Section 1: Overview
The purpose of this policy is to set out how Athenaeum Limited (“Athenaeum”) manages your Personal Data (as defined below). It contains important information about how and why Athenaeum collects, uses and discloses Personal Data of individuals. This policy takes into consideration the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”) and all applicable PDPA advisory guidelines.
Section 2: Consent
2.1 By interacting with us in any manner whatsoever (including accessing our website), submitting information to us, or signing up for any products or services offered by us, you agree and consent to Athenaeum, as well as its representatives and/or agents (together with Athenaeum, collectively referred to herein as “Athenaeum”, “us”, “we” or “our”) collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth herein.
2.2 This policy supplements but does not supersede nor replace any other consents you may have previously provided to Athenaeum in respect of your Personal Data, and your consents herein are additional to any rights which Athenaeum may have at law to collect, use or disclose your Personal Data.
2.3 Athenaeum may from time to time update this policy to ensure that this policy is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this policy as updated from time to time on our website(www.azathenaeum.com). Please refer to our website for updated information on the handling of your Personal Data.
Section 3: Personal Data
3.1 “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data, or (b) from that data and other information to which we have or is likely to have access to, including data in our records as may be updated from time to time.
3.2 Some examples of Personal Data you may provide to us include unique identifiers (e.g. NRIC number, passport number), as well as any set of data (e.g. name, age, address, telephone number, occupation, date of birth, employment details, information relating to your financial circumstances etc) and any other information relating to any individuals, which when taken together would be able to identify the individual.
3.3 The provisions of the PDPA do not apply to business contact information, and business contact information does not come within the scope of what constitutes “Personal Data”. Business contact information refers to an individual’s name, designation or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by him or her solely for his or her personal purposes. For the avoidance of doubt, Athenaeum is not required to obtain consent before collecting, using or disclosing any business contact information or complying with any other obligations in this policy in relation to business contact information.
Section 4: Athenaeum’s Personal Data Inventory
4.1 Athenaeum has the following Personal Data in our custody:
4.1.1 If you are an employee or a prospective employee:
Athenaeum collects Personal Data of its employees including but not limited to, name, address, telephone numbers, e-mail address, NRIC number, passport number, FIN (Foreign Identification Number), date and place of birth, nationality, gender, resume, education background, employment history etc, in connection with the employees’ employment or job applications with Athenaeum.
4.1.2 If you are an existing client:
(a) Individual investors
Athenaeum has in its custody, Personal Data of individual investors in Athenaeum’s funds, such as those belonging to our High-Networth Individual (“HNW”) investors. Such Personal Data includes but is not limited to name, address, NRIC number, passport number, amount of investments in our funds, etc, and may also be comprised in copies of identity papers such as NRICs or passports obtained by Athenaeum as part of our KYC procedures in compliance with all AML/CFT laws, rules and regulations.
(b) Corporate investors / Distributors (which are corporate entities)
Athenaeum is required to comply with all applicable laws, rules and regulations relating to anti-money laundering and countering the financing of terrorism (“AML/CFT”). Under Athenaeum’s Anti-Money Laundering Policy and Know Your Client (“KYC”) Procedures, we are required to collect KYC documents relating to our corporate clients and our HNW investors. Such KYC documents may include copies of identity papers such as NRICs or passports of directors and/or authorised signatories of our corporate clients and our funds’ distributors. For the purpose of meeting the AML/ CFT requirements, Athenaeum will continue to collect, use and disclose such information without the consent of its corporate customers and fund distributors as allowed by the AML/CFT regulations.
Section 5: Collection of Personal Data
5.1 Generally, Athenaeum collects Personal Data from the following sources:
5.1.1 If you are an employee or a prospective employee:
The Personal Data that we collect and process on our employees is sourced from:
(a) information provided by employees and/or relevant third parties in the course of a potential employee applying for a position with us; and
(b) information provided by employees, relevant third party information sources and searches, or information otherwise generated upon a potential employee being hired and in the course of employment with us.
5.1.2 If you are an existing client:
The Personal Data that we collect and process relating to our clients is obtained from the following sources:
(a) Personal Data provided by the clients:
(i) through clients’ relationship with us, for example information provided in application forms and/or agreements entered into with us, when using our products or services;
(ii) through verbal and written communications with us;
(iii) from an analysis of the way clients’ use and manage their investment products and/services with us, from the transactions they make and from the payments which are made to/from their investment(s); and/ or
(iv) through Athenaeum’s General Enquiries Hotline or email or when you complete and submit any forms on our website.
(b) Personal Data from third party sources connected with clients:
(i) from any relevant third parties connected with the clients, such as organisations that are our clients or distributors of our funds or lawyers in relation to estate accounts etc.; and/ or
(ii) from any other sources which the client has consented to as provided for in our terms and conditions and/or application form or where lawfully permitted.
(c) Personal Data from outsourced sources:
(i) through funds’ trustees and transfer agents, for example, fund activity reports, contract notes, statement of accounts, register holdings report and daily and historical transfer agent’s data feed etc.
5.1.3 If you are a prospective client or fund distributor or [introducer or intermediary] any third parties:
The Personal Data that we collect and process is obtained from the Personal Data you have provided to us by through Athenaeum’s General Enquiries Hotline or by email or when you complete and submit any forms on our website.
5.2 Unless permitted under the PDPA or any other laws, regulations and guidelines, Athenaeum does not collect Personal Data without the consent of the individual.
5.3 When you browse our website, you are required to provide Personal Data you are able to proceed further. In this regard, at the point of collection of Personal Data, you will be requested to provide your consent to our collection, use and disclosure of Personal Data in accordance with this policy.
5.4 If you provide us with any Personal Data relating to a third party (e.g. information on your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of such third party to you providing us with their Personal Data for the respective purposes.
5.5 You should ensure that all Personal Data submitted to us, whether in person, through submission of forms, on our website or otherwise, is complete, accurate, true and correct.
Section 6: Purposes for the Collection, Use and Disclosure of Personal Data
6.1 Generally, Athenaeum collects, use and discloses Personal Data for the following purposes described below:
(a) verifying your identity;
(b) assessing and processing any applications or requests made by you for products and services offered by Athenaeum;
(c) responding to your queries and requests and handling complaints;
(d) managing the administrative and business operations of Athenaeum and complying with internal policies and procedures;
(e) facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving Athenaeum;
(f) matching any Personal Data held which relates to you for any of the purposes listed herein;
(g) preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks, and to conduct AML/ CFT checks for risk detection and prevention;
(h) managing the safety and security of our premises and services (including but not limited to conducting security clearances);
(i) in connection with internal investigations and legal proceedings, and any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(j) managing and preparing reports on incidents and accidents;
(k) managing audit, risk management and security and/or compliance obligations;
(l) complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities;
(m) financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes;
(n) project management;
(o) providing media announcements and responses; and/or
(p) any other purpose relating to any of the above.
6.2 In addition, Athenaeum collects, uses and discloses your Personal Data for the following purposes, depending on the nature of your relationship with us:
6.2.1 If you are an existing employee:
(a) general administrative and record keeping;
(b) headcount and payroll planning;
(c) workforce development, training and certification;
(d) performance management appraisals and evaluation;
(e) approving and monitoring employee benefits and entitlements, including providing remuneration, reviewing salaries and bonuses, and conducting salary benchmarking reviews;
(f) posting employee’s photograph on the intranet and email directory;
(g) administrative and support processes relating to your employment, including its management and termination, as well as staff benefits, including travel, manpower, business continuity and logistics management or support, processing expense claims, medical insurance applications, medical services, leave administration, training, learning and talent development, and planning and organising corporate events;
(h) maintain emergency contact details;
(i) Administering cessation / termination processes;
(j) purposes as required by regulators; and/or
(k) other purposes relating to the above, or as may be required by any laws, regulations and guidelines.
6.2.2 If you submit an application to us as a candidate for an employment position:
(a) Conducting interviews;
(b) assessing employee’s suitability for the job;
(c) verifying employee’s information and conducting reference checks;
(d) conducting background checks if the employee is offered a job; and/or
(e) other purposes relating to the above, or as may be required by any laws, regulations and guidelines.
6.2.3 If you are a client of Athenaeum:
(a) to confirm and verify the client’s identity;
(b) to assess application(s) /inquiry(ies) for our products and services;
(c) to process the client’s transaction in relation to his/her investment(s) in any of our products and services;
(d) to manage and maintain clients’ investment(s) portfolios with us;
(e) to manage our business and the client’s relationship with us;
(f) to notify clients about benefits and changes to the features of products and services;
(g) to respond to clients’ enquiries and complaints and generally to resolve disputes;
(h) to update, consolidate and improve the accuracy of our records;
(i) to produce data, reports and statistics which have been anonymised or aggregated in a manner that does not identify the customer as an individual;
(j) to conduct research for analytical and/or statistical assessments;
(k) to assess financial and insurance risks; and/or
(l) to provide to relevant regulatory authorities and for any other purpose relating to the above, or as may be required by any laws, regulations and guidelines.
6.2.5 If you are a prospective client:
(a) to assess application(s) /inquiry(ies) for our products and services;
(b) to receive our marketing information, and information on our products and services; and/or
(c) any other purpose relating to the above.
6.2.5 If you are an employee or agent of an introducer or other intermediary:
(a) marketing and leads management;
(b) processing commission remuneration; and/or
(c) any other purpose relating to any of the above.
6.2.6 If you are an employee, officer or owner of an external service provider or vendor outsourced by Athenaeum:
(a) managing the supply of goods and services;
(b) processing and payment of vendor invoices;
(c) complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (which includes disclosure to regulatory bodies or audit checks); and/or
(d) any other purpose relating to any of the above.
6.3 In relation to specific services or in your dealings with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
6.4 All Personal Data about an individual collected before 2 July 2014 will continue to be used and disclosed for the purposes for which the Personal Data was collected unless the relevant individual has notified Athenaeum that it withdraws consent.
Section 7: Disclosure of Personal Data
7.1 Athenaeum may disclose Personal Data for the purposes indicated above (where applicable) to the following parties or entities, whether they are located overseas or in Singapore:
(a) Athenaeum’s related corporations;
(b) counterparties and their respective banks in relation to payments, and other transactions;
(c) companies providing services relating to insurance to Athenaeum;
(d) agents, contractors or third party service providers who provide operational services to Athenaeum, such as courier services, telecommunications, information technology, payroll, corporate secretarial services, processing, training, market research, storage, archival or other services to Athenaeum;
(e) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving Athenaeum;
(f) external banks and their respective service providers;
(g) third party introducers;
(h) our professional advisers and agents, including our auditors and lawyers;
(i) relevant government regulators, government ministries, statutory boards or authorities and/or law enforcement agencies, whether local or overseas, including the Monetary Authority of Singapore and the Accounting and Corporate Regulatory Authority, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them;
(j) hotels, travel agents and foreign embassies in relation to overseas travel arrangements for staff;
(k) brokerage houses, fund houses, registrars, custodians, nominee banks, external banks and investment vehicles in relation to asset management and investment product settlement processing;
(l) any swap repository, trade data repository or reporting agent; and/or
(m) any other party to whom you authorise us to disclose your Personal Data to.
Section 8: Transfer of Personal Data Outside Singapore
To the extent that Athenaeum may need to transfer your Personal Data to service providers outside of Singapore (such as for data storage, data management and/or disaster recovery purposes), we will do so in accordance with the PDPA to ensure that a standard of protection is provided to the transferred Personal Data that is comparable to the protection under the PDPA.
Section 9: Protection of Personal Data
9.1 Athenaeum places great importance on ensuring the security of Personal Data against risks of authorised access, collection, use, disclosure, copying, modification, disposal or destruction. Athenaeum has implemented security measures which include computer safeguards and password-protected files to enhance the security of our Personal Data stored. In addition, all employees’ hardcopy personal files are maintained under lock and key. Athenaeum will regularly review and implement appropriate security measures when processing and retaining Personal Data.
9.2 Employees of Athenaeum are required to handle the Personal Data securely and with strict confidentiality, failing which they may be subject to disciplinary action. Athenaeum has a Compliance Manual (“Compliance Manual”) as well as a Code of Ethics and Business Conduct (“Code”) which serves as a guideline and represents Athenaeum’s commitment to upholding a high standard of integrity, fair dealing, quality of services and ethical behaviour, including handling any data with strict confidentiality, in all its relationships. The Compliance Manual also outlines procedures and guidelines to report violations by any member of staff.
9.3 Athenaeum takes reasonable efforts to protect Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, and at all times in compliance with the PDPA and other laws and regulations.
Section 10: Access to Personal Data
10.1 A client not in the care of any of our funds’ distributors may make a request to access his/her Personal Data which is in Athenaeum’s possession or control, by completing a data access request (“DAR”) form, and providing all necessary documents or information prescribed in the DAR form.
10.2 To the extent required by the PDPA, upon request by a client, Athenaeum shall provide information relating to how the client’s Personal Data has been or may have been used or disclosed within a year before the date of such request.
10.3 Employees who wish to access their Personal Data should contact the HR Department. Potential employees who were subsequently not employed by Athenaeum or former employees of Athenaeum should complete the DAR form as mentioned in Section 10.1 above.
10.4 Athenaeum may not be able to provide access to all of the Personal Data that they hold about an individual. For example, Athenaeum may not provide access to Personal Data if such provision could reveal Personal Data about another individual, if such information is subject to legal privilege or if provision will be contrary to national interest or where such refusal is permitted under the PDPA. If access to Personal Data cannot be provided, the reasons for denying access will be provided to the individual within 30 days of receipt of the DAR form, subject to any legal or regulatory constraints.
10.5 A prescribed fee may be levied by Athenaeum to process a DAR form.
10.6 The DAR form may be obtained here.
Section 11: Accuracy and Correction of Personal Data
11.1 A client may make a request to correct or update Personal Data which is in Athenaeum’s possession or control, by completing a data correction request (“DCR”) form and providing all necessary documents or information prescribed in the DCR form.
11.2 Employees who wish to correct or update their Personal Data should contact the HR Department. Potential employees who were subsequently not employed by Athenaeum or former employees of Athenaeum should complete the DCR form as mentioned in Section 11.1 above.
11.3 Unless Athenaeum is satisfied on reasonable grounds that a correction should not be made, Athenaeum shall:
- Correct the personal data as soon as practicable; and
- Subject to paragraph 11.4, send the corrected personal data to every other organisation to which the personal data was disclosed by Athenaeum within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
11.4 An organisation (not being a credit bureau) may, if the individual consents, send the corrected personal data only to specific organisations to which the personal data was disclosed by Athenaeum within a year before the date the correction was made.
11.5 Athenaeum may refuse to correct or update Personal Data as requested in the DCR form in certain instances. For example, Athenaeum is unable to confirm the individual’s identity or where such refusal is permitted under the PDPA. If Athenaeum denies a correction request, the reasons for the refusal will be provided by Athenaeum within 30 days of receipt of the DCR form, subject to any legal or regulatory constraints.
11.6 A prescribed fee may be levied by Athenaeum to process a DCR form.
11.7 The DCR form may be obtained here.
Section 12: Withdrawal of Consent
12.1 Employees or clients can withdraw their consent to Athenaeum’s continued use and disclosure of Personal Data as described in this policy at any time. Such withdrawal should be made in writing to the Data Protection Officer of Athenaeum.
12.2 If consent is withdrawn by an employee, Athenaeum may need to discontinue his/her employment with the company. If consent is withdrawn by a client, Athenaeum may no longer be able to provide the requested products or services and our relationship with the client may have to be terminated.
Section 13: Retention of Personal Data
Athenaeum will retain your Personal Data in compliance with the terms and conditions of the trust deeds of our funds, and clients’ agreement(s) with Athenaeum, to the extent one or more of the purposes for which it was collected remains valid, and for other legal or business purposes for which retention may be necessary.
Section 14: Contact Us – Feedback, Withdrawal of Consent, Access and Correction of Personal Data
Please contact our Data Protection Officer in the following manner, if you wish to provide any feedback, withdraw consent to the collection, use and disclosure of your Personal Data, request access to and/or correct any of your Personal Data, in accordance with the procedures set out in the foregoing sections of this policy:
By Email: DPO@azathenaeum.com
By Post: The Data Protection Officer, Karen Lim
Tel: +(65) 6536 2727
9 Temasek Boulevard, #44-02,
Suntec Tower 2,
Tel: (+65) 6727 7543
Section 15: Complaints Procedures
If you have reason to believe that your Personal Data has been misused by Athenaeum, you may lodge a complaint with the Data Protection Officer of Athenaeum who will handle the complaints in accordance with Athenaeum’s Complaints Handling Procedure stipulated in the Compliance Manual.