Personal Data Protection Act (PDPA) Policy
Introduction
The Personal Data Protection Act (PDPA) is a Singaporean legislation that governs the collection, use, disclosure, and storage of personal data by organizations. Schools collect and use personal data for various purposes, such as enrolment, academic, and administrative purposes. Therefore, this Personal Data Protection Policy is designed to provide guidance on how the school handles personal data and complies with the PDPA.
The policy applies to all staff, students, parents/guardians, volunteers, and contractors who access, use or handle personal data on behalf of the school.
Policy Statement:
Our school is committed to ensuring the protection of personal data and maintaining the confidentiality, integrity, and availability of personal data in accordance with the PDPA. The school will adhere to the following principles:
1. Collection of Personal Data
The school will only collect personal data that is necessary for the purposes for which it is collected, and will obtain consent from the individual prior to collection, unless an exception applies under the PDPA. Personal data collected by the school may include:
- Student information, such as name, NRIC/Passport number, date of birth, contact information, academic records, and health information
- Parent/guardian information, such as name, contact information, and emergency contact information
- Staff information, such as name, contact information, employment records, and qualifications
- Volunteer information, such as name, contact information, and volunteer records
2. Use and Disclosure of Personal Data
The school will only use personal data for the purposes for which it was collected, and will not disclose it to third parties without consent, unless an exception applies under the PDPA. Personal data may be used or disclosed in the following situations:
- To facilitate educational activities and services, such as providing academic records or contacting parents/guardians
- To comply with legal obligations, such as reporting suspected child abuse or complying with a court order
- To protect the vital interests of an individual, such as providing emergency medical treatment
- To perform duties in the public interest, such as conducting research or statistics
- To provide information or data to government agencies, as and when required
3. Protection of Personal Data
The school will take reasonable steps to protect personal data from unauthorized access, disclosure, or misuse, in accordance with the PDPA. These steps may include:
- Implementing appropriate physical, technical, and organizational security measures, such as restricting access to personal data and encrypting sensitive data
- Regularly reviewing and updating security measures and procedures
- Conducting regular training and awareness programs for staff, students, and volunteers to ensure they understand their obligations under the PDPA
4. Access and Correction of Personal Data
Individuals have the right to access and correct their personal data held by the school, in accordance with the PDPA. The school will provide access to personal data upon request, unless an exception applies under the PDPA. Individuals may also request correction of their personal data if it is inaccurate or incomplete.
5. Retention and Disposal of Personal Data
The school will retain personal data only for as long as necessary for the purposes for which it was collected and will dispose of it securely when it is no longer needed, in accordance with the PDPA. Complaints and Enquiries Individuals who have complaints or enquiries regarding the school’s handling of personal data may contact the school’s Data Protection Officer (DPO) at dpo@theguild.edu.sg in writing. The DPO will investigate the complaint or enquiry and respond within a reasonable time frame.
Conclusion
The school is committed to complying with the PDPA and protecting the personal data of all individuals it deals with. This policy may be reviewed and updated from time to time to ensure it remains current and effective.