Data protection notice for users and customers
Purpose of this notice
This Data Protection Notice (“ Notice ”) sets out the basis on which Transformation
Analytics and its related company Institute of Business Analytics, together/ separately
(“ we ”, “ us ”, or “ our ”) may collect, use, disclose or otherwise process personal data of our
users and customers in accordance with the Singapore Personal Data Protection Act
(“ PDPA ”). This Notice applies to personal data in our possession or under our control,
including personal data in the possession of organisations which we have engaged to
collect, use, disclose or process personal data for our purposes.
Personal Data
1. As used in this Notice:
“ user/ customer ” means an individual who has either:
(a) contacted us through any means to find out more about our training, goods or
services, or
(b) has entered into a contract with us for the supply of any training, goods or other
services, or
(c) is using our services as part of a purchase/ contract or other licencing/ usage
agreement between us and
1) their employer/ organisation
2) an intermediary who sells our training/ services (including accounting
institutes/ training providers that sell our courses)
“ personal data ” means data, whether true or not, about a user/ customer who can be
identified: (a) from that data; or (b) from that data and other information to which we
have or are likely to have access.
2. Depending on the nature of your interaction with us, personal data which we may
collect from you includes name, email address, telephone number, job role/ title and
name of the company/ organisation you work for.
3. Other terms used in this Notice shall have the meanings given to them in the PDPA
(where the context so permits).
Collection, use and disclosure of personal data
4. We generally do not collect your personal data unless:
(a) it is provided to us voluntarily by you directly or via a third party who has been
duly authorised by you to disclose your personal data to us (your “ authorised
representative ”) after:
(i) you (or your authorised representative) have been notified of the purposes
for which the data is collected, and
(ii) you (or your authorised representative) have provided written consent to
the collection and usage of your personal data for those purposes, or
(b) collection and use of personal data without consent is permitted or required by
the PDPA or other laws. We shall seek your consent before collecting any
additional personal data and before using your personal data for a purpose which
has not been notified to you (except where permitted or authorised by law).
5. We may collect and use your personal data for any or all of the following purposes:
(a) performing obligations in the course of or in connection with our provision of
the goods and/or services requested by you;
(b) responding to, handling, and processing queries, requests, applications,
complaints, and feedback from you;
(c) managing your relationship with us;
(d) processing payment or credit transactions (in relation to any purchases you
make directly from us);
(e) verifying your identity (such as for access to relevant content/ use of our
training portal or other systems);
(f) any other incidental business purposes related to or in connection with the
above;
(g) to share additional information we believe may be of interest/ relevance to you
related to the area of Analytics, including information on analytics related
goods and services which may be provided by us. This includes (but is not
limited to); news, articles, content updates, offers, promotions and information
about new goods and services, and future events via emails. To opt out of
receiving such additional information, please contact the Data Protection
Officer to withdraw consent for your personal information to be used for such
purposes. Please give up to three (3) business days for the Data Protection
Officer to acknowledge your request, and then up to thirty (30) days for the
Data Protection Officer to complete your request.
6. We may disclose your personal data:
(a) where such disclosure is required for performing obligations in the course of
or in connection with our provision of the goods and services requested by
you (such as for processing credit card transactions); or
(b) to our trusted third party service providers, related entities, agents and other
organisations we have engaged to perform any part of the above mentioned
purposes; or
(c) to comply with any applicable laws, regulations, codes of practice, guidelines,
or rules, or where required to assist in law enforcement and investigations
conducted by any governmental and/or regulatory authority.
7. The purposes listed in the above clauses may continue to apply for a reasonable
period even in situations where your relationship with us has expired/ been
terminated or altered. This may include reasonable time to process any changes
requested and/ or to comply with necessary compliance/ legal requests for
information, or to process outstanding commercial transactions/ repayments.
Withdrawing your consent
8. The consent that you provide for the collection, use and disclosure of your personal
data will remain valid until such time as it is withdrawn by you in writing. You may
withdraw consent and request us to stop collecting, using and/or disclosing your
personal data for any or all of the purposes listed above by submitting your request in
writing or via email to our Data Protection Officer at the contact details provided in the
section Data Protection Officer (DPO) below. Please note as set out in clause 10
below, this will impact your ability to access any existing content/ services you are
currently entitled to and to obtain in future any training records/ certificates we hold
for you.
9. Upon receipt of your written request to withdraw your consent, please give the Data
Protection Officer three (3) business days to acknowledge your request. We may
require reasonable time (depending on the complexity of the request and its impact
on our relationship with you) for your request to be processed and for us to notify you
of the consequences of us acceding to the same, including any legal consequences
which may affect your rights and liabilities to us. In general, we shall seek to process
your request within thirty (30) days of receiving it.
10. Whilst we respect your decision to withdraw your consent, please note that
depending on the nature and scope of your request, we may not be in a position to
continue providing our goods or services to you, including training materials and
course certificates for any past training. We shall, in such circumstances, notify you
before completing the processing of your request. Should you decide to cancel your
withdrawal of consent, please inform us in writing in the manner described in clause 8
above.
11. Please note that withdrawing consent does not affect our right to continue to collect,
use and disclose personal data where such collection, use and disclosure without
consent is permitted or required under applicable laws or to complete outstanding
transactions for payment/ refund.
Access to and correction of personal data
12. Personal data we hold about you is collected primarily through our training portal and
other means of entry, from direct entry by you as the user (or by your authorised
representative if you have one). You may login to your account on the training portal
or other systems where data has been entered to check/ correct this data if/ when
you need to (or allow your authorised representative to do so). In addition/ as an
alternative, if you wish to make (a) an access request for a copy of the personal data
which we hold about you or information about the ways in which we use or disclose
your personal data, or (b) a correction request to correct or update any of your
personal data which we hold about you, you may submit your request in writing or via
email to our Data Protection Officer at the contact details provided below. Note
names on course certificates can not be updated after the certificate has been
generated - neither by the user or as an access/ correction request.
13. We reserve the right to charge an administration fee of USD $50 before processing
any access request.
14. We will acknowledge your request within three (3) business days. and respond to
your request as soon as reasonably possible. In general, it will take three (3)
business days for the Data Protection Officer to acknowledge your request, and then
up to thirty (30) days for the Data Protection Officer to complete your request. Should
we not be able to respond to your request within thirty (30) days after receiving your
request, we will inform you in writing within thirty (30) days of the time by which we
will be able to respond to your request. If we are unable to provide you with any
personal data or to make a correction requested by you, we shall generally inform
you of the reasons why we are unable to do so (except where we are not required to
do so under the PDPA).
Protection of personal data
15. To safeguard your personal data from unauthorised access, collection, use,
disclosure, copying, modification, disposal or similar risks, we adopt appropriate
administrative, physical and technical measures internally and through our authorised
third party service providers and agents, with whom we share data only on a
need-to-know basis.
16. No method of transmission over the Internet or method of electronic storage is
completely secure. While security cannot be guaranteed, we work with our partners
and IT advisors on an ongoing basis to maintain good practice information security
measures and to protect the security of your information.
Accuracy of personal data
17. The personal data we collect is provided by you (or your authorised representative)
directly through entry into the training portal/ other systems. You should ensure that
the data you provide is accurate. Please note that certificate names can not be
changed once the certificate has been generated - so please ensure the name to be
used is correct. To continue to receive our services/ access relevant content you
should ensure that the information entered is kept up to date by updating via the
training portal/ other systems as appropriate. In order to do so, please see the above
clauses in relation to Access to and correction of personal data .
Retention of personal data
18. We may retain your personal data for as long as it is necessary to fulfil the purpose
for which it was collected, or as required or permitted by applicable laws.
19. We will cease to retain your personal data, or remove the means by which the data
can be associated with you, as soon as it is reasonable to assume that such
retention no longer serves the purpose for which the personal data was collected,
and is no longer necessary for legal or business purposes.
20. In relation to personal data you submit through our training portal, we will retain your
data and enable your access to the material on the training portal for a period of up to
three years for participants who have completed course certification (and for 6
months for those who have not completed certification) after the last training date you
registered for (unless you request for it to be removed earlier - see Withdrawing
your consent ). After this period we will archive the records of participants who have
achieved Certification in one or more of our courses so that if necessary we can
provide verification or copies of course certificates for ten (10) years. After archiving
this access will no longer be available directly through the training portal and will be
subject to an appropriate access request (see Access to and correction of
personal data ).
Data Protection Officer (DPO)
21. You may contact our Data Protection Officer if you have any enquiries or feedback on
our personal data protection policies and procedures, or if you wish to make any
request, in the following manner:
Email Address : [email protected]
Effect of notice and changes of notice
22. This Notice applies in conjunction with any other notices, contractual clauses and
consent clauses that apply in relation to the collection, use and disclosure of your
personal data by us.
23. We may revise this Notice from time to time without any prior notice. You may
determine if any such revision has taken place by referring to the date on which this
Notice was last updated. Your continued use of our services constitutes your
acknowledgement and acceptance of such changes.
Effective date : 10/2/2020