NUS
Sidebar

NUS Privacy Notice

1. Introduction

The National University of Singapore (NUS) takes its responsibilities under the Personal Data Protection Act 2012 (“PDPA”) and other data protection laws very seriously. NUS also recognises the importance of the personal data entrusted to us and believes that it is our responsibility to properly manage, protect and process your personal data.

This Privacy Notice describes (i) how NUS will collect, store and use your personal data when you access or use our services or when you interact with us ; and (ii) information on our use of cookies. In this context, “personal data” means information that identifies you personally or data that can be linked with such information to identify you directly or indirectly.

By interacting with or transacting with us, calling or sending messages to us, accessing our websites and/or submitting information to us via forms or other data collection means or processes (whether through a form, an interview, our websites or otherwise), you signify that you have read, understood and agreed to NUS’ collection use and disclosure of your personal data as described in this Privacy Notice.

This Privacy Notice applies only to NUS services and websites. Our websites may contain links to other websites not maintained by NUS. Such third-party websites are subject to their own data protection and privacy practices and you are encouraged to examine the privacy notices of those websites.

2. Who is NUS?

References to “National University of Singapore”, “NUS”, “us”, “we”, “our” in this Privacy Notice mean National University of Singapore, a company registered in Singapore with Registration Number 200604346E.

Our registered office is at 21 Lower Kent Ridge Road Singapore 119077.

3. Questions about this privacy notice

If, at any time, you have any queries on this Privacy Notice or any other queries in relation to how NUS manages, protect and/or process your personal data, please do not hesitate to contact the NUS Data Protection Office at dpo@nus.edu.sg.

4. What personal data does NUS collect about you?

NUS may collect and process the following information about you either directly from you, from your authorised representatives, from third-parties, or from publicly available sources:

 

5. What does NUS use your personal data for?

NUS may collect, use and/or disclose your personal data, where permitted by data protection laws, for the following purposes (“Purposes”):

6. Who does NUS share your personal data with?

In order for NUS to offer services to you, we may have to disclose your personal data to third-parties in order for them to process it on our behalf. This may include the following categories of recipients:

  • Our service providers – for example, suppliers who are in charge of running aspects of our websites, or HR service suppliers who manage our payroll;
  • Our agents – who may be delivering parts of our services on our behalf; and
  • Our affiliates or related companies – who may be delivering parts of our services on our behalf.

Some of these third-parties may be located outside of Singapore.

NUS will only disclose your personal data to third-parties where we are allowed to do so under data protection laws. More specifically, NUS will not disclose your personal data to any third-parties without your prior consent to do so, unless such disclosure is sanctioned under the PDPA exemptions.

When sharing your personal data with third-parties, NUS will always ensure that appropriate safeguards are in place to protect the security and confidentiality of your personal data when in the hands of such third-parties. Those safeguards will always comply with the minimum requirements set out in data protection laws.

7. Requests for access, correction and/or withdrawal of personal data

You may request to access and/or correct the personal data currently in our possession, or object to the collection, use and/or disclosure of your personal data in our possession or under our control, at any time by submitting your request to the NUS Data Protection Office.

For a request to access personal data, NUS will provide you with a copy of the relevant personal data within a reasonable amount of time from when the request is made.

For a request to correct personal data, NUS will process your request as soon as practicable after the request has been made. Such correction may involve necessary verification, which may include sending the corrected personal data to other organisations to which the personal data was disclosed by NUS within a year before the date the correction was made (unless that other organisation does not need the corrected personal data for any legal or business purpose), or if you so consent, only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.


NUS may also charge a reasonable fee for the handling and processing of your requests to access and/or correct your personal data. You will be notified in advance of such costs.

For a request to object to the processing of your personal data by us, NUS will process your request within a reasonable time from when the request is made. Such requests may adversely impact your relationship with NUS or the quality of the services NUS delivers to you. NUS will notify you in advance of such impacts.

8. How does NUS protect your personal data?

NUS will take appropriate measures to keep your personal data accurate, complete and updated.

NUS will take precautions and preventive measures to ensure that your personal data is adequately protected and secured in accordance with data protection laws. Appropriate security arrangements will be made to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration to or of your personal data.

NUS will also make reasonable efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that:

  1. the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and
  2. retention is no longer necessary for any other legal or business

9. Persons located inside the European Economic Area (“EEA”)

The European Union (“EU”) General Data Protection Regulation (“GDPR”) is a EU framework for data protection that came into force on 25 May 2018.

It applies to organisations processing and holding the personal information of data subjects residing in the EEA, regardless of where the organisation is located.

NUS is in the process of aligning our privacy framework and organisational practices with the GDPR and a University-wide enhancement programme is currently underway to further strengthen the way in which we protect your personal information.

If you are located inside the EEA, the provisions set out in Appendix 1 may also apply to your personal data.

10. Updates to this privacy notice

As part of our efforts to ensure that NUS properly manages, protects and processes your personal data, we will be reviewing our policies, procedures and processes from time to time.

NUS may amend the terms of this Privacy Notice at its absolute discretion. Any amended Privacy Notice will be posted on our website, and we will notify you if NUS makes any significant changes to this Privacy Notice where required to do so under applicable laws.

We recommend that you revisit this Privacy Notice regularly.

11. NUS Website & Services

  1. This Privacy Notice applies only to NUS services and
  2. If you are only browsing this website or using the Search function, we do not capture data that allows us to identify you individually.
  3. This website automatically receives and records information on our server logs from your browser, including your IP address, cookie information, and the page(s)
  4. Although user sessions are tracked, the users remain
  5. Our websites may contain links to other websites not maintained by NUS. Such third-party websites are subject to their own data protection and privacy practices and you are encouraged to examine the privacy notices of those

12. Cookies

  1. Cookies are small f iles created on your computer by websites that you visit. They are widely used in order to enable websites to function and perform more efficiently as well as provide information to the owners of the websites.
  2. When you use and access our websites, we may collect information from you automatically through cookies or similar technology.
  3. By continuing to use our website, you consent to our use of cookies to collect and use your personal data for the purposes set out in this Privacy Notice, including without limitation:
    • enabling proper functionality of our website such as security, network management and accessibility
    • providing analytics
    • collecting information on website usage
    • understanding, storing and/or managing your interests, concerns and preferences
    • monitoring, processing and/or tracking your website usage in order to facilitate or manage your use of the Website, and/or to assist us in enhancing your browsing experience
  1. While this cookie can tell us when you enter our sites and which pages you visit, it cannot read data off your hard disk.
  2. By default, most web browsers enable the use of cookies, but you can manage the cookie settings on your browser and choose to disable cookies at any time. If you wish to delete cookies or instruct your web browser to delete or refuse cookies, please refer to the help pages of your relevant web browser. However, please note that some of our website features may not function as a result.

Appendix

The following provisions may apply to your personal data if you are located inside the European Economic Area (“EEA”). These apply in addition to the rest of this Privacy Notice.

In the event of any conflict between this Appendix 1 and the rest of this Privacy Notice, the provisions contained in this Appendix 1 will prevail.

13. What is NUS’ lawful basis for processing your personal data?

NUS will always process your personal data in accordance with data protection laws, and will only process it where it has a legal justification to do so. The table below provides some details of the lawful bases NUS relies on in order to collect and use your personal data.

14. Will your personal data be transferred outside of EEA?

See NUS sample

As NUS is located in Singapore, your personal data will be transferred and processed outside of the EEA.Where NUS transfers your personal data from within the EEA to a country outside the EEA, we ensure that adequate safeguards are in place to offer equivalent protection as your personal data would receive within the EEA and in compliance with applicable data protection laws.

Please contact us to find out more about the safeguards NUS has in place for transfers outside the EEA.

15. How long does NUS keep your personal data for?

Personal data that NUS collects will be retained only for as long as is necessary to fulfil the Purposes described in this Privacy Notice. This will generally (but not in all cases) be linked to the duration of time you are enrolled with us as a student or work for us as employee, or to comply with our legal obligations.

When determining the relevant retention periods for your personal data, NUS will take a number of factors into account, including:

  • our contractual obligations and rights in relation to the personal data involved;
  • our legal obligations under applicable laws to retain data for a certain period of time;
  • our legitimate interests;
  • statute of limitations under applicable laws;
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, NUS will securely erase or anonymise your personal data where we do not have a legitimate reason for keeping it.

 

16. What are your rights in respect of your personal data?

In addition to the rights listed in Section 7 of this Privacy Notice, you have a number of rights (subject to certain conditions) when it comes to your personal data, as detailed in the table below.

You can exercise any of these rights by contacting us using the details in Section 7 of this Privacy Notice.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.