Data Protection Notice

Introduction

This Data Protection Notice (“Notice”) sets out how the People Profilers group of companies (“we”, “us”, or “our”) collects, uses, discloses, retains, and protects personal data across our operations in Singapore, Malaysia, Thailand, Vietnam, and Indonesia.

This Notice applies to personal data in our possession or under our control, including personal data held by third-party organisations we have engaged to collect, use, disclose, or process personal data on our behalf.

The specific People Profilers entity that acts as the data controller of your personal data depends on the country through which you engage our services — see Section 2 below for full details.

Effective date: 24 April 2026
Last updated: 24 April 2026

1. About this Notice

This Data Protection Notice (“Notice“) sets out how the People Profilers group of companies (“People Profilers“, “we“, “us“, or “our“) collects, uses, discloses, retains, and protects personal data across our operations in Singapore, Malaysia, Thailand, Vietnam, and Indonesia.

By providing personal data to us, or by continuing to use our services, you acknowledge that you have read and understood this Notice.

2. The People Profilers Group & Your Data Controller

Depending on which of our websites, offices, or services you interact with, the specific legal entity that acts as the data controller of your personal data will be one or more of the following group companies:

Country	Entity	Registration / Licences	Registered Address
Singapore	People Profilers Pte. Ltd.	UEN 200618776E; EA Licence 02C4944	20 Cecil Street #08-09 Plus, Singapore 049705
Singapore	People Profilers (Executive Search) Pte. Ltd.	UEN 201009045R; EA Licence 10C3804	20 Cecil Street #08-09 Plus, Singapore 049705
Singapore	People Profilers (Services) Pte. Ltd.	UEN 201009036N	20 Cecil Street #08-09 Plus, Singapore 049705
Malaysia	Agensi Pekerjaan People Profilers Malaysia Sdn. Bhd.	SSM 202301013641 (1507563-K); JTKSM Licence C No. 1432	Lot 13-02, Menara HLX, No. 3 Jalan Kia Peng, KLCC, 50450 Kuala Lumpur
Malaysia	People Profilers (Services) Sdn. Bhd.	SSM 202301013635 (1507557-T)	Lot 13-02, Menara HLX, No. 3 Jalan Kia Peng, KLCC, 50450 Kuala Lumpur
Thailand	People Profilers Bangkok Recruitment Co., Ltd.	Company Reg. 0105565048191; Recruitment Licence น.1830/2565	United Tower, 12th Floor, Bangkok
Vietnam	People Profilers Services Vietnam Company Limited	Tax ID 0318135337; Recruitment Licence 6208/2024/20/SLĐTBXH-VLATLĐ; Labour Leasing Licence 14/2024/SHCM	10th Floor, Cienco4 Building, 180 Nguyen Thi Minh Khai Street, Xuan Hoa Ward, Ho Chi Minh City 70000
Indonesia	PT People Profilers Services	AHU-0081223.AH.01.01.TAHUN 2025; NIB 2509250160832	Prosperity Tower, 8th Floor, SCBD LOT 13, Jl. Jend. Sudirman Kav 52-53, Jakarta 12190

In general, the country site or office through which you engage our services (e.g. uploading your resume on peopleprofilers.com.my) determines the primary data controller. Where our group companies share personal data among themselves to deliver services, we act as joint controllers.

3. Applicable Data Protection Laws

This Notice is designed to comply with, and should be read alongside, the following laws and any implementing regulations:

Singapore: Personal Data Protection Act 2012 (“SG PDPA”)
Malaysia: Personal Data Protection Act 2010 (“MY PDPA”)
Thailand: Personal Data Protection Act B.E. 2562 (2019) (“TH PDPA”)
Vietnam: Decree No. 13/2023/ND-CP on Personal Data Protection (“VN PDPD”) and subsequent legislation
Indonesia: Law No. 27 of 2022 on Personal Data Protection (“UU PDP”)

Where any provision of this Notice is inconsistent with the mandatory requirements of applicable local law, the local law shall prevail for the relevant jurisdiction.

4. Personal Data We Collect

Depending on the nature of your interaction with us, we may collect the following categories of personal data:

Identification data: full name, photograph, date of birth, gender, nationality, marital status, and government-issued identification numbers (e.g. Singapore NRIC/FIN, Malaysian MyKad, Thai National ID, Vietnamese CCCD/CMND, Indonesian KTP/NIK, or passport number).
Contact data: residential address, email address, mobile and landline telephone numbers.
Employment and professional data: CV/resume, employment history, educational qualifications, professional certifications, salary history, references, work authorisation and visa status.
Financial data: bank account information, tax identification numbers, and payroll data (for EOR and payroll clients and their employees).
Technical and usage data: IP address, device and browser information, cookies, and interaction data collected automatically when you visit our websites.
Sensitive personal data: where required for specific services and permitted by law, we may collect data relating to health, disability, or criminal records (for background screening with your explicit consent).

We collect personal data directly from you, from authorised third parties (e.g. referees, former employers, background screening providers), and automatically through our digital services.

5. Purposes for Which We Use Personal Data

We may collect, use, and disclose your personal data for any or all of the following purposes:

Recruitment, executive search, contract staffing, and placement services (in-house and on behalf of client employers)
Employer of Record (EOR), payroll, and HR outsourcing services, including salary disbursement, tax filings, and statutory contributions
HR advisory, outplacement, and global mobility services including work pass / visa applications
Verifying your identity and eligibility to work
Conducting background and reference checks (where permitted by law and with your consent where required)
Performing contractual obligations to you or to our clients
Responding to your queries, requests, applications, complaints, and feedback
Managing our relationship with you as a candidate, client, vendor, or visitor
Processing payments and credit transactions
Sending you marketing communications about our services, events, and job opportunities (with your consent where required)
Complying with applicable laws, regulations, codes of practice, and lawful requests from regulatory, tax, and law-enforcement authorities
Sharing personal data among People Profilers group entities to coordinate regional recruitment and HR services for multinational clients
Other purposes reasonably incidental to, or related to, the above

We will only use your personal data for purposes you have been notified of or that are otherwise permitted by law.

6. Legal Bases for Processing

We rely on the following legal bases, as applicable under the relevant jurisdiction:

Consent — where you have provided voluntary, specific, and informed consent.
Contract performance — where processing is necessary to perform a contract with you or to take steps at your request before entering a contract.
Legal obligation — where we are required by law to collect, retain, or disclose certain data.
Legitimate interests — where processing is necessary for our legitimate business interests and does not override your rights and interests (applicable in jurisdictions that recognise this basis).
Vital interests — in emergencies involving life, health, or safety.
Public interest / legal proceedings — where collection or disclosure is required for investigations, court proceedings, or national interest.

7. Disclosure of Personal Data

We may disclose your personal data to:

Our group companies (the entities listed in Section 2) for coordinated service delivery across Southeast Asia.
Our clients (employers, for candidate placement) — with your knowledge and, where required, your consent.
Third-party service providers and agents engaged to support our operations, including payroll processors, background check providers, IT and cloud service providers, legal and accounting advisers.
Government, regulatory, and law-enforcement authorities where required by applicable law or in response to lawful requests.
Professional advisers and auditors bound by confidentiality obligations.
Acquirers or successors in the event of a merger, acquisition, restructuring, or sale of all or part of our business.

We require all third parties with whom we share personal data to protect it in accordance with standards at least as stringent as those set out in this Notice.

8. Cross-Border Data Transfers

Because we operate across five Southeast Asian countries, your personal data may be transferred to and processed in jurisdictions other than the one in which you are located. Such transfers are subject to the cross-border transfer requirements of the applicable law, which may include ensuring the recipient jurisdiction provides a comparable standard of protection, entering into binding contractual arrangements (e.g. data transfer agreements, standard contractual clauses) with the recipient, or obtaining your explicit consent where required (e.g. under VN PDPD and UU PDP).

9. Data Retention

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by applicable laws (e.g. employment records retention under each country’s labour law, tax and financial records retention under local tax law). When personal data is no longer required, we will securely delete, destroy, or anonymise it in accordance with our retention policy and applicable law.

10. Your Rights

Subject to the applicable law in your jurisdiction, you have the following rights in respect of your personal data:

Right of access — to request a copy of the personal data we hold about you.
Right of correction — to request correction of inaccurate or incomplete personal data.
Right to withdraw consent — subject to legal and contractual restrictions and reasonable notice.
Right to object / restrict processing — where recognised by applicable law.
Right to data portability — where technically feasible and recognised by applicable law.
Right to erasure — to request deletion of your personal data in certain circumstances.
Right to lodge a complaint — with the data protection authority in your country.

To exercise any of these rights, please contact our Data Protection Officer using the details below. We may require you to verify your identity before acting on your request. We will respond within the timeframes required by the applicable law (generally 30 days, subject to extension with notice).

11. Withdrawing Your Consent

You may withdraw your consent at any time by submitting a written request to our Data Protection Officer. Upon receipt, we may require reasonable time (depending on the complexity of the request) to process it. We shall generally process withdrawal requests within ten (10) business days of receipt.

Please note that withdrawing consent may prevent us from continuing to provide our services to you, and does not affect the lawfulness of processing carried out before withdrawal.

12. Data Protection Officer & Contact

Our Group Data Protection Officer is the primary point of contact for all data protection matters across our five markets. You may contact the DPO at:

Email: dpo@peopleprofilers.com
Mailing address: Data Protection Officer, People Profilers Pte. Ltd., 20 Cecil Street #08-09 Plus, Singapore 049705

If your enquiry relates to services provided by a specific country entity, please indicate this in your correspondence so we can route your request to the appropriate local contact.

13. Regulatory Authorities

If you believe we have not handled your personal data in accordance with applicable law, you may lodge a complaint with the data protection authority in your country:

Singapore: Personal Data Protection Commission (PDPC) — pdpc.gov.sg
Malaysia: Department of Personal Data Protection (JPDP) — pdp.gov.my
Thailand: Office of the Personal Data Protection Committee (PDPC) — pdpc.or.th
Vietnam: Ministry of Public Security (Department of Cyber Security and Hi-Tech Crime Prevention)
Indonesia: Personal Data Protection Supervisory Agency (currently administered by the Ministry of Communication and Informatics)

We appreciate the opportunity to address your concerns directly before you escalate, and encourage you to contact our DPO first.

14. Security of Personal Data

We take reasonable administrative, technical, and physical measures to protect personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include access controls and authentication, encryption of personal data in transit and (where appropriate) at rest, confidentiality obligations on employees and contractors, staff training on data protection, incident response and breach notification procedures, and regular review of our security practices. No method of electronic storage or transmission is 100% secure; while we strive to protect your personal data, we cannot guarantee absolute security.

15. Children’s Personal Data

Our services are directed at adults (generally age 18 and above, or the age of majority in the applicable jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will delete it promptly.

16. Changes to this Notice

We may update this Notice from time to time to reflect changes in our practices, services, or applicable laws. The updated Notice will be posted on our websites with a revised “Last updated” date. Where changes materially affect your rights or our processing practices, we will take reasonable steps to notify you (e.g. by email or prominent notice on our websites).

17. Governing Law

This Notice shall be interpreted in accordance with the applicable data protection law of the country in which the relevant group entity is established. Where services are delivered cross-border, the data protection law of the country of the primary data controller shall apply.

For questions about which specific entity is the data controller of your personal data, or for country-specific enquiries, please contact our Data Protection Officer at dpo@peopleprofilers.com.

Page: Data Protection Notice

Talk to Us.

Let’s build the next chapter of your growth together.