World of Safety & Health Asia (WSHAsia) Privacy and Data Protection Policy

Last Updated: 23 July 2025

World of Safety & Health Asia (WSHAsia) is committed to protecting your personal data and privacy. WSHAsia is a Singapore-registered company, and this Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with our online platforms (including our website, marketplace, e-magazine, membership portal, awards platform, events/courses e-commerce pages, and webinar/workshop platforms), whether you are in Singapore or overseas. We adhere to the Singapore Personal Data Protection Act 2012 (PDPA) and other applicable data protection laws in the jurisdictions where we operate. 

By using our services or providing personal data to us, you agree to the terms of this Privacy Policy.

Personal Data We Collect

We collect various types of personal data from users, including but not limited to:

• Identification and Contact Information: Name, salutation, company name, job title/designation, professional profile (e.g. speaker bio and photo), email address, telephone number(s), and mailing address.
  
• Registration and Membership Data: Username and password for your user account (if you register as a member), membership ID (if applicable), and any information you provide when signing up for an event, course, webinar, or membership.
  
• Transactional Information: Records of products or services you have purchased or signed up for on our platform, such as event registrations, course enrollments, or marketplace transactions. This includes payment information (e.g. credit card details or other payment account information) necessary for processing payments via our secure payment gateway Stripe. Note: Payment card details are collected and processed directly by Stripe on our behalf, and we do not store your full credit card information on our systems for security.
  
• Identification for Accreditation: For certain training events or professional development activities, we may collect limited identification details (such as the last three numerical digits and the last alphabet of your NRIC or other identification number) required by certification or points-issuing organisations to award Continuing Professional Development (CPD), Professional Development Seminars (PDS), Safety Development Unit (SDU) or similar points. We only collect partial identification (e.g. “123A” from an NRIC) and not your full NRIC, in line with PDPC guidelines that collecting up to the last 3 digits and letter is not considered collecting the full NRIC number (Please note that this partial ID still constitutes personal data and will be protected as such.)
  
• Communication Records: Any information you voluntarily provide when contacting us or responding to surveys, feedback forms, quizzes or contests (for example, responses you submit through our quiz and feedback platform).
  
• Device and Usage Data: When you use our websites or platforms, we automatically collect information about your device, browser, and how you interact with our site. This includes your IP address, browser type/version, device identifiers, time spent on pages, pages viewed, links clicked, and other analytical data. We gather some of this information through cookies and similar technologies (explained further in the Cookies and Tracking section below) using tools like Google Analytics.
  
• Images, Video and Audio: If you attend our webinars or virtual events (which may be hosted via platforms like StreamYard, Zoom, Google Meet, or Microsoft Teams), or speak at our events, your image, video, and/or audio (e.g. during event recordings or in speaker profile photos) may be collected. We use such media for event facilitation and may record sessions for archival and sharing purposes (we will notify participants if a recording is taking place).
  
• Any Other Information You Provide: This could include information you post on our marketplace, job portal, or discussion boards, or any additional data you choose to submit to us (for example, when entering an award competition, booking a call with us, or requesting a quote).

We generally do not collect sensitive personal data such as health information, unless it is voluntarily provided by you for a specific purpose or required by law. Our focus is on workplace safety & health industry information, and any health-related details would only be collected if pertinent (e.g. dietary requirements for an event). In particular, we do not collect full national identification numbers, biometric data, or financial account passwords from you.

How We Collect Personal Data

WSHAsia collects personal data through several methods:

• Directly from You: Most data is provided directly by you. For example, you provide your information when you create an account, register for an event or course, sign up for our membership, subscribe to our e-magazine or newsletter, purchase a product or service on our marketplace, submit an inquiry via our website, participate in a survey/quiz/contest, fill in feedback forms, or communicate with us via email or contact forms. We also collect data when you voluntarily submit content (such as speaker profiles, job postings, or marketplace listings).
  
• Through Your Activity on Our Sites: When you browse our website or platforms, data is collected via cookies and analytics scripts. This is primarily usage and device data (as described above under Device and Usage Data). For instance, when you visit our site, our system will automatically collect your IP address and use cookies to remember your preferences and login status.
  
• From Third-Party Integrations: In some cases, you may provide data to our partners that is then shared with us. For example, if you register for a WSHAsia event through a co-organizer or partner’s registration page, or sign up via a social media campaign or a third-party marketing landing page (e.g. via GlueUp or involved.me), those parties may pass your details to us so that we can manage your registration.
  
• From Our Service Providers: If you make payments, our payment processor (Stripe) will collect payment data and may provide us with limited information such as confirmation of payment or last 4 digits of your card for reference. Similarly, if we run email campaigns, our email service providers (like Mailchimp or GlueUp) might report to us on whether you opened an email or clicked links, to help us measure engagement.
  
• Public Sources: Occasionally, we might supplement your data with information from public sources or social networks (for example, if you tag us on LinkedIn or Facebook, or if we need to verify professional details for a membership application using publicly available information). This would only be done where it is lawful and relevant to our interaction with you.

Where we collect personal data, we will generally notify you of the purpose (e.g., via the relevant form or page) and obtain your consent, unless an exception under PDPA applies.

How We Use Your Personal Data

WSHAsia collects, uses, and processes your personal data for the following purposes:

• Providing Services and Fulfilling Transactions: To process and fulfill your orders, registrations, and requests. For example, if you sign up for an online course or purchase a ticket to an event, we use your information to register you, process payments, provide access to the event (including sending webinar links or physical event passes), and record any earned points or certificates. We also use your data to manage your user account and membership, including authentication (keeping you logged in), and enabling you to use members-only features.
  
• Communication: To communicate with you regarding your account or transactions. This includes sending confirmations, invoices, updates on events you registered for, responses to your inquiries, and customer support messages. If you are a speaker or award nominee, we may communicate with you to coordinate event details or content.
  
• Personalization and User Experience: To remember your preferences (such as keeping you logged in for up to 30 days on our website via cookies, or recalling your preferred language and region) and to tailor our website content and resource recommendations to your interests. We analyze how users interact with our sites to improve our platform, content offerings, and user experience.
  
• Marketing and Newsletters: To send you information about our products and services, as well as those of our partners, that we think may interest you. This includes our e-magazine updates, announcements of upcoming courses, events, webinars, new marketplace products, job alerts, newsletters, and promotional e-mails. We may also send invitations to participate in industry campaigns or competitions. These marketing communications will be sent to you only if you have consented to receive them (for example, by subscribing on our website, opting in during event registration, or by not opting out when providing your details). You may unsubscribe at any time (see the Your Rights and Choices section below for how to opt out).
  
• Third-Party Marketing by Partners: If an event or initiative is co-organized or sponsored by a partner, we may (with your consent) share your contact information with that specific partner for their direct marketing use. For example, if you attend a webinar or course sponsored by a third-party, we might share the attendance list (name, company, email) with the sponsor, who may then send you follow-up information or marketing materials about their products/services. We will either obtain your explicit consent for such sharing or at least provide you a clear opportunity to opt out. Any such partner is required to allow you to unsubscribe from their communications as well. (For clarity, WSHAsia does not sell your personal data to unrelated third parties for their marketing; any marketing communications from partners will be limited to those you engaged with through our platform and you will have been informed or given a choice at the point of data collection.)
  
• Administration and Operations: To administer our platforms and business, including troubleshooting, data analytics, testing, security, fraud detection and prevention, and survey/feedback management. For instance, we use data (including potentially personal data) to monitor for fraudulent transactions or unauthorized logins, and to ensure the security of our systems.
  
• Accreditation and Continuing Education Purposes: If you attend a course or event that offers CPD/PDS/SDU points or a certificate, we use the personal data you provided (such as your name and partial identification number) to verify your attendance/participation and report the necessary details to the relevant accreditation or points-awarding bodies so that you can receive your points or certificate. This may involve sharing a participation roster containing your details with the issuing organization for verification.
  
• Compliance with Legal Obligations: To comply with applicable laws, regulations, guidelines, and industry standards. For example, we may use and retain transaction records to fulfill financial reporting requirements, or use personal data to respond to lawful requests by government authorities or to meet national security or law enforcement requirements. If you exercise your data protection rights, we will use your data to fulfill those requests (e.g., searching our databases to provide you with a copy of your data).
  
• Enforcement of Our Terms and Policies: To investigate and enforce our Terms of Use, membership agreements, or other legal rights. For instance, if necessary, we might use personal data to prevent abuse of our platform, to ban users who violate rules, or to pursue remedies against fraudulent activities.
  
• Other Purposes That We Notify You Of: We may use your data for any other purpose that we specifically inform you about and obtain your consent for, or which is permitted under applicable laws (e.g., in Singapore, certain uses and disclosures without consent are allowed under the PDPA’s exceptions, such as for investigations or business asset transactions). We will ensure any new purpose is notified to you in accordance with PDPA’s Notification Obligation (Section 20 PDPA) and only proceed with your consent or as allowed by law.

We will only collect, use, or disclose your personal data for purposes that a reasonable person would consider appropriate in the circumstances, and only with your consent or deemed consent, or as otherwise permitted by law. We do not use your personal data for decision-making that produces legal or significant effects on you without human involvement (i.e., purely automated decisions); if we ever do so, we will comply with applicable laws regarding such processing.

Disclosure of Personal Data (Sharing with Third Parties)

WSHAsia may disclose or share your personal data with third parties in certain circumstances, in line with the purposes above. The categories of parties we share with include:

• WSHAsia Personnel and Related Companies: Your data will be accessible to our employees, contractors, and officers who need it to perform their duties (e.g., our event coordinators, IT administrators, customer service team). They are bound by confidentiality and data protection obligations. We may also share data with our affiliated entities or parent company (if any) as necessary for business operations.
  
• Event Co-Organizers, Partners, Vendors and Sponsors: If you register for or attend an event, course, contest or campaign that we conduct in partnership with another organization, or if an event is sponsored, we will share relevant participant data with the co-organizer or sponsor. This is done to facilitate the event (e.g., to verify registration at the door, produce name badges, or organize networking activities) and, where you have consented, to allow them to send you post-event communications or marketing. For example, if we run a conference with a partner association, that association may receive the attendee list. Likewise, if you download a sponsored whitepaper or attend a sponsored webinar, we may provide your info to the sponsor. (We will make efforts to let you know at the point of collection if such sharing will occur, and the identity of the partner/sponsor.)
  
• Service Providers (Data Intermediaries): We employ trusted third-party companies to support our operations, and in doing so we may need to share personal data with them or they may collect data on our behalf. Key service providers we use include:
  
  
  • Customer Relationship Management & Event Management Platforms: We use GlueUp (and in some cases Mailchimp) to manage our contact database, event registrations, and email campaigns. These platforms store personal data (e.g., your name, email, organization, event history) and help us send out event invitations, newsletters, and other emails to you.
    
  • Email Marketing Services: In addition to GlueUp/Mailchimp, we might use Mailchimp (an email marketing service) or similar platforms to send bulk emails or eDMs. Your email and name may be stored on such platforms for email distribution. (Mailchimp’s servers may be outside Singapore; see International Data Transfers below.)
    
  • Quizzes and Campaign Tools: For interactive marketing campaigns, contests or feedback collection, we use Involved.me. If you participate in a quiz or campaign powered by involved.me, the information you submit (e.g., quiz answers, contact details for lead generation) will be processed through their system and then provided to us.
    
  • Payment Processors: For handling payments and donations securely, we use Stripe as our payment gateway. When you make payments on our site, your payment details (like credit card number, billing info) are transmitted directly to Stripe. Stripe processes your payment information in accordance with their security and privacy policies. We receive transaction confirmations and basic details (not full card numbers) to record the payment.
    
  • Analytics and Tracking Providers: We use tools such as Google Analytics to collect information about website traffic and user interactions. These tools use cookies and scripts to gather data like your IP address, pages viewed, and actions on our site. This information is aggregated and helps us understand user behavior and improve our content. (Google may store this data on servers outside your country.) We may also use Google Ads or similar advertising networks for re-targeting advertising, which collect cookie data to show you relevant ads on other sites (see Cookies and Tracking below).
    
  • Webinar and Video Hosting Platforms: For live streaming and virtual events, we utilize platforms such as StreamYard, Zoom, Google Meet, or Microsoft Teams. If you join an event on these platforms, your name, email, and any video or audio you transmit will be processed by that platform and may be visible to other participants. Recordings (if any) might be stored on those platforms’ cloud services.
    
  • Artificial Intelligence Services: We continuously explore tools to enhance our services, and in some cases we may use AI or machine learning tools (for example, using OpenAI’s ChatGPT or similar AI services to help generate content or analyze anonymized feedback). We will not input your personal data into any AI tool without ensuring it’s handled in compliance with privacy requirements. If we deploy an AI chatbot or similar feature on our site for user assistance, any personal information you provide to the chatbot will be processed by the AI service provider under their terms; we will inform you at that time and obtain necessary consents.
    
• These service providers act on our behalf for the stated purposes. We strive to select providers who implement strong data protection measures. They are contractually bound to only use your data for our specified purposes and to protect it in accordance with our instructions and applicable law.
  
• Other Users and the Public: Some information you submit might be intended for public or semi-public display. For instance, if you are a speaker or award entrant, your name, photo and biography may be published on our website and event materials. If you post content in our marketplace, job portal, or blog comments, that content (along with your name or username) could be visible to others. We will clarify at the time of collection if information will be made public (e.g., a directory listing or a public forum post).
  
• Authorities and Legal Requirements: We may disclose personal data to government authorities, regulators, courts, law enforcement or other parties when required or permitted by law. For example, if law enforcement presents a lawful warrant or the PDPC (Personal Data Protection Commission of Singapore) is investigating a complaint, we may be obligated to provide relevant data. We may also disclose data if necessary to respond to legal claims, to protect our rights or safety, or the rights, property or safety of our users or the public.
  
• Business Transfers: If WSHAsia undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, personal data might be among the transferred assets. We will ensure that any such transfer is subject to appropriate confidentiality and data protection obligations and that you are notified of any significant changes to the handling of your personal data.

In all cases of sharing, we limit the personal data disclosed to what is relevant for the specific purpose. We do not allow third parties to use your data for their own purposes (outside of the specific purposes we engaged them for) without your consent. Where required by law, we will obtain your consent for any disclosure of your personal data.

International Data Transfers

Given the international nature of our operations and the use of global third-party services, your personal data may be transferred to or accessed from countries outside of Singapore. For example, data stored in our Mailchimp or GlueUp accounts may reside on servers in the United States or Europe; our payment processor (Stripe) and analytics provider (Google) are U.S.-based companies; our webinar services and other partners may also use servers globally.

When we transfer personal data across borders, we take steps to ensure that the transfer complies with the PDPA’s Transfer Limitation Obligation and other applicable laws. In particular, Section 26 of Singapore’s PDPA prohibits the transfer of personal data outside Singapore except in accordance with requirements to ensure the data will be accorded a comparable standard of protection to that under the PDPA. To meet this requirement, we implement at least one of the following safeguards:

• Contractual Safeguards: We include data protection clauses in our contracts with service providers and partners receiving personal data overseas, requiring them to protect your data to a standard comparable to Singapore’s laws. These contracts legally oblige the recipients to maintain confidentiality, implement security measures, and use the data only for authorized purposes.
  
• Applicable Certification or Legal Framework: Where possible, we rely on recipients who are certified under globally recognized data protection frameworks or bound by laws that Singapore deems comparable. For instance, if data is transferred to a company in the European Economic Area (EEA) or a country with robust data protection laws, those laws may be regarded as providing comparable protection. Similarly, U.S. companies that are certified under schemes like the APEC Cross-Border Privacy Rules or others may be considered as having acceptable safeguards.
  
• Consent: In specific situations, we may seek your consent to transfer your data overseas. For example, if you sign up for a service that involves an overseas partner needing your info, we will inform you and obtain your consent for the transfer if required. By using our platform and services, you are deemed to consent to the transfer of your data to the countries where our third-party providers operate, for the purposes stated in this Policy.

Regardless of where your data is processed, WSHAsia will ensure that your personal data receives protection consistent with the principles of this Privacy Policy and Singapore’s PDPA. Our Data Protection Officer oversees and reviews these data transfers and the associated safeguards. If you have questions about the specific mechanisms in place for international data transfers, you may contact us (see Contact Us section below).

Cookies and Tracking Technologies

Cookies are small text files that websites place on your device to store data that can be retrieved later. We use cookies and similar technologies (such as web beacons or pixels and local storage) on our platforms for several purposes:

• Essential and Functional Cookies: These are necessary for the functioning of our site and to provide you with a good experience. For example, when you log into your account, we use session cookies to keep you signed in and remember certain preferences for up to 30 days (so you don’t have to re-login every time within that period). These cookies also enable features like remembering items in your event cart or your chosen language.
  
• Analytics Cookies: We use Google Analytics and related cookies to collect information about how visitors use our site. These cookies track things like how you arrived at our site, which pages you visited, how long you spent, and what you clicked on. The data is aggregated and helps us understand user behavior and improve our website content and layout. Google Analytics cookies may collect your IP address and some device information. However, we do not allow Google to use or share our analytics data for their own purposes, and we have configured Google Analytics to anonymize IP addresses where applicable.
  
• Advertising and Marketing Cookies: With your consent (where required), we and third-party advertising partners may use advertising cookies or pixels to collect information about your browsing activities on our site over time. This data, combined with similar data from other websites, can be used to infer your preferences and show you targeted advertisements relevant to your interests. For example, we may use Google Ads or social media pixels that cause you to see WSHAsia event promotions on other sites after you’ve visited our site. The cookies gather information such as which pages you viewed on our site and your IP address/device ID. We may share a hashed version of your email or other identifier with advertising platforms to facilitate custom audience matching for our marketing campaigns, but only in accordance with applicable law. You can opt out of targeted advertising cookies as described below.
  
• Third-Party Embedded Content: Sometimes, we embed videos (e.g., YouTube), social media widgets, or other third-party content into our site. These third parties may set their own cookies to track usage of their services. For instance, if we embed a YouTube video on a page, YouTube may place cookies to measure views.

Your Choices for Cookies: When you first visit our website, you may see a cookies notice (if applicable in your region) which gives you options to accept or manage non-essential cookies. Even if you accept, you always have the ability to manage cookies through your browser settings. You can set your browser to refuse or delete cookies (see AllAboutCookies for guides on how to do this). Please note that if you disable certain cookies, some features of our site (such as staying logged in or interactive features) may not function properly.

Additionally, to manage Google Analytics, you can install the Google Analytics Opt-out Browser Add-on which prevents your data from being used by Google Analytics. For advertising cookies, you can often opt-out via industry sites such as the Network Advertising Initiative opt-out page or YourAdChoices.

Our use of cookies is intended to be in compliance with applicable laws. If you are in a jurisdiction that requires cookie consent (such as the EU), we will present you with a clear option to consent to non-essential cookies. By using our site without disabling cookies via your browser or other tools, you consent to our use of cookies as described.

Data Security

WSHAsia takes data security seriously. In accordance with Section 24 of the PDPA, we make reasonable security arrangements to protect your personal data and to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. Some of the measures we have in place include:

• Encryption: Our websites are secured with HTTPS, which means data transmitted between your browser and our site is encrypted using TLS/SSL. For sensitive operations such as payments, we rely on Stripe’s secure platform, which is PCI-DSS compliant and encrypts card information. Any stored passwords in our systems (or third-party systems like Mailchimp) are hashed or encrypted, so that even our staff cannot retrieve them directly.
  
• Access Controls: We restrict access to personal data to authorized personnel on a need-to-know basis. Our staff and contractors who handle personal data are bound by confidentiality obligations. Administrative access to our databases and third-party accounts is protected with strong passwords and, where available, multi-factor authentication.
  
• Security Testing and Monitoring: We regularly update our software and apply security patches to guard against vulnerabilities. We also utilize firewall protection and malware detection on our hosting platforms. Key third-party service providers (like Mailchimp, GlueUp, etc.) undergo their own security audits and penetration testing, and we review their security practices through their documentation or security whitepapers. Suspicious activities (such as multiple failed logins or unusual transaction patterns) are logged and monitored for investigation.
  
• Data Minimization: Where possible, we minimize the amount of personal data we store. For example, as mentioned, we do not store full credit card numbers on our servers. If certain data is no longer needed for its initial purpose (and not required to be retained by law), we anonymize or delete it to reduce any risk of exposure.
  
• Training and Policies: Our team is trained on PDPA requirements and good data protection practices. We have internal policies and incident response plans for handling personal data and responding to any potential security incidents or breaches.

While we strive to protect your data, please note that no method of transmission over the Internet or method of electronic storage is completely secure. Thus, we cannot guarantee absolute security. However, we will continuously review and enhance our security measures. In the unfortunate event of a data breach that is likely to result in significant harm or impact to you, we will notify you and the PDPC as required by the PDPA’s Data Breach Notification Obligation.

You also play a role in keeping your data secure. We advise that you choose a unique, strong password for your WSHAsia account and do not share it with others. Always log out and close your browser after using any of our member-only services on a public or shared device. Be cautious of any unsolicited communications asking for your personal data or passwords – WSHAsia will never ask you for your password via email or phone.

Data Retention

We will retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required or permitted by law. In practice, this means:

• If you have an account or membership with us, we will keep your profile information for as long as you maintain that account. If you cancel your membership or account, we may either delete your data or anonymize it after a reasonable period, unless we need to keep it for legal reasons.
  
• Transactional records (such as event registrations, purchase history, invoices) are generally kept for at least the duration required under Singapore law (for example, financial records are often kept for 5 to 7 years for tax and accounting purposes).
  
• Marketing mailing list data: If you are on our email list but have not engaged with us for a prolonged period, we may remove your details as part of our list cleaning. If you unsubscribe from our marketing communications, we will stop sending you emails and will remove your contact from active mailing lists. However, we may retain a minimal record (such as your email address on a “do-not-contact” list) to ensure we respect your opt-out going forward.
  
• Event attendance records and CPD records: We may retain attendance sheets and related data for a certain period (e.g., a few years) in case of audits by accreditation bodies or for our own record-keeping. Partial NRIC or identification data collected for points may be securely deleted once the points have been successfully conferred and no longer needed, unless required for future verification.
  
• Web analytics data: Information collected via Google Analytics and other cookies is typically retained for the durations set in those tools (which can vary, e.g., Google Analytics data is often kept for 14 months or as configured). We review aggregate analytics periodically, but identifiable analytics data (like IP addresses) are not maintained by us long-term, and in many cases are anonymized.
  
• Backup and archival: Even after data is deleted from our primary systems, it may persist in routine backups for a short period. We have retention schedules for backups as well, after which they are securely deleted or overwritten.

When personal data in our possession is no longer needed for any business or legal purpose, we will take steps to securely dispose of or anonymize it, per PDPA’s Retention Limitation Obligation. Anonymization is a process that irreversibly strips data of identifying information, so that the resulting data cannot be used to identify any individual.

If you have specific questions about our retention periods for certain types of data, feel free to contact our Data Protection Officer.

Your Rights and Choices

WSHAsia respects your rights to your personal data. As an individual, you have various rights and options regarding the personal data we hold about you, including:

• Access to Your Data: You have the right to request a copy of the personal data we have about you, as well as information about how we have used or disclosed your data in the past year. Upon request and authentication of your identity, we will provide you with the personal data that we have under our control, within a reasonable time. Do note that under PDPA, we may charge a reasonable administrative fee for processing a formal access request, and there are some exceptions (for example, we may not provide data that would reveal personal data about another individual, or if it is commercially confidential).
  
• Correction of Your Data: We want to ensure that your personal information is accurate and up-to-date. You have the right to request that we correct or update any personal data you find is inaccurate or incomplete. Upon verification, we will correct it as soon as practicable and send the corrected data to any other organization to which the data was disclosed in the past year (unless that other organization no longer needs the data).
  
• Withdrawal of Consent: You have the right to withdraw your consent for us to collect, use, or disclose your personal data. For example, you can withdraw consent for marketing emails by unsubscribing, or withdraw consent for a particular use by contacting us. PDPA requires that we allow individuals to withdraw consent with reasonable notice. Consequences of withdrawal: We will inform you of the likely consequences of your withdrawal (e.g., if you withdraw consent for us to use your email, we will no longer be able to send you event updates or newsletters). Once you withdraw consent, we will cease the collection, use, or disclosure of your personal data for the purpose you have withdrawn consent for, except where retention is permitted or required by law.
  
• Deletion (Right to Erasure): You may request that we delete or anonymize your personal data under certain conditions. For example, if you no longer want us to hold any of your information and there is no legal need for us to retain it, you can request erasure. We will evaluate such requests on a case-by-case basis. If we cannot delete, e.g., because of a legal obligation to retain certain data, we will inform you of the reason.
  
• Restriction of Processing: You have the right to ask us to restrict or suspend the processing of your personal data under certain conditions (for instance, if you contest the accuracy of the data, you can request we restrict processing until we verify the accuracy).
  
• Objection to Processing: You can object to our processing of your personal data in certain scenarios. If you feel our use of your data is not aligned with the purposes for which you provided it, you may raise an objection. For direct marketing communications, you can object at any time and we will stop using your data for that purpose.
  
• Data Portability: To the extent required by applicable law (such as if Singapore’s data portability provisions come into effect, or under laws like GDPR for EU residents), you may have the right to request a copy of your personal data in a machine-readable format, or to have it transmitted to another organization. This typically applies to data you have provided to us directly. (Note: At the time of writing, the PDPA’s data portability obligation is slated to take effect once regulations are issued. We will comply with relevant data portability requirements once in force.)

Most of these rights are not absolute – they may be subject to conditions or exceptions under the law. For instance, the PDPA and other laws may allow us to deny access or refuse correction in specific situations (e.g., if it would reveal another person’s data, or if we are not allowed to delete data due to legal retention requirements).

Exercising Your Rights / Managing Your Data:

• If you have a user account on our website, you can directly log in to access and update certain personal details (such as your contact info, password, preferences) in your profile. You may also be able to delete your account through the account settings. Deleting your account will remove your profile from our user database, but we may retain transaction records or other data as needed for our business or legal purposes.
  
• If you are a member of WSHAsia or part of a subscription program, you can contact us to assist with any updates or cancellation of your membership. We provide self-service tools for members to edit their information, but our support team can also help upon request.
  
• If you receive our e-magazine or marketing emails but do not have an account (e.g., you signed up for newsletters only), you can unsubscribe at any time by clicking the “Unsubscribe” link included at the bottom of our emails. After you unsubscribe, we will stop sending you the newsletter or marketing information. Please allow a few days for an unsubscribe request to fully process. If you experience any issues with the unsubscribe function, you may contact us directly to remove you from the list.
  
• For any other requests (access, correction, deletion, withdrawal of consent, etc.), please contact our Data Protection Officer using the contact details in the Contact Us section. Kindly be as specific as possible about your request to help us fulfill it effectively. We will need to verify your identity (to ensure we don’t give your data to someone else), which might involve checking information we have on file or asking for identification. We aim to respond to your request as soon as reasonably possible, and in any event within 30 days. If we need more time to process your request or if we cannot fulfill it, we will inform you of the reason (for example, if the effort to retrieve the data is disproportionate or if an exemption applies).

WSHAsia is dedicated to upholding your rights. Every user is entitled to the above rights, and we want to ensure you are fully aware of them. If you have questions or need guidance on how to exercise your rights, please reach out to us.

Children’s Privacy

Our services and content are generally aimed at professionals in the workplace safety, health, and environment industry, and are not directed toward children. We do not knowingly collect personal data from minors under the age of 13 without parental consent. If you are under 13, please do not register an account or submit personal data to us without permission from your parent or guardian. According to PDPC guidelines, if a child is below 13 years old, organizations must obtain consent from the child’s parent or guardian before collecting, using, or disclosing the child’s personal data.

For teenagers between 13 and 17, the PDPC advises that they may be able to give valid consent on their own, provided they would reasonably understand the implications of giving and withdrawing consent. However, if we believe a user may not fully understand these implications, we might request parental consent as well.

WSHAsia does not specifically target or market to individuals under 18. Nonetheless, we recognize that students or younger audiences interested in occupational safety and health may find our resources. If you are a parent or guardian and believe that a minor has provided us with personal data without your consent, please contact us, and we will take steps to delete such data and unsubscribe the minor from any mailing lists.

We encourage parents to be involved in their children’s online activities and to teach them about safeguarding their personal data online.

Links to Other Websites

Our website and communications may contain links to third-party websites or platforms (for example, links to an affiliate’s site, advertiser’s site, or social media pages). Please note that this Privacy Policy applies only to WSHAsia’s own websites and services. If you click on a third-party link, you will be directed to that third party’s site which is outside of our control. We recommend you review the privacy policies of any external sites you visit, as their data practices may differ from ours.

WSHAsia is not responsible for the content, privacy practices, or security of other websites. Nonetheless, we seek to only partner with reputable organizations. If you have concerns about a site we linked to (for instance, if a link we provided is malicious or unsafe), please let us know.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to ensure it reflects our current practices, legal requirements, and user feedback. If there are significant changes (especially any that affect how your personal data is processed), we will notify users through appropriate channels – for example, by posting a prominent notice on our website or via email, where required. The “Last Updated” date at the top of this Policy indicates when it was last revised.

Your continued use of our services after any changes to the Privacy Policy constitute your acknowledgement of the changes. We encourage you to periodically review this page for the latest information on our privacy practices. For reference, our previous Privacy Policy was last updated on 9 July 2021, and this version supersedes all prior notices or statements regarding our personal data practices.

Contact Us (Data Protection Officer)

If you have any questions about this Privacy Policy, or about how WSHAsia handles your personal data, or if you wish to exercise any of your data protection rights, please do not hesitate to contact us:

Data Protection Officer (WSHAsia)
Raymond Wat
Email: contact@wshasia.com
Telephone: +65 6369 9105 (during office hours)
Postal Address: 25 Bukit Batok Crescent, #04-12 The Elitist, Singapore 658066

Please direct any privacy-related inquiries, complaints, or requests to our Data Protection Officer. We take all feedback and complaints seriously. If you contact us with a complaint, our DPO will investigate and strive to address your concerns promptly and fairly. We will acknowledge receipt of your complaint within a reasonable time and let you know the outcome or steps being taken.

If, after contacting us, you feel that we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority. In Singapore, this is the Personal Data Protection Commission (PDPC). You can contact the PDPC or file a complaint through their official website. For individuals outside of Singapore, you may contact your local data protection regulator where applicable.

---

WSHAsia values your trust and is dedicated to safeguarding your personal data. We appreciate you taking the time to read this Privacy Policy. Your understanding of our practices will help you make informed decisions when using our services, and it helps us continue to serve you in a transparent and compliant manner. Thank you for being part of the WSHAsia community!

For any inquiries regarding our Privacy and Data Protection Policy, please contact us at contact@wshasia.com.