������Ƶ

A Subject Access Request is your legal right to ask any organization what personal data they have about you. Under Singapore's Personal Data Protection Act (PDPA), you can request details about how your information is being collected, used, and shared. This includes everything from basic contact details to employment records and CCTV footage.

Organizations must respond within 30 days of receiving your request. They can charge a reasonable fee to cover their costs, but they need to provide a clear explanation of what data they hold, why they have it, and who else might have access to it. Some exceptions apply for confidential business information or data that might reveal someone else's personal details.

Submit a Subject Access Request when you need to understand exactly what personal information an organization holds about you in Singapore. This is especially useful before making important decisions like joining a new insurance plan, applying for a job, or addressing concerns about how your data is being used. It's also valuable if you spot unexpected marketing communications or suspect your information might be outdated.

Many people file these requests when dealing with financial institutions, healthcare providers, or employers. For example, you might need to verify your credit history details, check what medical records a clinic maintains, or review your complete employment file. The request helps ensure transparency and gives you control over your personal data.

• Basic Data Request: A straightforward request to view your personal data held by an organization, commonly used for simple inquiries about contact details or account information
• Detailed Access Request: A comprehensive request covering specific time periods and data categories, often used when dealing with banks, insurers, or employers
• Urgent Medical Records Request: An expedited Subject Access Request specifically for healthcare data, which follows stricter handling requirements under Singapore's medical privacy laws
• Third-Party Authorization Request: Used when someone else makes the request on your behalf, requiring additional documentation to prove authorization
• Cross-Border Data Request: Specifically addresses data transferred outside Singapore, requiring organizations to detail international data flows

• Individual Data Subjects: Any Singapore resident who wants to know what personal information organizations hold about them and how it's being used
• Data Protection Officers: Company representatives responsible for handling and responding to Subject Access Requests within the 30-day timeline
• Organizations and Businesses: Any entity collecting personal data must process these requests, from multinational corporations to small businesses
• Legal Representatives: Lawyers who help individuals file requests or assist organizations in responding appropriately
• PDPC Officials: Regulators who oversee compliance with Singapore's data protection laws and investigate complaints about request handling

• Personal Details: Gather your full name, NRIC/FIN, contact information, and any relevant account numbers or identifiers with the organization
• Request Scope: List specific types of personal data you're seeking, relevant time periods, and departments that might hold your information
• Organization Research: Find the correct Data Protection Officer's contact details and the organization's preferred submission method
• Identity Proof: Prepare a copy of your NRIC or passport to verify your identity
• Document Format: Use our platform to generate a properly structured request that meets PDPA requirements and includes all necessary legal elements

• Requester Information: Your full name, NRIC/FIN number, and current contact details for correspondence
• Organization Details: Complete name and address of the organization holding your data
• Data Specifics: Clear description of the personal data you're requesting access to, including relevant time periods
• Purpose Statement: Brief explanation of why you're seeking the information (though not legally required)
• Access Method: Preferred format for receiving the information (electronic or physical copies)
• Authorization: If acting on behalf of someone else, proof of authority to make the request
• Declaration: Statement confirming the accuracy of information provided and your identity

A Subject Access Request differs significantly from an Access Control Policy. While both deal with data access, they serve distinct purposes and operate differently under Singapore's PDPA framework.

• Purpose and Direction: A Subject Access Request is initiated by individuals seeking their personal data from organizations, while an Access Control Policy is created by organizations to govern how data access is managed internally
• Legal Requirements: Subject Access Requests must be responded to within 30 days by law, whereas Access Control Policies are voluntary but recommended security measures
• Scope of Coverage: Subject Access Requests focus specifically on personal data of the requesting individual, while Access Control Policies cover all types of company data and systems
• Implementation: Subject Access Requests are one-time inquiries for specific information, but Access Control Policies are ongoing frameworks that establish long-term rules and procedures