Personal Data Protection Policy
1.0 Purpose

The purpose of this Personal Data Protection Policy is to inform all staffs who are involved in the students’ recruitment, selection and admission exercise are familiar with how Chartered Institute of Technology (CITECH) manage prospective data collected during the students’ recruitment, selection and admission exercise.

At the same time, all staffs who are involved in the recruitment, selection and appointment exercise for associate lecturers and non-academic staffs are familiar with how Chartered Institute of Technology (CITECH) manage prospective data collected during the process.

This is also served to inform the students, associate lecturers, professional bodies, external partners of how Chartered Institute of Technology manage Personal Data which is subjected to the Singapore Personal Data Protection Act.

2.0 Introduction to "Personal Data Protection Act"

The Personal Data Protection Act 2012 (PDPA) was passed in Parliament in 2012 and will take effect in phases:

  • Do Not Call Provisions (DNC) on 2 January 2014
  • Personal Data Protection Provisions (PDP) on 2 July 2014

You may visit the Singapore Personal Data Protection Commission’s website www.pdpc.gov.sg and the Frequently Asked Questions (FAQs) to find out more about PDPA.

3.0 What is Personal Data?

Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.

Examples of personal data which you may provide to us include (depending on the nature of your interaction with us) but not limited to the following:

  • Name
  • NRIC/FIN Number/Passport Number
  • Date of Birth
  • Address
  • Telephone numbers
  • Mailing address
  • Email address
  • Academic qualifications
  • Parents’ information
  • Next of kln information
  • Bank account Information

Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).

4.0 Objectives of Personal Data Protection Act (PDPA)

The PDPA is a general data protection law governing the collection, use and disclosure of individual’s personal data by organisations. Under PDPA, the Personal Data Protection Commission (the “PDPC”) was set up to administer and enforce the Act. Essentially, the Act aims to safeguard individuals’ personal data against misuse, by regulating the proper management of personal data.

5.0 Procedure to Collect Personal Data

Generally Chartered Institute of Technology collect personal data in the following ways. The list below is non-exhaustive.

  1. During students’ pre-course counselling be it face-to-face, email, phone enquiry, seminar, skype, QQ, or talk
  2. During students’ interview be it face-to-face, phone, skype, or QQ
  3. When prospective students submit course application form or submit an enquiry relating to applying for any of our courses
  4. When individuals register for CIMA external professional body exam at our exam centre
  5. When prospective associate lecturers submit application form relating to applying for any teaching position at our institute
  6. When you submit your Personal Data to us for any other reasons for example purchase of course materials.

All individuals who submit your personal data to us shall ensure that all personal data submitted to us is complete, accurate and true. We shall not be responsible for any incomplete or inaccurate personal data submitted to us. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

6.0 Purpose of Collecting Personal Data, Use and Disclosure of Personal Data

Chartered Institute of Technology is committed to maintaining the confidentiality of the students and associate lecturers personal information and undertakes not to divulge any of the students, associate lecturers and non-academic staff personal information to any third party without the prior written consent of the students, associate lecturers and non-academic staffs subject to the obligation of Chartered Institute of Technology to disclose to any Singapore government authority any information relating to the students in compliance with the law and/or to the organisation conferring/ awarding the qualification; relating to the lecturers in compliance with the law in order to register the lecturers with the respective authority.

Students’ information obtained through the student application form completed by the students at the point of application before course commencement is used strictly for enrolment, admission, administration purposes and related activities organise by the Institute. By providing the personal data, including those related to a third party (for example information of your parents, siblings) to us through various channels (for example application form), you represent and warrant that consent, including that of the third party, has been obtained for collection, use and disclosure of the Personal Data for related purposes in order to facilitate your application. CITECH will notify you and seek your consent if your personal data is used for any new purpose.

The personal data which you have provided to us may be used, disclosed, and/or processed for various purposes, depending on the circumstances which CITECH may or will need to process your personal data including the following:

  1. to communicate with you via SMS, phone call, email, fax, QQ, skype, or wechat/whatsapp or any other appropriate communication channels in order to respond to your queries or requests
  2. for operational purposes including assessing and processing your application for your eligibility to study at CITECH or in order to provide any services to you
  3. to provide products and services to you which are applicable to you
  4. for operational purpose including processing, administering, registering you for services related to external exam with the professional bodies
  5. to process accounting, billing and/or auditing purposes to register you with the professional bodies or external partner for academic related matters
  6. to share your personal data with financial institutions in order to administer and process any payments of course fees to CITECH, or process refunds to you or process any fees adjustments to you or CITECH
  7. to process students’ pass application related matters for you with the respective government authority
  8. to share your personal data with insurance institutions in order to administer, purchase medical insurance, process any insurance claims and payments arising thereunder
  9. to arrange or provide transport and/or accommodations services
  10. to administer academic related matters for example students’ attendance, students awards/qualifications
  11. to provide you with information and/or updates on our courses, trainings, talks, workshops, students’ activities organise by CITECH and/or third parties which may be of interest or beneficial to you from time to time
  12. to compile statistics, evaluations or surveys for internal planning, trend analysis purposes
  13. to maintain and update internal records for internal administrative purposes
  14. to handle any feedbacks and/or complaints which may arise in connection with any dealings with CITECH
  15. for meeting or complying with any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us
  16. to verify your academic qualifications with the respective institutions
  17. to share your personal data with business partners in order to arrange for job interviews
  18. any other purposes which we may notify you from time to time in order to obtain your consent
  19. in order to carry out our business operations more smoothly, we may disclose your personal data to our third party service providers, agents and/or affiliates whether sited in Singapore or outside of Singapore. In this respect, we will require third party to ensure that your personal data disclosed to them are kept confidential and secure.
7.0 Specific Issues for the disclosure of Personal Data to Thrid Parties

We respect the confidentiality of the personal data you have provided to us.

In that regard, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

  1. cases in which the disclosure is required or authorized based on the applicable laws and/or regulations;
  2. cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
  3. cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
  4. cases in which the disclosure is necessary for any investigation or proceedings;
  5. cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
  6. cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or;
  7. where such disclosure without your consent is permitted by the PDPA or by law.

The instances listed above at above paragraph are not intended to be exhaustive.

For more information on the exceptions, you are encouraged to peruse the Second, Third and Fourth Schedules of the PDPA which is publicly available at http://statutes.agc.gov.sg.

Where we disclose your personal data to third parties with your consent, we will employ our best efforts to require such third paries to protect your personal data.

8.0 Administration and Management of Personal Data

CITECH shall take reasonable efforts to ensure that your personal data is accurate, up to date and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your personal data that you had initially provided to us. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you had initially provided us with.

All students, associate lecturers and non-academic staff shall update us in a timely manner of all changes to the information which you have provided to us. All students, associate lecturers and non-academic staff shall update their personal data to our relevant departments as and when necessary.

We will also put in place reasonable security measurements to ensure that your personal data is protected and secured. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.

We will also put in place measures such that your personal data in our possession or under our control is destroyed as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.

9.0 Request for Access And/Or Correction/Update of Personal Data

Individuals can view your personal data which CITECH has collected and stored at any time. Individuals who would like to request to access, rectify and/or update your personal data currently in our records will need to submit a written request to us. We will need to verify with the individuals to ensure that the requests are genuine before the requests are processed.

In order to access your personal data, you will need to submit Request for Access of Personal Data Form to the relevant departments for access in order to view your personal data. Your right to view your personal data is limited to your personal data only. CITECH is not permitted to reveal any personal data about any other individual. CITECH reserves the right to refuse access to your personal data if it will reveal or lead to the revelation of another individual’s personal data, cause harm to you or another individual or is contrary to the national interest.

Where individuals request to access, rectify and/or update personal data, once we have verified your identity, we will provide you with the relevant data, or rectify/update your personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible or practicable time within which we can provide you with the information requested.

Please note that Personal Data Protection Acts exempt certain types of personal data from being subjected to your request be it access, rectify and/or update.

In the event that the personal data is being rectified and/or updated, we will send the corrected personal data which was disclosed by us in the previous instance to the relevant authorities/agencies/third parties within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose where necessary to which the personal data are required to be updated.

If you have any feedback or enquiries relating to PDPA related policies and procedures, or you would like to obtain access, rectify and amend your personal data, please write in to our Data Protection Officer at citech_dpo@citech.edu.sg.

Please mail the following original form to the following address:

  1. Request for Access of Personal Data Form
  2. Request to Update, Rectify or Amend Personal Data Form
  3. Request to Withdrawal of Consent Form

Data Protection Officer
Chartered Institute of Technology
171 Chin Swee Road, CES Centre, #02-07/08,
Singapore 169877

10.0 Withdrawal of Consent to the collecton, Use And/Or Disclosure of Personal Data

Individuals who would like to withdraw the consent for collection, use and/or disclosure of your personal data in our possession or under our control may submit our official withdrawal of consent form to our Data Protection Officer.

We will process your request within 30 days from the date of receipt of your written request for withdrawal of consent. If we are unable to do so, we will inform you within the 30 day time frame of the soonest possible or practicable time within which we can respond to your request. Thereafter we will cease to collect, use and/or disclose your personal data in the manner stated in your request.

At the same time, we will notify and confirm with you your withdrawal of consent and inform you of the administrative follow up if any.

11.0 Updates on Data protection policy

As part of our continuous improvement to ensure that we properly manage, protect and process individuals’ personal data, we will be reviewing our internal policies, procedures and processes from time to time.

CITECH reserves the right to amend the policies, procedures and processes of the Data Protection Policy at our absolute discretion. We will update the updated Data Protection Policy on our website as and when it is updated/amended.

You are encouraged to visit our website from time to time to ensure that you are informed of our latest policies in relation to personal data protection.

12.0 Feedback and Complint Process

If you have any complaint or feedback about how we are handling your personal data or complying with the PDPA, please contact our Data Protection Officers at:

Data Protection Officer
Chartered Institute of Technology Pte Ltd
171 Chin Swee Road, CES Centre, #02-07/08,
Singapore 169877

Email: citech_dpo@citech.edu.sg

Operating Hours: Monday to Friday   9am to 6pm




 
 
 
Chartered Institute of Technology Pte Ltd, 171 Chin Swee Road, CES Centre, #02-07/08, Singapore 169877 Tel: 6276 4890 | enquiry |