1. Introduction

SHRITECH Energy Pte Ltd (Singapore) and PT. Shritech Energy (Indonesia) (collectively referred to as “SHRITECH”, “we”, “our”, or “us”) are committed to protecting the privacy and personal data of employees, customers, vendors, contractors, and system users who access and use our Enterprise Resource Planning (ERP) System.

This Privacy Policy explains how personal data is collected, used, disclosed, stored, and protected when using the ERP System.

This policy is designed to comply with:

  • Singapore Personal Data Protection Act (PDPA)
  • Indonesia Personal Data Protection Law (UU PDP No. 27 of 2022)
  1. Scope

This policy applies to all users of the ERP system including:

  • Employees and staff
  • Management
  • Customers and clients
  • Vendors and suppliers
  • Contractors and consultants
  • Any authorised third-party users
  1. Types of Personal Data Collected

The ERP system may collect and process the following personal data:

  • Full name
  • NRIC/FIN/Passport (employees where required)
  • Contact number and email address
  • Residential address
  • Employment details (designation, salary, attendance, leave records)
  • Bank details (for payroll and payments)
  • Vendor and customer contact details
  • System login credentials and activity logs
  • IP address and access history
  • Financial and transaction records
  1. Purpose of Collection

Personal data is collected and processed for the following purposes:

  • HR management and payroll processing
  • Project management and resource planning
  • Procurement and vendor management
  • Customer management and invoicing
  • Accounting, taxation, and audit purposes
  • System security, monitoring, and access control
  • Legal and regulatory compliance
  1. Consent

By using the ERP system, users consent to the collection, use, and disclosure of their personal data for the purposes stated in this policy.

  1. Disclosure of Personal Data

Personal data may be disclosed to:

  • Internal departments within SHRITECH
  • Government authorities when legally required
  • Auditors, tax agents, and professional advisors
  • ERP software vendors and IT service providers
  • Banks and financial institutions for payment processing

All third parties are required to protect personal data in accordance with applicable laws.

  1. Cross-Border Data Transfer

As SHRITECH operates in both Singapore and Indonesia, personal data may be transferred between the two countries for business and operational purposes. Such transfers will comply with PDPA and Indonesia PDP requirements.

  1. Data Security

We implement reasonable security measures including:

  • Role-based access control
  • Password protection and authentication
  • Data encryption and secure servers
  • Access logs and monitoring
  • Regular system backups
  1. Data Retention

Personal data will be retained only as long as necessary for business, legal, and accounting purposes, after which it will be securely deleted or anonymised.

  1. User Rights

Users have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Withdraw consent where applicable
  • Request deletion where legally permissible

Requests may be made to: sales@stenergy.com.sg

  1. Updates to This Policy

SHRITECH reserves the right to update this policy from time to time. Users will be notified of material changes.