1.1 The purpose of the PDPA is to govern the collection, use and disclosure of personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.

 

1.2 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organization has or is likely to have access. Some common examples of personal data include names, identification numbers, contact information, medical records, photographs and video images.

 

1.3 In general, before we collect any personal data from you, we will notify you of the purpose(s) for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purpose(s).

2.1 We collect, use and/or disclose your personal data depending on your relationship with us.

 

2.2 You may be an existing or prospective student, examination candidate, training course/ programme/seminar/workshop participant, attendee or observer, donor, service provider, vendor, alumnus or other individual person relating to us at the SCI.

 

2.3 We collect your personal data that are necessary for the purposes for which they are collected depending on your relationship with us as stated in paragraph 2.1 and as described in paragraph 2.2 above. The personal data which we collect from you may be collected, used and/or disclosed for their respective purposes and matters related thereto.

 

For students and prospective students, attendees and participants of our training courses/seminars/workshops (collectively “training course”) and examinations

 

We collect personal data such as your name, gender, date of birth, National Registration Identity Number (NRIC No.) or Passport Number, contact details, address, e-mail address, academic qualification(s), designation, occupation, years of experience, and your employer/company’s name for the purposes of providing professional training and education to you, when you:

 

General Matters

(i) Create a new user profile online;

(ii) Register online to sit for any examination conducted by us or jointly conducted by us and our industry partner or to apply for an exemption from our examination;

(iii) Register online to attend and/or participate in a training course;

(iv) Request for a Letter of Certification or for a Letter of Attendance for the training course which you have attended and/or participated;

(v) Make an enquiry via e-mail, telephone, mobile phone or text message or “Contact Us” on our website regarding our training course(s);

(vi) Make an enquiry via e-mail, telephone, mobile phone or text message or “Contact Us” on our website regarding our examination(s).

Training Course Related Matters

(i) Register you as a training course participant and send you our acknowledgement letter/invoice;

(ii) Process your invoice and payment;

(iii) Issue a Certificate of Attendance to you;

(iv) Process any refund that you may be entitled to;

(v) Issue a Letter of Attendance to you when you send us a written request to do so;

(vi) Disclose to any third-party service provider for the arranging of ancillary services being necessary for the training course, such as transport or accommodation or food catering;

(vii) Obtain security clearance necessary for any site visit;

(viii) Mark your attendance at a training course;

(ix) Provide your personal data/profile to the trainer, lecturer or tutor or service provider for a training course you plan to attend;

(x) Provide your name and your company’s name to other individuals attending the same training course as you;

(xi) Disclose your personal data to any of our business partners that may have jointly organised the training course with us;

(xii) Disclose your personal data and attendance to any government authority, public agency or regulatory authority where necessary or required under the applicable law, rules and/or regulations.

(xiii) Disclosing your personal data, attendance and examination results to any authority, public agency, funding agency or regulatory authority for the purpose of processing your funding claim for the training course and/or examination which you have registered for.

Examination Related Matters

(i) Registering you as an examination candidate and receiving registration confirmation from us;

(ii) Signing of the Student Contract;

(iii) Processing exemption application;

(iv) Processing invoice and payment;

(v) Collecting Study Text(s)/Study Guide(s);

(vi) Retrieving registration data;

(vii) Administering your examination, including verifying your identity before your examination starts;

(viii) Issuing your Result Slip, Certificate (if applicable) to you;

(ix) Processing any refund that you may be entitled to;

(x) Issuing a Letter of Certification or Transcript to you or to a third party at your request;

(xi) Disclosing your examination results to a company/principal that sponsors you or its appointed agency for evaluative purposes;

(xii) Disclosing your personal data to any partner that have jointly organised the relevant examination with us;

(xiii) Disclosing your personal data to any government authority/public agency or regulatory authority as and when required;

(xiv) Disclosing your personal data, attendance and examination results to any authority, public agency, funding agency or regulatory authority for the purpose of processing your funding claim for the training course and/or examination which you have registered for.

 

Our premises are under surveillance by CCTV. For any training course or examination conducted outside our premises, for example, in hotel and other outside premises (“outside premises”), there may also be CCTV surveillance.

 

We may also take photographs and/or make videos of a training course either on our premises or at outside premises.

 

For employees and prospective employees and other staff generally

 

In order to comply with our contractual, statutory, and management obligations and responsibilities, we will collect, use and disclose personal data of our employees and prospective employees and other staff. All such personal data will be processed in accordance with the provisions of the PDPA and the Policy, as may be amended from time to time. Your employment relationship with us will, in almost all cases, be governed primarily by an employment or service contract, and your agreement to be bound by our internal policies governing your employment with us. The purpose(s) for the collection of your personal data for the purpose of employment set out below serve only to supplement and clarify the matter, without limiting, superseding or supplanting any express or implied terms in your employments/service contract and our internal policies:

 

(i) Administering and managing your employment relationship with us;

(ii) Using your bank account details to deposit your salary and other payments, if any;

(iii) Administering and managing staff and other benefit schemes, if any;

(iv) Monitoring your use of our networks and resources;

(v) Disclosing your personal data where necessary to external parties for SCI’s purposes as an employer, and to all Government agencies for official purposes and/or to external third parties for, or in connection with the above purposes, or where required by law;

(vi) Posting of your photograph(s) on our communications media, newsletters, websites, and staff passes, etc. for the purpose(s) of our administration and management of SCI;

(vii) Any other purpose(s) arising in respect of your employment in the environment in which we operate which is reasonable given your relationship with us;

(viii) Any other purpose(s) which is not related to those listed above or in your employment/service contract with us, we will inform you in writing from time to time, and we will seek your separate consent for such other purpose(s).

For donors, service providers, vendor, alumni or other individual persons relating to us (“internal stakeholders”)

We collect personal data of our internal stakeholders for the purpose(s) related respectively to each of them.

 

We will notify you as the respective purpose(s) depending on your relationship with us. For example, if you are our service provider or vendor, your relationship with us will be, in almost all cases, be governed primarily by a letter of appointment or a contract and your agreement to be bound by our internal policies governing the respective purpose(s) of such appointment.

 

We will use and disclose personal data of our internal stakeholders where necessary for the respective purpose(s) and purpose(s) related thereto for which your personal data was collected.

 

For members of the public and third parties generally (our “external stakeholders”)

 

We may organise or conduct activities or events where our external stakeholders are invited to participate. The activities or events may include road-shows, talks, exhibitions and others.We will need to collect, use and/or disclose personal data of our external stakeholders for the respective purpose(s) and purpose(s) related thereto for which the personal data was collected including, but not limited to the following:

 

(i) Registration for participation;

(ii) Publicity and promotion (photographs);

(iii) Administration and logistics (transport, accommodation and food catering);

(iv) Security and verification of identity;

(v) Updates of SCI training courses, activities and events.

We will notify you of respective purpose(s) depending on the nature and type of your relationship with us as our external stakeholders before or at the time we collect your personal data.

 

We use and disclose personal data of our external stakeholders where necessary for the purpose(s) and purpose(s) related thereto

 

In the above situations, it is entirely up to you as to whether or not you wish to give your personal data to us. For the avoidance of any doubt, if you wish to attend or participate in our activities or events, where it is a pre-requisite for you to give us your personal data, we will inform in advance so that you may make an informed decision as to whether to attend or participate in those activities or events.

 

3.1 We may disclose your personal data to third party service providers, vendors agents and/or our affiliates or related corporations, which may be sited locally or outside of Singapore for the purposes for which the personal data is collected. This is because such third party service providers, agents and/or affiliates or related corporations would be processing your personal data on our behalf for one or more of the purposes for which the personal data is collected. In the circumstances, we will bind them contractually and require them to act consistently with the provisions of the PDPA and the Policy and to use appropriate security measures to protect your personal data.

 

3.2 In the above regard, we will not disclose any of your personal data to third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

 

(i) the disclosure is required based on the applicable laws and/or regulations;

(ii) the disclosure is necessary for any investigation or proceedings;

(iii) the disclosure is to a public agency and such disclosure is necessary in the public interest;

(iv) the purpose of such disclosure is clearly in your interests and consent cannot be obtained in a timely way;

(v) the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual; or

(vi) there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of your personal data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purpose(s) of the disclosure;

 

3.3 In all other instances of disclosure of personal data to third parties with your express consent, we will on a reasonably best effort basis provide for adequate forms of protection over such personal data and confidentiality and security in the administration, handling and management of your personal data by such third parties.

4.1 You may request to access and/or correct the personal data currently in our possession or withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control at any time by submitting your request to our DPO.

 

4.2 For a request to access personal data, we will provide you with the relevant personal data within a reasonable time from the date the request is made.

 

4.3 For a request to correct personal data, we will process your request accordingly and as soon as practicable after the request has been made. We will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business or legitimate purpose, or if you so consent, only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made. We may charge you a reasonable fee for the handling and processing of your request(s) to access and/or correct your personal data, and you will be notified in advance of the chargeable fee.

 

4.4 For a request to withdraw consent, we will process your request within a reasonable time from the date the request is made. Please note that request of withdrawal of consent may adversely affect or impact your relationship with us.

5.1 We will take reasonable appropriate measures to administer, manage and take care of your personal data with us. We will make reasonable efforts to keep your personal data accurate, complete and updated. We will take the appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured.

 

5.2 Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.

 

5.3 We will take reasonable efforts to ensure that your personal data in our possession or under our control is destroyed and/or anonymised or pseudonymised as soon as it is reasonable to assume that (i) the purpose(s) for which your personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business or legitimate purposes for which your personal data was collected.

 

5.4 The Policy applies only to our websites. Our websites may contain links to other websites not maintained by us. We are not responsible for the privacy policies of third party website(s).

 

5.5 Please note that such third party websites are subject to their own data protection and privacy practices and you are encouraged to examine the data protection and privacy policies of those websites.

 

5.6 If you provide any information or give any of your personal data to third parties or require information from those third parties, please note that there are different laws, regulations and rules governing the privacy and protection of personal data such as the European Union's (“EU”) General Data Protection Regulation (the “GDPR”), which took effect on 25 May 2018. You are strongly encouraged to consult your EU lawyer whether or not the GDPR is applicable to you.

6.1 If there is breach of any of the obligations under the PDPA due to human error, systems failure or for whatever cause or reason, we will conduct an investigation upon receipt of any report of actual or suspected data security breach and determine whether there is a breach.

 

6.2 If there is a breach, we will notify the affected individual(s) as soon as possible of the data breach.

 

6.3 We will take prompt action to remedy the breach.

 

6.4 We will (where applicable) make the required report of a data breach to the Personal Data Commission in accordance with the provisions of the PDPA or to any regulatory authority or public agency where required under the applicable law.

7.1 As part of our reasonable efforts to ensure that we properly manage, protect and process your personal data under the PDPA, we will be reviewing our internal policies, processes and procedures from time to time.

 

7.2 We may amend the terms of the Policy at our absolute discretion. Any amended version of the Policy will be posted on SCI website and it can be viewed at: www.scicollege.org.sg

 

7.3 You are encouraged to check with SCI from time to time to ensure that you are well informed of our Privacy Policy.