Personal Data Protection Policy
Last updated: 1 November 2024
Singapore Institute of Technology (“SIT”) processes personal data to support its functions as an autonomous university, including admission of candidates, teaching, research, administration, and student development.
This Personal Data Protection Policy (“Policy”) explains what personal data we collect, how we may use and manage it and the rights you may have in relation to your personal data, in accordance with the Personal Data Protection Act 2012 (“PDPA”). It applies to personal data in our possession or under our control.
Unless expressly stated otherwise, by interacting with us – whether via contacting us, visiting our websites, transacting with us, entering into a contractual relationship with us or sharing personal data through forms or other methods – you agree that you have read, understood and agreed to SIT’s processing of your personal data in accordance with this Policy.
- What personal data we collect
- “Personal data” means data, whether true or not, about an individual who can be identified (a) from that data, or (b) from that data and other information to which we have or are likely to have access.
- Depending on the nature of your interaction with us, some examples of personal data which we may collect include name, gender, race, nationality, date of birth, passport or other identification number, telephone number(s), residential address, personal email address, photographs or CCTV footage from which you can be identified, academic and employment records, medical information, financial information and any other personal data provided to SIT.
- Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
- Purposes for the collection, use and disclosure of personal data
- SIT may collect, use and/or disclose your personal data for one or more of the following purposes:
For learners - To facilitate application and admission / enrolment / registration;
- (For learners in undergraduate and postgraduate programmes) the purposes as listed in the General Conditions of Admission (as may be revised from time to time) which you have agreed to and accepted as part of matriculation with SIT;
- (For learners in CET, or continuing education and training courses) the purposes as listed in the CET Terms & Conditions (as may be revised from time to time) which you have agreed to and accepted as part of course registration with SIT;
- For record purposes by SIT, SIT’s Overseas Universities partners, and/or other partner institutions / companies.
For alumni - To administer and manage all affairs which relate to the learner’s relationship with SIT as an alumni, including notifications on SIT and alumni-related initiatives and activities, invitations to SIT and alumni-related events, updating of alumni information and invitation(s) to participate in alumni survey(s).
For job applicants
and employees- To facilitate employment application with SIT;
- To carry out due diligence or employment screening activities including reference checks in accordance with legal or regulatory obligations or risk management procedures that may be required by law or put in place by SIT;
- The purposes as listed in the employment contract and internal policies (as may be revised from time to time) which you have agreed to and accepted as part of employment with SIT.
For all data subjects
(other purposes)- To carry out your instructions or respond to queries submitted by you or on your behalf;
- To provide any services requested by you;
- To administer and manage your relationship with us;
- To arrange, administer and manage your use of SIT facilities (including sports and recreation facilities, parking, issuance of pass cards, keys or tokens), access management, equipment procurement / issuance and associated maintenance or replacement;
- (Wherever CCTV or other surveillance equipment are deployed on campus or other locations in SIT premises) for detection and prevention of crime and for security purposes and investigations;
- To conduct due diligence and background checks pursuant to SIT’s legal, regulatory or contractual obligations or risk management procedures that may be required by law or put in place by SIT;
- For verification of identity;
- To comply with requests or directions of, or to respond to requests for information from, government or public agencies, ministries, statutory boards or other similar authorities or non-government agencies authorised to carry out government duties or services;
- To comply with any legal or regulatory requirements;
- For audit and governance reviews;
- To investigate fraud, misconduct, any unlawful action or omissions, or breach of any laws, regulations, codes, rules, policies, standards or obligations;
- For business / service enhancement or improvement purposes and quality assurance / market-related assessments, surveys or research;
- Any purposes stated in the form / document, or in notice(s) around the equipment, used to collect the personal data;
- When you submit your personal data to SIT for any other reasons;
- Any other purposes which SIT may inform you of in writing from time to time, but for which we will seek your separate consent.
- SIT may collect, use and/or disclose your personal data without consent where it is permitted or required by the PDPA or other laws.
- In compliance with the PDPA, we may also collect, use and/or disclose your personal data without your consent for the legitimate interests of SIT or another person. In relying on the legitimate interests exception of the PDPA, SIT will assess the likely adverse effects on the individual and determine whether the legitimate interests outweigh any adverse effect.
- If you are not certain about the purposes for which your personal data is collected, used and/or disclosed, you may clarify with the SIT staff you are liaising with, or SIT’s Data Protection Officer at the contact details in clause 11 below.
- SIT may collect, use and/or disclose your personal data for one or more of the following purposes:
- Who we share your personal data with
- SIT may disclose your personal data to third parties for one or more of the purposes set out in clause 2. Such third parties may include:
- service providers, contractors, agents or other organisations that process your personal data on SIT’s behalf or which SIT uses to support or administer our business (e.g. service providers who provide digital solutions to SIT for learning / teaching systems, corporate platforms and data infrastructure);
- organisations or individuals described in the form / document, or in notice(s) around the equipment, used to collect the personal data; and
- external organisations where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods / services to you.
- These third parties may be located within or outside of Singapore.
- When we share your personal data with third parties, SIT will ensure that appropriate safeguards are in place to protect your personal data when in the hands of such third parties, meeting at least the standard of protection required under the PDPA.
- SIT may disclose your personal data to third parties for one or more of the purposes set out in clause 2. Such third parties may include:
- Request for withdrawal of consent
- The consent that you provide, or provided on your behalf, for the collection, use and/or disclosure of your personal data will remain valid until such time it is explicitly withdrawn by you in writing.
- You may withdraw consent and request SIT to stop collecting, using and/or disclosing your personal data by completing the Withdrawal of Consent Request Form and sending it via post or email to our Data Protection Officer at the contact details stated in the form.
- When you withdraw your consent, depending on the nature and scope of your request, it may affect the services we provide to you or adversely impact your relationship with SIT. In some cases, we may not be able to continue providing our services to you. We will notify you of any such likely consequences when you submit your Withdrawal of Consent Request Form.
- Please note that withdrawing consent does not affect our right to continue collecting, using and/or disclosing personal data where such collection, use and/or disclosure without consent is permitted or required under applicable laws.
- Request for access to personal data
- If you wish to make an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, you may submit your request by completing the Access Request Form and sending it via post or email to our Data Protection Officer at the contact details stated in the form.
- SIT may charge a reasonable fee for an access request. If so, we will inform you of the fee before processing your request.
- We will comply with your access request in accordance with the PDPA. Please be aware, however, that there are a number of limitations to this access right, and there may be circumstances where we are not able to comply with your request.
- Accuracy, and request for correction, of personal data
- We generally rely on personal data provided by you (or your authorised representative). To ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in the manner set out in clause 6.2 below.
- If you wish to make a correction request to correct or update any of your personal data which we hold about you, you may submit your request by completing the Correction Request Form and sending it via post or email to our Data Protection Officer at the contact details stated in the form.
- We will comply with your correction request in accordance with the PDPA. Please be aware, however, that there are a number of limitations to this correction right, and there may be circumstances where we are not able to comply with your request.
- How we protect your personal data
- We protect personal data that we possess by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure or similar risks. We will implement appropriate administrative, physical and technical measures to ensure a level of security appropriate to the risk, such as authentication and access controls (e.g. good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, and regular patching of operating system and other software.
- You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
- How long we retain your personal data
- We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
- We will cease to retain your personal data, or remove the means by which the data can be associated with you (e.g. anonymised), as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
- Transfer of personal data outside of Singapore
While SIT is based in Singapore, some of our data infrastructure, operations or collaborations may be located elsewhere. This means that in order for us to run our business and provide services to you, personal data may be transferred outside of Singapore to locations where our service providers or external collaborators may be based. Whenever we make such transfers, we will ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA and that any such transfers are in accordance with the requirements prescribed under the PDPA.
- Revision to this Policy
SIT may revise this Policy from time to time by updating this page without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. Your continued use of our services or relationship with SIT constitutes your acknowledgement and acceptance of such revision.
- Data Protection Officer
If you have any questions about this Policy or how SIT manages, protects and/or processes your personal data, please contact our Data Protection Officer via email or post to:
Email address: dpo@singaporetech.edu.sg Postal address: SIT Data Protection Officer
1 Punggol Coast Road, Singapore 828608If you are aware of or suspect a personal data incident, you may report the incident via the above email address.
More information on how SIT handles complaints relating to personal data can be found at SIT’s Personal Data Complaints Procedure.