This Data Protection Statement describes how IRAS collects, uses, shares, and protects data.
We only collect, use or share information to fulfil our mission and to discharge our function as an agent of the Government.
We adhere to all applicable laws, regulations, policies, and guidelines including those below when we collect, use, and share data:
- Tax Acts administered by IRAS
- Inland Revenue Authority of Singapore (IRAS) Act 1992
- Official Secrets Act 1935
- Statutory Bodies and Government Companies (Protection of Secrecy) Act 1983
- Public Sector (Governance) Act (PSGA) 2018
- Common law or relevant court decisions, and
- Government data security and data protection policies
IRAS is committed to safeguarding the confidentiality and security of the data you have entrusted to us. We will handle it with care and protect it well.
This Data Protection Statement should be read together with the Privacy Statement provided within this Site.
2. What information we collect
Information that we collect about you includes:
- personal and business profile
- personal income and employment
- business income/ activities
- tax reliefs, deductibles, allowances, incentives, and donations
- property ownership, sale, purchase, and lease
- dutiable shares transfer
- information required under international tax agreements or government schemes
3. When we collect them
We collect information when you:
- file tax returns, stamp dutiable instruments or submit documents to IRAS
- make tax payments
- communicate with us via phone, live-chats, emails, and any other means of communication
We also collect information about you from third parties when we are authorised by laws or when you give consent for the data collection. These third parties include:
- intermediaries of taxpayers (e.g. commission paying organisations, street/ ride-hail service providers, tax agents)
- financial institutions
- charities/ Institutions of a Public Character (IPCs)
- our tax treaty partners
- government agencies or statutory boards
4. How we use the information collected
The information collected allows us to:
- administer taxes and government schemes fairly and efficiently.
- enrich our understanding of taxpayers’ and businesses’ needs, so that we can serve you better and provide you with seamless service delivery.
- perform tasks in the public interest or exercise our official duties as a government agency.
5. Disclosure to third parties
We are bound by secrecy laws and may disclose your information to third parties only for reasons permitted by the law. In some instances, we require your express consent to do so.
Third parties to whom we may disclose your information, include:
- contractors engaged by IRAS and are subject to IRAS’ data policies and security requirements
- tax agents acting on your behalf for tax matters
- our tax treaty partners
- government agencies or statutory boards*
*Examples of government agencies or statutory boards to whom we may disclose your information:
- Law enforcement agencies
- Ministry of Finance (MOF)
- Auditor-General Office (AGO)
- Central Provident Fund Board (CPFB)
- Department of Statistics
Where you have given express consent on disclosure of your data to third parties (for example, another government agency), you can withdraw your consent at any time. You can do so by giving reasonable notice to the third party whom you have previously provided the consent to. On receipt of such notice, the third party shall inform you of the likely consequences of withdrawing the consent.
6. Data protection
We take our responsibility in protecting the confidentiality of your data seriously. We have put in place strict data security requirements. All authorised personnel must handle your data based on the requisite technical and process safeguards.
We handle your data securely by:
- limiting access to your data - your data will be accessed by authorised personnel only when the data is required for their work purposes. If there is a need for any contractors to access your data, we will
apply the necessary tools and processes to keep it controlled and secure.
- undertaking to safeguard your data – all our staff and contractors have to sign individual undertakings on their legal obligations before they are given access to your data. They understand that they are accountable when handling
your data and are subject to penalties for unauthorised disclosure and improper use of your data.
- training our staff to protect your data - our staff are trained to handle your data with care and to adhere strictly to data security policies and measures.
- applying strong data protection measures - we apply appropriate security measures (e.g. encryption) and safeguards to protect your data against data breaches and cybersecurity threats.
- round-the-clock monitoring - we detect unauthorised access and suspicious activities by continuous logging and monitoring of data access records, including network traffic flow information through our Infocomm Technology (ICT) systems.
- limiting data retention period – we retain your data only for the period necessary for fulfilling our business needs.
- robust monitoring and oversight to ensure proper data management – regular and mandatory audits are conducted to ensure that we comply with the requisite standards for data protection and the security of ICT systems.
Find out more about Whole-of-Government Personal Data Protection Policies:
- Government’s Key Data Security Policies
- Government Personal Data Protection Policies
- Annual Update on Government’s Personal Data Protection Efforts
7. Access to and correction of your data
For data that you had earlier provided to IRAS, you may request in writing that we:
a) provide you with the data or provide information about the ways in which your data has been or may have been used or disclosed by us in the last 12 months; or
b) correct your data should it be out-of-date or contain an error or omission.
The request must include sufficient detail for us to identify you and the data or correction so requested.
8. Contacting IRAS’ Quality Service Manager
Please contact IRAS’ Quality Service Manager (QSM) if you:
a) have any enquires or feedback on our data protection, policies and procedures; or
b) need to access or correct the data you have earlier provided to us.