2. INFORMATION COLLECTED
“Personal data” is data that can be used to identify a natural person. Examples of personal data include name, address, date of birth, contact details, identification numbers and any other information of a personal nature.
Examples of how you may be asked to provide your personal data when using this website are as follows:
- As a visitor to our website, you may ask for additional information about the MSIS services, including signing up to receive a newsletter, registering to use the websites, or registering for an event for example. In that case, we may ask you to give us personal contact information, such as name, company name, address, phone number, and email address.
- 2 When Visitors apply for a job with MSIS, MSIS may also require you to submit additional personal data as well as a resume or curriculum vitae.
- 3 When you navigate our websites, MSIS may also collect information through the use of gathering tools, such as cookies and web beacons (“Website Navigational Information”). Website Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on websites (such as the pages viewed and the links clicked).
3. USE OF INFORMATION COLLECTED (PURPOSE AND LEGAL BASIS)
For all information regarding data collection and processing please see our school terms and conditions.
4. COOKIES AND OTHER TYPES OF WEBSITE NAVIGATIONAL INFORMATION
5. COMMUNICATIONS PREFERENCES
MSIS offers visitors who provide contact information a means to choose how MSIS uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of MSIS marketing and sales emails. Additionally, you may send a request to email@example.com
6. DATA SUBJECT REQUESTS, RETENTION PERIOD, SUPERVISORY AUTHORITY AND OTHER INFORMATION
- Data subject requests
- You can ask us to update, change or delete any information MSIS holds about you. Requests to access, change, or delete your information will be handled within 28 days. You can find out if we hold any personal data by making a ‘data subject access request’ under the General Data Protection Regulation. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to and to whom;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- let you have a copy of the information in an intelligible form; and
- give you other information as outlined in Article 15 of the GDPR
- If you want to delete the personal data we hold about you, we have an obligation to do that if the conditions outlined in Article 17 of the GDPR apply.
- You can ask us to restrict the processing of your personal data if (i) you contest their accuracy, (ii) the processing is unlawful and you do not want to delete the data, (iii) we do not need the personal data for the purposes of the processing but you need them for the establishment, exercise or defence of legal claims, or (iv) where you objected to the processing in accordance with Article 21(1) of GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.
- You have the right to receive any personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us. Article 20 of the GDPR applies to this.
- You have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) (public interest, official authority and legitimate interests), including profiling based on those provisions.
- To make a request to MSIS for any personal data we may hold, please contact firstname.lastname@example.org.
- If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
- Retention period
- Unless otherwise required by law, data shall be stored for a maximum of six years after collection, Contacts that don’t open an email, or complete a website visit within a 24 month period will be deleted after the 24th month.
- Supervisory authority
- The lead supervisory authority for MSIS is the Information Commissioner in Singapore. We would always encourage our visitors to reach out to us directly regarding any concerns about our data privacy or handling practices. Please contact email@example.com for more information.
MSIS maintains tight controls over personal data collected, retaining it in firewalled and secured databases with strictly limited and controlled access rights, to ensure it is secure.
We use CRM services to store data about our prospective and current customers. We use Google services as a platform for MSIS’s own website analysis. We use WordPress as a marketing automation tool where to store data related to our marketing activities. If you want to learn more about security measures that our main third-party providers employ please see the links here: WordPress
8. YOUR INFORMATION IF THERE IS A BUSINESS TRANSFER
As we continue to develop our business, we may sell or purchase a business or assets. If we purchase another entity or if another entity acquires us or all or substantially all of our assets, or assets related to the MSIS service offering, personal data, user data, and any other information that we have collected about the users of our services may be disclosed to such entity as part of the due diligence process as may be necessary and, if we or our assets are acquired, your personal data may be transferred to such entity as one of the transferred assets. MSIS will notify you in the event that such transaction has taken place and personal data about you has been disclosed to the organisation that has entered into the transaction with MSIS.
- General Statement
MSIS undertakes, in its data management policies and practices, to observe the spirit of data protection laws, and is committed to full implementation and compliance with the requirements of the Personal Data Protection Act 2012. MSIS has issued Data Protection Guidelines to its staff to provide guidance on the collection, use, disclosure and processing of personal data of its staff, students, parents and prospective students and employees of MSIS.
- Collection of Personal Data
MSIS generally collects personal data that is relevant to MSIS’s relationship with the individual through the MSIS website, MSIS Portal, application forms, surveys, and/or other channels (including in the course of an individual’s interaction with MSIS, including as a participant in various activities associated with delivering the mission of MSIS, its related entities or affiliates).
- The types of personal data collected may include, but are not limited to:
- Personal information such as name, NRIC/FIN/Passport number, date of birth, marital status, gender;
- Contact information such as postal addresses, email addresses, telephone and fax numbers;
- Past and present employment information such as company name, company type, sector, designation, business telephone and fax numbers;
- Past and present academic qualifications such as schools attended, courses of study, period of study and academic results;
- Billing information, including name of the credit/debit cardholder, credit/debit card number, security code and expiry date;
- Images, including photographs, videos, film or illustrations;
- Bank details.
- The individual will be informed explicitly prior to or upon collection, of the purposes for which the personal data are to be collected and the parties to whom the data may be transferred, the right of the individual to request access to and correction of such personal data, and the contact details of the MSIS Data Protection Officer.
- The individual can choose not to provide MSIS with personal data, and has the right to withdraw consent for MSIS to continue collecting, using, disclosing and processing such personal data, by contacting us in accordance with Clause 8 below. However, in such case, it may not be possible for MSIS to fulfil the purposes for which the personal data was required, including processing such individual’s transactions or providing the products or services required,
- If a parent or guardian of a minor has reason to believe that his/her child or ward has provided MSIS with their personal data without prior consent, please contact MSIS to request for erasure of the personal data.
10. Purposes for which Personal Data is Collected, Used and Disclosed
MSIS will collect, use and disclose personal data only for reasonable purposes connected or relevant to its business, with notification to the individual concerned where applicable, including, but not limited to:
employment-related purposes (appointment administration, human resource management including payroll, leave and benefits administration, review and disciplinary matters and staff development);
enrolment-related purposes (registration, planning of curricula, communication with parents, provision of references, meal planning, and provision of healthcare services);
promotional and marketing purposes relating to MSIS and carefully selected third parties (including MSIS’s related entities and affiliates, strategic partners and business associates) and their activities and events;
outreach and engagement in support of MSIS, its mission and community, whether conducted by MSIS, its related entities or appointees (including fundraising activities);
compliance with laws and regulations, internal policies and procedures, including audit, accounting, risk management and record keeping; and
all other matters relating to the mission, function or operation of MSIS as MSIS may consider to be necessary or appropriate.
- Without the consent of the individual, MSIS will not collect, use, disclose and process the personal data for any purpose other than the purpose for which the personal data was originally collected. In certain situations, MSIS may use the personal data for legitimate purposes, which are not incompatible with the original purposes for which the individual has provided the personal data. If MSIS wishes to use the personal data for a purpose unrelated to what the individual has provided the personal data to MSIS for, MSIS will notify the individual and seek his/her consent.
- Where consent has been given by the individual concerned, MSIS may contact that individual concerning the promotion and marketing of matters as envisaged in Clause 10.3.1.3 by post, email, SMS, telephone, fax and any other means of communication. MSIS will not contact an individual for marketing purposes if such individual has not provided his/her consent, or unless MSIS is exempted by applicable law from having to obtain consent. If the individual does not wish to receive any communication or information from MSIS, or wish to restrict the manner by which MSIS may contact or send them information, the individual may contact the Date Protection Officer at the email address provided above.
- MSIS may disclose personal data collected for the purposes above, with notification to the individual concerned where applicable, to the following persons including but not limited to:
- any person participating in outreach and engagement activities in support of MSIS, its mission and community, whether conducted by MSIS, its related entities, affiliates or appointees;
- any person to whom MSIS is compelled or required to do so under law or in response to a request by a government agency, or where the public interest or MSIS’s interests so require;
- any third party (1) service or product provider providing services to MSIS or (2) seeking academic references, in each case whether in Singapore or overseas and as MSIS may determine to be necessary or appropriate;
- any persons as considered by MSIS to be necessary or appropriate in order to support the enrolment and education of students with MSIS as well as for the operation of MSIS.
- When disclosing personal data to third parties, MSIS will (where appropriate and permissible) enter into contracts with these third parties to protect the personal data in a manner that is consistent with all applicable laws and/or ensure that such third parties only process the personal data in accordance with MSIS’s instructions.
11. Accuracy and Duration of Retention of Personal Data
- All reasonably practicable steps will be taken to ensure that personal data held by MSIS is accurate, complete and kept up to date, particularly if the personal data is to be used to make a decision that affects the individual to whom the personal data relates or likely to be disclosed by MSIS to another organisation.
- Personal data shall not be retained for longer than is necessary for legal, business or record purposes. MSIS will ensure that when obsolete information is destroyed that it is done so appropriately and securely.
- In circumstances where MSIS may anonymise personal data so that it can no longer be associated with the individual, MSIS is entitled to retain and use such data without restriction.
12. Protection of Personal Data
- While precautions will be taken to ensure that the personal data provided by the individual is protected against unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal or similar risks, MSIS cannot be held responsible for unauthorised access or unintended access that is beyond its control. MSIS will ensure that clear and robust safeguards are in place to protect personal data, irrespective of the format in which it is recorded.
- MSIS does not guarantee that its systems or applications are invulnerable to security breaches, nor does it make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. MSIS also does not guarantee the security of data that an individual chooses to send electronically. Sending such data is entirely at the individual’s own risk.
13. Transfer of Personal Data
- Personal data will not be transferred to a country or territory outside Singapore unless that country or territory ensures a comparable level of data protection, in accordance with the requirements prescribed under the Personal Data Protection Act 2012.
- Access and Correction
- An individual has the right to make a request to access and/or correct the personal data held about them by MSIS.
- For access to personal data being held by MSIS, or to update and/or correct the personal data previously provided, please write to:
- MSIS may require that the individual submits certain forms or provide certain information to process any data access request. Where permitted by law, MSIS reserves the right to charge a minimal fee for the processing of any data access request.
- The individual will be notified of the outcome as soon as reasonably practicable, and will be given a reason if a request is refused. MSIS may be permitted under applicable laws to refuse a request, for example, it may refuse (a) a request for erasure where the personal data is required for in connection with claims; or (b) an objection request and continue processing an individual’s personal data based on compelling legitimate grounds for the processing.
15. Withdrawal of consent
- On giving reasonable notice to MSIS, an individual may at any time withdraw any consent given, or deemed to have been given.
- Within reasonable time from receipt of notice from the individual, MSIS will inform the individual of the likely consequences of withdrawing his/her consent.
- MSIS will not prohibit an individual from withdrawing his/her consent to the collection, use or disclosure of personal data about the individual, although this does not affect any legal consequences arising from such withdrawal.
- Upon withdrawal of consent, MSIS will cease and cause its data intermediaries and agents to cease collecting, using or disclosing the personal data, as the case may be, unless the collection, use or disclosure of the personal data without the consent of the individual is required or authorised under the Data Protection Act 2012 or any other written law.