ARiMI Personal Data Protection Statement
Last updated on 2 January 2019
ARiMI respects the privacy of individuals and recognizes the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect, process and disclose your personal data. We are also committed to adhering to the provisions and principles of the Personal Data Protection Act 2012. As such, this Personal Data Protection Statement is to assist you in understanding how we collect, use and/or disclose your personal data.
We will collect, use and disclose your personal data in accordance with the Personal Data Protection Act 2012 (“Act”). The Act establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
“Personal data” is defined in the Act as “data, whether true or not, about an individual who can be identified – a) from that data; or b) from that data and other information to which the organisation has or is likely to have access.”
The Act takes into account the following concepts:
Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
In projecting the three main concepts above, the Act contains nine main obligations which organisations are expected to comply with if they undertake activities related to the collection, use and/or disclosure of personal data:
- The Consent Obligation
- The Purpose Limiting Obligation
- The Notification Obligation
- The Access and Correction Obligation
- The Accuracy Obligation
- The Protection Obligation
- The Retention Limitation Obligation
- The Transfer Limitation Obligation
- The Openness Obligation
While we will not be going into the details of these Obligations in this Personal Data Protection Statement, you can be rest assured that we are constantly mindful of them in our collection, use and disclosure of personal data. Should you wish to know more about these obligations, an excellent summary can be found in the Advisory Guidelines of the Personal Data Protection Commission at:
Purpose of Collection
These purposes include, but are not limited to:
- Responding to your enquiries regarding training courses, and any other services we offer
- Receiving feedback
- Processing requests, orders and administering accounts
- Providing customer support including account servicing (course offer, course confirmation, reminders, postponements, cancellations etc.)
- Communication with you in relation to products and services we provide which are relevant to your existing relationship with us
- Offering you updated marketing and promotional packages you can benefit from, including products and services offered by our selected partners
- Course & product updates and upgrades
- Research and surveys
- Evaluating suitability for admission or employment, enrolling or employing, providing educational courses and training, including sending materials on course / study / assignment / teaching materials, information on course calendars and examination details via various means, including postal mail, electronic mail, SMS or MMS, telegram, WhatsApp, fax and/or voice calls;
- Administering and/or managing relationships with ARiMI (including responding to enquiries, the mailing of correspondence, statements or notices which could involve the disclosure of certain personal data to bring about delivery of the same);
- Carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or put in place by ARiMI, including the obtaining of references and/or other information from prior educational institutions and employers;
- Processing application(s) for ARiMI grants and/or financial aid, and research support, and administering and managing ARiMI grants/financial aid/grant and other support programs, which may include use of personal data for development and fund raising activities and disclosure of personal data to donors, grantors, external evaluators and/or external organisations for purposes of assessment, periodic reports, event invitations, surveys and/or publicity of ARiMI related programs;
- Investigative purposes, including possible fraud, misconduct, unlawful action or omission, and utilizing electronic access and video systems to maintain institute security of persons or property, control access and investigate suspicious or inappropriate activities;
- Responding to requests for information from government or public agencies, ministries, statutory boards or other similar authorities or non-government agencies authorised to carry out specific Government services or duties;
- Carrying out market-related, evaluative or similar research and analysis for ARiMI’s operational strategy and policy planning purposes, including providing data to external parties for institute program evaluation and to students’/participants’ former academic institutions and to partner institutions for jointly-administered programs;
- Outreach and engagement to garner support and resources for ARiMI, its community and affiliated institutes;
- Supporting ARiMI functions including, but not restricted to, the teaching and personal and professional development of students, participants, research and administration of ARiMI;
- Processing and administering applications for other overseas activities and administering such programs including disclosure of information to overseas universities / institutions, employment and training organisations;
- Processing, administering and conferring awards of prizes, medals and other marks of distinction, and student, participant or graduation status, and publication or releasing of information on the same;
- Engaging alumni including but not limited to notification on ARiMI and alumni-related initiatives and activities, invitation to ARiMI and alumni-related events, updating of alumni and ARiMI Scale Network information, invitation to participate in alumni and ARiMI Scale Network surveys and sending of communication collaterals;
- Processing applications for and administering local and overseas career related activities, events, programs, internships, employment opportunities, and career coaching, and sharing information with companies (whether local or overseas) for purposes of recruitment, internship , industrial attachment, job placement and research support;
- Facilitating participation in student / participant life and alumni development opportunities which may include social, cultural, athletic, and educational activities, events, volunteering and training programs, student / participant membership and leadership positions in ARiMI-related activities;
- Taking of photographs and/or videos (whether by ARiMI staff or third party photographers and/or videographers) during events / seminars / courses / programs organised by ARiMI or its affiliates for publicity purposes;
- If consented to in the registration form and/or other methods of consent notification, providing marketing, advertising and promotional information via postal mail, electronic mail, SMS or MMS, telegram, WhatsApp, fax and/or voice calls;
- Any other purpose arising in respect of the environment within which an institution of higher learning operates which is reasonable given your relationship with ARiMI;
- Any other purposes not related to those listed above or in the online registration form to which you consented, which ARiMI may inform you of in writing from time to time, but for which ARiMI will seek your separate consent.
We may for these purposes, contact you via mail (including electronic mail), telephone, SMS or other communication (text or image) applications for mobile devices, and facsimile.
We do organise activities in which external stakeholders or the general public are invited to participate. In encouraging a vibrant interaction with the public, there will be opportunity, and often a need, to collect, use and/or disclose personal data from members of the public. Some of the reasons/ purposes are as follows:
- For security/ verification purposes for certain Events
- For logistical/ administrative purposes for certain Events (eg. Food catering)
- To keep you updated of future ARiMI Events/ products which we feel may interest you
- For marketing/ publicity purposes (eg. photographs, videos)
In almost all of the above situations, it will be up to you as to whether, and to what extent, you wish to provide us with your personal data. For Events where such provision of personal data is a pre-requisite to attendance, you shall be informed in advance so that you may make an informed decision as to whether to attend. ARiMI will also endeavour at all times to inform you of the purposes for which personal data collected from you will be used.
Collection of Personal Data
Where possible, we will collect your Personal Data directly from you and secure the relevant consent from you. This may take place in a number of ways, such as when you visit us in our institute etc, give us a written order or ask us to provide a product or service over the telephone or internet.
Disclosure of Personal Data
In providing you with a product or service, we may sometimes need to disclose your Personal Data to others. It is generally not our policy to disclose your Personal Data to external organisations unless we have your consent &/or are required to disclose your Personal Data as required in the normal course and scope of our business in the provision of our services to you, and/or for contractual, legal and regulatory requirements. Some examples of the types of external organisations we may need to disclose information to in the course of providing a product or service are:
- Regulatory bodies and agencies
- Funding agencies eg, SkillsFuture Singapore (SSG) etc
- Insurers and financiers
These external organisations are not authorised by us to use your Personal Data for anything other than the purpose(s) for which we supplied that data to them or as required by law. Some of our information technology service providers may be located overseas (if any) and, as a result, Personal Data collected and held by us may be transferred overseas.
Unless otherwise required or permitted by law, we will only disclose your Personal Data with your consent (implied or expressed), and we will also take reasonable steps to ensure the external organisation to whom we have disclosed your information are also legally bound to protect the privacy of your Personal Data.
From time to time, we may contact you via mail, electronic-mail, telephone (call or SMS-Text) or facsimile, to inform about our products and services, or about special offers and promotions that we think may be of interest to you. You can let us know at any time if you no longer wish to receive marketing material (by contacting us at the details below) and we will remove your details from our direct marketing database.
We will not disclose your Personal Data to external organisations outside ARiMI and its associated/affiliated businesses for the purposes of allowing them to directly market their products and services unless expressly authorised by you.
Do Not Call Registry
The Do Not Call (DNC) Registry prohibits the sending of unsolicited telemarketing messages (“specified messages”) to Singapore telephone numbers through voice calls, text or fax messages registered on the DNC Registers unless the organization sending the messages have the user’s/subscriber’s clear and unambiguous consent in written or other accessible forms.
In compliance with the DNC Registry provisions, ARiMI and its associated/affiliated businesses will not send specified messages to telephone or facsimile numbers that appear on the DNC Registry unless the user/subscriber has given us clear and unambiguous consent to do so.
If you have given us such consent, we will continue to send you specified messages until you advise us in writing (contact details below) that you wish to withdraw the consent.
ARiMI and its associated/affiliated businesses will continue to contact you at the telephone or facsimile number/s you have provided us in the limited circumstances allowed under the DNC Registry even if these telephone or facsimile number/s are registered with the DNC. You may, however, advise us in writing should you wish not to be contacted by us at your telephone or facsimile number(s) for any given purpose or all purposes.
Please be informed that we will still contact you via the most effective and efficient mode where required by law.
Withdrawal of Consent
Should you wish to withdraw your consent for us to send you sales and marketing information via a specific mode or all modes of communications (e.g., mail, email, telephone calls, SMS-Text), please notify us in writing to our contact details below. We may require up to 4 weeks, upon receipt of your request, for the change to take effect.
Whilst we respect your decision to withhold and/or withdraw your consent, you may wish to know that should we not have the appropriate consent to contact you in the mode we might develop for the sales and marketing information, client care support and all other purposes for our graduates/participants/clients, we might not be able to accord you the full extent of the personalized and comprehensive graduate/participant/client experience we had designed to serve you – e.g., invitation to ARiMI events, special privileges and offers, among others.
Ensuring Personal Data is up-to-date
We rely on the Personal Data we hold in conducting our business. Therefore, it is very important that the Personal Data we hold is accurate, complete and up-to-date.
We will do our best to ensure that the Personal Data we hold is accurate, complete and up-to-date whenever we collect or use it. This means that from time to time, we will ask you to tell us if there are any changes to your Personal Data. If you find that the Personal Data we hold about you is incorrect, please contact us immediately and we will correct it.
Access to Personal Data by Individuals
You can access most of the Personal Data we hold about you by contacting us formally through the contact details indicated below. We will require a formal written request from you to our Data Privacy Officer (details below).
An administrative fee will be charged to you to cover the reasonable cost of retrieving the information and supplying it to you.
Access to Personal Data may be refused in a number of circumstances, such as where the Personal Data relates to anticipated legal proceedings or the request for access is frivolous or vexatious. If we deny or restrict your access, we will explain why as required by applicable laws.
Security of Personal Data is important to us and we take all reasonable precautions to protect Personal Data from misuse, loss, unauthorized access, modification or disclosure.
Some of the ways we protect Personal Data include:
- External and internal premises security;
- Restricting access to Personal Data only to staff who need it to perform their day to day functions;
- Maintaining technology products to prevent unauthorized computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and anti-virus software; and
- Maintaining physical security over paper records.
We will retain your Personal Data for a reasonable period for the purposes, or as required by law.
Cookies: Privacy and our websites
When visiting our sites, you will not be required to provide us with any Personal Data unless you request information about our product or service, or respond to a contest or promotion, or provide a feedback. In which case, we will ask you to provide contact details along with other information required to respond to your request or allow you to enter the contest or promotion.
The Personal Data and information provided may also be retained for product planning purposes, and we may use your Personal Data to contact you for direct marketing purposes where your consent was given.
If you send us an email:
If you send us an email containing your Personal Data, we will take reasonable steps to ensure the confidentiality of that information. The content of emails is sometimes monitored by our internet host for maintenance and fault detection purposes. We may also monitor email for legal compliance purposes.
Although we take steps to protect Personal data and information sent by e-mail, e-mail is not a secure method of communication and if you are concerned about sending your Personal Data to us in this manner you may prefer to contact us by any of the other means set out below.
If you believe that the privacy of your Personal Data has been compromised, please contact us and we will take the relevant steps to address your concerns.
Your Use of Other’s Information
You agree to respect to other users’ personal information that you obtain through the Site or through any of our Site-related communication or transaction.
In addition, under no circumstances will you disclose personal information about another user to any third party without our consent and the consent of such other user after adequate disclosure. Please note that law enforcement personnel and other rights holders are given different rights with respect to information they access.
We and our users do not tolerate spam.
Control Your Password
Protection of Minors
If you are under the age of 18 years are not eligible to use our services or purchase any products online.
ARiMI and its associated/affiliated businesses does not solicit any personal information from minors, and we request that minors do not submit any personal information to us online. If you are under the age of 18 years, you may only surf the site only if you have obtained consent from your parents/legal guardian or if you are under the supervision of your parent or legal guardian.
Third Party Websites
Our website may contain links to other websites which are owned or operated by third parties independent of ARiMI and its associated/affiliated businesses including websites owned or operated by ARiMI and its associated/affiliated businesses dealers and by our service providers. Those websites should contain their own privacy statements and their owners or operators are responsible for informing you about their security and privacy practices. ARiMI and its associated/affiliated businesses will not be responsible for the privacy policies and practices of other websites even if you access them using links from our websites and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions. In addition, if you are linked to our websites from a third-party website, ARiMI and its associated/affiliated businesses cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
Right to Amend our Online Privacy Statement
Additional information to deal with the European Union General Data Protection Regulation (EU) 2016/679 (“GDPR”)
This section applies only if a particular circumstance or activity applicable to ARIMI requires the application of the GDPR to ARIMI. Subject to the aforesaid, in such cases, this section would apply to residents of the European Union only.
Generally, we process personal data on the basis of consent. Apart from consent, under the GDPR, we may also lawfully process your personal data on one or more of the following bases:
Lawful basis for processing
- The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Process your personal data on the basis of a balance of interests to pursue our or a third party’s legitimate interests. This is carried out for one or more of the purposes set out at section B of this document. Further, we may process your personal data for the legitimate interests of promoting the good of ARIMI and/or alumni community, and maintaining ARIMI’s relationship with its former students (i.e. alumni) to grow the ARIMI spirit in its students and former students. The latter would apply to an alumnus.
- Necessary for compliance with a legal obligation to which ARIMI is subject.
- Necessary in order to protect the vital interests of the data subject or of another natural person.
- Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in ARIMI.
We practise data minimisation and strive to collect only what is necessary in relation to the purposes for which such personal data is processed and to maintain the relevant relationship between us such as the student relationship in the case where you are a student. The consequence of not providing such requested personal data may result in our inability to start that relationship with you, to maintain that relationship with you or to provide you with our products or services.
Where your personal data is transferred to a country for which the European Commission has not made an adequacy decision, we will take appropriate steps to ensure that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to protect the transferred personal data. This may include us entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer.
Where the GDPR is applicable, you have the following rights (subject to any exceptions under the GDPR):
Access. You have the right to request confirmation of whether we process your personal data, a copy of the personal data we are processing about you, and other information relating to your personal data as provided for in the GDPR.
- Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.
- Erasure. You have the right to request that we delete personal data that we process about you if one of the grounds for erasure under the GDPR applies.
- Restriction of processing. You have the right to restrict our processing of your personal data if one of the grounds for such restriction under the GDPR applies, such as where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose, pursuant to the full terms of the grounds as provided in the GDPR.
- Data portability. You have the right to obtain personal data we hold about you, in a structured, commonly used, electronic format, and to transmit such data to another data controller, if certain conditions under the GDPR are satisfied.
- Objection to processing. You have the right to object to our processing of your personal data where such personal data is being processed by us for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us, or for the purposes of the legitimate interests pursued by us. Additionally, you have the right at any time to object to our processing of your personal data for direct marketing.
Further, you have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes, subject to condition(s) in the GDPR.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge.
You also have the right to lodge a complaint with the local data protection authority or the European data protection authority applicable to you if you believe that we have not complied with applicable data protection laws.
In general, we do not use automated individual decision-making for the formation and management of your relationship with us. If we should rely on such processing in a particular situation, we will do so in accordance with the GDPR.
Asia Risk Management Institute
3 Temasek Avenue #21-00 Centennial Tower