Personal Data Protection Policy
“Personal Data” and “ Personal Information” in this policy means data that can identify an individual.
- The Company owns and operates a software product called CAMPUS in Software as A Service (SaaS) model. CAMPUS is a prepaid school account that can be used either online or linked to an identification card. In essence, it creates a cashless school environment. Students, parents and faculty can use the application to purchase meals, text books and stationary as well as perform other administrative tasks such as photocopying and document printing and access control functions. Their card can be used as a form of identification, library card and prepaid debit card but is not limited to these applications.
- Collection of personal information
The Company will collect the following information or related information to enable correct functioning of the software product:
- Customers ( Students or Staff )
- Customer Type
- Customer Id
- Name (First Name & Last Name)
- Date Of Birth
- Family Code
- Graduation Year
- Student Homeroom 2.1.11 Teacher
- School Division
- School Division
- Family Code
- Parent vs Staff Classification
- Parent Name
- Reference Number (optional)
- Address and Postal code
- Alert Type
- Email IDs 2.2.8 Mobile No
- Low Balance Limit
- Department 2.2.12 Date of Birth 2.2.13 Gender
- Student ID
- Smart Card ID
- Customers ( Students or Staff )
Ways in which the Company will collect personal data.
- The Company will exclusively collect this data through express and written permission from its Customer (the respective educational institute). The Customer will in turn seek necessary express and written permissions from the Designated Guardians and other users of the software. The Customer will provide evidence of the same to the Company from time to time. If the Company learns that the Customer is not in possession of such express, relevant and current permissions then the Company will take steps to immediately delete this information from the CAMPUS software, which will effect the functioning of the software and thus it's deliverable to the Customer.
- Purposes for the collection.
- The exclusive purpose of collecting this information is for the functioning (developing, implementing, hosting, operating and maintaining) of the CAMPUS software to provide it as a service to the Customer.
- Disclosure of your personal data to third parties.
- The Company will not voluntarily disclose this information to any 3rd Party which is not bound to the Company by the Personal Data protection and Confidentiality clauses through appropriate 3rd party agreements (sub-contractor agreement).
- 3rd Party Hosting
The Company may (upon request from its Customer) host the software application at 3rd Party cloud hosting vendors such as Amazon. In such an instance the standard agreements with such vendors will govern all data protection and confidentiality aspects. The choice of such a vendor will be made in association with the Customer and/or will be expressly communicated to the Customer prior to the collection and deployment of any personal data. By agreeing to the choice of 3rd Party hosting the Customer accepts all liabilities and indemnifies the Company from any data violations or infringements.
- Location-based services
The CAMPUS software will use location-based services of the devices from time to time.. This location data is collected from only those devices that the Customer has authorized for use. . The Company may extend the functionality of the CAMPUS software for other location-based functionality. This will be done exclusively through express permissions, as stated in clause 3 of this document.
- Protection of Personal data
The Company will take the security of all personal data in its possession very seriously. The Company will employ appropriate technology and physical security arrangements and maintain safeguards to protect against the accidental or unauthorized access, collection, use and disclosure, copying and modification, disposal and deletion and other similar risks to personal data.
- Integrity and retention of personal information
The Company will retain all relevant personal data only for the period necessary to fulfill its contractual obligations to its Customer for the service of the CAMPUS software unless a longer retention period is required by Law.
- Our companywide practices and commitment to your privacy
To ensure total security of all personal data, the Company will communicate this privacy and security policy to all its employees and sub-contractors and strictly enforce it through valid legal agreements. The Company will appoint a designated Data Protection officer to ensure implementation and compliance of this policy.
Access and Correction of Personal Data.
- If you wish to know about your personal data in our possession or under our control, or how your personal data has been used or to whom it has disclosed, you may write in to us by filing our Access Request Form (available at your request).
- We shall charge a standard fee of $ 5 for each Access Request. However, if much effort and time are required to retrieve the personal data, we shall charge a higher fee of approximately $ 20.00 for each request. We can charge an incremental fee for photocopying or courier costs if more copies are requested.
- This fee shall cover all our actual costs incurred. Examples: photocopying, locating, retrieving, shipping, transport, time spent in preparing the disclosure. It should reflect our time and efforts taken to retrieve the personal data.
- We shall provide the personal data requested within 30 days after receiving the Access Request. If we cannot respond within 30 days, we shall inform the Applicant (in writing) when we can do so.
- There may be some circumstances, as outlined under the 5th Schedule and Section 21 of the PDPA that exempts the company from having to accede to an Access Request.
- If you wish to correct any personal data in our possession or under our control, you may write in to us by filling in a Correction Request Form (available at your request).
- We shall forward the corrected personal data to every organisation we have sent the personal data to 1 year before the receipt of the Correction Request.
- We shall correct the personal data requested, where practical, within 30 days.
- We do not charge any fees for correcting personal data.
- There may be some circumstances, as outlined under the 6th Schedule and Section 22 of the PDPA that exempts the Company from having to accede to Correction of Personal Data.
- Data Protection Officer or DPO
The contact details of the Company's DPO Shermaine Lowe
Phone: +65 63429305
46 East Coast Road, 08-04
EastGate, Singapore 428766
Correct as off June 17, 2017
- The contact details of the Company's DPO Shermaine Lowe