Personal Data Protection
Personal Data Protection
The University respects the privacy of individuals and recognises the importance of the personal data that have entrusted to the organisation. It is the University’s responsibility to properly manage, protect and process personal data.
For NUS staff, please complete the mandatory personal data protection online course in CHRS in order to gain an understanding of the fundamentals before referring to the various resources available on this page.
View the list of Personal Data Protection Policies for NUS Staff and Students.
NUS Data Protection & Other Relevant Policies, Notices and Guidelines
- NUS Privacy Notice (PN)
- NUS Personal Data Protection Policy & Procedures (PDPP)
- NUS Personal Data Notice for Staff
- NUS Personal Data Notice for Students
- NUS Personal Data Notice for Student Applicants
- NUS Personal Data Notice for Course Participants
- NUS IT Acceptable Use Policy
- NUS Cloud Policy
- NUS Data Management Policy
- DMP – Guidelines on Use, Classi cation and Protection of University Data
Make a Request
NUS Do Not Call Registry
If you wish to register yourself in the NUS Do Not Call Registry
NUS Do Not Call Registry
If you wish to register yourself in the NUS Do Not Call Registry
NUS Do Not Call Registry
If you wish to register yourself in the NUS Do Not Call Registry
Report a Personal Data Incident
Report a Personal Data Incident or Personal Data Breach
All reports will be taken seriously
Should there be cause to suspect a personal data incident involving NUS and/or its Staff/Students, please email to alert us at dpo@nus.edu.sg
To facilitate a timely review, the following details should be included in your report:
i. Full name and contact information*
ii. Affiliation to NUS (e.g. Alumni, Faculty, Staff, Student, No Affiliation etc.)
iii. Details of the incident, including:
- Name of School/College/Centre/Department involved*
- Name of individuals involved (if known)
- Number of individuals involved (if known)
- Date/time when you became aware of the incident *
- Type(s) of PD affected (1)
- Cause (actual/suspected) of the incident (2)
- Impact on PD (3)
- Summary of the incident (Where incident occurred, means of detection, any remedial steps taken)
- Any other relevant information or supporting documentation
*These are required information you need to provide in your report.
Personal Data Breach Report
To report a personal data breach, please use this form and alert us at dpo@nus.edu.sg
Notes
(1) Types of Personal Data Affected
“Personal Data” is defined under the PDPA to mean:
- data,
- whether true or not,
- about an individual who can be identified:
- from that data; or
- from that data and other information to which an organization has or is likely to have access.
Individual’s name
Student matriculation number
Date of birth
Student academic data (e.g. assessment results)
NRIC number, FIN (Foreign Identification Number), passport numbers and other national identification numbers
Health information / medical records
Contact details such as residential address, personal phone number, personal email address
Biometric information (e.g. fingerprint, iris image, DNA profile, voice recording) and research data (4)
Human Resource data about employees (e.g. Staff ID numbers)
Facial image of an individual (e.g. photograph / video recording)
Employment appraisal or evaluation
A reference about an individual
(2) Cause (actual/suspected) of the incident
The cause could include one or more of the following:
- Cyber security issues (e.g. malware, ransomware, data exportation, hacking)
- Loss of data (e.g. loss of physical copies of data, soft copies of data, device containing the PD such as laptop/external drive)
- Theft of data
- Human error (oversight/carelessness)
- Technical error (e.g. system error, access settings)
(3) Impact on Personal Data
Examples of how PD could be affected include, inter alia:
- PD disclosed to unintended recipients
- PD disclosed without consent of the data subject
- Unauthorised transfer of PD
- Data held to ransom
- Data lost/expunged
NUS Privacy Notice
- The National University of Singapore (NUS) takes the Singapore PDPA and other data protection laws very seriously and is very mindful of the concomitant responsibilities.
- NUS also recognises the importance of the Personal Data entrusted to us and believes that it is our responsibility to properly manage, protect and process your Personal Data.
- This Privacy Notice applies only to NUS services and websites. If you are only browsing this website or using the Search function, we do not capture data that allows us to identify you individually. This website automatically receives and records information on our server logs from your browser, including your IP address, cookie information, and the page(s) requested. Although user sessions are tracked, the users remain anonymous. Our websites may contain links to other websites not maintained by NUS. Such third-party websites are subject to their own data protection and privacy practices and you are encouraged to examine the privacy notices of those websites.
- If you choose to share your Personal Data via an application or an e-mail or any other form, we recommend that you read our Privacy Notice set out below explaining how we use your Personal Data when you interact with us via our website or in any other way.
- If you have any queries on this Privacy Notice or any other queries in relation to how we manage, protect and/or process your Personal Data, please do not hesitate to contact NUS Personal Data Protection at dpo@nus.edu.sg
- As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time. We reserve the right to amend the terms of this Privacy Notice at our absolute discretion. Any amended Privacy Notice will be posted on our website. Please visit this website periodically to access current information in relation to Personal Data Protection.
- NOTE: If you are an employee/student of NUS, please also refer to the NUS Personal Data Protection Policy & Procedures, a copy of which is available on the internal Staff Portal/Student Portal.
1. Introduction
The National University of Singapore (NUS) takes its responsibilities under the Personal Data Protection Act 2012 (“PDPA”) and other data protection laws very seriously. NUS also recognises the importance of the personal data entrusted to us and believes that it is our responsibility to properly manage, protect and process your personal data.
This Privacy Notice describes (i) how NUS will collect, store and use your personal data when you access or use our services or when you interact with us; and (ii) information on our use of cookies. In this context, “personal data” means information that identifies you personally or data that can be linked with such information to identify you directly or indirectly.
By interacting with or transacting with us, calling or sending messages to us, accessing our websites and/or submitting information to us via forms or other data collection means or processes (whether through a form, an interview, our websites or otherwise), you signify that you have read, understood and agreed to NUS’ collection use and disclosure of your personal data as described in this Privacy Notice.
This Privacy Notice applies only to NUS services and websites. Our websites may contain links to other websites not maintained by NUS. Such third-party websites are subject to their own data protection and privacy practices and you are encouraged to examine the privacy notices of those websites.
2. Who is NUS?
References to “National University of Singapore”, “NUS”, “us”, “we”, “our” in this Privacy Notice mean National University of Singapore, a company registered in Singapore with Registration Number 200604346E.
3. Questions about this Privacy Notice
If, at any time, you have any queries on this Privacy Notice or any other queries in relation to how NUS manages, protect and/or process your personal data, please do not hesitate to contact the NUS Data Protection Office at: dpo@nus.edu.sg.
4. What Personal Data does NUS collect about you?
- Personal Information
- Identification information
- Contact Details
- Financial Information
- Medical Information
- Academic and Employment Records
- Information collected automatically
5. What does NUS use your Personal Data for?
| For students | |
|
|
| For employees | |
|
|
| For alumnis | |
|
|
| Other purposes | |
|
6. Who does NUS share your Personal Data with?
In order for NUS to offer services to you, we may have to disclose your personal data to third-parties in order for them to process it on our behalf. This may include
the following categories of recipients:
- Our service providers – for example, suppliers who are in change of running aspects of our websites, or HR service suppliers who manage our payroll;
- Our agents – who may be delivering parts of our services on our behalf; and
- Our affiliates or related companies – who may be delivering parts of our services on our behalf.
Some of these third-parties may be located outside of Singapore.
NUS will only disclose your personal data to third-parties where we are allowed to do so under data protection laws. More specifically, NUS will not disclose your personal data to any third-parties without your prior consent to do so, unless such disclosure is sanctioned under the PDPA exemptions.
When sharing your personal data with third-parties, NUS will always ensure that appropriate safeguards are in place to protect the security and confidentiality of your personal data when in the hands of such third-parties. Those safeguards will always comply with the minimum requirements set out in data protection laws.
7. Requests for Access, Correction and/or Withdrawal of Personal Data
You may request to access and/or correct the personal data currently in our possession, or object to the collection, use and/or disclosure of your personal data in our possession or under our control, at any time by submitting your request to the NUS Data Protection Office.
For a request to access personal data, NUS will provide you with a copy of the relevant personal data within a reasonable amount of time from when the request is made.
For a request to correct personal data, NUS will process your request as soon as practicable after the request has been made. Such correction may involve necessary verification, which may include sending the corrected personal data to other organisations to which the personal data was disclosed by NUS within a year before the date the correction was made (unless that other organisation does not need the corrected personal data for any legal or business purpose), or if you so consent, only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.
NUS may also charge a reasonable fee for the handling and processing of your requests to access and/or correct your personal data. You will be notified in advance of such costs.
For a request to object to the processing of your personal data by us, NUS will process your request within a reasonable time from when the request is made. Such requests may adversely impact your relationship with NUS or the quality of the services NUS delivers to you. NUS will notify you in advance of such impacts.
8. How does NUS protect your Personal Data?
NUS will take appropriate measures to keep your personal data accurate, complete and updated.
NUS will take precautions and preventive measures to ensure that your personal data is adequately protected and secured in accordance with data protection laws. Appropriate security arrangements will be made to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration to or of your personal data.
NUS will also make reasonable efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that:
(i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data;
and
(ii) retention is no longer necessary for any other legal or business purposes.
9. Persons located inside the European Economic Area ("EEA")
The European Union (“EU”) General Data Protection Regulation (“GDPR”) is a EU framework for data protection that came into force on 25 May 2018.
It applies to organisations processing and holding the personal information of data subjects residing in the EEA, regardless of where the organisation is located.
NUS is in the process of aligning our privacy framework and organisational practices with the GDPR and a University-wide enhancement programme is currently underway to further strengthen the way in which we protect your personal information.
If you are located inside the EEA, the provisions set out in Appendix 1 will also apply to your personal data.
10. Updates to this Privacy Notice
As part of our efforts to ensure that NUS properly manages, protects and processes your personal data, we will be reviewing our policies, procedures and processes from time to time.
NUS may amend the terms of this Privacy Notice at its absolute discretion. Any amended Privacy Notice will be posted on our website, and we will notify you if NUS makes any significant changes to this Privacy Notice where required to do so under applicable laws.
We recommend that you revisit this Privacy Notice regularly.
| Purpose | Description |
|---|---|
|
For students |
|
|
Evaluating suitability for admission to be a student with us and progressing your application |
|
|
Administering and managing your relationship as our student, including sending you information about course/study/assignment/lecture materials, timetables,
examination details, candidature matters, exchange programmes, scholarships, awards, fees, your achievements, your degree or certification, placements,
secondments or internships with external organisations, programmes or courses run by other organisations. |
|
|
Administering our student records, such as managing student registrations, keeping our records up to date, processing payments and refunds of tuition fees,
processing disciplinary actions. |
|
|
Facilitating your participation in Student Life and Development activities provided by NUS (e.g. festival celebrations, graduation ceremonies, orientation and
student group camps, conferences, volunteering and training programmes, student benefit activities). |
|
|
The purposes listed in the Student Personal Data Notice and Consent Statements (as the same may be amended/revised, updated and/or supplemented from
time to time) which you have agreed to and accepted as part of your enrolment with NUS. |
|
|
For employees |
|
|
Evaluating suitability for employment with us. |
|
|
Administering and managing your employment relationship with NUS, including secondments with or transfer to affiliates, related corporations/associated
companies and third-party organisations, managing our training programmes. |
|
|
Administering our employee records, such as running our recruitment process, keeping our records up to date, managing our payroll and benefit schemes,
processing disciplinary actions. |
|
|
The purposes listed in the Employee Personal Data Notice and Consent Statements (as the same may be amended/revised, updated and/or supplemented from
time to time) which you have agreed to and accepted as part of your employment with NUS. |
|
|
For alumnis |
|
|
Administering alumni activities including notifying you of NUS and alumni-related initiatives and activities, inviting you to NUS and alumni-related events,
updating you on alumni information, submitting alumni surveys and communicating other alumni-related materials. |
|
|
Understanding the profile of the alumni community to inform NUS’s policy making and planning. |
|
|
Other purposes |
|
|
Carrying out due diligence or other screening activities and background checks in accordance with our legal or regulatory obligations or risk management
procedures, including obtaining references and/or other information from prior educational institutions and employers. |
|
|
Responding (in accordance with our legal or regulatory obligations) to requests for information from government or public agencies, ministries, statutory boards
or other similar authorities or non-government agencies authorised to carry out specific Government services or duties. |
|
|
Carrying out your instructions or responding to any enquiry given or submitted by you or on your behalf. |
|
|
Contacting you or communicating with you via various modes of communication such as voice call, text message, fax message, email or postal mail for the
purposes of administering and managing your relationship with us. |
|
|
Dealing with, administering and managing your use of NUS facilities including accommodation, IT services and recreation facilities. |
|
|
Any other Purposes which NUS may inform you of in writing from time to time. |
|