- SSA (“us”, “we” or “our”) is committed to protecting and respecting your privacy. This Statement together with the Term and Conditions and Cookies Policy and the documents referred to in them sets out the basis on which any personal data we collect from you or that you provide to us (“Data”) will be processed by us. Please read this Privacy Statement carefully to understand our treatment and use of Data.
- In this Privacy Statement, references to “you” means the person whose personal information we collect, use and process.
- We will use your personal data only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of your personal data is in compliance with the Personal Data Protection Act (the “Acts”), European Union Law including the General Data Protection Regulation (the “GDPR”) and any subsequent amendments (together the “Data Protection Legislation”).
- If you do not agree with or are not comfortable with any aspect of this Privacy Statement, your only remedy is to not become a customer of SSA.
- We seek to maintain the privacy, accuracy, and confidentiality of personal information (including your personal data) that we collect and use concerning our customers.
The Controller Of Personal Information and contact
- the Data Controller is Singapore Swimming Academy Pte Ltd, a private company registered in Singapore (Company registration number 201314612Z) with the address Aposh Building, 1 Yishun Industrial Street 1, #05-02 S768160.
- The Data Controller can be contacted at [email protected]
What Personal Information is collected and processed?
“Personal Data” refers to any data or information about you from which you can be identified either (a) from that data alone; or (b) from that data combined with other information. Examples of such Personal Data which you may provide us include (depending on the nature of your interaction with us): We may collect and process the following categories of information about you:
- a) your name, national registration identification number, passport number or other identification number, telephone number(s), mailing address, email address, facial image in a photograph or video recording, fingerprint and any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with you;
- b) information about your use of our websites and services, including cookies, IP addresses, student portal account details;
- c) your employment history, education background, and income levels; and
- d) your financial information, such as your bank account or credit card information
Generally, we collect your Personal Data in the following ways:
- when you submit forms relating to any of our products or services, or submit any online queries;
- when you register for or use any of our services on websites owned or operated by us or when you register as a member on any of our websites owned and/or operated by us;
- when you interact with our customer service officers or any of our staff, for example, via face-to-face meetings, interactions during the class/events, telephone calls, letters, online forms (such as any “Contact Us” forms on our websites), social media platforms and emails;
- when you use or purchase our services or products;
- when you establish any online accounts with us (Student Portal);
- when you request that we contact you;
- when you ask to be included in an email or other mailing list;
- when you respond to our promotions or other initiatives;
- when you respond to our market surveys;
- when you submit a job application
- when we receive references from business partners and third parties, for example, where you have been referred by them;
- when you submit your Personal Data to us for any other reason; and
- when you browse our website. Please refer below for more information
What do we use your Personal Information for?
The main purposes for which we use your personal information are:
- Process your account;
- Provide services relating to your account and to work on improving our services to you (including service communication, insight, research, customer surveys and feedback);
- To provide you with relevant marketing communications;
- To support other administrative purposes;
- Comply with all legal and regulatory requirements
The legal basis for this use and other processing will include (as relevant):
- if you have provided us with your consent to the processing of your personal data;
- to enable us to perform our obligations under any contract with you;
- processing for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests and those of other entities in the SSA), in particular this is relevant when we use and process your personal data in order to respond to your enquiries and to address our good governance obligations; and
- we may also disclose your personal information to governmental and regulatory bodies and other third parties where required to do so by applicable law, such as to comply with a court order or a request from a regulator or similar legal process or where otherwise necessary to comply with a legal obligation or for the administration of justice.
In addition, in the event of a merger, acquisition, or any form of sale of some or all of our assets to a third party, we may also disclose your personal information to the third parties concerned or their professional advisors. In the event of such a transaction, the personal information held by SSA will be among the assets transferred to the buyer
The provision of personal data is a contractual requirement and may also be a statutory requirement, and is necessary to process your application or for the performance of a contract. If your personal data cannot be processed this may have an impact on fulfilling our rights and obligations
We do not knowingly process personal data from persons under the age of 13 years. If it comes to our attention that we are processing such personal data, we shall delete such personal data immediately
When you close your account, we may continue to process your personal data, to the extent permitted by applicable law, for the purposes detailed above
RECIPIENTS OF THE PERSONAL DATA
We may disclose your personal information to third parties, including the following:
- Third party service providers;
- Regulatory authorities;
- Others, where it is permitted by law, or where we have your consent.
Period for which the personal data will be stored
The criteria we use to determine data retention periods includes the following:
- Retention in case of queries
- Retention in case of claims
- Retention in accordance with legal and regulatory requirements
- Retention permitted under applicable law
- Please note that, although reasonable efforts will be taken, it may not always be possible to completely remove or delete all of your personal information from our databases because of back-ups and other technical reasons. Where this is the case, we will take steps to ensure that your personal data is suppressed in order to render it unusable
This section outlines our telemarketing policy which relates only to individual users of Singapore telephone numbers and was developed to comply with the Do Not Call (“DNC”) provisions under the Acts. Our telemarketing policy applies to the Singapore Swimming Academy unless we have notified you otherwise in writing.
We aim to comply with the DNC provisions and your choices to receive promotional and marketing messages:
- If you have registered your Singapore telephone number with the relevant Singapore DNC registers, we will not send you promotional and marketing messages via SMS, fax, calls and other means (as applicable)..
- However, if you have previously consented to our sending you such messages to your Singapore telephone number(s), we will continue to do so until you withdraw such consent, regardless of your DNC nominations.
- Also, if you currently have an existing, ongoing relationship with us, depending on the nature of that relationship, we may continue to send you promotional or marketing messages via SMS, fax, calls or any means, about products and services which are related to that ongoing relationship notwithstanding your registration with the DNC Registry, unless you opt-out of receiving such messages.
You may have various rights under data privacy laws in your country (where applicable). These may include (as relevant):
- the right to withdraw your consent to the processing of your personal data. However, we may continue to process your personal information if there is an alternative legal basis for the processing;
- the right to request access to or a copy of the personal data we hold about you. Please note that there is no fee for this request and any request for a copy of your personal data will be processed within thirty (30) days in accordance with the GDPR;
- the right to rectification including to require us to correct inaccurate personal data;
- the right to request restriction of processing concerning you or to object to processing of your personal data if:
- processing is based on legitimate interests or the performance of a task in the public interest or exercise of official authority;
- processed for direct marketing; or
- processed for the purposes of scientific or historical research and statistics
- the right to prevent further processing in specific circumstances and where there is no other lawful ground for continuing to process that information. These include for example
- where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
- where you withdraw consent; or
- where you object to us processing your information;
- the right to request the erasure of your personal data where it is no longer necessary for us to retain it;
- the right to block or suppress processing of personal information. While we are entitled to store your personal information, we cannot further process it if you request it to be blocked;
- the right to data portability including to obtain personal data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; and
- the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent.
Please contact us at [email protected] if you wish to exercise any of these rights (as relevant);
Without prejudice to any other administrative or judicial remedy you might have, you may have the right under data privacy laws in your country (where applicable) to lodge a complaint with the relevant data protection supervisory authority in your country if you consider that we have infringed applicable data privacy laws when processing your personal data. This means the country where you are habitually resident, where you work or where the alleged infringement took place
We endeavour to use appropriate technical and physical security measures to protect your personal data which is transmitted, stored or otherwise processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access. These measures include: storing personal data in a private database which is accessed via an internal control panel protected with the username, password and IP address of our authorised users; storing hashed information as opposed to passwords and using secure cloud storage on Amazon AWS for database backups. Our service providers are also selected carefully and required to use appropriate protective measures
As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to our Site. Any transmission of Data is at your own risk. Once we receive your Data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies become available
In the event that there is an interception or unauthorised access to your personal data, we will not be liable or responsible for any resulting misuse of your personal information