Personal Data Protection Policy

Overview

Vertical Payment Solutions Pte Ltd (VPS – “The Company”) is committed to ensuring the security, privacy, and proper sharing of all client and user data. To this end, the following policy displays how VPS may collect, use, share, store and/or protect all user data.This privacy policy has been developed and implemented to comply with the provisions of the Personal Data Protection Act of 2012  (the “PDPA”) of the Republic of Singapore.

Data Protection Guidelines

This privacy policy forms the basis for all data protection & confidentiality clauses in The Company's employment contracts and sub-contractor agreements. Thus, all employees, sub-contractors of The Company are bound by this policy.This policy also forms the basis for data protection and confidentiality obligations of the Company to its Customers through appropriate clauses in the relevant Customer contracts.

“Personal Data” and “Personal Information” in this policy is defined as data that can identify an individual.The Company owns and operates a software product called CAMPUS, which follows the Software as A Service (SaaS) model. CAMPUS is a prepaid school account that can be used either online or may be linked to an identification card.In essence, it creates a cashless school environment.

Students, parents, and school client employees can use CAMPUS to purchase meals, textbooks, and stationery. They may also perform other administrative tasks such as photocopying and document printing and access control functions. Their card can be used as a form of identification, library card, and prepaid debit card amongst its many usage capabilities.

Purpose of Data Collection

The exclusive purpose of collecting this information is for the functioning (developing, implementing, hosting, operating, and maintaining) of the CAMPUS software to provide it as a service to the Customer.

Personal Information Collected

  • The Company will collect the following information or related information to enable the correct functioning of its CAMPUS software product:
    • Customers ( Students or Staff )
      • Customer Type
      • Customer Id
      • Name (First Name & Last Name)
      • Gender
      • Date Of Birth
      • Family Code
      • Category\Grade
      • Photo
      • Graduation Year
      • Student Homeroom
      • Nickname
      • School Division
      • School Division
    • Family
      • Family Code
      • Parent vs Staff Classification
      • Parent Name
      • Email IDs
      • Photo
      • Department
      • Date of Birth
      • Gender
    • Card
      • Student ID
      • Smart Card ID

    Manner and Method of Data Collection

    The Company will exclusively collect data through express and written permission from its School Client (“The Customer”).The Customer will in turn seek necessary written permissions from the Designated Guardians and other users of the software.

    Data will be gathered through the software that the Company has installed for the Customer, and through no other means.The Customer will periodically provide evidence of these permissions to the Company, upon request.

    If the Company discovers that the Customer is not in possession of the express, relevant, and/or current permissions, the Company will take steps to immediately delete this information from the CAMPUS software. This will affect the functioning of the software and thus its deliverable to the Customer.

    Disclosure of Data Collection

    The Company will, under no circumstance, voluntarily disclose any obtained information to any third party that is not bound to the Company by the PDPA of the Republic of Singapore and/or Confidentiality clauses through appropriate third-party agreements (sub-contractor agreement) with the Customer.

    Third-Party Hosting and Disclosure

    The Company may (upon request from its Customer) host the software application through third-party cloud hosting vendors such as Amazon.In such an instance, the standard agreements with such vendors will govern all data protection and confidentiality aspects that comply with the PDPA.

    The research and choice of any third-party vendor will be made in association with the Customer and/or will be expressly communicated to the Customer prior to the collection and deployment of any personal data. If the Customer initiates the third-party request, the Company must agree to the request and vet both data compliance and protection compliance with any chosen vendor.By agreeing to the choice of the third party, the Customer accepts all liabilities and indemnifies the Company from any data violations or infringements.

    Location Services

    The Company’s CAMPUS software will periodically use location-based services of Customer-authorized devices. Location data is collected from only those devices. The Company may extend the functionality of the CAMPUS software for other location-based functionality. This will be done exclusively through express permissions, as stated in clause 3 of this document.

    Personal Data Protection

    The Company takes the security of all personal data in its possession very seriously. The Company employs appropriate technical and physical security arrangements while maintaining safeguards to protect against accidental or unauthorized access, collection, use and disclosure, copying and modification, disposal and deletion, and other similar risks to personal data.

    Data Integrity and Personal Information Retention

    The Company will retain all relevant personal data only for the period necessary to fulfil its contractual obligations to the Customer for the service of the CAMPUS software unless a longer retention period is required by Law.

    Company Practices and Commitment to Privacy

    To ensure total security of all personal data, the Company communicates this privacy and security policy to all its employees and sub-contractors and strictly enforces it through valid legal agreements.The Company has appointed a designated Data Protection Officer (DPO) to ensure implementation and compliance with this policy.

    Personal Data Access and Correction

    If you wish to know about your personal data in the Company’s possession or under its control, or how your personal data has been used or to whom it has been disclosed, you may write to us by filling out the Access Request Form (available at your request).The Company shall charge a standard fee of $5 SGD for each Access Request.

    However, if much effort and time are required to retrieve the personal data, VPS shall charge a higher fee of approximately $20 SGD for each request. The Company may also assess an incremental fee for photocopying or courier costs if more copies are requested.This fee shall cover all our actual costs incurred. Examples: photocopying, locating, retrieving, shipping, transport, time spent in preparing the disclosure. It should reflect our time and efforts taken to retrieve the personal data.

    The Company shall provide the personal data requested within 30 days after receiving the Access Request. If the Company cannot respond within 30 days, it shall inform the Applicant (in writing) when it can.There may be some circumstances, as outlined under the 5th Schedule and Section 21 of the PDPA that exempts the company from having to accede to an Access Request.If you wish to correct any personal data in our possession or under our control, you may write the Company by filling in a Correction Request Form (available at your request through the Data Protection Officer).

    The Company shall forward the corrected personal data to every organisation the Company has sent the personal data to in the calendar year prior to the receipt of the Correction Request.The Company shall correct the personal data requested, where practical, within 30 days.The Company does not charge any fees for correcting personal data.There may be certain circumstances, as outlined under the 6th Schedule and Section 22 of the PDPA, that exempt the Company from having to accede to Correction of Personal Data.

    Data Protection Officer (DPO) Contact Information

    The contact details of the Company's DPO Officer
    Phone: +65 63429305
    dpo@verticalpayments.com
    46 East Coast Road, 08-04
    EastGate, Singapore 428766

    Current as of 18 April 2023