Data Protection Policy


Heart 4 HR is committed to protecting your privacy.



Welcome to “Heart 4 HR” Data Protection Policy

We have developed this Data Protection Policy to assist you in understanding how we collect, use, disclose, process and retain your Personal Data through your use of our website and other means including email, telephone, your registration as a member of Heart 4 HR, your participation in our social media sites and networking activities etc. Please take a moment to read this Data Protection Policy.

It is important that you read this Data Protection Policy with any other notices we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are up to date on how and why we are using your data. This Data Protection Policy supplements other privacy notices. Heart 4 HR may update the policy to be consistent with our progressive business developments and in compliance to Singapore Personal Data Protection Act (PDPA No. 26 of 2012) (“the Act”) .  

Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on this page. By providing us with your Personal Data, you consent to our collection, use, disclosure, process, transfer and sharing of your Personal Data for the purpose explained in this Data Protection Policy.

Collecting, Use, Disclosure, Processing of Personal Data

We will take reasonable steps necessary to ensure that your Personal Data in our possession, or that of third parties is treated securely and in accordance to this Data Protection Policy. To respond to or process your requests for our services, we may have to disclose your Personal Data to other members or our group such as our professional advisors, for example “case buddies”. Your Personal Data will not be disclosed to any further parties unless we have obtained your consent or are legally obliged to do so. 

Obtaining Consent

Before we collect, use or disclose your Personal Data, we will notify you of the purpose why we are doing so. We obtain written confirmation from you on your expressed consent. As far as possible, we will not collect more Personal Data than necessary for the stated purpose.

Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your Personal Data for the stated purpose, for example, if you provide us your business cards at networking events.


Third-Party Consent

If you carry out a transaction of service with us on behalf of another individual, you must first obtain written consent from that individual in order for us to collect, use or disclose his/her Personal Data.


Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable advance notice. You have to be aware, though, of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future updates or that the quality of our service may be impacted.

Your request for withdrawal of consent can take the form of an email or letter written to our appointed Data Protection Officer (DPO) at

Accessing and Making Correction to Your Personal Data

You may write in to us, based on reasonable grounds, to find out how we have been using or disclosing your Personal Data. We are obligated under the PDPA to allow you access to your Personal Data of the past one year, and to make any correction if there is any error or omission. Before we accede to your request, we will need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data. This is a security measure to ensure that your Personal Data is not disclosed to any unauthorised person. We will try to respond to your request within 30 days. By which time we will give you an estimate of how long it is going to take to retrieve all the relevant data, and a nominal fee could be imposed for processing the request.

Accuracy of Your Personal Data

We will take reasonable precautions and verification checks to ensure that the Personal Data we have collected from you is reasonably accurate, complete and up-to-date. From time to time, we will do a verification exercise for you to update us on any changes to your Personal Data. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

Protection of Your Personal Data

We will take the necessary security arrangements to protect your Personal Data that is under our charge or control to prevent unauthorised access, collection, use, disclosure, or similar risks. All our employees, including advisors, “case buddies” and volunteers will take reasonable and appropriate measures to maintain the confidentiality and integrity of your Personal Data, and will only share your data with authorised persons on a ‘need to know’ basis. We will deliver training to our employees, including advisors, volunteers etc. to ensure that your Personal Data are managed with utmost care at every touch points of our service we provide to you.

Retention of Your Personal Data

We will not retain any of your Personal Data under our charge or control when it is no longer necessary for any business or legal purposes. Certain retention periods are based on statutory or regulatory requirements.

We will ensure that your Personal Data that no longer has any business or legal use will be destroyed or disposed of in a secure manner. This applies to both paper documents and electronic data stored in databases.

Transfer of Your Personal Data

We do not see that there is a need for us to transfer your Personal Data to another country. However, should the need arises, your Personal Data will not be disclosed to any further parties unless we have obtained your consent or are legally obliged to do so. 


Types of Data We Collect About You

The PDPA defines Personal Data as “data, whether true or not, about an individual who can be identified a) from that data; or b) from that data and other information to which the organisation has or is likely to have access.” It does not include data where the identity has been removed (anonymous data). We only collect Personal Data relevant to the interactions or transactions that you have with Heart 4 HR. For example, we may collect, use, store and transfer Personal Data about you as follows:

♥      Identity Data: first name, maiden name, last name, title

♥      Contact Data: email address, phone number

♥      Photos & Video Footage: videos and photos of you taken at our events, workshops, seminars

♥      Profile Data: your interests, preferences, feedback, survey responses

♥      Marketing & Communication Data: your preferences in receiving marketing from us and your communication preferences

How is Your Personal Data Collected

We use various methods to collect data from and about you through:

♥          Direct interactions: You may give us your identity and contact data by corresponding with us by phone, email, during networking events or otherwise. This include Personal Data you provide when you


  1. join Heart 4 HR as a member and/or “case buddy” and during your membership with us such as volunteering, contributing to our campaigns and research activity (including membership surveys)

  2. request for our services or register to attend our events

  3. subscribe to our service or publications

  4. request marketing materials to be sent to you

  5. give us feedback


You should ensure that all Personal Data submitted to us is complete, accurate, true and correct, otherwise this may result in our limitations to provide you information regarding our events and activities.

♥         Third parties or publicly available sources.

Identity and Contact Data where you have made information available in the public. Domain including posting on our social media pages such as LinkedIn etc. 


How We Use Your Personal Data

Your Personal Data and other information collected may be used by us individually or collectively and may be combined with other information for the following purposes such as a) administering our website and social media sites, b) administering our services and/or programmes c) sending general business communications d) responding to your enquiries or requests pursuant to your emails, telephone calls, as well as responding to and taking follow-up actions on your feedback e) seeking your feedback on our business matters f) for other purposes as reasonably required to provide services to you.

To register you as a member including:

  1. Maintaining a membership in our database to grow our HR community network of practitioners.

  2. Managing your membership and contacting you about member benefits, services, events, resources etc.


Type of data:
a) Identity; b) Contact; c) Profile; d) Marketing and Communications;


Lawful basis for processing including basis of legitimate interest:

  1. Performance of a contract with you

  2. Necessary for our legitimate interests (to develop our products/services and grow our business) 


To manage our relationship with you which will include:

  1. Notifying you about changes to our business terms of services or Data Protection Policy

  2. Asking you to leave a review or take a survey


Type of data:
a) Identity; b) Contact; c) Profile; d) Marketing and communications


Lawful basis for processing including basis of legitimate interest:

  1. Performance of a contract with you

  2. Necessary to comply with a legal obligation

  3. Necessary for our legitimate interests (to keep our records updated)



We may use your Personal Data to provide you with information about our services, which we consider may be of interest to you. Where we do this via email to inform you about our services and events. We will not do so without your prior consent except for when you have previously engaged services from us, in which case, you will receive marketing from us unless you have told us that you do not wish to receive that marketing.

Opting out of Direct Marketing

You can opt out of receiving email communication from the Company by contacting the Company’s appointed Data Protection Officer (DPO) at It may take up to 30 days to remove your details from our direct marketing database. We will not disclose your Personal Data to external organisations for the purposes of allowing them to directly market services unless expressly authorise by you.


Keeping you in Control of your Personal Data

Third-Party Links

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Right to Amend our Online Privacy Statement

We reserve the right to amend this Data Protection Policy at any time. If we make any changes to this Personal Data Protection and the way in which we use your Personal Data we will post these changes on our websites and will do our best to notify you if there are significant changes. Please check our Personal Data Protection Policy on a regular basis.

For any questions relating to your Personal Data or about our Data Protection Policy, you may contact us at :

Full name of legal entity: Heart 4 HR
Data Protection Officer (DPO) email address:

Governing Law

This Data Protection Policy shall be governed in all respects by the laws of Singapore. For more info go to

This version was last updated on 3 August 2019.