Privacy and Data Protection Policy

ISCA Privacy and Data Protection Policy

 

1. Introduction

1.1 The Institute of Singapore Chartered Accountants (“ISCA” or “we” or “our” or “us”) takes its responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data, and we are committed to protect the privacy of your personal data. If you reside in the UK or Europe we will process personal data in accordance with the General Data Protection Regulation 2016/679 and similar European and UK data protection and data security laws (the “Data Protection Laws”). Please read this policy to understand what personal data is collected or processed by us, and for what purposes it is used for.

1.2 “Personal data” means data, whether true or not, about a living individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal).

1.3 The purpose of this policy is to inform you and provide you with an understanding of how we handle, collect, use, disclose and process personal data about you that you give us, that we receive through third parties or that is in our possession.

1.4 By providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing  and disclosure of your personal data as described in this policy.

1.5 Without prejudice to any of the foregoing, if you provide the personal data of any other third party to us, you warrant and agree that such third party has fully read and understood this policy, and has consented to you disclosing his/her personal data to us for the collection, use and disclosure by us as described in this policy.

Definition of Data Protection Terms

Data is recorded information whether stored electronically, on a computer, or in certain paper-based filing systems.

Data processors include any person who processes personal data on behalf of a data controller. Employees of data controllers are excluded from this definition but it could include suppliers which handle personal data on behalf of the Company.

Personal data means any data relating to a living individual who can be identified from that data. Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal). It can even include a simple e-mail address. It is important that the information has the data subject as its focus and affects the individual's privacy in some way.

Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.

2. Types of Personal Data We Collect

2.1 ISCA collects information about you when you use our website(s), website/IT portal(s)/mobile application(s), forms, surveys, and/or other channels and throughout other interactions, communications and services you have with us.

2.2 Personal data which we may collect include but are not limited to :

(a) your personal information such as your name, NRIC/FIN/Passport number, date of birth, marital status, gender;

(b) your contact information such as postal addresses, email addresses, telephone, mobile phone and fax numbers;

(c) your past and present employment information such as organisation name, organisation type, industry sector, job function and responsibilities, designation, business telephone and fax numbers, business email addresses;

(d) your past and present academic qualifications such as schools attended, courses of study, period of study and academic results;

(e) your professional qualifications and memberships with other professional bodies; and/or

(f) your billing and payment information, including name of the credit/debit cardholder, credit/debit card number, security code and expiry date.

2.3 Other information collected may include professional interest and subscription preferences, training records, details of complaints, disciplinary or criminal records, medical certificates, proof of income and financial details, photographs, videos and/or audio recordings taken by us or our representatives at our events.

2.4 We will collect your personal data in accordance with the PDPA. If you are residing in Europe, including the UK, we will process personal data in accordance with the General Data Protection Regulation 2016/679 and similar European and UK data protection and data security laws (the “European and UK Data Protection Laws”).

2.5 We may collect and store certain information automatically when you visit our website(s) or use our website(s)/IT portal(s)/mobile application(s). Examples include the internet protocol (IP) address used to connect your computer or device to the Internet, connection information such as browser type and version, your operating system and platform, a unique reference number linked to the data you enter on our system, login details, the full URL clickstream to, through and from the website(s) or website/IT portal(s)/mobile application(s) (including date and time), cookie identifier and your activity on our website(s) or website/IT portal(s)/mobile application(s), including the pages you visited, the searches you made and, if relevant, the services you purchase.

2.6 We may receive information about you from third parties if you use any websites or social media platforms operated by third parties (for example, Facebook, Instagram, Twitter etc.) and, if such functionality is available, you have chosen to link your profile on our website(s) or website/IT portal(s)/mobile application(s) with your profile on those other websites or social media platforms.

3. Cookies

3.1 We use cookies to identify you from other users on our website(s) or website/IT portal(s)/mobile application(s).

3.2 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device.

3.3 You can block or deactivate cookies in your browser settings.

3.4 We use log-in cookies to remember you when you have logged in for a seamless experience.

3.5 We use session cookies to track your movements from page to page and in order to store your selected inputs so you are not constantly asked for the same information.

3.6 By continuing to use our website(s) or website/IT portal(s)/mobile application(s), you are agreeing to the use of cookies on the site as outlined above. However, please note that we have no control over the cookies used by third parties.

3.7 For further information on types of cookies and how they work, visit www.allaboutcookies.org.

4. Purposes for which the Personal Data is Collected, Used and Disclosed

4.1 We will/may collect, use, disclose and/or process your personal data for one or more of the following purposes :

(a) To consider and/or process your application to be our student/candidate/member and/or to process your account with us;

(b) To facilitate, process, deal with and/or administer your candidature/membership and/or account with us;

(c) To review and process your exemptions assessment for the qualification /certification programme that you have registered with us;

(d) To deal with, process and/or administer your registration for and/or payment of any training courses, events, seminars, workshops, examinations, certification programme, qualification and/or conferences, including to facilitate, administer, process, deal with and/or manage your application for and/or involvement in any events, seminars, information sessions, committees and/or your interest or participation in any events, seminars, information sessions, committees and/or other opportunities that we may make available from time to time;

(e) For the supply of any goods and/or services which we may offer to you or that you may request, obtain or purchase from us;

(f) To deal with, process and/or administer your use of the online services at any of our website(s), website/IT portal(s)/mobile application(s)  and/or through other digital or telecommunication channels;

(g) For identification and verification purposes in connection with any of the goods and/or services that may be supplied to you by us or that you may request from us;

(h) To carry out your instructions, respond to any enquiry or deal with any feedback given by (or purported to be given by) you or on your behalf, including contacting you via phone/voice call, text message and/or fax, email and/or postal mail regarding your instructions, enquiries and/or feedback;

(i) To conduct research, analysis and development activities (including but not limited to data analytics, surveys, focus groups and/or profiling) to improve our services and facilities for your benefit, or to improve any of our programmes or events;

(j) To deal with, process and/or administer your donation(s) or participation/involvement in the provision of the same, or your participation or involvement in any charitable cause, event or project, or in any charity;

(k) To perform, deal with, facilitate and/or administer fund raising activities, and/or to solicit donations from you, and this may entail contacting you and sending you relevant information via various modes of communication including voice/phone calls, emails, SMS and postal mails;

(l) To deal with, process and/or administer contests and lucky draws conducted by us or on our behalf which you have participated in;

(m) To contact you or communicate with you via various modes of communication such as phone/voice call, text message and/or fax message, forms, email and/or postal mail for the purposes of administering, dealing with and/or managing your application for candidature/membership with us, your candidature/membership with us, your account with us, or any other applications (including applications for training courses, events, seminars, workshops, examinations, certification programme, qualification and/or conferences) you make with/through ISCA. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;

(n) To process and issue certificates after the completion of the course(s)/certification programme(s)/qualification(s) that you have registered with us;

(o) To carry out due diligence or other screening activities (including security and background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;

(p) To prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests or dealing with and/or investigating complaints;

(q) To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or elsewhere), with which we or our affiliates/associated companies are expected to comply;

(r) To comply with or as required by any request or direction of any governmental authority; or respond to requests for information from hospitals, embassies, public agencies, ministries, statutory boards or other similar authorities (including but not limited to the Ministry of Defence, Ministry of Trade and Industry, Ministry of Education, Immigration and Checkpoints Authority, Ministry of Health, Ministry of Home Affairs, Ministry of Manpower, Ministry of Foreign Affairs, Ministry of Social & Family Development and Central Provident Fund Board);

(s) For marketing purpose where we send you news, information, materials and/or updates about events, marketing campaigns, products and/or services that we and/or our business partners provide, or on our behalf. In this regard, we will be doing so by way of postal mail and/or electronic transmission to your email address(es). You may unsubscribe from this service in the manner set out in Clause 7 below;

(t) To facilitate and/or deal with payment for goods and/or services provided by us or our subsidiaries, and/or a third party on our behalf including verification of credit card details with third parties and additionally, using the personal data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);

(u) To deal with, handle and/or conduct disciplinary, security and quality assurance processes, matters and/or arrangements. Without prejudice to the generality of the aforesaid, we wish to bring to your attention that there are surveillance cameras installed throughout the premises of ISCA for security reasons and you acknowledge that your personal data will be collected by such cameras and processed by us consequently;

(v) To perform internal administrative, operational and technology tasks to facilitate, administer or manage your candidature/membership with us;

(w) To produce statistics and research for internal and/or statutory reporting and/or record-keeping requirements and performing ISCA policy/process reviews;

(x) To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside Singapore;

(y) To help us improve our services to you; and/or

(z) To store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore.

(collectively, referred to as the “Purposes”)

4.2 We may/will need to disclose your personal data to third parties, including to banks, payment service providers and/or other payment gateways, whether located within or outside Singapore, for one or more of the above Purposes, as such third parties, would be processing your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for or more of the above Purposes. Without limiting the generality of the foregoing, such third parties include :

(a) our associated/affiliated organisations or related corporations;

(b) any of our collaborative partners, agents, contractors or third party service providers that process or will be processing your personal data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres; and

(c) third parties to whom disclosure by ISCA is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.

4.3 We may share your information with any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries from time to time for one or more of the Purposes.

4.4 You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by contacting our Data Protection Officer. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal, including us being unable to perform the transactions requested by you on our website(s) or website/IT portal(s)/mobile application(s). Do note that your withdrawal of consent will not affect our ability to collect, use or disclose your personal data for a specific purpose without your consent, if the PDPA or a provision in applicable law permits us to.

4.5 We may collect, use, disclose or process your personal data for other purposes that do not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law. For European residents, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the European and UK Data Protection Laws.

4.6 We may/will also be collecting from sources other than yourself, personal data about you, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes. We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the Purposes set out above (depending on the types of information we receive).

5. Storage of Personal Data

5.1 Security of your personal data is important to us. We take appropriate action to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information. All information you provide to us is stored on secure servers and any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website(s) or website/IT portal(s)/mobile application(s), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

5.2 We will put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (b) retention is no longer necessary for any other legal or business purposes. 

 6. Link to other websites

6.1 ISCA website(s), website/IT portal(s)/mobile application(s) and other digital and telecommunication channels may contain links to other sites that are operated by third party companies with different privacy practices. You should remain alert and read the privacy statements of other sites. We have no control over personal data that you submit to or receive from these third parties.

7. Withdrawal of Consent for Marketing Purposes

7.1 You have the right to ask us not to use your personal data for marketing purpose. If you no longer wish to receive marketing messages from us, you may request to withdraw your consent by submitting the Withdrawal of Consent form.

7.2 ISCA members and participants of ISCA courses, seminars, workshop and events may also request to withdraw your consent for such marketing purpose by using the following links:

Update your profile and preferences

  1. Login to the ISCA eServices Portal
  2. Click on “My Profile” and update your Interests and preferences and withdraw your consent under Telemarketing Information

8. Data Access and Correction

8.1 You have the right to access and/or correct any personal data that we hold about you, subject to the requirements of the PDPA. European and UK residents will have a right to request access of personal data subject to the requirements of the European and UK Data Protection Laws. If you would like to request for a copy of your personal data being held by us (such right being subject to applicable exemptions), or to update and/or correct the personal data which you have previously provided to us, please write to:

The Data Protection Officer
Institute of Singapore Chartered Accountants
60 Cecil St 
ISCA House
Singapore 049709
Email : dpo@isca.org.sg

8.2 We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. We reserve the right, or may, charge a reasonable fee for the processing of any data access request.

8.3 For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested.

8.4 For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request. We will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose. European residents should note the European and UK Data Protection Law exemptions that enable information to be withheld, but this will be decided on a case by case basis.

8.5 ISCA members and CPE course participants agree and acknowledge that they are responsible for ensuring the accuracy of their personal data. ISCA members and CPE course participants may also access and correct their personal data with their existing usernames and passwords to the ISCA eServices Portal.

9. Complaint Process

9.1 If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance by writing to:

The Data Protection Officer
Institute of Singapore Chartered Accountants
60 Cecil St 
ISCA House
Singapore 049709
Email : dpo@isca.org.sg

9.2 Where you are sending an email in which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.

9.3 If you are a European resident and wish to complain about the handling of your personal data, you have a right to raise the complaint with your local supervisory authority in the country you are residing in.

9.4 We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.

10. General

10.1 Your consent that is given pursuant to this Privacy Policy is additional to and does not supersede any other consents that you had provided to ISCA with regard to processing of your personal data.

10.2 For the avoidance of doubt, in the event that Singapore personal data protection law permits an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply. This also applies for European and UK Data Protection laws for European residents.

11. Enquiries

11.1 For any enquiries on our privacy policy, please write to:

The Data Protection Officer
Institute of Singapore Chartered Accountants
60 Cecil St 
ISCA House
Singapore 049709
Email : dpo@isca.org.sg

12. EU Representative

12.1 We have appointed Data Protection Representative Limited (trading as “DataRep”) as our Data Protection Representative in the European Union pursuant to Article 27 of the General Data Protection Regulation on matters related to the processing of your personal data.

12.2 If you are based in Europe and UK and want to raise a question to us or otherwise exercise your rights in respect of your personal data, you may contact DataRep by sending an email to datarequest@datarep.com quoting “The Institute of Singapore Chartered Accountants” in the subject line or by completing an online webform at www.datarep.com/data-request/.

Data Protection Representative Limited (DataRep)
The Cube, Monahan Road,
Cork, T12 H1XY,
Republic of Ireland
Email: datarequest@datarep.com

or

Data Protection Representative Limited (DataRep)
BPM 335368, 372 Old Street,
EC1V 9AU, London, United Kingdom
Email: datarequest@datarep.com

ISCA reserves the right to change this policy with or without notice so please check back frequently. Any changes to this policy will be posted on and can be viewed at http://isca.org.sg/privacy-and-data-protection-policy/.

Last Updated on 28th Sep 2020