This policy will give you information about how Singapore University of Social Sciences (“SUSS” or “we”) collect, use and look after your personal data when you visit the website uilearn.edu.sg and its microsites (collectively, the “Site”) and use the content, apps and games and related services (the “Content”) available on the Site.

This policy also tells you about your privacy rights and how the law protects you. It covers both our online and offline data collection activities, including personal data that we may collect through our various channels such as websites, apps, third party social networks and events.

This policy does not cover the practices of third-party websites or platforms we do not own or control, including operators of the platform through which you obtain our apps (e.g. Apple’s App Store or Google Play Store) which collects personal data required for the download. The data protection provisions of the relevant platform operators apply and may be viewed on the platform in question. SUSS only receives aggregated and anonymised data of user downloads from such platform operators.

In this policy, “personal data” is as defined in the Singapore Personal Data Protection Act 2012 (“PDPA”) and is any information about a person from which that person can be identified. These include names, addresses, telephone numbers, email addresses, dates of birth, passport numbers or numbers of other forms of identification. It does not include (a) business contact information; (b) personal data about an individual that is contained in a record that has existed for at least 100 years; or (c) personal data about an individual who has been deceased for more than 10 years.

If we change the way we handle your personal data, we will update this policy. We reserve the right to make changes to our practices and this policy at any time in compliance with the applicable legal requirements of data protection. You should check back frequently to see any updates or changes to this policy.

1.	What Personal Data Does SUSS Collect?
1.1	We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: (a) Identity Data includes first name, last name, username or similar unique identifier, marital status, title, date of birth and gender; (b) Contact Data includes billing address, delivery address, email address and telephone numbers or similar contact data; (c) Financial Data includes bank account and payment card details; (d) Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us; (e) Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, user ID, MAC ID and other technology on the devices you use to access the Site; (f) Profile Data includes your username and password; (g) Purchaser Data includes purchases or orders made by you, services requested, rewards or benefits requested or used, your interests, preferences, and feedback or survey responses; (h) Usage Data includes information about how you use the Site, Content and related services; (i) Marketing and Communications Data includes your preferences in receiving marketing from us and our business partners and your communication preferences; (j) Tracking Data including data about what pages you visited prior to landing on the Site or where you travelled after visiting the Site as well as how you interacted with emails or other messages sent to you by us (e.g. if you deleted or opened the email).
1.2	We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data because this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
1.3	We use Pseudonymized Data to minimize the privacy impact to you. Pseudonymization is a method that replaces or removes information in the dataset that identifies an individual but permits a data controller or third party to reidentify the personal data with reasonable effort. It is important to be aware that unlike anonymization, pseudonymization does not remove all identifying information from the data but reduces the linkability of a dataset with the identity of an individual.
1.4	If you do not provide the necessary personal data to us (we will let you know when this is the case, for example, by making this information clear in our registration form), we may not be able to provide you with access to the Site, Content and related services).
2.	Personal Data Collected Automatically
2.1	SUSS automatically collects some personal data about how you interact with and navigate the Site, as well as the device and software you use to do so. Such personal data commonly includes: (a) your use of the Site (such as timestamps, clicks, scrolling, browsing times, browsing heatmaps, searches, referral/exit pages, and activity and interactions on the Site, including chat logs); (b) your computer or device (such as IP address, which may be used to infer general location at a city or country level, unique device IDs, processing capabilities, manufacturer and model, language and other regional settings, and screen resolution and similar settings); (c) your connection to the Site, including details about the network and software that you are using (such as browser type and version, operating system name and version, ISP, and your preference settings); and (d) how the Site performs, including problems you may encounter (such as loading errors and response times.
2.2	We may use technologies like cookies, scripts, and our own servers to help us collect and store such personal data, including in log files. Cookies are small data files that your browser places on your computer or device. A cookie itself does not contain or collect information. However, when it is read by a server via a web browser it can help a website deliver a more user-friendly service – for example, remembering previous purchases or account details. The cookies we use are: (a) Necessary cookies – These are required to enable technical site functionality and to provide the services explicitly requested by you. This includes as an example services such as your selected country and language, keeping you logged in, providing security and fraud prevention, having your digital shopping bag and wish list items stored while you browse, remembering volume settings, and you getting access to secure areas of the Site.  This category of cookies cannot be disabled and does not require consent; and (b) Analytic cookies – These cookies are optional and collect information about how visitors use and experience the Site in order to optimize design, operations, efficiency and to improve your user experience.
	Necessary cookies are essential for the Site and you cannot opt out of them, but you can delete necessary cookies after use. For all other cookies, you can always adjust your settings and revoke your consent.
3.	Personal Data Collected from You
	SUSS collects personal data from the following sources: (a) Website – this includes any websites operated by or for SUSS, including sites that we operate under our own domains/URLs and mini-sites that we run on third party social networks such as Facebook; (b) Mobile games/apps – this includes mobile games or applications operated by or for SUSS, such as smartphone apps; (c) E-mail, text and other electronic messages – this includes electronic communications between you and SUSS; (d) Customer Service – this includes calls or online chats with our customer service personnel; (e) Online registration forms – this includes account registration and subscriptions; (f) Offline registration forms – this includes printed registration and similar forms that we collect via, for example, postal mail, promotions or events; (g) Research in which you and/or your child(ren) may participate, both in person and online.
4.	Personal Data Collected Automatically
	SUSS may receive personal data about you from various third parties and public sources as follows: (a) Technical Data from analytics providers and search information providers; (b) Contact, Financial and Transaction Data from providers of technical, payment and delivery services; (c) Identity and Contact Data from data brokers or aggregators; (d) Identity and Contact Data from publicly available sources; (e) Identity, Contact and Login Data from third parties who you have instructed to share data with us (for example, to sign-in to your Site account using a third-party or social media service like Facebook); (f) Tracking Data from third party platforms such as social media platforms or search engines or websites such as partner websites or applications.
5.	How We Use Personal Data
5.1	We use the personal data we collect for our business purposes, including to: (a) provide the Site, the Content and related services; (b) respond to your questions, and communicate with you; (c) enhance and personalize your experience on the Site, including to recognise you, maintain your preferences and settings, connect you with other users and link to your third-party platform and social networking accounts; (d) provide technical and other support; (e) review the use and operations of the Site, develop new content or services, and conduct analyses to enhance or improve our software, Content, marketing and support; (f) conduct internal marketing and demographic studies; (g) address issues with the Site or other business needs; (h) protect the security or integrity of the Site, its users and our business such as by protecting against and preventing violation of the Site’s Terms of Use, including combating fraud, piracy, cheating, tampering, unauthorized transactions, claims, and other liabilities, and managing risk exposure; (i) interact on your behalf with third-party platforms and social networking accounts you connect with your Site account; (j) participate in processing of personal data that we inform you about when you provide your personal data or when you consent to such processing; and (k) as permitted by applicable law, including the PDPA.
5.2	We use the personal data we collect for commercial purposes, including to: (a) provide you and other users with customized content on the Site, via email and text message, or on other sites, mobile applications, or social media on behalf of SUSS or our business partners; (b) contact you with information and promotional materials; (c) administer surveys, focus groups, research, contests or other promotional activities or events sponsored or managed by us or our business partners； (d) analyse our users, in combination with other data, to assess our user base and target marketing at other similar groups.
5.3	Both we and our third-party tracking partners use browser storage, app storage, cookies, pixels, beacons, scripts and tags to operate our websites and apps, and provided you have given consent, to analyze your use and market to you. We may receive reports on these from our third-party tracking partners on an individual and aggregate basis, and those partners may combine that information with other information they have collected from you.
6.	Disclosure of Personal Data
6.1	SUSS may share your personal data with business partners and/or funding agencies who provide funding to you in respect of your enrolment in courses available on the Site.
6.2	We process personal data with third parties/vendors as follows: (a) IT Service providers. We use a series of trusted partners in Singapore and elsewhere in the world to provide us with IT services and system administration services – in regard to both our customer and partner facing activities as well as our internal IT and administration systems; (b) Global payment provider and processing partners. These help us to secure a safe and efficient online payment process; (c) Cloud storage partners. We store our and your data at secure data centers; (d) Fraud prevention and detection partners and agencies. These work with SUSS to ensure that SUSS is not defrauded; (e) Social media partners and online search platforms. These help us to be present, allow you to interact with SUSS on the platforms where you are, and allow us to provide tailored marketing of our products and services as well as provide us with an broader understanding of how our users and the public interact with us via these platforms and partners; (f) Survey, questionnaires and product review suppliers. These help us get your all-important feedback of your experiences on the Site; (g) Tax and customs authorities, regulators and other authorities globally. These require reporting of personal data processing activities in certain circumstances; (h) Professional advisers. These include lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services to SUSS.
6.3	SUSS will also use and disclose personal data we believe to be necessary or appropriate: (a) to comply with applicable laws (which may include laws outside the country you live in); (b) to respond to requests from public and government authorities (which may include authorities outside the country you live in); (c) to cooperate with law enforcement; and (d) to protect our rights, privacy, safety or property, and that of our business partners, you or others.
6.4	In addition, we will use, disclose or transfer personal data to a third party in the event of any reorganization, merger, sale, joint venture, assignment.
6.5	SUSS may transfer personal data to organisation outside Singapore. Such transfers will be made in accordance with the requirements of the PDPA and only if SUSS reasonably determines that there is an adequate level of protection for personal data in the country in question.
7.	Security
7.1	SUSS implements a comprehensive set of physical, technical, and organizational safeguards to protect personal data from unauthorized access, alteration, misuse, or disclosure at all stages of its lifecycle—during transmission, processing, and storage. For example, we use computer systems with limited access in controlled facilities to store personal data. We also use technologies like encryption and hashing to protect some of the personal data we collect.
7.2	You agree that that no server, communications network, or data transmission over the Internet is 100% secure and that data protection and data security cannot be guaranteed for transfers outside SUSS’ control. SUSS makes no assurances about our ability to prevent any such loss or misuse.
8.	Your Rights
	You have the following rights in respect of the personal data we hold of you: (a) Request access to your personal data. You have a right to access the personal data we are keeping about you. In many cases this information is already present to you on the Site services. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for SUSS’ business practices, know-how, business secrets and internal assessments; and (b) Request correction of incorrect or incomplete data. If the personal data we have pertaining to you are incorrect or incomplete, you are entitled to have the data corrected, with the restrictions that follow from applicable legislation, including the PDPA.
9.	Security
9.1	SUSS will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
9.2	To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
10.	Information for Parents
10.1	Some features of the Site or Content have age gates to prevent children from using such features or Content. SUSS takes all reasonable care to ensure that we do not knowingly collect, store, use or process personal data from children who may use such features without proper parental or legal guardian consent.
10.2	We seek parental/legal guardian consent for anyone under the age of 18 years (or older, in countries where local laws so require).
10.3	While some of the Content are designed with adult users in mind, others are intended to be used mainly by children. Whenever SUSS collects personal data from a child, we only keep the information for the time we need it to provide a service or for the time it is legally required to be kept on record. (a) informing parents/legal guardian what personal data we collect, store, use and process from their child(ren) and explaining whether we share the information; (b) meeting legal requirements by asking for parental/legal guardian consent to collect, use and process a child’s data and asking for consent to send their child(ren) information about our Content and services; (c) limiting how we collect, store, use and process personal data from children so only personal data that is reasonably needed for them to take part in an online activity is collected; (d) giving parents/legal guardians access or the option to ask for access to personal data that we have collected from their child(ren) – parents/legal guardians can also ask for their child(ren)’s personal data to be changed or deleted.
10.4	While children can choose whether to share their information with us, there are features on the Site that will not function if they have not given us their personal data. Where personal data is needed for features to function, SUSS will ask for information that is reasonably required to take part in the activity.
10.5	Children can register for an account on the Site to access age-appropriate Content and services. During registration, a child will be asked to provide their parent’s or legal guardian’s email address, the child’s first name, gender, birth date, username and password. SUSS uses this information for security and notification purposes. We strongly encourage children to create a username that excludes any personal information.
10.6	The Site may allow children to create or use Content themselves. Whenever an activity could potentially allow a child to share personal data, SUSS will request the parent or legal guardian for consent. Examples of personal data could be stories, free-text fields, drawings that allow text or free-hand entry of information, photographs of the child, sound clips, movie files or any type of content or other persistent identifiers that clearly identifies the child in some way.
10.7	If a child wants to enter a competition or participate in a survey, we ask for the personal data that we need for a child to take part. We usually only ask for the child’s first name and the email address of a parent or legal guardian (so that we may notify the responsible adult).
10.8	We may need to ask for a child’s contact details (including their email address) so that we can reply to questions that they have asked us. If we need to get in touch with the child a second time, for example to reply to additional questions, we will request an email address from their parent or legal guardian. We then only keep the child’s online contact information for the time it takes us to honour their request and will not use the information for any other purpose. If we ever need a child’s online contact information for ongoing communication, we will ask for the parent’s or legal guardian’s email address at the earliest opportunity so that we can keep the adult informed of the data we’re collecting and to give the adult an option to ask us to stop collecting data. Parents or guardians can opt out of any communication we have with their child at any time by following the unsubscribe instructions within each communication (if there is more than one type of communication, the adult may need to opt out of each individually). Alternatively, they can contact our UniLEARN support team.
10.9	SUSS will consent from a parent or legal guardian by email before collecting information on a child’s street name, address or coordinates as such information enable us to effectively identify a specific child. As an opposite, we do not require parental/legal guardian consent to collect information on a child’s city, country or region as long as it is not linked directly to the specific child. If you would like for us to not collect this type of location information, you can adjust the settings on the device your child is using at any time. Alternatively, please contact our UniLEARN support team.
10.10	In order to give Site users more relevant and personalized online experiences, we collect some types on information (e.g. information on IP addresses, mobile device identifier, browsers, internet service providers, referring pages, exit pages, visitor frequency, operating systems, date stamps, time stamps and clickstream data). We collect this information using technologies such as cookies, pixels, flash cookies, web beacons and other unique. We may collect this information ourselves or ask a third party to process the data on our behalf. We use this data to give children access to online features and activities, to customize content, to improve our online channels, to analyze the performance of our online channel and to create anonymous reports. If we ever want to collect children’s personal data for any reason, we will contact the child’s parent or legal guardian for consent in advance.
10.11	If we need to collect a child’s personal data to provide Content or service on the Site requested by the child or if a child wants to share personal data publicly or with a third part via the Site, SUSS will send the child’s parent or legal guardian an email explaining what personal data is being collected, how we plan to use it and ask the parent/legal guardian to give or deny their consent. If we do not receive parental/legal guardian consent in a reasonable time, we will all information we have collected from the child including the adult’s contact information that we asked for in order to request consent.
10.12	Parents or legal guardians may at any time refuse to allow SUSS to use and collect further personal data from their child. Parents or legal guardians can ask us to delete the personal data we have collected in connection with their child’s account from our records. As personal data is required for some services, deleting a child’s records may result in an account, membership, or service being unavailable to the child in the future. If a child has a registered account on the Site, the parent/legal guardian can access, change or delete the personal data we have collected from their child by getting in touch with our UniLEARN support team.
11.	Information for Children
11.1	This policy tells you how we use your personal data so you know what happens with it when you give it to us. Please ask an adult to help you read the entire privacy policy.
11.2	Anything that can be used to identify you is personal data, e.g. your name, a photo of you, your email address or online username.
11.3	The main reason we need to use your personal data is to know who you are. If you are logged in to one of our apps or games, we use your personal data to keep track of your game progress, to help you stay connected with your friends in the app or game, or to let you save Content you have uploaded to your Site account.
11.4	We sometimes also use your personal data because of an event you take part in or for a survey that we organise.
11.5	We can only use your personal data for certain reasons. We provide many online services, and we may need to use your personal data to do our work and deliver the service to you without asking you first. Other times, we need to get permission from your parent/legal guardian. If they say no, we cannot use your personal data.
11.6	Sometimes we need to share your personal data to do our work. We are very careful about how we do this, which means there are even more rules. We might need to share your data with your family if they are helping you. Also, we might need to share your data with other people (refer to the sections on cookies and have your parent/legal guardian explain it to you).
11.7	We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period can vary.
11.8	You have a say in what happens to your personal data. You have the right to know what we do with it. You can ask us to tell you what personal data we have about you; or you can tell us to stop using it or delete it. You can tell us to correct any personal data about you that is wrong or inaccurate.
12.	Contact Us
	If you have questions about this policy, please use dpo@suss.edu.sg to contact our Data Protection Officer. You may also contact us or our Data Protection Officer by mail at the address below. Please include your name and identify your location in your message. SUSS Data Protection Officer 463 Clementi Road Singapore 599494

*******************************