DATA PROTECTION NOTICE
Effective date: 09/09/2022
Last updated: 22/04/2025
Perun Consultants and its subsidiaries, associate companies, and jointly controlled entities (collectively, "Perun", "we", or "us") are committed to protecting your privacy and security. We adhere to the data protection laws of relevant jurisdictions, including the DIFC Data Protection Law (DIFC Law No. 5 of 2020), the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong, the Personal Data Protection Act (PDPA) of Malaysia, and the Personal Data Protection Act (PDPA) of Singapore.
This Data Privacy Notice (the "Notice") explains how we collect, process, and safeguard any Personal Data you provide to us or that we collect about you. By accessing or using our Website Services or submitting information to us, you acknowledge and consent to the practices outlined in this Notice.
This Notice applies to Personal Data in our possession or under our control, including data held by third-party organizations we engage to collect, use, disclose, or process Personal Data on our behalf.
We are dedicated to ensuring the confidentiality and privacy of the information you provide. Your continued use of this website signifies your agreement with this privacy policy and any subsequent updates.
If you provide personally identifiable information (such as your name or contact details) via our ‘Contact Us’ link or career inquiry services, we may retain this information. Rest assured, any personal information we collect is not sold, rented, or leased to third parties.
Use of cookies
This website may use cookies to improve performance and enhance your user experience. The cookies are associated with anonymous users and their computers and do not collect Personal Data. Some cookies, used by third parties, help Perun assess the effectiveness of its engagements and promotions. These cookies are temporary and solely improve the efficiency of data transmission.
Users can configure their browsers to notify them of cookies and prevent their installation. Information about cookies is available at http://www.allaboutcookies.org/. To remove existing cookies, users can adjust their browser settings, and to block future cookies, they can change their settings accordingly.
We may use IP addresses to analyse trends, gather broad demographic information, and monitor website performance. IP addresses are not linked to personally identifiable information.
Information we collect about your device
Each time you use our Website Services we may and often will automatically collect the following information:
technical information, including browser type, operating system, and time zone settings (“Device Information”). However, unique device identifiers, such as mobile network information or device tokens are not collected;
details of your use of our Website Services including, but not limited to traffic data, page views, and the resources that you access (“Log Information”) however, these Log Information are anonymized and not linked to Personal Data;
If you do not wish to share certain data with us or do not want us to use / share it for certain purposes (to the extent possible, in accordance with applicable laws and information in this Notice), you can alter your preferences at any time. Where applicable, please check with your device provider's instructions for further information about how to do this.
Description of Personal Data
Personal Data means information about you that identifies you, such as your name, identification card number, nationality, address, telephone number, email address, occupation, company details, industry, and any other information you have provided to Perun in forms or that has been collected, stored, or processed by Perun.
If you are a client, providing your Personal Data is mandatory, and failure to do so may prevent Perun from processing your data for the purposes outlined below.
If you are an agent, vendor, supplier, or service provider, provision of your Personal Data is also mandatory, and failure to do so may breach laws or regulatory requirements and may hinder Perun's ability to engage with you or issue payments for services provided.
In general, providing your Personal Data for additional purposes is voluntary.
Other terms used in this Notice shall have the meanings given to them in the relevant jurisdictions legislation listed above, where the context permits.
Data we collect
We collect various types of Personal Data based on our interactions with you, which may include:
Personal identification information (e.g., name, address, contact details)
Employment information (e.g., job title, employment history)
Communications (e.g., email correspondence)
Location data (where applicable)
Purposes for collection of Personal Data
Perun may use and process your Personal Data for business activities, which include, but are not limited to:
For clients:
To fulfil our obligations in providing goods and/or services
To maintain communication and manage client relationships
For administrative purposes such as billing and invoicing
To process participation in events, meetings, or seminars
To develop and enhance services based on your needs
For agents, vendors, suppliers, or service providers:
To engage you for services and perform necessary due diligence
To process payments for services provided
To facilitate communication and maintain business operations
General purposes:
Verifying identity
Responding to inquiries, complaints, and feedback
Internal administrative purposes
Ensuring compliance with laws and regulations
Preventing and prosecuting crime
Sharing data with third-party service providers and authorities for the purposes above
Any other incidental business purposes related to or in connection with the above.
By providing your Personal Data, you consent to its use and processing as outlined in this Notice.
Sources of Personal Data
We may obtain Personal Data from various sources, including:
Application or due diligence forms
Recruitment processes
Websites
Business cards
Public sources (e.g., government platforms)
Social media profiles
Emails or written correspondence
Events, meetings, or seminars
Third parties, business associates, or related entities
Disclosure of Personal Data
We are committed to ensuring that your Personal Data is protected and handled in compliance with relevant data protection laws, including those in Hong Kong, Singapore, Malaysia, and Dubai. This section outlines how and when we may share your Personal Data within our group and with third parties.
We may share Personal Data which we collect about you as described in this Notice or as described at the time of collection or sharing, including but not limited to as follows:
Disclosure within our group
We may disclose your Personal Data to subsidiaries and affiliated entities within our group. These entities will handle it in accordance with this Privacy Policy and applicable data protection laws.
Sharing through our website services
We may share your Personal Data with third parties in relation to services offered via our website, including:
with third parties to provide you with service(s) that you requested through a partnership or offering made by a third party or us; or
with third parties with whom you choose to let us share your Personal Data, for example, other apps or websites that integrate with our API or Website Services, or those with an API or Service with which we integrate.
Disclosure to third parties
We may share your Personal Data with trusted third parties for various purposes, including but not limited to:
Service providers: Such as payroll providers, IT support or other functions we outsource. This also includes vendors, consultants, marketing partners, and others who need access to carry out work on our behalf or fulfil contracts.
Vendors: For employee-related services (e.g., payroll, medical insurance) or to meet client requirements.
Recruitment agencies: To assist with employee recruitment.
Professional advisors and auditors: Incudes legal advisors, financial advisors and consultants.
Government authorities: To comply with legal, regulatory, or statutory requirements.
Business partners and affiliates: To support our business operations and partnerships.
With your consent: If you opt-in to share your data.
Legal and regulatory compliance: In response to requests from authorities or to comply with legal obligations.
Corporate transactions: In connection with mergers, acquisitions, or business restructuring.
Anonymised data: With third parties in aggregated or anonymized forms that can’t identify you.
We have provided some further details below regarding disclosure to third parties.
Government Data Sharing
In some circumstances we are legally obliged to share information with public authorities or law enforcement, in certain situation such as:
Court Orders or Legal Processes: we may be required to provide information related to a court order or where we must cooperate with supervisory authorities in handling complaints or investigations. In any scenario, we will attempt to satisfy ourselves that we have a lawful basis on which to share the information, document our decision making, and satisfy ourselves we have a legal basis on which to share the information.
Non-Payment: We may also share information in the event of the non-payment including of a monetary penalty or court ordered costs. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty.
As a result, Perun will share Personal Data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.
We will ensure that any such disclosure is made in compliance with applicable legal requirements.
Protection of Personal Data
When sharing your Personal Data with third parties, including service providers or affiliates outside of Hong Kong, Singapore, Malaysia, or Dubai, we take appropriate measures to ensure that the data continues to be protected in accordance with relevant legal standards.
We strive to maintain a comparable level of protection for Personal Data, regardless of the jurisdiction in which it is processed.
Collection, Use and Disclosure of Personal Data
We will take necessary steps to ensure your Personal Data is processed fairly and lawfully in accordance with applicable laws and this Notice. By submitting your Personal Data, you acknowledge that it may be transferred, stored, or processed for administrative functions, including responding to your inquiries, managing business operations, and conducting future informational or promotional activities. We do not rely solely on automated decision-making for processing your Personal Data.
We retain Personal Data for a reasonable period to ensure the proper functioning of our services, conduct research, and comply with applicable laws, unless a longer retention period is required by law.
We are not responsible for the accuracy of the information you provide, but you can update or request modifications to your Personal Data. We will erase or cease using your Personal Data upon request, unless required by law or to fulfil agreed services.
By accessing or using our website services, you acknowledge that the information you provide may be used for the processing operations described in this policy.
We may disclose your Personal Data in the following circumstances:
To fulfil our obligations in providing goods and services to you.
To third-party service providers, agents, or organizations engaged to perform functions related to these purposes.
Legal Basis for Data Processing
We process Personal Data based on one or more of the following legal grounds:
Consent: Where you have explicitly consented to the processing of your Personal Data.
Contractual Necessity: To fulfil a contract with you, such as employment or service agreements.
Legal Obligations: To comply with legal requirements (e.g., tax reporting or regulatory compliance).
Legitimate Interests: Where we have a legitimate interest in processing your Personal Data (e.g., for fraud prevention, administrative purposes, or business operations), provided this does not override your rights and freedoms.
Reliance on the Legitimate Interests Exception
In compliance with the relevant legislation, we may collect, use, or disclose your Personal Data without consent for the legitimate interests of Perun Consultants Limited and its affiliated entities. We will assess potential adverse effects and ensure that legitimate interests outweigh these effects.
We may use your Personal Data for the following legitimate interests:
Fraud detection and prevention
Prevention of misuse of services
Preventing data loss on company-issued devices
These purposes may continue even after your relationship with us (e.g., a contract) has ended, for a reasonable period.
Your Rights
Depending on your jurisdiction, you have the following rights regarding your Personal Data:
Right to Access: Request access to your Personal Data.
Right to Rectification: Request corrections to inaccurate or incomplete data.
Right to Erasure: Request deletion of your data under certain conditions.
Right to Object: Object to processing in specific circumstances (e.g., direct marketing).
Right to Restriction: Request restriction of data processing in certain cases.
Right to Data Portability: Request transfer of your data to another controller in a structured, machine-readable format.
Right to Withdraw Consent: Withdraw consent for processing at any time, if applicable.
You may also inquire or request to limit the processing of your data by contacting us.
Requesting Access, Correction, or Limitation
Access: You can request access to your Personal Data with reasonable notice in advance.
Correction: Request correction or updates to inaccurate or outdated data.
Limit Processing: You can withdraw consent to limit the processing of your data, subject to legal or contractual restrictions.
Perun may charge a fee for data access, as allowed by law, and reserves the right to refuse access or correction where permitted, such as when the cost is disproportionate to the privacy risks.
If you do not wish for your Personal Data to be collected via cookies on the Websites, you may deactivate cookies by adjusting your internet browser settings to disable, block or deactivate cookies, by deleting your browsing history and clearing the cache from your internet browser.
The consent you provide for the collection, use, and disclosure of your Personal Data remains valid until you withdraw it in writing. You may withdraw your consent to stop the collection, use, and/or disclosure of your Personal Data for any or all purposes by submitting your request in writing or via email to our Data Protection Officer at the contact details below.
Upon receiving your written request, we may require a reasonable period to process it, depending on its complexity and the impact on our relationship with you. We will notify you of the consequences of withdrawing consent, including any legal implications that may affect your rights and liabilities. In general, we aim to process your request within ten (10) working days.
While we respect your decision to withdraw consent, please be aware that, depending on the nature and scope of your request, we may no longer be able to provide certain goods or services. In such cases, we will notify you before processing your request. If you decide to reinstate your consent, please inform us in writing as described above.
Please note that withdrawing consent does not affect our right to continue collecting, using, and disclosing Personal Data where permitted or required by applicable laws.
Access to and correction of Personal Data
You have the right to access and request a copy of your Personal Data held by us, or to inquire about how we use or disclose your data. You may also request corrections if the information is inaccurate or incomplete. Additionally, you can request the restriction, erasure, or transfer of your Personal Data, or exercise other rights provided under applicable data protection laws.
To submit a request, please contact our Data Protection Officer in writing or via email using the contact details provided below. While access requests are generally free of charge, we may impose a reasonable fee to cover extraordinary administrative costs, which we will inform you of before processing your request.
We aim to respond to your request within thirty (30) calendar days. If we cannot meet this timeline, we will notify you and provide an estimated response time. If we are unable to provide the requested data or make the correction, we will explain the reasons, unless exempt by law.
We may not discriminate against you for exercising your rights by denying services or changing prices or quality of service, unless reasonable to do so in general, as objectively determined, and applicable to all individuals offered or receiving such benefits as per the relevant applicable legislation subject to the jurisdiction you are based.
Please note that some third parties or external databases may continue to process outdated or inaccurate data until their systems are updated or you contact them directly for corrections.
Security of Personal Data
Perun implements strict procedures and security features to prevent unauthorized access to Personal Data. Personal Data provided to us via our website or applications is stored using computer systems with restricted access. Data stored in cloud services is encrypted, including when third-party storage providers are used.
To safeguard your Personal Data from unauthorized access, use, disclosure, alteration, or destruction, we employ appropriate administrative, physical, and technical measures. These include minimizing data collection, implementing authentication and access controls (such as strong password policies, need-to-know data disclosure, etc.), encrypting data, and utilizing up-to-date antivirus protection and web security measures.
We apply strict procedures to secure Personal Data in non-electronic environments as well.
However, please note that no method of transmission over the Internet or electronic storage is entirely secure. While we cannot guarantee absolute security, we are committed to continually reviewing and enhancing our information security measures to protect your data.
To the extent permitted by applicable law, Perun expressly disclaims any liability that may arise should any other third parties obtain the Personal Data you submit through fraud or otherwise where it is no fault of Perun.
Retention of Personal Data
We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.
Transfers of Personal Data
To conduct our operations and fulfil regulatory obligations, we may transfer, process, and store your Personal Data in Hong Kong, Singapore, Malaysia and Dubai where we or our service providers operate. We will ensure your Personal Data is protected in accordance with applicable legal standards.
You understand and consent to the transfer of your Personal Data between our entities in Dubai, Hong Kong, Malaysia and Singapore as described herein.
While we generally do not transfer Personal Data outside the country of origin, in the event we do, we will ensure that your Personal Data continues to be protected in a manner at least comparable to the standards set under the applicable data protection laws.
Personal information from minors and other individuals
As a parent or legal guardian, please do not allow the minor (individuals under 18 years of age) under your care to submit Personal Data to Perun. In the event that such Personal Data is provided to Perun, you hereby consent to the processing of the minor’s Personal Data and personally accept and agree to be bound by this Notice and take responsibility for his or her actions.
In some circumstances you may have provided Personal Data relating to other individuals (such as your spouse, family members or friends) and in such circumstances you represent and warrant that you are authorised to provide their Personal Data to Perun and you have obtained their consent for their Personal Data to be processed and used in the manner as set forth in this Notice.
Marketing and promotional purposes
Perun may use your Personal Data to send you marketing communications, including:
Newsletters, alerts, updates, mailers, and festive greetings.
Invitations to events or activities organized by Perun or its partners.
Notifications regarding your participation in events or activities.
These communications may be sent via post, phone, SMS, email, or in person. If you do not wish to receive such communications, you can opt-out by contacting us at marketing@perunconsultants.com.
You have the right to opt-in, opt-out, or update your preferences for marketing communications at any time. Please note that opting out of promotional emails does not affect transactional or service-related communications. Additionally, opting out from one Perun service may not prevent you from receiving marketing emails from other services or third-party providers linked to Perun.
If your contact information is in third-party marketing directories, you must contact those third parties directly to request removal.
Acknowledgement and consent
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us.
By communicating with Perun, using Perun’s services, or by virtue of your engagement with Perun, you acknowledge that you have read and understood this Notice and agree and consent to the use, processing and transfer of your Personal Data by Perun as described in this Notice.
Perun shall have the right to modify, update or amend the terms of this Notice at any time by placing the updated Notice on the Websites. We may revise this Notice from time to time without any prior notification. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
In the event of any conflict between the version in English and other language versions, the English version shall prevail.
Data subject’s obligations
It is necessary for Perun to collect and to retain clients’ Personal Data. Therefore, it is also obligatory for clients to supply Personal Data to us in the most accurate manner. If you do not provide us with Personal Data, Perun is unable to process the Personal Data for the Purposes stated herein, or effectively render our services to clients, and all relationships created or to be created between us shall then be terminated and ceased to be in effect immediately.
We generally rely on Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by informing our Data Protection Officer in writing or via email at the contact details provided below.
External links
The Website and the App may contain links to other websites on the Internet that are owned and operated by third parties (the "External Sites"). These links are provided solely as a convenience to you and not as an endorsement by Perun of the contents of or reliability on such External Sites. You acknowledge that Perun is not responsible for the availability of, or the information and content of any External Site. You should contact the site administrator or webmaster for those External Sites if you have any concerns regarding such links or the content located on such external Sites.
If you decide to access linked third-party websites, you do so at your own risk. Perun does not accept liability and shall not be liable to you for any loss or damage arising from or as a result of your acting upon the content of another website to which you may link from the Website Services.
Buildings security and contents
Building security records containing sign in and sign out information collected at the time of visiting and departing Perun offices will be maintained in accordance with the applicable building management policy.
To the extent permitted by applicable law, Perun is not responsible for any contents, whether or not they contain Personal Data or other business information, that remain in our premises after you leave Perun offices.
Contact Information
You may contact our Data Protection Officer via the method below if you have any enquiries or feedback on our Personal Data protection policies and procedures, or if you wish to make any request:
Email Address: DPO@perunconsultants.com
Hong Kong address: 7/F, Hollywood Commercial House, 3-5 Old Bailey Street, Central, Hong Kong
Singapore address: 10 Anson Road, #10-10 International Plaza, Singapore 079903
Malaysia address: Unit 50-5-10, Level 5, Wisma UOA Damansara, 50 Jalan Dungun, Damansara Heights, 50490 Kuala Lumpur, Malaysia. (See our Privacy Policy in Malay.)
Dubai address: Perun Consultants (DIFC) Limited, Office 2, Level 3, Gate Village 8, Dubai International Financial Centre, PO Box 507439, Dubai, United Arab Emirates
By completing form: www.perunconsultants.com/en/contact-us
Jurisdiction Specific Provisions
Hong Kong: In Hong Kong, Personal Data is protected under the Personal Data (Privacy) Ordinance (PDPO). You have the right to request access to and correction of your Personal Data under the PDPO.
Singapore: In Singapore, Personal Data is protected under the Personal Data Protection Act 2012 (PDPA). Under the PDPA, you have the right to request access to and correction of your Personal Data, as well as the right to withdraw consent to the processing of your Personal Data.
Malaysia: In Malaysia, Personal Data is governed by the Personal Data Protection Act 2010 (PDPA). You have the right to access and correct your Personal Data under the PDPA, as well as to withdraw consent for its processing.
Dubai International Financial Centre (DIFC): In the DIFC, Personal Data is protected under the DIFC Data Protection Law (DP Law). You have the right to access, correct, and delete your Personal Data in accordance with the DP Law. If you are an individual in the DIFC, you can file a complaint with the DIFC Commissioner of Data Protection regarding data privacy matters.
You may also contact the DIFC Commissioner of Data Protection’s Office:
By telephone: +971 4 362 2222
By e-mail: commissioner@dp.difc.ae
By post: Dubai International Financial Centre Authority, Level 14, The Gate Building