SAA-GE takes the responsibility regarding the security of the personal information seriously. It has instituted policies to safeguard the privacy and security of personal information.
Data and information collected will be treated as confidential and is for official use by SAA-GE only. Unless requested by government agencies, written permission will be obtained from you if the data is used for purposes beyond the original intent, as specified in the SAA-GE’s Personal Data Protection Policy. The Confidentiality Policy is printed on forms that collect personal data.
PERSONAL DATA PROTECTION POLICY (PDPP)
SAA Global Education Centre (“SAA-GE” or “School: or we” or “our” or “us) is committed to comply with the Singapore Personal Data Protection Act (PDPA) 2012 in protecting all personal information that has been processed by us. In addition, we will be compliant with the European Union General Data Protection Regulation (EU GDPR) if we are processing or holding personal information of individuals residing in EU. This policy sets out the manner in which personal data of staff, students, parents/guardians and other individuals who come into contact with SAA-GE. This information is gathered in order to enable us to provide education and other associated services or functions. In addition, there are legal requirements to collect and use information to ensure that we comply with the statutory obligations.
This policy will ensure:
- SAA-GE processes personal data fairly and lawfully and in compliance with the Data Protection Principles;
- All staff involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibility under this policy;
- The data protection rights of those involved with the company are safeguarded; and
- Confidence in the School’s ability to process data fairly and securely.
Please read the following policy to understand the School’s practices on data privacy matters. By providing your personal data to us, you are consenting to the collection, use and disclosure as described in this policy.
This policy applies to:
- Personal data of all staff, Board members, students, parents/guardians, agents and any other person carrying out activities on behalf of the School;
- The processing of personal data, both in manual form and on computer; and
- All staff and Board members.
The Data Protection Principles
The School will ensure that personal data will be:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specific, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Kept securely and accessible only to authorised persons.
The School will have in place a process for dealing with the exercise of the following rights by Board members, staff, students, parents/guardians and members of the public in respect of their personal data:
- To be informed about what data is held, why it is being processed and who it is shared with;
- To access their data
- To rectify the record
- To erase;
- To restrict processing;
- To data portability;
- To object to processing;
- Not to be subject to automated decision-making including profiling.
Roles and Responsibilities
The School has appointed a Data Protection Officer (DPO) who ensures that the School complies with the Data Protection Principles in the processing of personal data, including the way in which the data is obtained, stored, used, disclosed and destroyed. The DPO has the responsibility for all issues relating to the processing of personal data and will report directly to the top management of the School. The DPO will deal with subject access requests, requests for rectification and erasure, data security breaches. Complaints about data processing will be dealt with in accordance with the School’s Feedback Management System. The DPO is responsible for ensuring that all departments and their support services implement good data protection practices and procedures and for compliance with the Data Protection Principles. It is the responsibility of all staff to ensure that their working practices comply with the Data Protection Principles. Disciplinary action may be taken against any employee who breaches any of the instructions or procedures forming part of this policy.
Type of Personal Data We Collect
We request information from you in several ways such as through our websites, application portals, forms, surveys, and/or other channels that may be used to personally identify you, including but not limited to:
- Your personal information such as your name, NRIC/FIN/Passport number, date of birth, marital status, gender;
- Your contact information such as postal addresses, email addresses, telephone and fax numbers;
- Your past and present employment information such as company name, company type, sector, designation, business telephone and fax numbers;
- Your past and present academic qualifications such as schools attended, courses of study, period of study and academic results;
- Your billing information, including name of the credit/debit cardholder, credit/debit card number, security code and expiry date.
Purposes for which the Personal Data is Collected, Used and Disclosed
We process personal information to enable us to provide education, training and educational support services to our clients. It is also necessary for us to ensure the safeguarding of our students and maintain student welfare. In addition, this information is required for us to administer School’s property, maintain our own accounts and records, to support and manage our employees, and to fulfil the various statutory requirements. We may use the personal data you provided for one or more of the following purposes:
- In relation to your registration for academic courses, student contracts, payments, course previews, open house, exhibitions, events, seminars, workshops;
- For the supply of any goods and/or services which we may offer to you or you may require from us;
- For your use of the online services at any of our websites and/or through other digital or telecommunication channels;
- For identification and verification purposes in connection with any of the goods and/or services that may be supplied to you;
- To contact you regarding your enquiries and/or feedback;
- For the conduct of statistical studies and analysis by us or on our behalf;
- To administer contests and lucky draws conducted by us or on our behalf;
- To send news and events updates, and/or marketing campaigns in relation to the goods and/or services that we and/or our business partners provide, or on our behalf. You may unsubscribe from this service at any time;
- To facilitate payment for goods and/or services provided by us or our subsidiaries, and/or a third party on our behalf including verification of credit card details with third parties and using the personal data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);
- To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside Singapore;
- To help us improve our services to you.
- To disclose to our partnering institutions/universities/associations for the purpose of sales consultation, enrolment, examination and academic related matters.
- We also use CCTV systems to monitor and collect visual images for security and the prevention of crime.
Who the Information is Processed About
We process personal information about:
- Our students
- Agents or other professional services
- School staff
- Board members
- Complainants and enquirers
- Individual captured by CCTV images
Who the Information may be shared with
We sometimes need to share the personal information we process with the individual concerned and also with other organisations. Where this is necessary we are required to comply with the PDPA. The types of organisations we may need to share some of the personal information we process with for one or more reasons:
- Education, training, career and examining bodies
- School staff and Boards
- Family, associates and representatives of the person whose personal data we are processing
- Local government
- Healthcare professionals
- Social and welfare organisations
- Police forces
- Current, past or prospective employers
- Business associates and other professional advisers
- Suppliers and service providers
- Financial organisations
- Security organisations
- Press and media
Right to Access and Correct Personal Data
You have the right to access and correct your personal information held by us under the PDPA. We will attempt to keep your records complete, accurate and up-to-date. If you have any reason to believe that your records with us are inaccurate, incomplete or not updated, please notify us in a timely manner. If you wish to request for access to, or to correct data held by us, please forward your request to the Data Protection Officer at email@example.com. We reserve the right, or may, charge a reasonable fee for the processing of any data access request. We will correct your personal data as soon as practicable. Current and past students may also access and correct their personal data with their existing usernames and passwords through the Student Portal.
Withdrawal of Consent
Although we only process your personal data for purposes as stated above, in the event that your personal data is being processed for other purposes (with your consent), you have the right to request us to stop such processing. If you no longer wish to receive marketing messages from us via voice call, text and/or fax messages or wish to withdraw your consent to the data processing/use of your personal data by us, you may request to withdraw your consent by submitting the Withdrawal of Consent form.
Link to other websites
SAA-GE websites and other digital and telecommunication channels may contain links to other sites that are operated by third party companies with different privacy practices. You should remain alert and read the privacy statements of other sites. We have no control over the personal data that you submit to or receive from these third parties.
Storage and Protection of Personal Data
We protect the personal data collected by maintaining reasonable security arrangements to prevent unauthorised access, collection, disclosure, copying, modification, disposal or other similar risks. We will put in place measures such that your personal data in our possession is destroyed and/or anonymised as soon as it is reasonable to assume that:
- The purpose for which that personal data was collected is no longer being serviced by the retention of such personal data; and
- Retention is no longer necessary for any other legal or business purposes.
It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the PDPA.
Amendments to This Policy
This Policy may be reviewed and amended from time to time in line with legal or practice development. We will communicate such changes along with the updated Policy on the school website and/or other appropriate communication means. You are advised to visit the school website on a regular basis to check for any updates and changes on the Policy.
If you have any question, please direct your enquiries to:
The Data Protection Officer
SAA Global Education Centre Pte Ltd
111 Somerset Road
#04-25 TripleOne Somerset
Email : firstname.lastname@example.org