1. Purpose

This Data Protection Statement describes how IRAS collects, uses, shares, and protects data.

We only collect, use or share information to fulfil our mission and to discharge our function as an agent of the Government.

We adhere to all applicable laws, regulations, policies, and guidelines including those below when we collect, use, and share data:

    • Tax Acts administered by IRAS
    • Inland Revenue Authority of Singapore (IRAS) Act 1992
    • Official Secrets Act 1935
    • Statutory Bodies and Government Companies (Protection of Secrecy) Act 1983
    • Public Sector (Governance) Act (PSGA) 2018
    • Common law or relevant court decisions, and
    • Government data security and data protection policies

    IRAS is committed to safeguarding the confidentiality and security of the data you have entrusted to us. We will handle it with care and protect it well.

    This Data Protection Statement should be read together with the Privacy Statement provided within this Site.

     

    2. What information we collect

    Information that we collect about you includes:

      • personal and business profile
      • personal income and employment
      • business income/ activities
      • tax reliefs, deductibles, allowances, incentives, and donations
      • property ownership, sale, purchase, and lease
      • dutiable shares transfer
      • information required under international tax agreements or government schemes

       

      3. When we collect them

      We collect information when you:

        • file tax returns, stamp dutiable instruments or submit documents to IRAS
        • make tax payments
        • access and use our digital services or website (e.g. use of cookies)
        • communicate with us via phone, live-chats, emails, and any other means of communication

        We also collect information about you from third parties when we are authorised by laws or when you give consent for the data collection. These third parties include:

          • employers
          • intermediaries of taxpayers (e.g. commission paying organisations, street/ ride-hail service providers, tax agents)
          • financial institutions
          • Charities, Institutions of a Public Character (IPCs), grantmakers, and philanthropic organisations
          • our tax treaty partners
          • government agencies or statutory boards

           

          4. How we use the information collected

          The information collected allows us to:

            • administer taxes and government schemes fairly and efficiently.
            • enrich our understanding of taxpayers’ and businesses’ needs, so that we can serve you better and provide you with seamless service delivery.
            • perform tasks in the public interest or exercise our official duties as a government agency.

             

            5. Disclosure to third parties

            We are bound by secrecy laws and may disclose your information to third parties only for reasons permitted by the law.

            In some instances, we require your express consent to do so. In such instances, where you have given express consent, you can withdraw your consent at any time. You can do so by giving reasonable notice to the third party whom you have previously provided the consent to. On receipt of such notice, the third party shall inform you of the consequences of withdrawing the consent before acting on your request.

            Third parties to whom we may disclose your information, include:

              • contractors engaged by IRAS and are subject to IRAS’ data policies and security requirements
              • tax agents acting on your behalf for tax matters
              • our tax treaty partners
              • government agencies or statutory boards*

              *Examples of government agencies or statutory boards to whom we may disclose your information:

                • Law enforcement agencies
                • Ministry of Finance (MOF)
                • Auditor-General Office (AGO)
                • Central Provident Fund Board (CPFB)
                • Department of Statistics

                 

                6. Data protection

                We take our responsibility in protecting the confidentiality and integrity of your data seriously. We have put in place strict data security requirements. All authorised personnel must handle your data based on the requisite technical and process safeguards.

                We handle your data securely by:

                  • limiting access to your data - your data will be accessed by authorised personnel only when the data is required for their official duties. We will apply the necessary tools and processes to keep the data access and usage by authorised personnel controlled and secure. 
                  • undertaking to safeguard your data – all authorised personnel have to sign individual undertakings on their legal obligations before they are given access to your data. They understand that they are accountable when handling your data and are subject to penalties for unauthorised disclosure, improper use and/ or modification of your data. 
                  • training our staff to protect your data - our staff are trained to handle your data with care and to adhere strictly to data security policies and measures.
                  • applying strong data protection measures - we apply appropriate security measures (e.g. encryption) and safeguards to protect your data against data breaches and cybersecurity threats. 
                  • round-the-clock monitoring - we detect unauthorised access and suspicious activities by continuous logging and monitoring of data access records, including network traffic flow information through our Infocomm Technology (ICT) systems.
                  • limiting data retention period we retain your data only for the period necessary for fulfilling our business needs.
                  • robust monitoring and oversight to ensure proper data management – regular and mandatory audits are conducted to ensure that we comply with the requisite standards for data protection and the security of ICT systems. There are stiff penalties, prescribed by law, for mishandling of data.

                  Find out more about Whole-of-Government Personal Data Protection Policies:

                   

                  7. Access to and correction of your data

                  For data that you had earlier provided to IRAS, you may request in writing that we:

                  a) provide you with the data or provide information about the ways in which your data has been or may have been used or disclosed by us in the last 12 months; or

                  b) correct your data should it be out-of-date or contain an error or omission.

                  The request must include sufficient detail for us to identify you and the data or correction so requested.

                   

                  8. Contacting IRAS’ Quality Service Manager

                  Please contact IRAS’ Quality Service Manager (QSM) if you:​

                  a) have any enquires or feedback on our data protection, policies and procedures; or

                  b) need to access or correct the data you have earlier provided to us.