1. Introduction
The College of Allied Educators Singapore (CAE) is committed to protecting personal data in accordance with the Personal Data Protection Act 2012 (PDPA). This policy sets out CAE’s internal standards and procedures for managing personal data to ensure lawful, fair, and transparent processing. All CAE employees, contractors, and agents are expected to adhere to these standards.
2. Scope
This policy applies to all personal data collected, used, and stored by CAE, whether through electronic or manual means. It covers all individuals associated with CAE, including students, staff, and other stakeholders.
3. Principles for Personal Data Protection
CAE is committed to processing personal data in a manner that adheres to the following principles:
- Lawfulness, Fairness, and Transparency: Personal data is collected and processed lawfully, fairly, and transparently. Individuals are informed of the purposes for which their data is collected and how it will be used.
- Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes. It will not be further processed in a manner incompatible with those purposes.
- Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: CAE ensures that personal data is accurate and kept up to date. Inaccurate data will be rectified or erased without delay.
- Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it was collected, or as required by applicable laws.
- Integrity and Confidentiality: Personal data is processed securely, protected against unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Accountability: CAE is responsible for complying with these principles and will maintain documentation to demonstrate compliance.
4. Data Collection and Use
- Personal data is collected through various channels, including application forms, online submissions, email, and other direct communications.
- Data collected may include contact information, identification details, academic records, and any other relevant information needed to provide educational services, process applications, or meet regulatory requirements.
- CAE ensures that individuals are informed of the purposes for which their data is collected and that they provide consent where necessary.
5. Consent Management
- Obtaining Consent: CAE obtains consent from individuals before collecting, using, or disclosing personal data, unless an exception under the PDPA applies.
- Withdrawal of Consent: Individuals may withdraw their consent at any time by notifying CAE in writing. CAE will inform the individual of the consequences of the withdrawal, which may include the inability to continue providing certain services.
- Opt-Out Mechanisms: All marketing communications will include a clear and straightforward way for individuals to opt out of future communications.
6. Data Security Measures
CAE employs the following measures to ensure the security and confidentiality of personal data:
- Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their duties.
- Data Encryption: Sensitive data is encrypted during transmission and storage to protect against unauthorized access.
- Regular Audits and Risk Assessments: Periodic reviews and assessments are conducted to identify potential data protection risks and to ensure the effectiveness of security measures.
- Incident Management: In the event of a data breach, CAE will take prompt steps to contain the breach, assess its impact, notify affected individuals where necessary, and take remedial actions to prevent future incidents.
7. Data Retention Policy
- Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
- Data that is no longer needed is securely destroyed or anonymized.
8. Data Accuracy and Updates
- CAE takes steps to ensure that the personal data it holds is accurate and up to date.
- Individuals are encouraged to notify CAE of any changes to their personal data to maintain data accuracy.
9. Disclosure of Personal Data
- Personal data will not be disclosed to third parties without the individual’s consent, except as required by law or to authorized service providers for the purpose of fulfilling CAE’s operational needs.
- All third parties handling personal data on behalf of CAE are required to comply with the standards set out in this policy.
10. Staff Training and Awareness
- Regular training is provided to CAE staff to ensure they understand the requirements of the PDPA and the importance of data protection.
- Staff members are required to adhere to this policy and to report any suspected data breaches to the Data Protection Officer immediately.
11. Data Protection Officer
The Data Protection Officer (DPO) is responsible for overseeing compliance with this policy, advising on data protection matters, and handling any data protection queries or complaints.
Contact Information for Data Protection Officer
Shahdan Sulaiman
Email: shahdan@icae.edu.sg
Phone: 6533-0031
12. Policy Review
This policy is reviewed once every two years or when there are changes in the applicable data protection laws or CAE’s data processing practices.
Version 1.0