1.1 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, medical records, photographs and video images.

1.2 We will collect your personal data in accordance with the PDPA. In general, before we collect any personal data from you, we will notify you of the purposes for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes.

2.1 The personal data which we collect from you may be collected, used and/or disclosed for purposes including, without limitation, the following:
(a) The management of library accounts: for example, issuing membership cards, issuing and return of loans, and the renewal of membership (if applicable);

(b) Administering and/or managing your relationship with NUS (including the mailing of correspondence, statements or notices to you, which could involve the disclosure of certain personal data about you to bring about delivery of the same, as well as on the external cover of envelopes / mail packages);

(c) Carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by NUS, including obtaining of references and/or other information about you from your previous education institute(s) and affiliation(s);

(d) Responding to any enquiries by you;

(e) Crime prevention and the prosecution of offenders: for example, ensuring the security of our collections and the safety of our users through Closed-Circuit Television (CCTV);

(f) Maintaining campus safety and security of persons and property (including the use of CCTVs), as well as investigating fraud, misconduct, any unlawful action or omission by you, and whether or not there is any suspicions of the aforementioned;

(g) Responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to the Ministry of Defence, Ministry of Education and Ministry of Health) or non-government agencies authorised to carry out specific government services of duties from time to time;

(h) Improving services: for example, by the collection of data through the operation of the entrance/exit turnstiles;

(i) Carrying out market related, evaluative or similar research and analysis for NUS’ operational strategy and policy planning purposes;

(j) Promotion: for example, to inform you of service changes and projects;

(k) Personalisation of services which might of particular use to you: for example, disability support, advice and request services.

(collectively, the “Purposes”)

2.2 Your data is held securely, and is accessed only by those in the NUS who need to see it in the performance of their duties, and proportionately to those duties. Your data is not disclosed to people in the university who do not have a legitimate reason to see it.

2.3 In order to conduct our operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, which may be sited outside of Singapore, for one or more of the above-stated Purposes. This is because such third party service providers, agents and/or affiliates or related corporations would be processing your personal data on our behalf for one or more of the above-stated Purposes.

3.1 We respect the confidentiality of the personal data you have provided to us, and will use your personal data only for the above-stated Purposes.

3.2 However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

(a) cases in which the disclosure is required based on the applicable laws and/or regulations;

(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;

(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;

(d) cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;

(e) cases in which the disclosure is necessary for any investigation or proceedings;

(f) cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer; and/or

(g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest. 

3.3 The instances listed above at paragraph 3.2 is not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the Second, Third and Fourth Schedules of the PDPA which is publicly available at http://statutes.agc.gov.sg (broken link).

3.4 In all other instances of disclosure of personal data to third parties with your express consent, we will endeavour to provide adequate supervision over the handling and administration of your personal data by such third parties, as well as to provide for adequate forms of protection over such personal data.

4.1 You may request to access and/or correct your personal data currently in our possession at any time by submitting your request through any of the following channels:

4.2 For a request to access personal data, we will provide you with the relevant personal data within a reasonable time from such a request being made.

4.3 For a request to correct personal data, we will undertake the following:
(a) we will correct your personal data as soon as practicable after the request has been made; and

(b) subject to paragraph 4.4, we will send the corrected personal data to every other organisation to which the personal data was disclosed by NUS within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

4.4 Notwithstanding paragraph 4.3(b), we may, if you so consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.

4.5 We may also be charging you a reasonable fee for the handling and processing of your requests to access and/or correct your personal data.

5.1 You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control at any time by submitting your request through any of the following methods:

5.2 We will process your request within a reasonable time from such a request for withdrawal of consent being made. Request for withdrawal of consent may affect validity of the membership. We will notify you if the membership has to be withdrawn due to inadequate personal data.

6.1 We will take appropriate measures to keep your personal data accurate, complete and stored in a secure manner.

6.2 We will also take commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.

6.3 We will also take commercially reasonable efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.

7.1 As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.

7.2 We reserve the right to amend the terms of this NUS Libraries External Members Data Protection Policy at our absolute discretion. Any amended NUS Libraries External Members Data Protection Policy will be posted on this website.

7.3 You are encouraged to visit this website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.