This Policy sets out the manner in which STADA collects, uses, manages and protects personal data (as defined below) in compliance with the provisions of the Personal Data Protection Act 2012 and General Data Protection Regulation 2018.
This policy applies to all individuals (as defined below) who provide STADA with personal data or whose personal data is otherwise collected, used and/or disclosed by STADA in connection with and/or for the purpose of its operations.
This policy supplements but does not supersede or replace any previous consent which an individual may have provided to STADA, nor does it affects any rights that STADA may have at law in connection with the collection, use and/or disclosure of any individual's personal data. Subject to that, STADA will not collect any personal data from an individual unless the individual has voluntarily chosen to provide.
STADA may from time to time update this policy to ensure it is consistent with its future developments or business purposes or to accommodate future changes to applicable legal or regulatory requirements. All updates to this policy will be published at www.stada.org.sg and appropriate notifications of any material revisions will be issued to the relevant persons. Subject to an individual's rights at law, the prevailing terms of the policy from time to time shall apply. By continuing their relationship with STADA after any amendments have been introduced and published, individuals shall be deemed to have accepted the policy as amended.
For the avoidance of doubt, this policy forms part of the terms and conditions, if any, governing an individual's specific relationship with STADA ("Terms and Conditions") and should be read in conjunction with such terms and conditions. In the event of any conflict or inconsistency between the provisions of this policy and terms and conditions, the provisions of the terms and conditions shall prevail to the fullest extent permissible by law.
“Alumni” means previous Members and/or Friends of STADA;
“Data Protection Officer” means the person designated to be responsible for ensuring that STADA complies with the PDPA and GDPR;
“DNC Registry” means the Do-Not-Call registry maintained by the Personal Data Protection Commission, pursuant to the PDPA;
“Event Participants” means persons (whether or not Members or Alumni/Friends) who participate in or attend events or programmes organised or sponsored by STADA from time to time;
“Individuals” means natural persons, whether living or deceased, and “Individual” means any of them;
"Members” mean the members of STADA from time to time;
“PDPA” means the Personal Data Protection Act 2012;
"GDPR" means the General Data Protection Regulation 2018;
“Personal Data” means data that is capable of identifying a natural person, whether on its own or in conjunction with other data that is accessible to STADA;
“Personnel” shall include any person engaged under a contract of service or contract for service with STADA, management personnel, permanent or temporary employees, as well as trainees, interns and volunteers engaged by STADA from time to time; and
“Potential Personnel” shall include any Individual who has submitted an application to be engaged by STADA as employees.
Personal Data Collected by STADA
STADA will only collect, use or disclose personal data about an individual which it reasonably considers necessary for the relevant purposes underlying such collection, use or disclosure. Depending on the specific nature of an individual's interaction with STADA, personal data which STADA collects, uses or discloses concerning an individual may variously include the following:
Individual's name, gender and contact particulars, including telephone number(s), residential/mailing address(es) and email address;
Individual's identification documents (such as, NRIC or passport numbers), and applicable visa or permits (such as employment pass, work permit, permanent residency status);
Individual’s employment history and academic qualifications;
Individual's CPF, credit card or bank account;
Name and contact particulars of the individual's next-of-kin;
Individual's personal preferences or other special requests or special conditions applicable to the individual;
Individual's hobbies or special interest areas;
Individual's network usage data and other information gathered automatically by our computer systems, including the individual's computer IP address, links visited and other activities conducted online or using our computer systems;
Photographs and video or CCTV recordings of the individual; and
Other information which the individual may provide to STADA, from time to time, in the course of such individual's interaction with STADA.
How STADA collects Personal Data
Generally, STADA may collect Personal Data about an Individual in one or more of the following ways:
Application or registration forms submitted by the Individual;
Correspondence, emails or electronic messages submitted by the Individual to STADA or otherwise posted on STADA’s website(s) and social media account (s);
Individual’s verbal communications with STADA Personnel;
Surveys conducted with and/or feedback received from an Individual;
Recordings of the Individual when attending at STADA’s premises or at any events or programmes organised by STADA;
Through third party business partners or associates of STADA; and
Individuals’ submission of his/her Personal Data to STADA for any other reason related to STADA’s ordinary course of operations.
Purposes for which STADA may collect, use and/or disclose Personal Data
Generally, STADA may collect, use and/or disclose Personal Data about an Individual for one or more of the following purposes:
Individuals, Members,Alumni and Friends
(a) Administering and managing Member and Alumni/Friends relationships with STADA, including the provision of services to Members and Alumni/Friends;
(b) providing Individuals, Members and Alumni/Friends with information about WSQ courses, membership services, facilities and/or other benefits being offered or made available by STADA to Public, Members and Alumni/Friends;
(c) Updating of training database of individuals who take part in WSQ courses, conducting of post-course evaluations of participants in WSQ courses for reporting to Workforce Development Agency (WDA) Singapore;
(d) providing Individuals and Alumni/Friends with information about third party and/or external vendor/supplier promotions, deals and/or other services being offered or made available to Members and/or Alumni/Friends, through partnerships, associations and/or other collaborations involving such third parties or external vendors/suppliers and STADA;
(e) Organising and/or facilitating events or programmes involving Individuals, Members and Alumni/Friends and/or verifying the eligibility of such Individuals, Members and Alumni/Friends to participate in such events or programmes;
(f) Producing reports, conduct market research and data analysis;
(g) Tailoring activities or services available to match Members’ and Alumni/Freinds preferences; and
(h) Transmitting Personal Data to third parties engaged by or working in collaboration with STADA to facilitate any of the above-mentioned purposes.
(a) Administering and managing Personnel relationships with STADA, including the provision of services to Personnel;
(b) Evaluating the performance of Personnel;
(c) Undertaking staff training and quality assurance activities;
(d) Providing Personnel with services, facilities and/or other benefits being offered or made available by STADA to such Personnel as well as information about such services, facilities and benefits; and
(e) Transmitting Personal Data to third parties engaged by or working in collaboration with STADA to facilitate any of the above-mentioned purposes.
(a) Administering and managing STADA’s relationship with Potential Personnel; and
(b) Evaluating the suitability and eligibility of Potential Personnel to be engaged by STADA;
(a) Administering and managing the event participant’s relationship with STADA;
(b) Verifying the identity and eligibility of event participants;
(c) Promotional and publicity purposes, including recording videos or taking photographs of participants at events; and
(d) Transmitting Personal Data to third parties engaged by or working in collaboration with STADA to facilitate any of the above-mentioned purposes.
Visitors and users of STADA’s facilities
(a) Recording and verifying the identity of visitors to STADA’s premises and users of STADA’s facilities; and
(b) Monitoring the activities of visitors to STADA’s premises and users of STADA’s facilities.
General business purposes
(a) Managing the administrative and business operations of STADA;
(b) Facilitating the completion of transactions with Individuals;
(c) Responding to complaints, queries and/or requests;
(d) Conducting market research for statistical profiling and other purposes in order to improve STADA’s services;
(e) Safety and security purposes;
(f) Preventing, detecting or investigating any actual or crime, fraud, misconduct, unlawful action, breach or dispute;
(g) Record-keeping purposes;
(h) Accounting or auditing purposes;
(i) Legal purposes (including but not limited to obtaining legal advice and dispute resolution); and
(j) Complying with laws, regulations, codes or guidelines binding on STADA, including disclosures to regulatory authorities or other public bodies; and
(k) Transmitting Personal Data to third parties engaged by or working in collaboration with STADA to facilitate any of the above-mentioned purposes.
Purposes reasonably related to any of the above purposes
(a) For any purposes reasonably related and/or ancillary to any of the abovementioned purposes.
Purposes for which specific consent was obtained
(a) For any other purposes for which the Individual’s consent was specifically given or obtained.
Provision of Data Breach Notifications
Data Protection Officer will notify the stakeholders affected by the data breach within 72 hours of learning of the breach and will provide specific details of the breach such as the nature of it and the approximate number of data subjects affected.
Unless otherwise authorised under the PDPA, GDPR or any other applicable law, STADA will not collect, use or disclose an Individual’s Personal Data without his/her consent.
STADA will take reasonable steps to highlight the purposes relevant to an Individual, by appropriate means, at the point or time of collection of the Personal Data from such Individual, including:
(a) Via express provisions in contracts, application forms and/or registration forms to be signed with or submitted to STADA;
(b) Via notifications on STADA’s websites; and
(c) Through the course of verbal communications.
Where feasible, STADA will inform the Individual of purposes that are intrinsic to the relationship between STADA or to the provision of services to such Individual, as well as purposes that are optional.
In so far as any purpose(s) are intrinsic to the relationship or provision of services, STADA reserves the right to decline to engage in the relevant relationship or to provide the relevant services to the Individual if he or she does not consent to STADA’s collection, use or disclosure of his/her Personal Data for such purpose.
(a) Voluntarily provide their Personal Data to STADA for the specified purposes;
(b) Use or access STADA’s website(s) or computer network;
(c) Enter STADA’s premises or using any of the facilities thereon; and/or
(d) Attend or participate in events or programmes organised by STADA.
An Individual who provides STADA with Personal Data relating to a third party (e.g. information of his/her spouse or children) for any particular purpose, represents to STADA that he/she has obtained the consent of the relevant third party to STADA collecting, using or disclosing such Personal Data for the relevant purpose.
In so far as STADA collects Personal Data of an Individual from any third party(ies), STADA will take reasonable steps to inform the relevant third party(ies) of STADA’s purposes for collecting the Personal Data and to verify that consent from the Individual has been obtained by the relevant third party(ies) to such disclosure for the intended purpose.
Withdrawal of Consent
Any Individual who wishes to withdraw his/her consent to any use or disclosure of his/her Personal Data by STADA as set out in this Policy may do so by notifying STADA’s Data Protection Officer at firstname.lastname@example.org. STADA may require up to 3 weeks from the date of the Individual’s notification to respond and effect any change.
Depending on the extent to which an Individual withdraws consent to any or all use or disclosure of his or her Personal Data by STADA, such withdrawal of consent may result in STADA’s inability to provide services to the Individual and may be considered as a termination by the Individual of any agreement between STADA and the Individual. STADA’s legal rights and remedies are expressly reserved in such event.
Verification of Personal Data & Notification of Changes
Where feasible, STADA will take reasonable steps to verify the accuracy of Personal Data received at the point of collection but Individuals remain primarily responsible and liable to ensure that all Personal Data submitted by them to STADA is complete and accurate. Information voluntarily submitted by an Individual to STADA shall prima facie be deemed complete and accurate.
STADA will also take reasonable steps to periodically verify Personal Data in its possession, taking into account the exigencies of its operations, but Individuals are nonetheless required to notify STADA, from time to time, of any applicable changes to such Personal Data.
STADA shall not be held liable for any inability on its part to provide services to an Individual who fails to ensure that his/her Personal Data submitted to STADA is complete and accurate or who fails to notify STADA of any relevant changes to such Personal Data.
Policy on telephone numbers registered with the DNC Registry
STADA is prohibited from sending unsolicited telemarketing messages (“specified messages”) to Singapore telephone numbers through voice calls, text or fax messages registered on the DNC Registers unless STADA has obtained the relevant Individual’s clear and unambiguous consent in written or other accessible forms.
In compliance with the PDPA, STADA will not send specified messages to telephone numbers that appear on the DNC Registry unless the relevant Individual has given STADA clear and unambiguous consent to do so.
STADA will continue to contact Individuals at the telephone numbers provided to STADA in the limited circumstances allowed under the DNC Registry even if these telephone number are registered with the DNC Registry. Individuals who do not wish to receive such messages may notify STADA’s Data Protection Officer at [email@example.com].
Activities undertaken prior to 2 July 2014
STADA may use Personal Data of an Individual that was collected before 2 July 2014 for purposes for which the Personal Data was collected unless consent is withdrawn by that Individual.
STADA will continue to use Personal Data of Alumni/Friends and Members, which had been collected before 2 July 2014, for its general business purposes and purposes relating to Members and Alumni. Members and Alumni/Friends who wish to withdraw their consent to STADA’s use of their Personal Data may contact STADA’s Data Protection Officer at [firstname.lastname@example.org].
Protection of Personal Data
STADA shall make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to Personal Data in its possession.
If STADA transfers Personal Data outside Singapore, European Union (EU) and European Economic Area (EEA), STADA will take reasonable steps to ensure that such Personal Data transferred receives a standard of protection comparable to the protection received under the PDPA and GDPR.
STADA will ensure that third parties who receive Personal Data from STADA protect such Personal Data in a manner consistent with this Policy and not use such Personal Data for any purposes other than those specified by STADA, by incorporating appropriate contractual terms in its written agreements with these third parties.
STADA is not responsible in any way for the security and/or management of Personal Data shared by Individuals with third party websites accessible via links on STADA’s website.
Contacting STADA—Access and Correction of Personal Data
Any Individual who:
(a) has questions or feedback relating to this Policy;
(b) would like to obtain access to his/her Personal Data held by STADA;
(c) would like to obtain information about the ways in which his/her Personal Data held by STADA has been or may have been used or disclosed by STADA in the year preceding the request; and/or
(d) would like to update or make corrections to his/her Personal Data held by STADA, should contact STADA’s Data Protection Officer at email@example.com.
Individuals should note that STADA is not required, under the PDPA, to provide access and correction to Personal Data in certain situations.
The PDPA allows and STADA reserves the right to charge a reasonable fee for the handling and/or processing of access requests by an Individual pursuant to paragraphs (b) or (c) above.
STADA may require up to 3 weeks from the date of the Individual’s request to respond and effect any change.
This Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.