An Employer who engaged WeLinkTalent Pte Ltd to conduct job matching or candidate (job application) search for their job vacancies is known as “Customer”. Customer who received personal data from WeLinkTalent Pte Ltd will likely be considered as a data intermediary.

WeLinkTalent Pte Ltd (“we”, “us”, or “our”) imposes this Data Protection policy with obligations on the Customer so as to ensure the WeLinkTalent Pte Ltd‘s own compliance with the Personal Data Protection Act (“PDPA”).


1)    In this Agreement, unless the context otherwise requires, the following terms shall have the meanings assigned to them below:

  1. Customer” means the company name of the Customer;

  2. Candidate Personal Data” means Personal Data which the WeLinkTalent Pte Ltd discloses to the customer.

  3. PDPA” means the Personal Data Protection Act 2012; and

  4. Personal Data” means data, whether true or not, about an individual who can be identified:

  • from that data alone; or

  • from that data and other information which the customer has or is likely to have access.



  1. Compliance with PDPA. The customer shall comply with all its obligations under the PDPA at its own cost. Customer are subjected to audit by us against the PDPA requirements and contractual agreements when:

    1. There is a compliant lodge relating to the customer or

    2. There is a personal data breach incident or

    3. There is a suspected case of breach of the PDPA requirements and contractual agreements

  2. The customer shall only process and / or use candidate Personal Data:

    • Strictly for the purposes of fulfilling its obligations and evaluating the suitability of candidate for the job offer.

  3. Transfer of personal data

    • The customer is not allowed to transfer or share any of the candidate personal data from us to any organisation or any unauthorised person without the consent from us

  4. Security Measures.

  5. The customer shall protect candidate’s Personal Data in the customer’s control or possession by making reasonable security arrangements (including, where appropriate, physical, administrative, procedural and information & communications technology measures) to prevent unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of Customer Personal Data, or other similar risks. For the purposes of this Agreement, “reasonable security arrangements” include arrangements set out below:

    1. Physical records containing Candidate’s Personal Data which are mailed or sent by courier must be secured in transit (e.g. in a seal envelope etc.)

    2. Physical duplicating (e.g. photocopying, etc.) of candidate’s Personal Data is discourage.

    3. Physical or electronic document containing Candidate’s Personal Data should never be left unattended

    4. Customer’s employees are to be bound by confidentiality obligations

    5. Candidate’s Personal Data should  be stored in locked file cabinets

    6. candidate’s Personal Data should be classified as confidential document

    7. Candidate personal data are not allowed to be disclosed to any organisation or any unauthorised person without our consent

    8. Implements robust policies and procedures to protect the candidate’s Personal Data

    9. Conducts regular training sessions to impart good practices in handling and protecting personal data

    10. Limit access to candidate’s Personal Data to only authorized personnel based upon their assigned roles and responsibilities.

    11. Encryption of portable storage device used for the transfer/storage of personal data.

    12. Enforce boundary protection (e.g. installing a firewall and virus-checking software)

    13. Download and install the applicable patches or security updates which should cover vulnerabilities in applications, systems and databases.

    14. Perform regular back-ups of the information on computer systems.

    15. Work station, computer, laptop should be password protected.

    16. Disposal the candidate’s Personal Data when no longer any legal or business purpose behind retaining such data by:

  • Shredding off all physical copy of candidate’s Personal Data​

  • Deleting all electronic copy of candidate’s Personal Data from your system and storage and ensures that such data are securely deleted and unable to recover.​


6. Accuracy and Correction of Personal Data.

  • Where we provide Candidate’s Personal Data to the Customer, we shall make reasonable effort to ensure that the Candidate’s Personal Data is accurate and complete before providing the same to the customer. The customer shall put in place adequate measures to ensure that the Customer Personal Data in its possession or control remain or is otherwise accurate and complete. In any case, the customer shall take steps to correct any errors in the Customer Personal Data, as soon as practicable upon the notification received from us.


7. ​Retention of Personal Data.

  1. The customer shall not retain candidate’s personal data (physical or electronic form) for any period of time longer than is necessary to serve the purposes of this Agreement.

  2. The customer shall, upon the request from us to:

  • return to the physical copy of candidate’s personal data; and/or

  • delete the electronic copy of candidate’s personal data in its possession,

Where applicable, the customer shall also instruct all third parties to whom it has disclosed the candidate’s personal data for the purposes of this Agreement to return the candidate’s personal data or delete, such candidate’s personal data.


8. Notification of Breach.​​

  1. The customer shall immediately notify the Customer when the customer becomes aware of a breach of any of its obligations in Clauses [2.1 to 2.7].

  2. The customer report to customer’s Data Protection Officer by the below channel:


9. Indemnity

The customer shall indemnify us and its officers, employees and agents, against all actions, claims, demands, losses, damages, statutory penalties, expenses and cost (including legal costs on an indemnity basis), in respect of:

  1. any  breach of Clauses [2.1 to 2.7]; or

  2. any act, omission or negligence of the customer that causing or resulting us in breach of the PDPA.


Effective date: 18 October 2019
Last updated: 18 October 2019

  • LinkedIn - Black Circle
  • Twitter - Black Circle
  • Facebook Black Round

© 2015-2020 by WeLinkTalent Pte Ltd | EA Licence № 16S8272

Data Protection Policy

Singapore Exclusive Partner