Privacy

BIPO PRIVACY STATEMENT

Effective starting: 8 November 2023 (view archived versions)

This privacy statement (“Privacy Statement” or “Statement”) is established by BIPO Service (Singapore) Pte. Ltd., BIPO Service Shanghai Limited, and the direct and indirect subsidiaries and affiliates (hereinafter referred to as “BIPO”, “we”, “us” or “our”).


At BIPO, we are committed to providing a secure environment to process personal information across our platforms, products & services. We value the trust that you have placed in us when sharing your personal information. We take data privacy seriously and will endeavour to address your concerns on how we protect your personal information.

Overview

This Privacy Statement explains how we collect, use, disclose, transfer and store personal data, which may be provided to us or obtained directly from you when you use our BIPO Website and/or mobile application.

By using or accessing the BIPO Website and/or mobile application, you agree to be legally bound by this Privacy Statement and consent to BIPO’s processing of your personal data in accordance with this Statement. We suggest that you read this Privacy Statement to ensure you are fully informed.

If you are an employee of an organization that uses a BIPO product or service and you have questions or concerns about the personal information your organization holds in BIPO about you , please direct your request to that organization. For more information on your privacy rights and your organization’s privacy practices, please refer to your organization’s privacy policies.

Table of Contents

1. What information we collect about you
2. How we collect information about you
3. How we use information we collect
4. How we share information we collect
5. How we store and secure information we collect
6. Your rights to your personal information
7. Overseas transfers of personal data
8. Changes to this Statement
9. Policy towards children
10. Contact us
11. Cookies policy

1. What information we collect about you
1.1. In this Privacy Statement, “personal data” or “personal information” refers to any data, whether true or not, about a person, whether living or deceased, who can be identified from that data or from that data and other information to which we have or are likely to have access.


1.2. Examples of such personal data which you may provide to us or which we may collect from you may include (depending on the nature of your interaction with us):


Information we may collect directly:

1.2.1. your name, job title, industry, company, contact number, email, country of residence, country of employment/business, or any other information you may voluntarily provide to us when you visit our BIPO Website and/or complete or submit one of our online forms (“Account Data”);


1.2.2. information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, “Support Data”);

1.2.3. communication, marketing, and other preferences that you provide us when you subscribe to our newsletter or choose to participate in a survey or a questionnaire that we send you;

1.2.4. any other information relating to you which you may have provided to us, including via any form you may have submitted to us, or via other forms of interaction with you.

Information we may collect automatically when you use our Website, Web or Mobile application:

1.2.5. information about your device or connection, for example your internet protocol (IP) address, basic service set identifier (BSSID) of the Wifi access point you are connected to, the service set identifier (SSID) of the Wifi network you are connected to, your internet browser type and version, time-zone setting, operating system and platform, technologies on the devices you use to access our website, web or mobile application, and information we collect through cookies and other data collection technologies (please read our Cookies Policy below at Paragraph 11 for details) (collectively, “Technical Data”);

1.2.6. information about your use of or visit to our BIPO Website, for example your clickstream to, though, and from our BIPO Website, products you viewed, used, or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods to browse away from the page.

1.2.7. BIPO Mobile App integrates the following components:

• Huawei Mobile Service (com.huawei.hms), to enable push notifications to your devices
• Google Mobile Service (com.google.firebase), to enable push notifications to your devices
• AMAP SDK (com.amap.api), will get your geographic location through GPS. This function is used for attendance clocking function within the mobile app.
• Camera permission for doing face recognition
• Storage permission to upload an attachment to BIPO systems
• Clipboard permission to allow copy function in BIPO mobile app

BIPO Mobile App uses ANDROID ID as device unique identifier.

1.2.8. BIPO HRMS use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.


1.3. We do not collect sensitive personal data about you through this BIPO Website. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or sexual orientation.

2. How we collect information about you


2.1. We collect your personal data when you provide it to us, or when using or accessing the BIPO Website, including information submitted voluntarily by you through the BIPO Website.

2.2. We may also receive your personal data from other sources that have obtained your prior valid consent or otherwise rely on valid and adequate legal basis for processing of your data.

2.3. Where you interact with our staff, personnel, agents, advisors, partners, consultants, and contractors based in various countries and regions in connection with our operations or the provision of the BIPO Website, including the fulfilment and provision of goods or services requested by you, and provision of support services.

2.4. Where you provide us with personal data of other persons (for example, information on your dependents) (each a “Person”), you undertake and warrant that:

2.4.1. you are authorized to consent on behalf of, and have obtained the consent of, each and every Person to provide his or her personal data to us for the purposes set out in this Privacy Statement; and

2.4.2. all information and data of each Person provided by you are accurate and complete.

2.5. Where any personal data is directly entered into any BIPO Website by you, you shall be solely responsible for ensuring the accuracy and completeness of all such personal data.

3. How we use information we collect

3.1. We collect, use, disclose, and process your personal data only as instructed or permitted by you, and to the extent permitted by applicable laws, including:

For information collected via BIPO website:

3.1.1. to operate and provide the online content, or any other information or services which you have requested, to provide customer support and personalized features, and to protect the safety and security of the website.

3.1.2. where you have given us consent to do so for a specific purpose, for example, where you have given your consent for us to send you direct marketing materials or publish your information as part of our testimonials or customer stories to promote our products or services.
If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by contacting us (see Paragraph 10 below). Please note however, that this will not undo any use or processing of your information that has already taken place.

For information collected from BIPO website, BIPO web applications, and BIPO mobile applications:

3.1.3. where it satisfies a legitimate interest which is not overridden by your fundamental rights or data protection interests, for example for research and development, improvement of our products and services including the BIPO Website, and in order to protect our legal rights and interests.

3.1.4. where we need to comply with a legal or regulatory obligation.

3.2 For visitors or users located in the European Union, we set out in the table below, a non-exhaustive list of the personal data types that we may collect, the purposes for which that personal data is processed and the legal basis we rely upon to process such personal data:

4. How we share information we collect

4.1. We may disclose your personal data to our affiliates and third party partners, agents, and processors (“BIPO Agents”) to the extent required to provide the information and services that you have requested, or in the normal course and scope of our business or in the provision of our services, and where required or permitted by applicable laws. Accordingly, we ensure that these entities are legally bound to similarly use and process personal data in compliance with applicable laws.

4.2. At present, the types of BIPO Agents we entrust include the following:

4.2.1. vendors and service providers of our BIPO Website that support our business and who assist in providing, managing, and administering the BIPO Website, our products and services, including those providing technical infrastructure and hosting services, and other third party service providers who process personal data on behalf of BIPO.

4.2.2. auditors; agents or subcontractors acting on behalf of BIPO; lawyers and other professional advisors; and government or regulatory authorities.

4.3. Our BIPO Website may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before use / submission of any information to them.

4.4. We may share your information with government and law enforcement authorities in the countries where we operate to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, or national security requests.

4.5. If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such transaction. We will notify you if such transaction takes place and inform you of any choices you may have regarding your information.

5. How we store and secure information we collect

5.1. We use data hosting service providers based in various locations according to the products and services you have requested from us. Where required by applicable laws, and/or upon your reasonable written request, we shall provide you with further information on our data hosting service providers.

5.2. We have adopted the measures to protect the security and integrity of your personal information, including:

5.2.1. encryption of information using TLS/SSL technology;

5.2.2. ensuring that access to your personal information is restricted on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and

5.2.3. regular reviews of our information collection, storage, and processing practices.

5.3. We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

5.4. While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure.

5.5. We only retain personal data for so long the purpose for which that personal data was collected is being served by retention of the personal data, or where necessary for any legal, accounting, or business purposes, and to the extent permitted by applicable laws. After such time, we will delete or anonymize your information, or if this is not possible, we will securely store your information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy.

6. Your rights to your personal information

6.1. When the purpose and means of processing your personal information is determined by BIPO, subject to applicable exceptions, you have the right to exercise the following personal data requests:

6.1.1. request to be informed of what we do with your personal information;

6.1.2. request for a copy of personal information in our control or possession;

6.1.3. request correction of inaccuracy or error in any personal information we hold about you;

6.1.4. request to receive your personal information in our control or possession in a structured, commonly used, and machine-readable format

6.1.5. withdraw your consent at any time where we use consent as the legal basis for processing your personal information. You may withdraw your consent to receiving marketing materials from us by using the unsubscribe link in our communications, or by contacting us. Please note that if you opt out from receiving marketing materials from us, you may still receive notifications or information from us that are necessary for the use of our products or services.

6.1.6. request deletion of all your personal information.
BIPO shall comply with the request to the extent reasonably possible, subject to conditions necessary to comply with legal obligations, and to the purposes of our normal business operations where permitted by applicable law;

6.2. As a security measure, we may need specific information from you to help us confirm your identity when you exercise your rights and to process the above requests.

6.3. For request of deletion of personal information, if deletion is not possible, BIPO will anonymize the information, or securely store and isolate it, to stop further use of the information.

6.4. All requests mentioned in section 6.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is repetitive, or excessive, to the extent permitted by applicable laws.

6.5. When the purpose and means of processing your personal information stored in BIPO systems (e.g., BIPO HRMS web and mobile applications) is determined by your organization (i.e. BIPO’s customer), the processing of your personal information is then governed by your organization’s privacy policy, and not this policy. For this situation, all your requests mentioned in section 6.1 should be directed to the person responsible for handling such data subject requests in your organization. Should BIPO receive the request directly from you, BIPO shall forward the request to the designated person in your organization.

7. Overseas transfers of personal data

7.1. Due to the global nature of our business and that of our third parties who process your personal data on our behalf, personal data we collect from you may be transferred, processed and stored outside the jurisdiction where the personal data is collected, to the extent required in the normal course and scope of our business in the provision of our products and services, and where required or permitted by applicable law. If personal data is transferred from European Economic Area (“EEA”) to Non-EEA Area, we will ensure that adequate protection of your data is provided as required by applicable law, for example entering into “standard contractual clauses” issued by the European Commission.

7.2. Although the data protection laws of these other countries may not be as comprehensive as those in your own, we will take all necessary steps to ensure that your personal information is treated securely, and in accordance with this Privacy Statement and any applicable laws.

8. Changes to this statement

8.1. We reserve the right to amend this Statement from time to time to reflect any changes to our use of your personal information or our business practices, and we will notify you of such changes by posting the new Privacy Policy on this page, Where required by the relevant applicable laws or regulatory requirements, we shall seek your prior consent to the amended Statement We nevertheless encourage you to review this Privacy Statement periodically to be informed of how we use your personal information.

9. Policy towards children

Our products and services are not directed to minors. In case we need to collect personal information from persons who are below the age limit for consent applicable to their country of residence, we will contact your Organization (where applicable) or the parental authority to get the consent. Contact us if you believe that we have mistakenly or unintentionally collected information from persons who are below the age limit for consent applicable to their country of residence. We shall protect the privacy and security of minors to the maximum extent permitted by law.

10. Contact us

10.1. Please contact us at dpo@biposervice.com or submit any written request to:

BIPO Service (Singapore) Pte. Ltd.
50 Scotts Road, #02-01B, Singapore 228242
Attn: Data Protection Officer

10.2. Please contact us if you have any questions or concerns about this Privacy Statement or our privacy practices and policies. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.

11. Cookies Policy

11.1. Cookies are small text files that are placed on your device by a web server when you access our BIPO Website. We use cookies to identify your access and monitor usage and web traffic on our BIPO Website to customise and improve our products and services.

11.2. We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our BIPO Website or a partner site that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).

11.3. We use the following types of cookies:

11.3.1. Strictly necessary cookies – these are cookies that are required for the operation of our BIPO Website.

11.3.2. Analytical/performance cookies – these allow us to recognise and count the number of visitors and to see how visitors move around our BIPO Website when they are using it. This helps us to improve the way our BIPO Website works, for example, by ensuring that users are easily finding what they are looking for.

11.3.3. Targeting cookies – these cookies record your visit to our BIPO Website, the pages you have visited, and the links you have followed.

11.4. You can block cookies by activating the setting on your browser that allows you to refuse the use of all or some cookies. However, if you do so, you may not be able to access all or parts of our BIPO Website

 

Find out more?

Explore our award-winning platform

One-all-one HR global platform with integrated features to manage your business.

Privacy Consent*
This field is for validation purposes and should be left unchanged.