This document constitutes SEAMEO RELC’s (“RELC”) Data Protection Policy which is drawn up in accordance with the Personal Data Protection Act 2012 (the "PDPA"). We recognise the importance and sensitivity of any personal data which we may collect from you from time to time and are committed to protecting your privacy. RELC will endeavour to process your personal data in accordance with the PDPA and any other relevant legislation.
Please read this Data Protection Policy carefully to ensure that you are aware of and understand the nature of the data which we may collect from you, use of such data, and how you can get in touch with us if you wish to limit or withdraw the right of use of such data. This Data Protection Policy also generally outlines the steps which we take to protect your personal data.
References in this Policy to our partners include our strategic partners, stakeholders, agents, and third party service providers from time to time.
In accordance with the PDPA, RELC has appointed a Data Protection Officer within the organization to ensure compliance with the Act. The contact information of the DPO is as follows:
In the event that we receive personal information through this website, we will only use it to perform the specific services which you have requested.
For personal data transmitted through this website, while we take reasonable steps to ensure security, by accepting these terms and conditions, you accept that the Internet is not a totally secure medium of communication of information and that such transmission will be at your own risk.
Your personal data collected and retained by RELC will be kept confidential and will only be used in accordance with product and service conditions.
We may collect personal data from you via the following channels:
Please note that in accordance with the PDPA, your personal data is required to be kept confidential and not disclosed to any third parties, without your prior consent.
However, subject to other relevant laws and the provision of our services and products, your personal data may be disclosed to the following parties/entities:
We may from time to time, engage external partners to perform various functions for and on our behalf, such as marketing services, events promotion and sponsoring, ticketing and sales services, as well as information and communication technology services.
Accordingly, we will share your data with our partners to the extent necessary to administer any products or services you have chosen to receive from us, as well as for market research and survey purposes.
RELC would require your consent before we can use your personal data for a specified purpose.
RELC uses industry standard efforts to protect the confidentiality of your personal data, storage of data on secure servers and taking other security measures to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks in relation to your data. We regularly review developments in relation to security and encryption technologies.
However, you will realise that no data transmission over the internet can be guaranteed as totally secure and therefore, unfortunately, we cannot ensure or warrant the complete security of any information transmitted from our online products or services.
We will take reasonable efforts to ensure that your personal data is accurate and complete if it is used by us or when we disclose it to our partners or to other third parties in accordance with this Policy. Please note that, in most circumstances, we will presume that personal data directly provided by you will be accurate and complete. However, depending on the circumstances, we may decide to contact you to ensure that this is the case or to ask that you verify that the data we hold in relation to you is up to date.
You can request information about the ways your personal data has been used or disclosed in the past year and if required, to correct an error or omission of your personal data.
To access your personal data - Please attention your request to the DPO and allow us 30 working days to complete your request.
We will carefully review any data access request we receive from you. Please note that we may decide to reject your request if we have determined that the burden or expense of providing it would be unreasonable to us or disproportionate to your interests, if your request concerns information that is trivial, does not exist or cannot be found or it is otherwise frivolous or vexatious. Accordingly, when making any data access request from us, we recommend that you set out the circumstances and reasons for your request in as much detail as possible to enable us to properly assess the matter.
Please note that we expressly reserve the right to charge an administrative fee in relation to any request you make to access personal data we hold and/or have disclosed to third parties in relation to you in the past year. If we decide to do so, we will inform you of the fee we will charge in relation to your request beforehand and we will only proceed once we have received confirmation from you to that effect.
You may also request that we correct any errors or omissions with regards to your personal data and if so, we will normally ensure that this is made as soon as practicable, save where we are satisfied on reasonable grounds that such correction should not be made or where we are not required by law to do so.
You may withdraw your consent to us and/or our partners collecting, using and/or disclosing your personal data at any time by contacting our Data Protection Officer.
We will also inform our partners of your request and will ensure that our partners comply with your request, to the extent permitted or required by law. Please note that we will then delete your personal data in accordance with the retention and disposal principles set out in this Data Protection Policy.
We will only hold your personal data for as long as required for the purposes for which it was collected or as otherwise required or permitted by law. We will regularly review and assess whether personal data can legitimately be retained, having regard to the purpose for which it was collected and any other legal or business purposes for which retention may be necessary. Where we are satisfied that we no longer need to retain your personal data, we will take prompt action to ensure that we will no longer hold on to it, either by destroying or removing your data from our systems, files and other records completely and permanently or by removing any identifying information so that it has become anonymised.