Privacy Policy

CGP Group Companies (SEA) Data Protection Policy

Last updated [19 January 2026]

1. Purpose of This Policy

This Data Protection Policy (“Policy”) explains how CGP Group Companies (“we”, “us”, or “our”) collect, use, disclose, and process personal data of individuals applying for job positions with us. It complies with applicable data protection laws, including Singapore’s Personal Data Protection Act (PDPA).

This Policy applies to personal data in our possession or under our control, including data handled by third-party organisations we engage for recruitment-related purposes.

This Policy is an addendum to our Job Application Form as well as website contract forms and should be kept as part of the complete application documentation.

2. CGP Groups Companies Covered

This Policy applies to Cornerstone Global Partners Pte. Ltd. (“CGP”) and its related corporations, including but not limited to:

SINGAPORE
Cornerstone Global Partners Pte Ltd
79 Anson Road #17-01 Singapore 079906 
EA Licence Number: 19C9859
https://www.cgp.sg/privacy-policy/

MALAYSIA
Agensi Pekerjaan Cornerstone Global Partners (Malaysia) Sdn. Bhd 
Suite 44, Menara UOA, Tower B, Level 9, Jalan Bangsar Utama 1 59000 Kuala Lumpur
JTKSM 1253
https://www.cgpmalaysia.com/privacy-policy/

VIETNAM
Cornerstone Global Partners (Vietnam) Company Limited 
25A/1 + 25A1 Nguyen Binh Khiem, Ben Nghe Ward, District 1, Ho Chi Minh City, Vietnam
https://www.cgpvietnam.com/privacy-policy/

THAILAND
CGP Recruitment (Thailand) Co., Ltd 
No. 1 Park Silom Tower, 29th-30th Floor, Unit 2901 and 3001, Convent Rd., Silom, Bangrak, Bangkok 10500, Thailand
https://www.cgpthailand.com/about-us/privacy-policy/

Last updated: 19 January 2026

3. Who This Policy Applies To

This Policy applies to all individuals who apply for any job position with us (“Job Applicants”) as well as following types of users (hereinafter referred to as “Users”) but not limited to – website users, prospective and live client contacts, supplier contacts, attendees if events run by us.

​4. What Is Personal Data

“Personal data” refers to any information that can identify a Job Applicant and User, either on its own or when combined with other data we have or are likely to have access to.

5. Types of Personal Data We Collect

We may collect the following personal data from Job Applicants and Users:

  • Full name
  • Date of birth
  • Mobile number
  • Email address
  • Any other information you provide to us

In certain countries where we operate, we may also collect sensitive personal data if required for recruitment purposes. This may include:

  • Health information
  • Biometric data
  • Criminal records
  • Other data classified as sensitive under local laws

Where sensitive data is collected, we will obtain your explicit consent and apply appropriate safeguards to protect it in line with legal requirements.

6. Collection, Use, and Disclosure of Personal Data

We generally collect personal data in the following ways:

  • Directly from you or through a third party you have authorised (such as a job placement agent), after:
    1. You (or your authorised representative) have been informed of the purpose of the data collection; and
    2. You (or your authorised representative) have given written consent for us to collect and use your personal data for those purposes. 
  • Without consent, where such collection and use is permitted or required under applicable data protection laws, including but not limited to: Singapore PDPA, Malaysia PDPA, Thailand PDPA, Vietnam PDPL and China PIPL. These laws provide for alternative legal bases such as:
    • Contract performance
    • Legal obligations
    • Vital interests (such as emergencies)
    • Public interest or national security
    • Legitimate interests, where permitted and subject to balancing tests

We will always seek your consent before collecting additional personal data or using your data for purposes not previously notified—unless permitted by the relevant laws.

Purpose of Collection, Use, and Disclosure

As a Job Applicant or User, your personal data may be collected, used, and disclosed for the following purposes:

  • To assess and evaluate your suitability for current or future employment opportunities within our organisation
  • To verify your identity and the accuracy of the information you have provided
  • To comply with applicable laws, regulations, codes of practice, or to assist in investigations by government or regulatory authorities
  • To share with unaffiliated third parties, including service providers, agents, and relevant authorities (in Singapore or overseas), for the above purposes
  • For any other incidental business purposes related to or connected with the above

If you provide us with personal data of another individual (e.g., a referee), you must obtain their consent before disclosing their data to us.

Your consent for the collection, use, and disclosure of your personal data remains valid until you withdraw it in writing via email.

To withdraw your consent, please email your request to our Data Protection Officer at the contact details provided. We may require reasonable time to process your request, depending on its complexity and impact on our relationship with you.

  • We aim to process your request within 10 business days.
  • If more time is needed, we will inform you within the initial 10-day period.
  • In jurisdictions where laws require faster action, we will respond as quickly as possible and notify you if additional time is needed.

Depending on the nature of your request, we may not be able to proceed with your application or continue our engagement with you. If so, we will inform you before completing the withdrawal process.

If you change your mind, you may cancel your withdrawal by informing us in writing via email. Withdrawal of consent does not affect our right to continue collecting, using, or disclosing your personal data where permitted or required by law.

8. Access to Personal Data

If you wish to request access to a copy of the personal data we hold about you, or to understand how your personal data is being used or disclosed, please submit your request in writing via email to our Data Protection Officer at the contact details provided below.

  • A reasonable fee may be charged to process your access request. If applicable, we will inform you of the fee before proceeding.
  • We will respond to your request as soon as reasonably possible, and within the timelines required by applicable data protection laws:
    • Singapore: within 30 calendar day
    • Malaysia: within 21 calendar days
    • Vietnam: within 72 hours
    • Thailand: within 30 calendar days

If exceptional circumstances prevent us from meeting the required timeline, we will notify you via email, explain the reason for the delay, and outline the steps being taken to address it—always in accordance with applicable laws.

For individuals located in jurisdictions with extraterritorial data protection laws, we will respond in accordance with those local laws. Where applicable, we also comply with Singapore’s PDPA, which requires a response within 30 calendar days.

If we are unable to provide the requested personal data, we will generally inform you of the reasons—unless we are not required to do so under applicable data protection laws or jurisdictions’ laws.

Depending on your request, we may only be required to provide access to the personal data contained in relevant documents, not the documents in full. In such cases, we may provide a summary or confirmation of the personal data we have on record, especially where your data forms only a minor part of the document.

9. Correction of Personal Data

If you wish to correct or update any personal data we hold about you, please submit your request in writing via email to our Data Protection Officer.

  • We aim to respond to correction requests within 10 business days.
  • If we are unable to complete the correction within this timeframe, we will notify you via email and provide an estimated timeline.

Our internal target of 10 business days applies unless a shorter response time is required by law. Statutory timelines include:

  • Singapore: within 30 calendar day
  • Malaysia: within 21 calendar days
  • Vietnam: within 72 hours
  • Thailand: within 30 calendar days

For individuals in jurisdictions with extraterritorial data protection laws, we will respond in accordance with those laws. Where applicable, we also comply with Singapore’s PDPA, which requires a response within 30 calendar days.

If we are unable to make the requested correction, we will generally inform you of the reasons—unless we are not required to do so under applicable data protection laws or jurisdictions’ laws.

10. Protection of Personal Data

To protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks, we have implemented appropriate administrative, physical, and technical safeguards. These include:

  • Up-to-date antivirus and firewall protection
  • Encryption of data
  • Use of privacy filters
  • Secure storage and transmission protocols

Access to personal data is restricted internally and to authorised third-party service providers and agents on a strict need-to-know basis.

Please note that while we strive to maintain the highest standards of security, no method of transmission over the Internet or electronic storage is completely secure. We are committed to continuously reviewing and enhancing our security measures to protect your personal data.

11. Accuracy of Personal Data

We rely on the personal data provided by you (or your authorised representative). To ensure your data remains current, complete, and accurate, please notify us of any changes by contacting our Data Protection Officer in writing via email.

12. Retention of Personal Data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws.

  • If your job application is successful, your personal data will be retained as part of your employment records or as required by local laws.
  • We will cease to retain your personal data, or remove the means by which it can be associated with you, when it is reasonable to assume that:
    1. The data is no longer needed for the original purpose; and
    2. It is no longer required for legal or business purposes.

13. Third-Party Disclosure and Cross-Border Data Transfers

We are committed to protecting your personal data and ensuring transparency in how it is shared and transferred across borders.

We may share your personal data with contracted third-party service providers, some of whom may be located outside your country of residence. These providers support various business functions, including but not limited to:

  • Subsidiaries and affiliated companies of CGP
  • Data storage and cloud infrastructure
  • Recruitment and talent management software
  • Payroll and employment-related services
  • Competency and psychometric testing providers
  • Educational or vocational institutions for qualification verification
  • Your nominated referees
  • Prospective employers and clients seeking to engage your services
  • Our suppliers, service providers, or partners supporting operational, administrative, or employment-related functions
  • Other operational services necessary to support our business functions

All third-party engagements are governed by contractual obligations and internal policies to ensure your data is handled securely and lawfully.

As we operate across multiple jurisdictions, it may be necessary to transfer your personal data overseas in connection with our business activities and service delivery. These transfers may occur to, but are not limited to, the following countries or regions:

Singapore, Malaysia, Thailand, Vietnam, Mainland China, Hong Kong SAR, Japan, USA, and other jurisdictions where we operate from time to time.

We ensure that any personal data transferred overseas is protected to a standard comparable to the data protection laws of the originating jurisdiction, such as the Singapore PDPA or other applicable data protection laws.

14. Regional Data Protection Compliance

We are committed to complying with applicable data protection laws in all jurisdictions where we operate or receive job applications. This includes:

  • Singapore: Personal Data Protection Act (PDPA)
  • Malaysia: Personal Data Protection Act (PDPA)
  • Vietnam: Personal Data Protection Law (PDPL)
  • Thailand: Personal Data Protection Act (PDPA)
  • China: Personal Information Protection Law (PIPL)

We ensure that personal and sensitive data collected from job applicants or users is processed lawfully, fairly, and transparently.

Where personal data is transferred across borders—including to jurisdictions with extraterritorial data protection laws—we implement appropriate contractual, technical, and organisational safeguards to protect data integrity, confidentiality, and security. These safeguards are designed to ensure compliance with local legal requirements and maintain a level of protection comparable to that of the originating jurisdiction.

15. Notice About AI Use in Processing Job Applications

As part of our recruitment operations, we may use AI-powered tools to assist in organizing, analyzing, and supporting the processing of job application materials. These tools may process personal data such as:

  • Your name
  • Contact details
  • Employment history
  • Education
  • Other information provided during the application process

Purpose of AI Use

The use of AI tools is strictly limited to supporting internal recruitment functions, including:

  • Extracting relevant information to facilitate candidate profiling
  • Enhancing consistency and accuracy in application records
  • Supporting operational efficiency in recruitment workflows

These tools do not make automated decisions about your suitability for employment. All evaluations and selections are made by qualified recruitment professionals, with human oversight at every stage of the decision-making process.

Legal Basis for AI Processing

The processing of personal data through AI tools is conducted in accordance with applicable data protection laws in the jurisdictions where we operate. Legal bases for processing may include:

  • Legitimate interest, where processing is necessary for recruitment operations and does not override your rights
  • Deemed consent by notification, where you are informed of the purpose and given the opportunity to opt out (especially when AI tools are operated by third-party providers under binding agreements)
  • Contractual necessity or regulatory compliance, where applicable safeguards are in place
  • Explicit consent, where required by law, particularly for sensitive personal data

Where required, we implement balancing tests, data protection impact assessments, and appropriate safeguards to ensure fairness, transparency, and protection of your personal data.

16. Job Applicants’ and Users’ Rights

Depending on your jurisdiction, you may have additional rights under applicable data protection laws. These may include:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to data portability
  • Right to object to or restrict processing
  • Right to lodge a complaint with a supervisory authority

17. Data Protection Officer

If you have any enquiries or feedback regarding our personal data protection policies and procedures, or if you wish to make a request, please contact:

Data Protection Officer: DPO Office
Email: [email protected] 

18. Effect of Policy and Changes to Policy

This Policy applies in conjunction with any other policies, notices, contractual clauses, and consent clauses that relate to the collection, use, and disclosure of your personal data by us. We may revise this Policy from time to time without prior notice. You can check for updates by referring to the “Last Updated” date at the top of this document. Your continued participation in our recruitment process or employment with us constitutes your acknowledgement and acceptance of any changes.

If you are a minor under the minimum age defined by applicable privacy laws, you represent and warrant that your parent or legal guardian has been informed of and has agreed to this Data Protection Policy.

Where legally required, you are responsible for obtaining valid parental consent before providing us with your personal data.

We may request evidence of such consent and reserve the right to delete any personal data collected from you if we cannot verify that the necessary consent has been obtained. We are not liable for any failure to obtain parental consent as required by law.

In most cases, we do not require sensitive personal data during the job application process. You should avoid submitting such data unless it is necessary or relevant.

However, we may collect and handle sensitive personal data—including health information, financial details, criminal history, or other data considered sensitive under applicable laws—under the following conditions:

  • You voluntarily include such information in your application materials, in which case you are deemed to have consented to its use for recruitment-related purposes
  • You have provided explicit consent for us to collect, use, or disclose your sensitive personal data for specific purposes
  • There is another legal basis under applicable laws that permits us to process such data without explicit consent

We may request confirmation of your explicit consent where required and reserve the right to delete any sensitive personal data submitted without a valid legal basis or necessary consent.

In situations where explicit consent is required by law, we will be contacting you separately.

By submitting forms via website, you acknowledge and agree to the following:

  • You have read, understood, and agreed to the above Policy, and consent to the collection, use, and/or disclosure of your personal data for the purposes outlined in the Policy.
  • If your job application or personal data was submitted by a third party, you warrant that the third party was duly authorised by you to disclose your personal data to us for the stated purposes.
  • Your personal data may be processed using AI-powered tools and may be transferred across borders in accordance with applicable data protection laws.
  • The personal data you have provided is accurate and complete to the best of your knowledge.
  • You understand that you may contact us at [email protected]  to withdraw your consent, request manual processing, or opt out of AI-powered tools, subject to applicable legal and operational limitations.

Disclaimer:
This mailbox is designated for matters related to the Data Protection. For enquiries unrelated to data protection, please submit your request via our Official Contact Form. Kindly note that non-DPO-related queries sent to this mailbox may not receive a response.