top of page




Dragon Allies provides specialist professional recruitment consultancy services, placing candidates on a permanent and contract basis in information technology and design through locally set up and licensed businesses in Singapore and Hong Kong.


At Dragon Allies, we take your personal data very seriously. When you use our services, you are trusting us with your information. We understand this is a significant responsibility, so we created this policy to inform you and make sure we are transparent about our processes with regards to your personal data and your subsequent rights.


The policy is subject to changes and updates and this version was last updated on 1st June 2019.


If you are looking for a job – a permanent or contract role – and using Dragon Allies’ services as a recruitment agency, this policy applies to you.


If you are a representative of any of our current or prospective clients or suppliers and if your personal data is processed on Dragon Allies’ cloud CRM/ATS system, this policy applies to you.

We would like to share with you the details of how we process your data according to the data privacy policies in Singapore, and the General Data Protection Regulation (EU). The latter enhances privacy rights for individuals and provides a strict framework within which commercial organisations like ours can legally operate.



Personal data means “any information relating to an identified or identifiable individual”. It does not, therefore, include data where the identity has been removed (anonymous data). We will collect and handle, process, use, store, share and transfer (generically referred to as handling) the different kinds of personal data about you. Please note, that even though a type of data may be collected, it does not mean that it is always collected or retained.


Your personal data will be stored on our cloud CRM/ATS system. Your personal data can therefore be accessed and used by our employees who are based in our Singapore or Hong Kong offices. If you reside inside the EU, we have put safeguards I place to comply with GDPR when processing your personal data.


We collect the information necessary to be able to assess your eligibility for an assignment. In some countries, we are restricted from processing some of the personal data set out below. This information can include:


If you are a candidate

  • Full name

  • Registered address

  • Date of birth

  • E-mail addresses

  • (mobile) Telephone number 

  • Website or online portfolios

  • Verification data: ID card, passport/visa, driver’s licence if/when requested by the client

  • Professional profiles available in the public domain, e.g. LinkedIn, Twitter or Facebook

  • CV

  • Tags (dominant skill sets)

  • Current employer/client

  • Employment data such as your current and desired package (remuneration, pension and benefits, job preference, what work-related areas interest you), third party references (if taken) and interview and assessment feedback created either us or by our client following an interview or assessment

  • Documentation pertaining to your business registration confirming your identity as a freelancer or limited company contractor

  • Other documentation, if requested by clients such as references, academic achievements, certifications, psychometric assessments, background checks


We will only collect the necessary information in order to minimise the data we hold, if we do not need it, we will not collect it and will only do so with your consent.


If you are client/corporate staff:

  • Full name

  • Job title

  • Job function

  • LinkedIn profile

  • e-mail addresses

  • (mobile) Telephone number

  • Company details (location, department)

If you are a referee:

  • Identification data

  • Contact data


Please note that where you have previously been a candidate, we will have also collected personal data in such capacity.


We only collect and process sensitive personal data from you (racial or ethnic origin, health or sexual orientation for example), where you have given your explicit consent and in accordance with the regulations in the country where we, the client and/or you reside.

Which type of personal data do we collect about you?



We may collect personal data about you from:


  • You: i.e. the information you provide while searching for a new opportunity

  • Your completing a registration on our website

  • An agent/third party acting on your behalf

  • A Dragon Allies consultant getting in contact with you because they found your profile on a public/private database/job board you have subscribed to or registered your CV with, and that Dragon Allies uses or subscribes to

  • A meeting with a Dragon Allies consultant and subsequent sharing of information or sending your CV/application or job requirements by email

  • Publicly available sources such as LinkedIn, Google, etc…

  • By reference or word of mouth: you may be recommended by a friend, former employer or colleague.

  • Your being listed as a referee, we will obtain your information from the candidate themselves, or one of the third parties listed above.


When Dragon Allies receives your details as illustrated above, we save your application and/or information provided by you on our cloud CRM/ATS system. Your application and/or information will be reviewed by our consultants who will potentially share that information with our clients or candidates to advance your application/hiring process, provided you have given your express consent to this upfront.


When we receive these details, our consultant will inform you as soon as possible but no later than within a maximum of 30 days of collecting the data of the source where your personal data originates from. If this information is not provided, please let us know straight away and we will confirm where and how we obtained your data.

Where do we collect your personal data from?



We use your personal data to match your skills, experience, and education with a mandate we are running or to facilitate your hiring process. As a candidate we will collect basic information on you, such as contact details, professional experience and pass this onto the client. If you are chosen by the client to go through to the shortlist stage, we will collect more information from you (reasons for moving jobs, personal circumstances, your motivations for wanting a new role) for our client to assess your suitability.

We may also use your personal data to invite you to events run by Dragon Allies. We do not sell your personal data to third parties, and we do not share it except as necessary to provide our services. We may need to share your information with our clients for them to assess your suitability, the Ministry of Manpower, the Ministry of Labour and some of our service providers may store or otherwise use your information on our instructions (in which case we will have a contract in place with them to protect your information).

If you are a referee, we use your information to contact you about a candidate and obtain a reference for them.

How and why do we use your personal data?



We use your data as necessary for our legitimate interests in finding and assessing candidates for roles and to contact clients and referees, carrying out our core business and ancillary activities, i.e. recruitment and consultancy services.

If you are shortlisted as a candidate, this may involve the processing of more sensitive data, such as health information that you or others provide about you. We always ask for your consent before undertaking such processing.

We will process client data (including information about members of staff at that client) necessary for our legitimate interests in fulfilling our contract with the client.

If we ask for a copy of your passport or visa, we do this as we may have to verify your identity and/ or the right to work

We will keep your personal data on file for current and future opportunities that may arise;

If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data (right to be forgotten), we will remove you from our database and will not contact you again.


If you are a client, we will collect your information to carry out our core business and ancillary activities; in particular, Dragon Allies will collect your personal data for the following purposes:

  • Providing you with information about current or prospective candidates;

  • Communicating with you to identify opportunities for your business;

  • Contacting you in relation to the performance of a contract with your organisation;

  • Evaluating your experience with Dragon Allies and our recruitment process

  • Keeping your business updated by means of regular newsletters and how we can better support you to find the right candidates


In order to support our candidates’ career aspirations and your resourcing needs we require a database containing historical information as well as current points of contact. We will only collect information that is necessary to satisfy our legitimate business interests.


If Dragon Allies has entered into a contract with your organisation or is in the process of entering into a contract, it may need your personal data for the performance of a contract as you may have right of signature on behalf of your organisation.

The legal basis we have for using your personal data



Dragon Allies will not conduct any forms of automated processing of your personal data consisting of the use of personal data to evaluate certain personal aspects relating to you such as analysing or predicting aspects concerning your personal preferences, job roles interests, reliability, behaviour, location or movements. We will not make decisions that are based solely on automated processing which produces legal effects or similarly significantly affects you as a data subject.

Automated decison making, including profiling



We may transfer your personal data to clients, and partners in countries outside Singapore, Hong Kong and the EEA. If you are based in the EU and as we have offices in Singapore and Hong Kong, we will provide your information to international organisations or candidates located there. The privacy laws that apply may be different from those in your home country. Regardless of whether we transfer personal data to or from, we take steps to safeguard that information, by ensuring that for instance the EU, PDPC (Personal Data Protection Commission of Singapore) or PCPD (Privacy Commissioner for Personal Data of Hong Kong) considers that we have adequate data protection in place, or by putting in place model clauses with that recipient approved by the PDPC, PCPD or the EU.


As all our offices are connected via our cloud CRM/ATS system, your personal information will be stored and processed in any country where we have offices. By using our service, you agree to the transfer of information to countries outside of your country of residence, including the United States, which may provide for different data protection rules than in your country. Please note that as per 25 May 2018 all Dragon Allies entities operate under Standard Contractual Clauses providing protections and safeguards for cross-border transfers. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Data Processing policy.


If you are a client, please note that as our offices are connected via cloud CRM/ATS system your personal information will be stored and processed in any country where we have offices. By using our service, you agree to the transfer of information to countries outside of your country of establishment, including to the United States, which may provide for different data protection rules than in your country. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with data processing regulations.


Please also note that if we transfer personal data to relevant stakeholders like candidates or other third parties like clients (if you are a supplier representative) or suppliers (if you are a client representative), these data may be transferred outside the EEA. These data transfers are however necessary for the performance of a contract or for pre-contractual steps taken.


Compliance on a macro-level


The GDPR for instance requires a slew of data protection safeguards, from encryption at rest and in transit to access controls to data pseudonymisation and anonymisation. Rest assured that your data is hosted on the best-in-class datacentres. We use Amazon Web Services (AWS) which manages a comprehensive control environment that includes the necessary policies, processes and control activities for the delivery of each of the web service offerings in a secure manner, so you can be assured that all your data is safe in the cloud.


AWS is compliant with Industry Standard Accreditations:

1. SAS70/ISAE/SSAE Type II – Detailed Service Auditor Report

2. PCI DSS Level 1 – PCI Data Security Standard

3. ISO 27001 – Certification for Security Management System

4. FISMA – Government Agency’s standard for Federal Information Security Management Act.


Dragon Allies may also use various other software /cloud providers in future who may transfer your personal data outside the EEA. Dragon Allies will ensure that adequate safeguards are in place to ensure your data is transferred lawfully.

Cross-border transfers



You have legal rights when it comes to your personal data. Further information and advice can be obtained from the relevant authorities.

  • The right to be informed - You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This also means you should notify us of any changes, so we hold updated records.

  • The right to rectification – as mentioned above, you are entitled to have your information corrected if it is inaccurate or incomplete.

  • The right of access - You have the right to obtain access to your information (if we’re processing it), and certain other information.

  • The right to restrict processing - You have rights to block or suspend use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be blocked/suspended to make sure the restriction is respected in the future.

  • The right to data portability - You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

  • The right to object to processing - You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities). This means we will only send you marketing communication if you have opted in

  • The right to lodge a complaint - If you feel that your rights as a data subject have been breached, you have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator or seek legal remedy. However, we encourage you to contact us first.

  • The right to withdraw consent - If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

  • The right to erasure - This is also known as ‘the right to be forgotten’ and enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it.


We will act on requests for information free of charge

Please do consider your request responsibly before submitting it. We will respond as soon as we can, generally within 30 days from when we receive your request which can be extended to 60 days in exceptional circumstances

Your rights




Your personal data can be stored in our CRM system indefinitely, but you have the choice as to how long you want it to stay from the moment you register:

  1. Exclusively for the job in question, data automatically deleted when job closed

  2. For a limited period (we recommend 3 years), data automatically deleted on expiry date

  3. Indefinitely


If you are working with Dragon Allies consultants on your next career move, we will keep your data on file to be able to match you with the latest opportunities and to contact you. Your data will be removed if you request it to be removed.


Different retention periods apply if here is a direct current or future statutory requirement under which Dragon Allies is obliged to keep your data stored in our cloud CRM/ATS system for a longer period. This applies for example if you are hired by one of our clients in the EU as Dragon Allies subsequently needs to keep records of the relevant transaction for 6 years as a minimum and subject to change.


Corporate staff

As a client or prospective client, your personal data will be stored in our cloud CRM/ATS systems for as long as Dragon Allies is in touch with your organisation.


If Dragon Allies enters into an agreement with your organisation it shall keep your data for the duration of the business relationship and a minimum of six years thereafter unless there is a direct statutory requirement (that comes into force) under which Dragon Allies is obliged to keep your data stored in our internal databases for a longer period of time or Dragon Allies needs to hold your data on file for the purposes of executing an agreement to which your organisation is a party, to comply with a legal obligation or to defend itself against a legal claim.


If, however we never completed a transaction with your organisation we will remove your details from our database if we have not been in touch with you for an extended period or if it appears that you do not work for your organisation anymore.

How long will we store your data?



We may contact you by phone, email or any other means of contact you prefer, just let us know.


Dragon Allies will hold your personal data for marketing purposes which are optional. The legal basis for collecting and processing personal data for marketing purposes is ‘consent’ which means Dragon Allies will only send you marketing communication if you have opted in.


If you opted in, we will use your data, preferences, user behaviour and information you have provided to personalise your experience such as providing you with relevant service announcements and updates (tailored job alerts, news relevant to your area of expertise, networking events, etc…) and to better understand your needs and interests in relation to your job or hiring needs.


You are entitled to withdraw consent or restrict the use of your personal information for whatever purpose at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To opt out of any data processing and/ or marketing communications from Dragon Allies. please click the ‘unsubscribe’ link in the footer of the respective message

Means of contact and optional marketing



From a GDPR perspective, Dragon Allies will be what is known as the ‘Controller’ of the personal data you provide to us. Dragon Allies includes Dragon Allies Pte. Ltd. registered in Singapore and Dragon Allies Limited registered in Hong Kong.


Both entities act as Data Controller as they jointly determine the purposes and means of processing of your personal data which will be stored on our cloud CRM/ATS system. Your data can therefore be accessed by our employees who are based in Singapore, Hong Kong and other international offices as we open them further down the line. All are compliant with GDPR when processing your personal data provided you reside in the European Union.


Your personal data may also be shared with our clients or candidates if you are a client for the purpose of introducing you or arranging interviews with them, upon prior written notice to you in which one of our staff members outlines which client(s) Dragon Allies will share your details with and the exact data that will be forwarded to this client or candidate. Our employees will only share your personal data with our clients or candidates if you explicitly agree for them to do so. As a client your personal data may also be shared with our candidates if we introduce you to them for the purposes of a smooth recruitment process.


We may disclose your personal information to third parties if we sell or buy any business or assets in which case, we will have to disclose your personal data to the prospective seller or buyer. We may also be under duty to disclose or share your personal data in order to comply with legal obligations, to defend our business against a legal claim or in order to enforce or apply our various commercial agreements or to protect the rights, property or safety of Dragon Allies, our customers or other parties.

Dragon Allies as a data controller



If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, contact We will endeavour to respond within 30 days from when we receive your request which can be extended to 60 days in exceptional circumstances.

How to contact us
bottom of page