EXTERNAL DATA PRIVACY NOTICE (SINGAPORE)
We at Grace Management & Consultancy Services Pte Ltd respect the privacy and confidentiality of personal data in our possession or under our control. We have implemented policies and practices to safeguard the collection, use, disclosure, storage and other processing of personal data provided to us.
How We Collect Your Personal Data About You
We collect personal data from the following sources:
Internal Collection Channels
- Website – Corporate (via submission forms, emails)
- Admin Office
- Mobile Apps – Developed In-house
- Department – Human Resource
- Company Premises (Front Staff)
- Service Counter
External collection channels
- Job Applicant
- New applicant / membership
- External Sales Associates
- Front Office
- Support Services
- Internal Audit / Risks Management / Governance
- Human Resource
Types of Personal Data About You that We Process
The types of personal data we collect about you and process (or have a service provider process on our behalf) may include:
- Communication and Correspondence
- Criminal Background / Past Offences
- Education Qualifications
- Family Background & Details
- Financial Information
- Medical Details / Health Information
- Personal Contact Information
- Personal Details
- Photos & Video Footage
- Physical Characteristics
- Professional Profile
Our Purpose(s) for Processing Personal Data About You
We use and otherwise process the personal data we have collected about you for one or more of the following purposes:
- Account payables/receivables
- Claims & disbursements
- Analyze academic and learning outcomes and preferences
- Conduct surveys relating to products and services
- Determine eligibility for admission
- Monitor and enhance the provision of educational courses
- Monitor and maintain a copy of your record of academic achievement (including all information arising from investigations of misconduct)
- Plan the provision of educational courses
- Prevent potential illegal activities
- Process and administer student records
- Process applications, registrations or enquiries
- Billing and other credit-related activities
- Billing and payment processing
- Carry out our obligations arising from any contracts entered into between you and us
- Comply with legal obligations and regulatory requirements
- Conduct risk assessment
- Customer care and account management
- Delivery of products and services
- Fulfil orders and services
- Fulfil requests for products and services
- Internal purposes for accounting, auditing and booking
- Internal purposes for auditing, data analysis and research
- Pass information about you to our agents and associates to carry out services
- Process and administer employment records
- Process applications and registration
- Process payment for products and services
- Process payment for purchases and transactions
- Protect against or identify possible fraudulent transactions
- Provide customer service and support
- Provide information to subsidiaries or partners that perform services for the company
- Benefits & compensation management
- Payroll processing
- Personnel management
- Processing & administration of employment records
- Recruitment & selection
- Staff Appraisals
- Training & career development
Who We Disclose Personal Data About You To
We disclose some of the personal data we have collected about you to the following parties or organisations outside Grace Management & Consultancy Services Pte Ltd:
Data Processing and Hosting Companies
- IT/Technical Support
Education and Training Establishments, and Examining Bodies
- Certification Authorities
- Education Departments/Ministries
Voluntary, Charitable & Non-Profit Organisations
- Voluntary, Charitable & Non-Profit Organisations
How We Manage the Collection, Use, Disclosure and Storage of Your Personal Data
If we collect personal data directly from you, we will ordinarily first notify you of the purposes for which we are collecting it and obtain your express consent to us collecting, using and disclosing it for those purposes. However, when you voluntarily provide personal data to us for a purpose and it is reasonable that you do so we may rely on you being deemed to have consented to us collecting, using and disclosing your personal data for that purpose.
Under certain circumstances, we may collect, use and/or disclose personal data about you without your consent for example, so that we can comply with our statutory obligations or where personal data is publicly available.
If you have a one-on-one meeting with us or do a transaction with us on behalf of another individual, you must first obtain consent from that individual in order for us to collect, use or disclose his/her personal data.
How You Can Limit Processing of Personal Data About You
Withdrawal of Consent
If you have given us consent to collect, use, disclose and otherwise process personal data about you, you may withdraw that consent at any time. You should give us reasonable advance notice of your withdrawal of consent. We will notify you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future updates or that the quality of our service may be impacted.
Your request for withdrawal of consent can take the form of an email or letter to us.
Accessing and Making Correction to Personal Data About You
You may ask us in writing to tell you what personal data we hold about you and how we have, or may have, used or disclosed it within a year before the date of your request. We will respond to your request as soon as reasonably possible and, in any event, we will respond to you within 30 days after receiving your request. We may charge a fee for processing your request, but we will let you know the amount of the fee before you incur it.
You may also ask us to correct an error or omission in the personal data we hold about you. Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable.
When you make any such request, we may need to verify your identity – for example, by checking your identity card number or other legal identification document.
Accuracy of Your Personal Data
We will take reasonable precautions and make reasonable verification checks to ensure that the personal data we hold is reasonably accurate, complete and up-to-date.
From time to time, we may do a verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us if there are any changes in the personal data we hold about you (such as a change in your home address).
Protection of Personal Data
We have implemented an Information Security Policy that governs how we protect personal data. We make reasonable security arrangements to protect personal data about you that is in our possession or under our control to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. All our employees will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
Entities that provide services to us to process personal data on our behalf will be bound by contracts with us that that require them to provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and to take reasonable steps ensure compliance with those measures.
Retention of Personal Data
We will not retain any documents containing personal data about you as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by retention of it and retention is no longer necessary for legal or business purposes.
We have a Document Retention Policy that spells out when we must cease to retain personal data and that requires documents and personal data to be destroyed (paper documents) or deleted (electronic documents and data stored in databases) securely. Certain retention periods are based on statutory or regulatory requirements.
Transfer of Personal Data
If there is a need for us to transfer personal data about you to a country or territory outside Singapore, we will ensure that the recipient organisation will be obliged to provide a standard of protection to such transferred data that is comparable to the protection it receives under Singapore law.
Tracking of User Activity
Where we track user activity, we will document this in our Data Inventory, and disclose such activity in our Privacy Notice.
Compliance With Laws
Where required to do so by law, we will disclose personal data about you to the relevant authorities or to law enforcement agencies.
Links To Other Sites
Changes To This Data Protection Policy
We may update our Data Protection Policy from time to time. We will notify you of any changes by posting the policy on this page. Please revisit this page periodically for any changes. Changes to this Policy are effective when they are posted on this page.
If you have any questions about our collection, use, and/or disclosure of personal data about you; feedback regarding this Policy, or any complaint you have relating to how we collect, use, disclose and store personal data about you, you may contact our Data Protection Officer(s).
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- A brief description of your query or complaint