Personal Data Protection Policy

This privacy policy has been developed and implemented within Vertical Payment Solutions Pte Ltd. (The Company) to comply with the provisions of the Personal Data Protection Act 2012 (the “PDPA”) and this policy describes the types of personal data we may collect, how we may use this information, and with whom we may share it. This policy also describes the measures we take to protect the security of the information.

This privacy policy forms the basis for all data protection & confidentiality clauses in The Company's employment contracts and sub-contractor agreements. Thus all employees, sub-contractors of The Company are bound by this policy. This policy will also form the basis for data protection and confidentiality obligations of the Company to its Customers through appropriate clauses in the relevant Customer contracts.

“Personal Data” and “ Personal Information” in this policy means data that can identify an individual.

  • The Company owns and operates a software product called CAMPUS in Software as A Service (SaaS) model. CAMPUS is a prepaid school account that can be used either online or linked to an identification card. In essence, it creates a cashless school environment. Students, parents and faculty can use the application to purchase meals, text books and stationary as well as perform other administrative tasks such as photocopying and document printing and access control functions. Their card can be used as a form of identification, library card and prepaid debit card but is not limited to these applications.
  • Collection of personal information
    The Company will collect the following information or related information to enable correct functioning of the software product:
    • Customers ( Students or Staff )
      • Customer Type
      • Customer Id
      • Name (First Name & Last Name)
      • Gender
      • Date Of Birth
      • Family Code
      • Category\Grade
      • Photo
      • Graduation Year
      • Student Homeroom 2.1.11 Teacher
      • Nickname
      • School Division
      • School Division
    • Family
      • Family Code
      • Parent vs Staff Classification
      • Parent Name
      • Reference Number (optional)
      • Address and Postal code
      • Alert Type
      • Email IDs 2.2.8 Mobile No
      • Low Balance Limit
      • Photo
      • Department 2.2.12 Date of Birth 2.2.13 Gender
    • Card
      • Student ID
      • Smart Card ID
  • Ways in which the Company will collect personal data.
    • The Company will exclusively collect this data through express and written permission from its Customer (the respective educational institute). The Customer will in turn seek necessary express and written permissions from the Designated Guardians and other users of the software. The Customer will provide evidence of the same to the Company from time to time. If the Company learns that the Customer is not in possession of such express, relevant and current permissions then the Company will take steps to immediately delete this information from the CAMPUS software, which will effect the functioning of the software and thus it's deliverable to the Customer.
  • Purposes for the collection.
    • The exclusive purpose of collecting this information is for the functioning (developing, implementing, hosting, operating and maintaining) of the CAMPUS software to provide it as a service to the Customer.
  • Disclosure of your personal data to third parties.
    • The Company will not voluntarily disclose this information to any 3rd Party which is not bound to the Company by the Personal Data protection and Confidentiality clauses through appropriate 3rd party agreements (sub-contractor agreement).
  • 3rd Party Hosting

    The Company may (upon request from its Customer) host the software application at 3rd Party cloud hosting vendors such as Amazon. In such an instance the standard agreements with such vendors will govern all data protection and confidentiality aspects. The choice of such a vendor will be made in association with the Customer and/or will be expressly communicated to the Customer prior to the collection and deployment of any personal data. By agreeing to the choice of 3rd Party hosting the Customer accepts all liabilities and indemnifies the Company from any data violations or infringements.
  • Location-based services

    The CAMPUS software will use location-based services of the devices from time to time.. This location data is collected from only those devices that the Customer has authorized for use. . The Company may extend the functionality of the CAMPUS software for other location-based functionality. This will be done exclusively through express permissions, as stated in clause 3 of this document.
  • Protection of Personal data

    The Company will take the security of all personal data in its possession very seriously. The Company will employ appropriate technology and physical security arrangements and maintain safeguards to protect against the accidental or unauthorized access, collection, use and disclosure, copying and modification, disposal and deletion and other similar risks to personal data.
  • Integrity and retention of personal information

    The Company will retain all relevant personal data only for the period necessary to fulfill its contractual obligations to its Customer for the service of the CAMPUS software unless a longer retention period is required by Law.
  • Our companywide practices and commitment to your privacy

    To ensure total security of all personal data, the Company will communicate this privacy and security policy to all its employees and sub-contractors and strictly enforce it through valid legal agreements. The Company will appoint a designated Data Protection officer to ensure implementation and compliance of this policy.
  • Access and Correction of Personal Data.
    • If you wish to know about your personal data in our possession or under our control, or how your personal data has been used or to whom it has disclosed, you may write in to us by filing our Access Request Form (available at your request).
    • We shall charge a standard fee of $ 5 for each Access Request. However, if much effort and time are required to retrieve the personal data, we shall charge a higher fee of approximately $ 20.00 for each request. We can charge an incremental fee for photocopying or courier costs if more copies are requested.
    • This fee shall cover all our actual costs incurred. Examples: photocopying, locating, retrieving, shipping, transport, time spent in preparing the disclosure. It should reflect our time and efforts taken to retrieve the personal data.
    • We shall provide the personal data requested within 30 days after receiving the Access Request. If we cannot respond within 30 days, we shall inform the Applicant (in writing) when we can do so.
    • There may be some circumstances, as outlined under the 5th Schedule and Section 21 of the PDPA that exempts the company from having to accede to an Access Request.
    • If you wish to correct any personal data in our possession or under our control, you may write in to us by filling in a Correction Request Form (available at your request).
    • We shall forward the corrected personal data to every organisation we have sent the personal data to 1 year before the receipt of the Correction Request.
    • We shall correct the personal data requested, where practical, within 30 days.
    • We do not charge any fees for correcting personal data.
    • There may be some circumstances, as outlined under the 6th Schedule and Section 22 of the PDPA that exempts the Company from having to accede to Correction of Personal Data.
  • Data Protection Officer or DPO
    • The contact details of the Company's DPO Shermaine Lowe
      Phone: +65 63429305
      46 East Coast Road, 08-04
      EastGate, Singapore 428766

      Correct as off June 17, 2017