top of page

Data Privacy Policy

Effective Date: September 1, 2021

Last updated: June 11, 2025
 

1. INTRODUCTION
FWRD CRM ("Company", "we", "us", or "our") is committed to safeguarding the privacy and personal data of all individuals with whom we interact, including clients, contractors, partners, website visitors, and employees. This Data Privacy Policy outlines our practices in compliance with the Singapore Personal Data Protection Act 2012 (PDPA), the Philippines Data Privacy Act of 2012 (RA 10173), the European Union’s General Data Protection Regulation (GDPR), and all other applicable data privacy regulations in jurisdictions where we operate or have clients and personnel.

 

We operate globally, with:
Corporate Headquarters: Registered in Singapore
Contractors: Based in the Philippines and other countries
Clients: Spanning across multiple jurisdictions worldwide

2. DEFINITIONS

  • Personal Data: Any data about an individual who can be identified from that data or from that data and other information.

  • Processing: Any operation or set of operations performed on personal data (collection, use, disclosure, storage, etc.).

  • Data Subject: Any individual whose personal data is collected, held, or processed.

  • Data Controller: The person or entity who determines the purposes and means of processing personal data.

  • Data Processor: A person or entity who processes personal data on behalf of the data controller.

3. SCOPE
This policy applies to:

  • All clients, regardless of location

  • All independent contractors and employees

  • All individuals whose data is collected via websites, portals, or business engagements

  • All personal data processed by FWRD CRM and its authorized third-party service providers

4. TYPES OF DATA COLLECTED
We collect the following categories of data:


a. Clients

  • Full name, company name, contact details

  • Billing and payment information

  • Business communication and correspondence

  • Project details and service usage data
     

b. Contractors/Employees

  • Full legal name, nationality, contact details, government-issued ID

  • Educational background, employment history, resumes

  • Payroll and payment records

  • Performance data

  • Timesheets and work logs


c. Website Users

  • IP address, browser type, browsing behavior

  • Contact forms and cookies (consent-based)

5. LEGAL BASES FOR PROCESSING
We process personal data on the following legal grounds:

  • Consent (explicit, informed, freely given)

  • Performance of a contract

  • Compliance with legal obligations

  • Legitimate interest (e.g., security, fraud prevention, business operations)

6. PURPOSES OF DATA COLLECTION
We collect, use, and disclose personal data for the following purposes:

  • To fulfill contractual obligations with clients and contractors

  • To manage human resources (recruitment, onboarding, payroll)

  • To maintain client relationships and deliver services

  • To improve our products and website

  • To comply with legal, tax, and regulatory obligations

  • To conduct background checks when necessary (with consent)

7. DATA RETENTION

  • We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

  • Client and financial records are retained for a minimum of 7 years to comply with accounting laws.

  • Contractor records are retained for up to 5 years after the termination of engagement, unless required longer by law.

  • Data may be anonymized for analytics or internal audit purposes.

8. DATA SHARING & THIRD PARTIES
Personal data may be shared with:

  • Payroll providers, cloud storage, CRM platforms, and communication tools

  • Legal, accounting, or compliance advisors

  • Government or regulatory authorities when required by law

  • We ensure all third parties:

  • Are bound by strict data protection contracts (DPA)

  • Meet equivalent or stronger data protection standards

  • Do not process data beyond the scope of service agreements

9. INTERNATIONAL DATA TRANSFERS
When transferring data across borders, especially from the Philippines to Singapore or to other jurisdictions:

  • We ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs)

  • Consent is obtained when legally required

  • Local data protection laws are adhered to in full

10. DATA SECURITY MEASURES
We implement the following technical and organizational measures:

  • Encrypted transmission (SSL/TLS) and storage

  • Firewalls, anti-virus, and endpoint protection

  • Strict access control using role-based permissions

  • Regular vulnerability assessments and penetration tests

  • Staff training on privacy and cybersecurity

  • Mandatory access logging and monitoring of system activities

11. DATA BREACH POLICY
In the event of a suspected or confirmed data breach:

  • Immediate Containment: Isolate affected systems.

  • Assessment: Determine scope, data involved, and impact.

  • Notification: Notify affected data subjects and the appropriate Data Protection Authority (DPA) within 72 hours (in accordance with GDPR, PDPA, or other relevant law).

  • Remediation: Mitigate risk, patch vulnerabilities, and implement improved safeguards.

  • Documentation: Maintain records of the breach, steps taken, and outcomes.

  • All affected individuals will be notified without undue delay if their personal data is compromised.

  • We also maintain an internal Incident Response Plan to ensure readiness and consistent handling of future breaches.

12. DATA SUBJECT RIGHTS
We honor the rights of all data subjects. You have the right to:

  • Access your personal data

  • Rectify incorrect or incomplete data

  • Withdraw consent at any time

  • Request data portability

  • Object to processing

  • Request erasure of your personal data (subject to legal limitations)

  • Lodge a complaint with the relevant authority (e.g., Singapore PDPC, Philippine NPC, or EU DPA)

13. DATA ACCESS & CORRECTION REQUESTS

To request access or correction of your personal data, please contact our Data Protection Officer (DPO). All requests will be processed in accordance with applicable laws.

14. CHILDREN’S PRIVACY
FWRD CRM does not knowingly collect personal data from individuals under the age of 18. If such data is inadvertently collected, it will be deleted immediately upon discovery.

15. COOKIES & WEBSITE TRACKING

We use cookies for essential website functionality and analytics. Users are given the option to consent to non-essential cookies. You may disable cookies via browser settings.

16. POLICY REVIEW & AMENDMENT

This Privacy Policy is reviewed annually and may be updated at any time. Major updates will be communicated via email or website notification. Continued use of our services constitutes your acceptance of any changes.

17. CONTACT US

If you have any questions about this Data Privacy Policy, You can contact us by email: info@fwrdcrm.com.

18. Frequently Asked Questions

Question: How do you secure my personal information?
We use encryption, firewalls, role-based access, and endpoint protection to ensure data security. We also log system activity and conduct regular audits.


Question: Can I request the deletion of my data?
Yes, you may request data deletion unless retention is required by law. Please contact our DPO.


Question: Who do you share my data with?
We only share with trusted third parties under strict contracts for operational purposes like payroll, cloud hosting, and legal compliance.


Question: What happens in case of a data breach?
We notify affected individuals and authorities within 72 hours, investigate, and apply mitigation measures.


Question: Where is my data stored?
In encrypted servers hosted by approved cloud providers in Singapore and other compliant jurisdictions.


Question: What are my rights under GDPR or PDPA?
You can access, correct, delete, or transfer your data and object to or limit processing.


Question: How can I update my information?
Email our DPO with your updated information. We’ll verify and apply the changes.


Question: Do you track my location or behavior on your website?
Only if you consent to cookies. We do not track precise geolocation data.


Question: Do contractors in other countries have different rights?
No. We apply the strictest applicable standard across all locations.


Question: What is your lawful basis to process data without consent?
When required for contract execution, legal obligations, or legitimate interest that does not override your rights.


Question: How long do you keep my data?
7 years for clients, 5 years for contractors unless longer retention is needed legally.


Question: Do you sell personal data?
No. We never sell or rent personal data to third parties.


Question: Are your third-party vendors audited?
Yes. We review contracts and conduct compliance checks to ensure data security.


Question: Can I complain if I feel my data was mishandled?
Yes. File a complaint with our DPO or the appropriate data protection authority.


Question: Is my data transferred outside of my country?
Possibly, but always with proper safeguards and legal mechanisms in place.


Question: Can I use your services without consenting to data processing?
Some data is necessary to deliver our services. You can refuse non-essential data processing such as analytics.

This Policy is enforceable under Singapore law and recognizes the extraterritorial application of foreign data privacy laws (such as GDPR and DPA).

bottom of page