This privacy notice informs you of who we are, how we collect, disclose, use, process, and protect your personal information, however you provide it to us, and tells you about your privacy rights and legal protections.

This privacy notice explains how Compass collects, uses, and processes your personal information through this website, any enquiries you make to us, if you are engaged in a recruitment process with us, or if you contact us via Compass’ confidential reporting programme, Speak Up, We’re Listening.

It is important that you read this privacy notice together with any other information we may provide on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your data. This privacy notice is complementary to other information we may provide in specific circumstances and does not override it.

WEBSITE USE AND ENQUIRIES

Personal data, or personal information, means any data, whether true or not, relating to natural persons who:

• Can be identified or are identifiable directly from the information in question; or
• Can be indirectly identified from that information in combination with other information which the organisation has or is likely to have access.

It does not include data where the identity has been removed (anonymous data). There are some types of more sensitive personal data which require a higher level of protection, such as information about a person’s health, religious beliefs, or sexual orientation.

The content of any enquiry you may submit to us will vary but, ordinarily, in these scenarios, we are likely to collect your personal information to respond to your request and to enable us to comply with our legal obligations. We are likely to collect, store, and use the following categories of personal information about you in order to fulfil that relationship.

We may collect, store, and use the following categories of personal information about you when you interact with our website:

• Personal contact details such as name, title, addresses, postcode, telephone numbers, email addresses, and profile information such as your preferences, interests, and activities associated with your use of our website.
• IP address, cookies, and tracking technologies. The use of these technologies is covered in a separate link at:
https://www.compass-group.com/en/site-services/cookies-policy.html

How is your personal information collected?

We collect personal information when you interact with our website or send us a message.

How we will use information about you

We will generally obtain prior informed consent before processing your personal data in accordance with the PDPA, unless an exception to consent applies or it is otherwise required or authorised to process personal data under written law. Most commonly, we will use your personal information in the following circumstances:

• Where we need to comply with a statutory obligation
• Where we want to try to provide a tailored experience of our digital presence
• Where we have your express consent

Situations in which we will use your personal information

The situations in which we will process your personal information are listed below:

• Responding to your engagement with us
• Understanding your use of our website
• To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
• To comply with our legal obligations

We may from time to time carry out other types of processing. For example, to carry out activities necessary to the running of our business, including network monitoring, system testing, staff training, quality control, and any legal proceedings. We may have legal obligations to do so.

We may carry out activities that process personal data in order to monitor the performance of our network, systems, or the activities of our teams, so that we can ensure the integrity and availability of those systems.

Some of the above grounds for processing will overlap, and there may be several grounds which justify our use of your personal information.

Data Sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass. We require our third-party processors to respect the security of your personal information and to treat it in accordance with the PDPA.

When we transfer personal data to a jurisdiction outside Singapore, we take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship we have with you, or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we might use to help respond to your request, maintain our website, and make it easier for you to subscribe to different functions.

These may include the following service providers:

• Microsoft – We use Office 365, which offers a suite of applications used in our daily operations. These include, for example, Outlook, Word, and Excel, along with other applications included in our subscription. The data within our Office 365 tenant are processed in the United States (US).

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement.

We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may also need to share your personal information with a regulator or otherwise comply with applicable law.

SPEAK UP, WE’RE LISTENING

Speak Up, We’re Listening is Compass’ confidential reporting programme which provides a channel to seek guidance on ethical concerns and issues, express your views freely, and report in confidence any concerns regarding potential breaches of our Code of Business Conduct involving unethical, illegal, or other improper circumstances or behaviours.

Our Compass Speak Up platform and helpline are operated by an independent third-party provider, EQS Group GmbH, and are available 365 days a year, 7 days a week, 24 hours a day, in all of the countries in which we operate. Reports received are referred to Group Ethics & Integrity for confidential review and assignment for follow-up and/or investigation, as appropriate.

When we receive a report from you via our Helpline or Platform (web-intake), a case is created which contains the details of your complaint. When you make this report, the amount of personal information collected is your decision, and you may choose to submit as much or as little information as you wish.

This may include your identity, contact details, and any other information you provide, which may contain personal information such as health details, ethnic information, and imagery. If you make a report anonymously, the case will only reflect the information you provide about the situation. In each instance, this information will be kept confidential and restricted to a limited number of employees.

How is your personal information collected?

We collect personal information when you submit a report via Speak Up, We’re Listening.

How we will use information about you

We will use your personal information to comply with our legal obligations and to help follow up or investigate the concern you have raised, where applicable.

We may also use your personal data to contact you about your report if you have consented for us to do so. The personal information you submit will be kept confidential and will not be disclosed without lawful authority.

Your identity will not be disclosed without your consent to anyone beyond those responsible for dealing with and investigating the concerns, or those included on a strict need-to-know basis to receive and act upon findings or remedial actions, unless this is necessary and proportionate in the context of investigating the matter and/or seeking legal advice.

Data sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.

We require our third-party processors to respect the security of your personal information and to treat it in accordance with the standards under the PDPA.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer and manage the Speak Up Helpline or Platform, or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Our Speak Up, We’re Listening Helpline and Platform are provided by EQS Group GmbH, a compliance technology platform. Our contract with EQS Group is supported by a Data Processing Agreement which details the controls we have in place to protect and respect personal data, and which complies with applicable law on international transfers of data.

Various parts of our Speak Up, We’re Listening platform are provided or hosted in the United States (US) and the European Economic Area (EEA), and your data will be processed in the US and the EEA.

When we transfer personal data to a jurisdiction outside Singapore, we take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

We may also need to share your personal information with professional advisors such as legal advisors, our auditors, and, if required, law enforcement or other regulators.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

BUSINESS PARTNER DUE DILIGENCE

As part of our business partner management process, we undertake legal due diligence on Compass’s business partners.

Prior to contracting or transacting with your organisation, during due diligence inquiries, we may ask you to provide personal information about your owners, directors, employees, and authorised representatives by completing our third-party due diligence questionnaire(s).

This may include names, contact information, and, where relevant, identity documentation and information about individual shareholdings.

How is your personal information collected?

We will collect personal information when a representative of one of our business partners completes one of our third-party due diligence questionnaires or from a variety of public sources such as public registries.

We will generally obtain prior informed consent before processing your personal data in accordance with the PDPA, unless an exception to consent applies or it is otherwise required or authorised to process personal data under written law.

How we will use information about you

We will use your personal information to comply with our legal, regulatory, and compliance obligations, including those under anti-bribery, anti-money laundering, counter-terrorism financing, and anti-corruption legislation.

We may also use your personal information to assist Compass in monitoring and managing conflicts of interest.

Compass also uses personal information about individuals within its business partners to administer and manage its relationships in the operation of its business.

Situations in which we will use your personal information

The information you provide assists us in conducting due diligence checks and investigating any potential non-compliance with relevant anti-bribery, anti-money laundering, counter-terrorism financing, and anti-corruption legislation.

We may also need to use the information you provide to report to various regulators in order to comply with our legal obligations.

Data sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.

We require our third-party processors to respect the security of your personal information and to treat it in accordance with applicable law.

When we transfer personal data to a jurisdiction outside Singapore, we take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer and manage the business partner management process, or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Our third-party due diligence platform may be provided by OneTrust LLC, an industry-leading technology platform.

We may also conduct various screening checks via Dow Jones & Company’s screening tool.

We may also need to share your personal information with professional advisors such as legal advisors, auditors, and, if required, law enforcement or other regulators.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

CANDIDATES

This section of our privacy notice applies if you are involved in a recruitment process with Compass Group (Singapore) Pte Ltd.

The kind of information we hold about you

Personal data, or personal information, means any data, whether true or not, relating to natural persons who:

• Can be identified or are identifiable directly from the information in question; or
• Can be indirectly identified from that information in combination with other information which the organisation has or is likely to have access.

It does not include data where the identity has been removed (anonymous data).

There are some types of more sensitive personal information which require a higher level of protection, such as information about a person’s health, religious beliefs, philosophical beliefs, or sexual orientation.

The online or hard-copy forms and processes we may ask you to complete from time to time will vary. However, in most scenarios, we collect your personal information to potentially pursue an employer–employee relationship.

We are likely to collect, store, and use the following categories of personal information about you in order to fulfil that relationship, some of which will depend on the role for which you are applying.

We may collect, store, and use the following categories of personal information about you:

We may collect, store, and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, postcode, telephone numbers, and personal email addresses.

• Date of birth.

• Gender.

• Marital status and dependants.

• Leaving date and your reason for leaving previous employment.

• Recruitment information (including copies of right-to-work documentation, references, and other information included in a CV or cover letter, or as part of a job application process).

• Any information you provide to us during an interview (whether face-to-face, by phone, via Microsoft Teams, or in any other way).

• Results from any psychometric or similar assessments that may be relevant to the role you are applying for.

• Employment records (including job titles, work history, working hours, holidays, training records, and professional memberships).

• Competency certification or other regulatory or industry-related certification necessary for your role.

• Professional or trade qualifications that are relevant to the industry and/or role for which you are applying.

• Credit history.

• CCTV footage and other information obtained through electronic means.

• Photographs.

• Results of government revenue and customs or local tax office employment status checks, including details of your interest in and connection with the intermediary through which your services are supplied (should you provide services in a way that might legally qualify you as an employee in the eyes of the law or in accordance with government revenue and customs or local tax office guidance and regulation on the status of individuals and their tax affairs).

Some roles have regulatory requirements or are client-focused roles for industries where they are required to undertake stringent vetting on their own employees and those of contractors.

In such circumstances, we may have to undertake a level of investigation about you that might seem intrusive. We will only do this where we are required to do so or where our client requires it.

If we do not carry out these checks, we may not be able to fulfil our regulatory obligations, or our client may not grant you access to their premises, and you may be unable to perform your intended role.

We may also collect, store, and use the following categories of more sensitive personal information:

• Information about your race or ethnicity, religious beliefs, sexual orientation, philosophical beliefs, and political opinions.

• Trade union membership.

• Credit reference agency checks.

• Information about criminal convictions and offences, where these are relevant to the role for which you have applied and where regulations require us to obtain such data.

How is your personal information collected?

We collect personal information about potential employees, workers, and contractors (whether on a permanent, part-time, or casual basis) through the application and recruitment process, either directly from candidates or sometimes from a recruitment agency, online or digital platforms, portals, or other electronic systems to which we may subscribe from time to time, intermediaries, or background check providers.

We may sometimes collect additional information from third parties, including former employers, credit reference agencies, or other background check agencies.

We may also use the following other sources of personal information:

• Sanctions and watch lists issued by governments, financial market regulators, and law enforcement bodies from across the world.

• Outstanding County Court Judgments (CCJs), Individual Voluntary Arrangements (IVAs), bankruptcies, alias names, and address history using the electoral register.

• The Disclosure and Barring Service and Disclosure Scotland in respect of criminal convictions.

• Your named referees.

We may also collect personal information from the trustees or managers of pension arrangements operated by a group company, if relevant.

We will collect additional personal information during job-related activities throughout the period for which you work for us. This is covered in our Employee Privacy Notice.

We will generally obtain prior informed consent before processing your personal data in accordance with the PDPA, unless an exception to consent applies or it is otherwise required or authorised to process personal data under written law.

Most commonly, we will use your personal information in the following circumstances:

• Where we need to comply with a statutory obligation.
• Where we have your express consent.

Situations in which we will use your personal information

Depending on the nature of the role for which you are applying, from time to time, we are likely to need most of the categories of information listed above to allow us to properly manage the relationship we have with you. Some information is required to comply with legal obligations.

The situations in which we will process your personal information are listed below:

• Assess your skills, qualifications, and suitability for the work generally or for the role specifically.

• Carry out background and reference checks, where applicable.

• Communicate with you about the recruitment process.

• Keep records related to our hiring processes.

• Determine the terms on which you work for us.

• Check that you are legally entitled to work.

• Assess qualifications for a particular job or task.

• Ascertain your fitness to work.

• Comply with health and safety obligations.

• Detect or prevent fraud.

• Conduct equal opportunities monitoring.

Some of the above grounds for processing may overlap, and there may be several grounds which justify our use of your personal information.

How we use particularly sensitive personal information

Some types of personal information require higher levels of protection. We may process these types of personal information in the following circumstances:

• With your explicit consent.

• Where we need to carry out our statutory or contractual obligations, or exercise rights in relation to the contract or agreement we have with you (most importantly to ensure it is performed properly and safely).

• Where we need to provide a third party with health certification or evidence to allow you to undertake your role.

Automated decision-making

Automated decision-making takes place when an electronic system (including online or digital platforms, portals, or other electronic systems to which we may subscribe from time to time) uses personal information to make a decision without human intervention.

We may use automated decision-making when processing your personal information.

Data sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.

We require our third-party processors to respect the security of your personal information and to treat it in accordance with applicable law.

When we transfer personal data to a jurisdiction outside Singapore, we take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship we have with you, or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we may use to help administer the recruitment process and manage any employment contract or agreement we have with you.

The following are activities most likely to be carried out by third-party service providers in support of the recruitment process:

• Background checking agencies.

• Recruitment agencies.

• Role-specific assessment providers.

• Credit reference agencies.

• Security vetting organisations.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

What about other third parties?

We may also need to share your personal information with a regulator or otherwise comply with applicable law.

SOCIAL MEDIA

Compass Group (Singapore) Pte Ltd has social media channels. These channels are provided by third-party providers on their respective platforms.

Each of these companies acts as a separate organisation responsible for the personal information you post on these platforms when interacting with our channels. How they use your personal information is described in their respective privacy notices.

Any personal information that you have made public and accessible via your profiles on the social media channels will be available to us.

How long will Compass keep my personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.

To determine the appropriate retention period for personal information, we consider:

• The amount, nature, and sensitivity of the personal information.

• The potential risk of harm from unauthorised use or disclosure of your personal information.

• The purposes for which we process your personal information and whether we can achieve those purposes through other means.

• Applicable legal requirements.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you. In such cases, we may use this information without further notice to you.

Direct Marketing

In relation to our processing of personal information for direct marketing purposes, we may use your personal contact details such as name, title, address, telephone numbers, email addresses, IP address, and cookies information (“Marketing Data”) to send you promotional and direct marketing information about products and services of Compass, our affiliated group companies, and our business partners.

We may also transfer your Marketing Data to affiliated companies within the Compass Group and our business partners in the hospitality, education, and healthcare sectors (“Business Partners”) to enable them to market their products and services to you.

We will process your personal information for direct marketing purposes only with your written consent.

What other rights do I have in respect of my personal information?

You have rights under data protection laws in relation to your personal information. Under certain circumstances, your rights include:

• Request access to your personal information (commonly known as a “data subject access request” or “DSAR”). This enables you to receive a copy of the personal information we hold about you to check that we are processing it lawfully.

• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data corrected, although we may need to verify the accuracy of the new data you provide.

If you wish to exercise any of the rights set out above, please contact us using the information provided in the “Who can I contact if I have questions?” section below.

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in such circumstances.

We generally rely on personal data provided by you (or your authorised representative). To ensure that your personal data is current, complete, and accurate, please inform us of any changes by contacting us via the details provided below.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Changes to this Notice

Should Compass decide to substantially modify the manner in which Compass collects or uses your personal information, the type of personal information that Compass collects or any other aspect of this Notice, Compass will notify you as soon as possible by reissuing a revised Notice, or taking other steps in accordance with applicable law.

Who can I contact if I have questions?

As noted in the introduction, Compass has subsidiary or affiliate companies through which it operates. Some group subsidiaries or affiliates will contract in their own legal name and have their own privacy notices. Please refer to their applicable privacy notices by selecting the country you require from the drop-down list found on our Contact Us page.