FAQs
Home Alternate Text FAQs Alternate Text FAQs for Individuals
FAQs for Individuals

General

  1. What is 'personal data'?
  2. When will the Personal Data Protection Act (PDPA) come into force?
  3. What are the objectives of the PDPA?
  4. How does the PDPA benefit me?
  5. How is the PDPA different from the Spam Control Act?
  6. What is 'deemed' consent?
  7. What constitutes 'acting in personal or domestic capacity'?
  8. What is 'business contact information'?
  9. What can I do if there is a breach?

Collection, Use & Disclosure

  1. How much personal data can an organisation collect about me?
  2. What can an organisation do with my personal data that is collected before the effective date of the data protection rules on 2 July 2014?
  3. Can the security guard of a private property estate or office building request for and collect the personal data (e.g. NRIC) of visitors before they enter the premises?

Access & Correction

  1. Can I request access to my personal data held by an organisation?
  2. Can I request to correct my personal data held by an organisation?
  3. Can organisations charge a fee for my access request?
  4. Can organisations charge a fee for my correction request?

Care of Personal Data

  1. How long can an organisation retain my personal data for?
  2. Can I ask an organisation to delete my personal data from their records?

Do Not Call Registry

  1. How can the DNC Registry help me?
  2. When will the DNC Registry be ready?
  3. What telephone numbers can be registered with the DNC Registry?
  4. Can I register my office number with the DNC Registry?
  5. Will my telephone number registered with the DNC Registry expire?
  6. Do I have to pay to register my telephone number with the DNC Registry?
  7. Which Registry should I add my telephone number to?
  8. How do I register my number?
  9. How do I register my telephone number if it has caller ID blocking service?
  10. How do I know if my registration is successful?
  11. How do I deregister my telephone number with the DNC Registry?
  12. Do I have to re-register if I change my telephone number?
  13. Do I have to remove my number from the DNC Registry if I terminate my number?
  14. Will I stop receiving telemarketing messages immediately after I have registered my mobile number with the DNC Registry?
  15. Do organisations have to check the DNC Registry for all telemarketing messages they intend to send out?
  16. How can I still receive promotional messages from selected organisations if I register with the DNC Registry?
  17. Will I receive all sorts of promotional messages from organisations relying on the Exemption Order?
  18. What is meant by an 'ongoing relationship'?
  19. Will the DNC Registry cover overseas telemarketers?
  20. Are business-to-business (B2B) marketing calls or messages covered under the DNC Registry?
  21. Are telemarketing messages sent through applications such as WhatsApp covered under the DNC provisions?
  22. Are emails and mail delivered by post covered under the DNC Registry?
  23. What can I do if I receive unsolicited telemarketing messages from organisations before the implementation of the DNC Registry on 2 January 2014?
  24. If an organisation has obtained consent from me before I registered with the DNC Registry, can the organisation still send marketing messages to me?
  25. How can I still receive promotional messages from selected organisations if I register with the DNC Registry?
  26. How do I report a suspicious scam call or message?

Enforcement

  1. What should I do if I receive an SMS or call offering moneylending services?
  2. How do I lodge a complaint on DNC offences?
  3. Is there a time frame for a complaint to be made to the PDPC for investigations?
  4. Do I need to submit any evidence to the PDPC when lodging a complaint?
  5. Will I need to provide my statement after lodging a complaint?
  6. Can I choose to remain anonymous when lodging a complaint?
  7. Will I receive any reply from the PDPC after reporting a possible DNC offence?
  8. Will I be expected to attend Court after making a report involving DNC breaches?
  9. Will the PDPC investigate telemarketing messages sent from overseas?
  10. What if I receive a marketing text or fax message from an organisation with which I have an ongoing relationship (e.g. regular customer or membership)?

General

1. What is 'personal data'?

Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.

This includes unique identifiers (e.g. NRIC number, passport number); as well as any set of data (e.g. name, age, address, telephone number, occupation, etc), which when taken together would be able to identify the individual. For example, Jack Lim, 36 years old, civil servant, lives at Blk 123 Bishan St 23.

Back to top

2. When did the Personal Data Protection Act (PDPA) come into force?

To allow time for organisations to adjust to the new law, the PDPA was implemented in phases. The provisions relating to the Do Not Call (DNC) Registry came into effect on 2 January 2014 and the provisions relating to the personal data protection on 2 July 2014.

Back to top

3. What are the objectives of the PDPA?

Complementing sector-specific frameworks, the PDPA will safeguard individuals’ personal data against misuse by regulating the proper management of personal data. Generally, individuals have the right to be informed of the purposes for which organisations are collecting, using or disclosing their personal data, giving individuals more control over how their personal data is used.

The PDPA also aims to enhance Singapore’s competitive advantages as a location for data hosting and management activities by strengthening Singapore’s reputation as a secure location for data, and giving assurance to businesses looking for safeguards to protect sensitive data sets.

Back to top

4. How does the PDPA benefit me?

The law will ensure that organisations put in place adequate safeguards to protect individuals’ personal data.  Organisations will generally be required to obtain your consent to the collection, use and disclosure of your personal data for their intended purposes and thus you will have more control over how your personal data is used.

Back to top

5. How is the PDPA different from the Spam Control Act?

The Spam Control Act (“SCA”) sets out a framework to manage unsolicited commercial electronic messages sent in bulk through electronic mail, text and multimedia messaging, otherwise known as "spam". The SCA requires organisations to, among others, provide an unsubscribe facility within the spam message and include an < adv > header in the subject field of the message or where there is no subject field, as the first words in the message.

While the SCA manages the sending of spam messages, the PDPA sets out rules governing the proper collection, use and disclosure of personal data, which would include contact information of an individual. Under the PDPA, organisations are required to obtain consent for a stated purpose to collect, use or disclose the contact information of an individual, and safeguard such information, unless any exception applies.

In addition, the provisions relating to the DNC Registry in the PDPA allow individuals to opt out of marketing messages (voice calls, SMS/MMS or fax) delivered to a Singapore telephone number.

Organisations are prohibited from sending marketing messages to Singapore telephone numbers registered with the DNC Registry unless they have obtained clear and unambiguous consent, in writing or other accessible form, to the sending of the marketing message to the particular Singapore telephone number.

In relation to the sending of spam messages, the PDPA applies to the collection, use and disclosure of individuals’ contact information for such purposes, while the SCA governs the manner in which the spam message may be sent. These frameworks will operate concurrently.

Back to top

6. What is 'deemed' consent?

You are deemed to consent to the collection, use or disclosure of personal data by an organisation for a purpose if you voluntarily provide the personal data to the organisation for that purpose; and it is reasonable that you would do so.

For example, when you seek medical treatment in a medical facility, such as a clinic or hospital, and voluntarily provide your personal data, you would be deemed to have consented to the collection and use of your personal data by the medical facility hospital for that purpose.

Back to top

7. What constitutes ‘acting in personal or domestic capacity’?

These are purposes to do with your personal, family or household affairs. For example, if you keep a database of your friends’ and relatives’ names, addresses, contact numbers and birthdates for your own personal use, you are considered to be acting in a personal or domestic capacity. Your keeping of the database will not be covered under the PDPA.

Back to top

8. What is 'business contact information'?

Business contact information refers to your name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information, not provided by you solely for your personal purposes.

Based on the above definition, business contact information will be excluded from the data protection requirements of the PDPA, except for the requirements relating to the DNC Registry.

Back to top

9. What can I do if there is a breach?

If you come across a potential breach under the PDPA, you can contact the relevant organisation for clarifications. For further assistance, you may contact the Personal Data Protection Commission by phone or providing your feedback through email.

Back to top

Collection, Use & Disclosure

1. How much of my personal data can an organisation collect, use or disclose about me?

Under the PDPA, organisations may collect, use or disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and that you have been notified of by the organisation unless an exception under the PDPA applies.

In addition, the organisation must obtain your consent to such collection, use or disclosure, unless any exception under the PDPA applies.

In this regard, organisations, shall not, as a condition of supplying a product or service, require you to consent to the collection, use or disclosure of personal data beyond what is reasonable to provide the product or service. For example, an organisation that sells a consumer product should not require you to reveal your annual household income as a condition of selling you the product, although it may still ask you to provide such personal data as an optional field.

If the organisation wishes to collect any additional personal data, the organisation shall provide you the option of whether to consent to this.

Back to top

2. What can an organisation do with my personal data that is collected before the effective date of the data protection rules on 2 July 2014?

Generally organisations can continue to use the personal data that was collected prior to the effective date of the data protection rules, for the reasonable purposes for which the personal data was collected.

Consent will need to be obtained if the existing data is to be used for a new purpose different from the purpose for which it was collected, or if the existing data is to be disclosed to another organisation or individual, unless any exception applies. The exceptions from the need to seek consent for collection, use or disclosure are set out in the Second, Third and Fourth Schedule of the PDPA respectively. This includes exceptions catering to certain emergency situations, investigations, publicly available data or where the personal data is used for evaluative purposes.

As an example, if a company has been using your personal data to provide after-sales customer support prior to the PDPA, it can continue to do so after the PDPA comes into effect, even if it did not obtain consent previously. However, if it now intends to use the same personal data for direct marketing where it had not collected the personal data for this purpose, consent will need to be obtained for such a purpose.

Back to top

3. Can the security guard of a private property estate or office building request for and collect the personal data (e.g. NRIC) of visitors before they enter the premises?

Generally, the security guard should inform the visitors of the purposes for the collection, use and disclosure of their personal data and obtain their consent. Even if the visitor does not expressly consent, if the visitor has been informed that his personal data is required for a particular purpose (for example, security purposes for entry into the premises), the visitor may be deemed to have given his consent to the collection, use or disclosure of his personal data for that purpose if he voluntarily provides his personal data.

The PDPA requires (amongst other things) that an organisation only collects, uses or discloses personal data for purposes that a reasonable person would consider appropriate in the circumstances and also make reasonable security arrangements to protect personal data collected in order to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Back to top

Access & Correction

1. Can I request access to my personal data held by an organisation?

You may request to access to your personal data held by an organisation. However there are exceptions such as legal professional privilege information, opinion data kept solely for evaluative purposes, etc.

In additional, organisations are prohibited from providing you access if the provision of the data may:

  • cause immediate or grave harm to your safety or physical or mental health;
  • threaten the safety or physical or mental health of another individual;
  • reveal personal data about another individual;
  • reveal the identity of the individual who has provided the personal data about you, and the individual has not consented to the disclosure of his or her identity; or
  • be contrary to national interest.

Back to top

2. Can I request to correct my personal data held by an organisation?

You may request to correct an error or omission in the personal data an organisation holds about you.

The organisation is also required to send the corrected personal data to every other organisation to which the personal data was disclosed by the organisation within a year before the correction, unless the other organisation does not need the corrected personal data for any legal or business purpose or to seek your consent to send your corrected data only to specific organisations.

Exceptions from correction requirement may be found in the Sixth Schedule of the PDPA.

Back to top

3. Can organisations charge a fee for my access request?

Organisations may charge a reasonable fee on a cost recovery basis.

Back to top

4. Can organisations charge a fee for my correction request?

Organisations are not entitled to impose a fee for the correction of personal data, as it is the organisation’s obligation under the Accuracy Obligation to obtain personal data that is accurate and complete.

Back to top

Care of Personal Data

1. How long can an organisation retain my personal data for?

The PDPA does not prescribe the retention period. However, an organisation shall cease to retain personal data as soon as the purpose of collection is no longer served by the retention, and retention is no longer necessary for business or legal purposes.

Back to top

2. Can I ask an organisation to delete my personal data from their records?

You may tell an organisation to stop collecting, using or disclosing your personal data at any time. However, the organisation is not required to delete or destroy your personal data and may retain it for as long as there are business or legal needs. 

Back to top

Do Not Call Registry

1. How can the DNC Registry help me?

The DNC Registry lets you opt out of marketing messages addressed to your Singapore telephone number, such as those which promote or advertise goods or services, allowing you to have more control over the kind of messages you receive on your telephone, mobile telephone, or fax machine.

Organisations are required to check the DNC Registry within certain time periods before sending any marketing message (60 days for the first six months of the DNC Registry’s operations, and 30 days thereafter). Therefore, you should not receive marketing messages from organisations (except those you have given clear and unambiguous consent for, in written or other accessible form) 30 or 60 days after registration. However, during the period immediately after registration (within 60 days for the first six months of the DNC Registry’s operations, and within 30 days thereafter), you may expect to still receive some marketing messages.

Back to top

2. When will the DNC Registry be ready?

The DNC Registry started accepting registrations since 2 December 2013 and the DNC provisions came into effect on 2 January 2014.

Back to top

3. What telephone numbers can be registered with the DNC Registry?

The DNC Registry accepts registration of only 8-digit Singapore telephone numbers, including mobile, home and office numbers. Any Singapore number that begins with 3, 6, 8, or 9 can be registered. Please note that access to the device (of the number that is being registered) is required.

Back to top

4. Can I register my office number with the DNC Registry?

Yes you may register your business number with the DNC Registry. In general, only the account-holder or subscriber of the telephone line should register the telephone number on the DNC Registry. Where the account-holder of subscriber of the telephone line is the organisation and not the employee, employees should seek permission of the organisation if they wish to register their business numbers. In any case, the sending of Business-to-Business (B2B) marketing messages is not currently covered by the requirements relating to the DNC Registry.

Back to top

5. Will my telephone number registered with the DNC Registry expire?

Registrations of telephone numbers with the DNC Registry do not expire. Your registration with the DNC registry will only be removed when you terminate your number, or when you remove your number from the DNC Registry.

Back to top

6. Do I have to pay to register my telephone number with the DNC Registry?

Your registration with the DNC Registry is free-of-charge.

Back to top

7. Which Register should I add my telephone number to?

There are three Registers on the DNC Registry:

  • No Voice Call Register - Register on this to opt out of receiving telemarketing calls
  • No Text Message Register - Register on this to opt out of receiving telemarketing text messages, eg. SMS/MMS
  • No Fax Message Register - Register on this to opt out of receiving telemarketing faxes

Please note that you may still receive telemarketing messages or calls in the first 60 days from the date of registering your number.

Back to top

8. How do I register my number?

There are 3 modes to register your mobile number with the DNC Registry:

  • Online registration via the DNC Registry website at www.dnc.gov.sg
  • SMS registration using your mobile phone
  • Phone registration via our toll free numbers

Please see here for more details.

Back to top

9. How do I register my telephone number if it has caller ID blocking service?

The DNC Registry automatically detects the number of the device that you SMS or call from. If your number has caller ID blocking service, please register online via the DNC Registry website.

Back to top

10. How do I know if my registration is successful?

If you register online via the DNC Registry website, you will be brought to the confirmation page upon successful registration. If you register via SMS, a confirmation SMS will be sent to the number registered. If you register via the toll free number, you will receive confirmation at the end of the call. You can also visit www.dnc.gov.sg to check the status of your registration.

Back to top

11. How do I deregister my telephone number with the DNC Registry?

There are 3 modes to deregister:

  • Online deregistration via the DNC Registry website at www.dnc.gov.sg
  • SMS deregistration using your mobile phone with the Menu Option
  • Phone deregistration via our toll free number with the Menu Option

Please see here for more details.

Back to top

12. Do I have to re-register if I change my telephone number?

You will need to register the new telephone number when you change your telephone number.

Back to top

13. Do I have to remove my number from the DNC Registry if I terminate my number?

Please deregister from the DNC Registry if you have terminated your number.

Back to top

14. Will I stop receiving telemarketing messages immediately after I have registered my mobile number with the DNC Registry?

If you register before 2 July 2014, you may still receive some telemarketing calls and messages within the next 60 days after the registration.

If you register on or after 2 July 2014, you may still receive some telemarketing calls and messages within the next 30 days after the registration.

You will also continue to receive telemarketing messages from an organisation after registration with the DNC Registry:

  • if you have given the organisation your clear and unambiguous consent to receive such messages in written or other accessible form;
  • for service calls or reminder messages in respect of services that you have bought;
  • for Business-to-Business telemarketing messages; or
  • for overseas calls.

Back to top

15. Do organisations have to check the DNC Registry for all telemarketing messages they intend to send out?

Generally, organisations are required to check the DNC Registry before sending telemarketing messages to a Singapore telephone number. Some exceptions to this requirement are:

  1. If the subscriber or user of the number has given the organisation clear and unambiguous consent in written or other evidential form for the organisation to send telemarketing messages to the number; or
  2. If the message falls within an exclusion in the Eighth Schedule to the PDPA (for example, if it is solely for the purpose of conducing market research, or for business-to-business marketing); or
  3. If the organisation is able to rely on the Personal Data Protection (Exemption from Section 43) Order 2013 to send the message.

Back to top

16. How can I still receive promotional messages from selected organisations if I register with the DNC Registry?

You may receive telemarketing messages (via voice calls, text or fax messages) from selected organisations if you give them your clear and unambiguous consent to contact you for such purposes, even if you have registered your telephone number with the DNC Registry. You may also continue receiving promotions via text or fax messages (but not voice calls) that are related to the subject of any ongoing relationship (such as memberships or subscriptions) that you may have with these organisations.

Back to top

17. Will I receive all sorts of promotional messages from organisations relying on the Exemption Order?

No. An organisation that relies on the Personal Data Protection (Exemption from Section 43) Order 2013 to send you promotional messages without checking the DNC Registry has to fulfil the following conditions:

  • it must have an ongoing relationship with you;
  • it must send a text or fax message (but not voice call) that is related to the subject of its ongoing relationship with you; and
  • it must provide an opt-out facility within the body of the message. The opt-out facility may be provided via a Singapore telephone number or short code (in the case of a specified text message), or a fax number (in the case of a specified fax message). When you opt out, the organisation can no longer rely on the exemption and must stop sending such messages to you 30 days after you have opted out.

An organisation will also not be able to rely on this exemption if you have withdrawn consent (and the prescribed period has lapsed) or indicated that you do not consent to the sending of any telemarketing message.

Back to top

18. What is meant by an 'ongoing relationship'?

‘Ongoing relationship’ means a relationship, which is on an ongoing basis, between a sender and a subscriber or user of a Singapore telephone number, arising from the carrying on or conduct of a business or activity (commercial or otherwise) by the sender. An ongoing relationship may include, for example, a subscription, membership, account, loan or comparable relationships involving the ongoing purchase or use of goods and services supplied by the sender to the individual. A series of one-off transactions or a past relationship is not sufficient to constitute an ongoing relationship.

Back to top

19. Will the DNC Registry rules cover overseas telemarketers?

The PDPA shall apply to a marketing message addressed to your Singapore telephone number where:

  • the sender is present in Singapore when the message is sent; or
  • you are present in Singapore when the message is accessed.

If a Singapore organisation outsources the telemarketing function overseas, the Singapore organisation that authorised the sending of the message will need to comply with the DNC Registry rules and will be responsible for the sending of the message.

If both the telemarketing organisation and the organisation which outsourced its telemarketing function are overseas organisations and they send the message while you are overseas, the DNC Registry rules will not apply. For example, an overseas telecom service operator sending messages promoting their cheaper IDD service to you via the overseas telecom network will not need to check the DNC Registry.

Back to top

20. Are business-to-business (B2B) marketing calls or messages covered under the DNC Registry?

B2B marketing calls, SMS/MMS and fax messages are not within the scope of the DNC Registry. The PDPC recognises that B2B marketing calls or messages may be essential to the day-to-day operations between businesses and note that consumers will not be affected by the exclusion of B2B marketing calls or messages as they are targeted at organisations.

However, organisations may register their Singapore telephone numbers with the DNC Registry, and telemarketers that call or send a message to these registered numbers may not market to the individual. In general, only the account-holder or subscriber of the telephone line should register the telephone number with the DNC Registry. Where the account-holder of subscriber of the telephone line is the organisation and not the employee, employees should seek permission of the organisation if they wish to register their business numbers.

Back to top

21. Are telemarketing messages sent through applications such as WhatsApp covered under the DNC provisions?

Under the PDPA, organisations are prohibited from sending specified messages addressed to Singapore telephone numbers registered with the DNC Registry. In situations where specified messages are sent through smartphone applications that use a telephone number as an identifier, such as WhatsApp, such messages will be covered by the DNC provisions. Specified messages sent via other technologies such as those using a mobile data connection will be treated similarly, as long as the specified message is addressed to a Singapore telephone number. However, some data-based phone applications do not use phone numbers as identifiers, such as iMessage which may use email addresses. In the situations where the message is sent to those applications where the message is not addressed to a telephone number, such messages will not be covered by the DNC provisions.

Back to top

22. Are emails and mail delivered by post covered under the DNC Registry?

The DNC Registry covers marketing messages sent to Singapore telephone numbers. Emails and mails delivered by post are not included within the scope of the DNC Registry.

Emails are not included within the scope of the DNC Registry as unsolicited emails can be blocked through email filters. They also cause less of a nuisance to delete when received, as compared to telephone calls, SMS and fax messages, which are more difficult for the individual to filter. Furthermore, the Spam Control Act also helps to complete the framework by setting out requirements in relation to the sending of unsolicited commercial electronic messages in bulk.

As for junk mail, there are existing ways for individuals to reduce the volume of such mail, such as through the use of letterboxes with anti-junk mail features. Junk mail may also be less of a nuisance than telephone calls, SMS or MMS messages, or faxes, which are more likely to inconvenience an individual or interrupt his activities.

Back to top

23. What can I do if I receive unsolicited telemarketing messages from organisations before the implementation of the DNC registry on 2 January 2014?

You may wish to directly contact organisations that send you telemarketing messages and ask them to stop doing so.

If you continue to receive telemarketing messages after your request, you may choose to write to the PDPC If there is sufficient information, with your consent to disclose details of your feedback (including your name and contact information), we may contact the relevant organisation on your behalf and remind them of the PDPA obligations that will come into force in 2014.

Please note that the PDPC would not be able to undertake any investigation or enforcement before 2 January 2014.

Back to top

24. If an organisation has obtained consent from me before I registered with the DNC Registry, can the organisation still send marketing messages to me?

Yes, the organisation may send marketing messages to your Singapore telephone number if it has obtained your clear and unambiguous consent to the sending of the marketing message, in written or other accessible form, regardless of when you registered your number with the DNC Registry.

If you change your mind, you may withdraw your consent from the organisation concerned. The organisation shall not prohibit you from withdrawing consent but this shall not affect the legal consequences arising from the withdrawal. The organisation shall inform you of the likely consequences to your withdrawal, and shall cease sending marketing messages to you.

Back to top

25. How can I still receive promotional messages from selected organisations if I register with the DNC Registry?

From 2 January 2014, individuals who have registered their Singapore telephone numbers on the DNC Registry and continue to receive telemarketing messages or calls from organisations that do not have consent from such individuals, may file a complaint with the PDPC for investigations.

Back to top

26. How do I report a suspicious scam call or message?

Scam messages generally do not promote goods, services, suppliers of goods and services and are unlikely to be specified messages for the purposes of the DNC provisions. If you suspect that the call or message you received is a scam, you are advised to lodge a Police report through one of these channels:

(a) dialling the Police hotline 999;

(b) the Electronic Police Centre; or

(c) the Crimestopper Portal.

Back to top

Enforcement

1. What should I do if I receive an SMS or call offering moneylending services?

Under the Moneylenders Act, licensed moneylenders are not allowed to advertise their moneylending services via SMS or voice calls. Therefore, any SMSes or calls soliciting for loans are either sent by an unlicensed moneylender (a.k.a Ah Longs), or by a licensed moneylender in contravention of advertising restrictions.

You are advised to report the SMS (with a screen capture of the SMS you received) or call through:

(a) the Electronic Police Centre;

(b) the National Crime Prevention Council's 'X Ah Long' Hotline at 1800-924-5664 (1800-X-AH-LONG);

(c) the Crimestopper Portal; or

(d) the Insolvency and Public Trustee's Office at at 6325 1500, if you suspect that the SMS was sent by a licensed moneylender. You may refer to IPTO website for updated list of licensed moneylenders in Singapore.

Back to top

2. How do I lodge a complaint on DNC offences?

From 2 January 2014, if you have registered your Singapore telephone number on the DNC Registry and continue to receive telemarketing messages from organisations which you did not give consent to, you can lodge a complaint with the PDPC for investigations by providing us with the following information:

  1. Your particulars (name, NRIC, contact number, etc);
  2. The date and approximate time of the call/text/fax you received;
  3. The Singapore telephone number on which you received the call/text/fax;
  4. If available, the name and telephone number of the person that made or sent the call/text/fax;
  5. If available, the name of the organisation on whose behalf the call/text/fax was made or sent (for example, the caller/sender may be employed by one company but made the call/text/fax on behalf of another company);
  6. If available, the contact details (such as a website or telephone or fax number) of the organisation involved;
  7. Contents of the call/text/fax (where applicable, to attach a copy of the message received);
  8. Whether you have any ongoing relationship (e.g. membership, subscription) with the organisation; and
  9. Whether you recall having withdrawn consent from that organisation to contact you.

You can send the above information to the PDPC through any of the following channels:

  1. Email: info@pdpc.gov.sg, with the subject title as [Enforcement];
  2. Post:
    Officer-in-charge, Enforcement
    Personal Data Protection Commission
    460 Alexandra Road
    #10-02 PSA Building
    Singapore 119963; or
  3. Fax: 6274 7370.

Our officers may get in touch with you if further information or clarifications are required.

Back to top

3. Is there a time frame for a complaint to be made to the PDPC for investigations?

Generally, there is no specific time frame during which a complaint may be lodged. However, it is important to note that, evidence may no longer be available to substantiate your case if the complaint is lodged a significant period after the telemarketing message/call was received.

Back to top

4. Do I need to submit any evidence to the PDPC when lodging a complaint?

The PDPC will require complete information about the case such as the date and time, and other details of the telemarketing message in order to proceed with the investigation. If available, evidence, supporting the complaint should be submitted to the PDPC, such as:

  1. Screenshots of the message (including the message date and time of the message);
  2. Call logs of the telephone number that made the telemarketing call to you;
  3. The original fax message received by you; and
  4. Documents showing that you have withdrawn consent from receiving telemarketing messages/calls from the organisation concerned.

You may make a complaint even if documentary evidence is not available provided there is sufficient evidence for the PDPC to investigate further.

You may make a complaint even if documentary evidence is not available provided there is sufficient evidence for the PDPC to investigate further.

In order to ensure the successful prosecution of the organisation that sent you the specified message, you should also retain the originals of evidence not submitted to PDPC, including the equipment that received the telemarketing message (such as mobile phones). This evidence may need to be obtained by PDPC in the course of investigations.

Back to top

5. Will I need to provide my statement after lodging a complaint?

You may need to provide a statement, depending on the nature and circumstances of each complaint. If necessary, PDPC will contact you to arrange for a convenient time for your statement to be taken.

Back to top

6. Can I choose to remain anonymous when lodging a complaint?

In general, we require your personal particulars in order to investigate a complaint.

Back to top

7. Will I receive any reply from the PDPC after reporting a possible DNC offence?

You will receive a reply from us within 5 working days of receipt of your complaint. We will update you subsequently to inform you of the outcome of the investigation.

Back to top

8. Will I be expected to attend Court after making a report involving DNC breaches?

You may have to appear in Court and give evidence in cases that involve court prosecution. Where Court attendance is required, a subpoena will be served on you, notifying you when your attendance is required.

Back to top

9. Will the PDPC investigate telemarketing messages sent from overseas?

The PDPA applies in relation to a specified message sent to a Singapore telephone number where the sender is in Singapore when the message is sent or the recipient is in Singapore when the message is accessed.

Where a telemarketing message is sent from overseas and at least one of the senders is in Singapore, PDPC will investigate the complaint and take the appropriate action against the sender(s) in Singapore.

In relation to overseas senders, the PDPC will, where appropriate, work with our overseas counterparts to investigate into such cases.

Back to top

10. What if I receive a marketing text or fax message from an organisation with which I have an ongoing relationship (e.g. regular customer or membership)?

The PDPC recognises that some consumers may wish to receive information on goods or services from organisations that they have a continuing relationship with, in a minimally intrusive manner, via text or fax messages. Otherwise, these consumers may miss such messages if they are registered with the DNC Registry or if the organisation did not obtain their clear consent. The PDPC therefore allows organisations with which you are in an ongoing relationship to send you telemarketing messages related to the product or service you have bought.

You may lodge a complaint with the PDPC if you have received such a marketing text or fax message, and you have indicated to the sender that:

  1. you withdrew your consent for the sender to send you such marketing messages more than 60 days ago;
  2. you have opted out from receiving such marketing messages through an opt-out notice more than 30 days ago; or
  3. you do not consent for the sender to send you such telemarketing messages.
  4. Back to top