligations by Aventis | https://www.pdpc.gov.sg/all-commissions-decisions/2018/04/breach-of-notification-and-consent-obligations-by-aventis | 2018-04-30 | PERSONAL DATA PROTECTION COMMISSION Case No DP-1705-B0766 [2018] SGPDPC [7] In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Aventis School of Management Pte. Ltd. … Organisation DECISION Aventis School of Management Pte. Ltd. [2018] SGPDPC [7] Tan Kiat How, Commissioner — Case No DP-1705-B0766 30 April 2018 Background 1 The present matter concerns an individual (the “Complainant”) who had signed up to receive a free brochure for a specific programme organised by the Organisation, but ended up also receiving numerous marketing emails from the Organisation that were unrelated to the programme which the individual was interested in. The question raised is whether the Organisation’s “use” of the Complainant’s personal data to send him the marketing emails without his consent is a breach of the Personal Data Protection Act 2012 (“PDPA”). In the Commissioner’s findings, the answer is in the affirmative. 2 The Commissioner also found that the Organisation had failed to carry out the Complainant’s request to remove his email address from the Organisation’s mailing list in a timely manner, which led to further marketing emails being sent to the Complainant after the withdrawal request was made. 3 The Commissioner’s findings and grounds of decision of the matter are now set out below. Aventis School of Management Pte. Ltd. [2018] SGPDPC 7 Material Facts 4 The Organisation is an educational institution that collaborates with overseas universities to offer degrees, courses, and programmes to students across various disciplines such as Finance, Marketing, and Business. 5 The Complainant was interested in one of the programmes offered by the Organisation, and submitted his name, email address, and contact number through a web form on the Organisation’s website, titled “Take Action Today – Download Free Brochure”, at http://asm.edu.sg/california-state-university on 12 January 2017. 6 After signing up for this free brochure, the Complainant started recei… | Financial Penalty, Directions | ee94ae697675c228c71fd7f5fba9305226984d44 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 199 | 199 | 1 | 952 | A financial penalty of $6,000 was imposed on an individual for selling a database containing personal data, without notifying the individuals involved. | [
"Consent",
"Notification",
"Financial Penalty",
"Wholesale and Retail Trade"
] |
2018-01-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/GroundsofDecisionSharonAssyaQadriyahTang110118.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by an Individual Selling Personal Data | https://www.pdpc.gov.sg/all-commissions-decisions/2018/01/breach-of-the-consent-and-notification-obligations-by-an-individual-selling-personal-data | 2018-01-11 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 1 Case No DP-1701-B0485 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Sharon Assya Qadriyah Tang … Organisation DECISION Sharon Assya Qadriyah Tang [2018] SGPDPC 1 Tan Kiat How, Commissioner — Case No DP-1701-B0485 11 January 2018 Background 1 This is the first reported case of an individual (the “Respondent”) who was involved in the unauthorised selling of personal data. The facts disclose a straightforward breach of the Personal Data Protection Act 2012 (“PDPA”), and the Respondent does not deny committing the infringing acts. The Commissioner has accordingly found the Respondent in breach of sections 13 and 20 of the PDPA. 2 The Commissioner’s findings and grounds of decision are set out below. Material Facts 3 The Respondent was employed as a telemarketer from 2004 to 2014. Sometime in 2012, the Respondent started purchasing ‘leads’ to expand the reach of her marketing in order to hit her sales targets. These ‘leads’ typically comprised an individual’s name, NRIC number, mobile number and annual income range. A lead would typically cost between $0.20 and $0.30. 4 The Respondent bought the leads from unknown online sellers and did not retain the details of these transactions. Also, the Respondent did not check Sharon Assya Qadriyah Tang [2018] SGPDPC 1 or verify with the sellers that the leads she purchased were obtained legitimately with the individuals’ consent. 5 On average, the Respondent would buy approximately 10,000 leads per year. According to the Respondent, her first purchase of leads was sometime in late 2012 and her last purchase was sometime in either May or June 2014. At the material time, the Respondent had in her possession approximately 30,990 leads. The leads were stored in Microsoft Excel spreadsheets. 6 From late 2012 up until 23 February 2017, the Respondent estimated that she had re-sold the leads she had bought about 9 to 10 times, typically charging customers … | Financial Penalty | 7c97ac65ddddd62ae8a119b6caa4338a79492ebb | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 211 | 211 | 1 | 952 | A joint decision was issued for three separate cases involving Management Corporation Strata Title and managing agents of condominiums. The parties were found not to be in breach for disclosing names of unit holders, unit numbers and voting shares of subsidiary proprietors via minutes and voters lists. | [
"Consent",
"Notification",
"Not in Breach",
"Real Estate"
] |
2017-06-12 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---3-mcst-ma---120617.pdf | Consent, Notification | No Breach of Consent and Notification Obligations by MCST and Managing Agents of Condominiums | https://www.pdpc.gov.sg/all-commissions-decisions/2017/06/no-breach-of-consent-and-notification-obligations-by-mcst-and-managing-agents-of-condominiums | 2017-06-12 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1607-B0117 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Exceltec Property Management Pte Ltd (2) Management Corporation Strata Title Plan No 2956 (3) Strata Land Property Consultants Pte Ltd ... Organisations Decision Citation: [2017] SGPDPC 8 GROUNDS OF DECISION 12 June 2017 A. BACKGROUND 1. This decision arises from three separate cases involving Management Corporation Strata Title (“MCSTs”) and managing agents (collectively, the “Organisations”) of condominiums posting documents containing the personal data of subsidiary proprietors (hereinafter will be referred to as “residents”) on notice boards. The nature of the complaints was that the disclosures made of these personal data was an infringement of the Personal Data Protection Act 2012 (“PDPA”). 2. The Personal Data Protection Commission (the “Commission”) commenced investigations into the matter, and provides its decision below. 3. Although the three cases involve different residents and managing agents of condominiums, the facts of the three cases are substantially similar and the legal issues involved are identical. Therefore, this consolidated decision is issued for the three cases. 1 B. MATERIAL FACTS AND DOCUMENTS 4. Between 29 June and 27 July 2016, the Commission received complaints from several residents of three condominiums (namely, (1) Prive, (2) The Mornington, and (3) Seletaris) against the condominiums’ respective MCST or managing agents, namely, (1) Exceltec Property Management Pte Ltd (“Exceltec”), (2) Management Corporation Strata Title Plan No 2956 (“MCST 2956”), and (3) Strata Land Property Consultants Pte Ltd (“Strata Land”) respectively: 5. a. In the first case, three residents (“1st Complainants”), complained that Exceltec had posted copies of the voter list containing the names, unit numbers, and voting shares of residents, and the draft minutes of the 1st council meeting on 12 July 2016 … | Not in Breach | 2ce165e02e9bb75e1c3bd17b406722924d367851 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 216 | 216 | 1 | 952 | A warning was issued to Executive Coach International for failing to notify and obtain consent from an ex-employee for the disclosure of her personal data. | [
"Consent",
"Notification",
"Warning",
"Education"
] |
2017-03-21 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---executive-coach-international---210317.pdf | Consent, Notification | Breach of Consent and Notification Obligations by Executive Coach International | https://www.pdpc.gov.sg/all-commissions-decisions/2017/03/breach-of-consent-and-notification-obligations-by-executive-coach-international | 2017-03-21 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1504-A426 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 (the “PDPA”) And Executive Coach International Pte. Ltd. [UEN 200414184R] ... Organisation Decision Citation: [2017] SGPDPC 3 GROUNDS OF DECISION 21 March 2017 BACKGROUND 1. On 20 April 2015, the Complainant, complained to the Personal Data Protection Commission (the “Commission”) that the Organisation had disclosed her past personal history in a WhatsApp group chat comprising the Complainant and the Organisation’s other staff and volunteer trainees (“WhatsApp Group”) without her consent and without notifying her of the purposes for the disclosure. 2. On account of the complaint made, the Commission commenced an investigation under Section 50 of the Personal Data Protection Act 2012 (the “PDPA”) to ascertain whether the Organisation had breached its obligations under the PDPA. The material facts of the case are as follows. MATERIAL FACTS AND DOCUMENTS 3. The Organisation is an organisation which provides life and executive coaching services to individual and corporate clients. The Complainant is a former employee of the Organisation. She was the personal assistant to [Redacted] (Replaced with Mr L), a director of the Organisation. The Complainant has since left the employment of the Organisation on unamicable terms. 4. The WhatsApp Group, comprising of the Organisation’s employees and volunteers, was created on 22 August 2013. The Complainant and Mr L were - 1 - both participants in this WhatsApp Group. At the material time on 7 April 2015, there were a number of other participants in this WhatsApp Group.1 5. On 7 April 2015, Mr L disclosed highly sensitive information of the Complainant’s personal history, namely her past drug problem and issue with infidelity in her amorous relationship, (“Personal Data”) to the participants in the WhatsApp Group. The Organisation has not disputed that the personal history of the Complainant is p… | Warning | 4606cb34276907f06cf0c6913f89d949fec92bb7 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 220 | 220 | 1 | 952 | A warning was issued to Jump Rope (Singapore) for disclosing the personal data of two former employees without consent and notification. | [
"Consent",
"Notification",
"Warning",
"Arts, Entertainment and Recreation"
] |
2016-11-24 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---jump-rope---241116.pdf | Consent, Notification | Breach of Consent and Notification Obligations by Jump Rope (Singapore) | https://www.pdpc.gov.sg/all-commissions-decisions/2016/11/breach-of-consent-and-notification-obligations-by-jump-rope-(singapore) | 2016-11-24 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1411-A265 JUMP ROPE (SINGAPORE) (UEN No. T13SS0090E) … Respondent Decision Citation: [2016] SGPDPC 21 GROUNDS OF DECISION 24 November 2016 A. BACKGROUND 1. On 1 December 2014, the Personal Data Protection Commission (“Commission”) received a complaint against Jump Rope (Singapore) (the “Respondent”) from a complainant (the “Complainant”) alleging that his personal data had been disclosed in an email sent to various Singapore government schools. 2. The Commission commenced an investigation under Section 50 of the Personal Data Protection Act 2012 (“PDPA”) to ascertain whether there had been a breach by the Respondent of its obligations under the PDPA. B. MATERIAL FACTS AND DOCUMENTS 3. The Respondent is a non-profit society registered with the Registry of Societies that promotes and manages the sport of rope skipping, and provides training to students in Singapore schools. The Respondent was set up by the President of the Respondent, [redacted], who is also the owner and director of Emotion Learning Pte. Ltd. (“Emotion”) and Eltitude Pte. Ltd. (“Eltitude”). Emotion and Eltitude are companies in the business of providing enrichment and CCA education, and enrichment and sports coaching services to schools respectively. 4. Based on the Respondent’s response to the Commission during the investigation, the Commission understands that the Complainant was a former employee of Emotion and Eltitude, who held the designation of Part Time Instructor. The Complainant went through an in-house training program conducted by Emotion, and obtained a certificate in rope skipping coaching, which was issued by the Respondent. 1 5. The Respondent alleged that the Complainant had breached his contract of employment with his employers and had engaged in some unethical activities during the course of his employment. As a result, the Respondent blacklisted the Complainant and revoked his certification. 6. The President of the Respondent then decided to se… | Warning | fe526eedfbd39c4afe655dd5a1fe2bb66ec6b1a7 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 232 | 232 | 1 | 952 | Directions were issued to Universal Travel Corporation for disclosing a passenger list, consisting of 37 customers' personal data, to four of its customers without consent. The organisation was also penalised for its lack of data protection policies. | [
"Consent",
"Purpose Limitation",
"Notification",
"Directions",
"Others"
] |
2016-04-21 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---universal-travel-corporation-(210416).pdf | Consent, Purpose Limitation, Notification | Breach of Consent and Other Obligations by Universal Travel Corporation | https://www.pdpc.gov.sg/all-commissions-decisions/2016/04/breach-of-consent-and-other-obligations-by-universal-travel-corporation | 2016-04-21 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1508-A496 UNIVERSAL TRAVEL CORPORATION PTE LTD (UEN. 197302113R) ... Respondent Decision Citation: [2016] SGPDPC 4 GROUNDS OF DECISION 20 April 2016 A. BACKGROUND 1. The Personal Data Protection Commission (“Commission”) received a complaint from a credible source concerning the alleged disclosure by the Respondent of personal data of 37 customers (the “passenger list”) in early March 2015 to certain individual(s) who participated in the 12 Days Legend of the Balkans Tour from 17 February 2015 to 28 February 2015 (“Balkans Tour”). 2. In the premises, the Commission decided to carry out an investigation into the matter. The Commission’s findings are set out below. B. MATERIAL FACTS AND DOCUMENTS 3. Sometime in or around late February 2015, four of the customers of the Balkans Tour requested the Respondent to furnish formal documentation confirming the cancellation of their transit flight to Sofia on 18 February 2015 (TK1027/18FEB15 ISTANBUL-SOFIA) (“formal confirmation”) to process their insurance claims. 4. The Respondent therefore requested from Turkish Airline written confirmation of the flight cancellation and the affected passenger list. 5. Sometime in early March 2015, the Respondent sent the formal confirmation together with the letter from Turkish Airline and the passenger list by email to four of the customers of the Balkans Tour. The passenger list that was sent contained the name, nationality, date of birth, passport number, passport expiry date and passenger name record (a record in the database of a computer reservation system (CRS) that contains the itinerary for a passenger, or a group of passengers travelling together) of all 37 of the passengers/customers that were on the Balkans Tour. The passengers’ details were not masked or redacted when it was sent by the Respondent. It is not disputed that the passengers’ details constituted personal data under the control of the Respondent at the material time. 6. In the R… | Directions | 5a0ff182bd0082f840e509fc39079487ae98fb3a | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-12-14T14:54:52+00:00 | 0e20feac9c1e16c30580baa727a897e3bfcf8791 | 483 | 243 | 1 | 958 | Directions were issued to Tipros for failing to use or disclose personal data about an individual only for purposes that a reasonable person would consider appropriate. | [
"Consent",
"Notification",
"Purpose Limitation",
"Directions",
"Others"
] |
14 Dec 2023 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/GD_TIPROS_080623.pdf | Consent, Notification, Purpose Limitation | Breach of the Purpose Limitation Obligation by Tipros | https://www.pdpc.gov.sg/all-commissions-decisions/2023/12/breach-of-the-purpose-limitation-obligation-by-tipros | 2023-12-14 | PERSONAL DATA PROTECTION COMMISSION [2023] SGPDPC 7 Case No. DP-2207-C0019 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Tipros … Organisation DECISION Page 1 of 8 Tipros Yeong Zee Kin, Deputy Commissioner — Case No. DP-2207-C0019 8 June 2023 Introduction 1. On 21 July 2022, the Personal Data Protection Commission (the “Commission”) received a complaint that Tipros (the “Organisation”), a sole proprietorship in the wholesale of and repair of electrical appliances, had unreasonably disclosed the personal data of the complainant when responding to the complainant’s review on the Organisation’s Google reviews page (the “Incident”). 2. The Commission commenced investigations to determine the Organisation’s compliance with the Personal Data Protection Act 2012 (“PDPA”) and for suspected breaches of the same. Facts of the Case 3. The complainant had engaged the Organisation to repair a refrigerator. Following the repairs made, the complainant gave a “1-star” review on a Google reviews page “24hr fridge refrigerator #1 Quick repair service Trusted in Singapore”, which has since been renamed “Tipros.sg”. 4. The Organisation promptly responded to the complainant’s review. What is problematic was that the Organisation included the complainant’s personal data, including the complainant’s residential address and mobile number in their Page 2 of 8 response. The complainant filed a complaint with the Commission as the complainant was of the view that there was no reason for the Organisation to disclose her personal data in the course of responding to the review she left on the Organisation’s Google reviews page. 5. Apart from the Organisation’s response to the complainant’s review, the Commission found 13 other responses on the Organisation’s Google reviews page which disclosed, in a similar fashion, the personal data of other customers who had given reviews. Our Investigations 6. The Commission commenced investigations. In the course of investigations, it was … | Directions | acd36e3274c5e29fe0627b24b99136461cdd6c47 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;