Privacy Notice

The Asia Risk Management Institute Pte Ltd (ARiMI) takes its responsibilities under the Personal Data Protection Act 2012 (“PDPA”) and other data protection laws very seriously. ARIMI recognises the importance of the personal data entrusted to us and believes that it is our responsibility to properly manage, protect and process your personal data.

This Privacy Notice describes and set out:

• The basis on which ARIMI will collect, store and use any personal data when you access or use our services or when you interact with us and share them with us; and
• information on our use of cookies on the Website.

1. GENERAL

By interacting with or transacting with us, calling or sending messages to us, accessing our websites and/or submitting information to us via forms or other data collection means or processes (whether through a form, an interview, our websites or otherwise), you signify that you have read, understood and agreed to ARIMI’s collection use and disclosure of your personal data as described in this Privacy Notice.

This Privacy Notice applies only to ARIMI services and websites. Our websites may contain links to other websites not maintained by ARIMI. Such third-party websites are subject to their own data protection and privacy practices and you are encouraged to examine the privacy notices of those websites.

As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.  We reserve the right to amend the terms of this Privacy Notice at our absolute discretion. Any amended Privacy Notice will be posted on our website. Please visit this website periodically to access current information in relation to Personal Data protection.

If you have any queries on this Privacy Notice or any other queries in relation to how we manage, protect and/or process your Personal Data, please do not hesitate to contact the the Institute Data Protection Office at pdpa@arimi.org .

2. WHAT PERSONAL DATA DOES ARIMI COLLECT ABOUT YOU?

“Personal data” means information that identifies you personally or data that can be linked with such information to identify you directly or indirectly. ARIMI may collect and process the following information about you either directly from you, from your authorised representatives, from third-parties, or from publicly available sources:

• Personal information: Your full name, your gender, your date of birth, your marital status, your photograph.
• Identification information: Your citizenship, your residency, a copy of your ID or passport.
• Contact details: Your physical address, your email address, your telephone number.
• Academic and employment records: Details of your academic records, details of your previous employment.
• Information collected automatically: Data collected automatically using cookies, web beacons, tracking pixels and similar technologies when you view websites or use applications created by or on behalf of the Institute.

3. PURPOSE FOR THE COLLECTION, USE & DISCLOSURE OF PERSONAL DATA

ARiMI may collect, use and/or disclose some personal data from you, where permitted by data protection laws. Depending on your relationship with us, the personal data which we collect from you may be used and/or disclosed for the following purposes (“Purposes”):

For students

• Evaluating suitability for admission to be a student with us and progressing your application.
• Administering and managing your relationship as our student, including sending you information about course/study/assignment/lecture materials, timetables, examination details, candidature matters, awards, fees, your achievements, your certification, placements with external organisations, programmes or courses run by other organisations.
• Administering our student records, such as managing student registrations, keeping our records up to date, processing payments and refunds of course fees, exam fees and processing disciplinary actions.
• Facilitating your participation in Student Life and Development activities provided by the Institute (e.g. get togethers, celebrations, graduation ceremonies, orientation and conferences, volunteering and training programmes, student benefit activities).
• The purposes listed in the Personal Data Notice and Consent Statements (as the same may be amended/revised, updated and/or supplemented from time to time) which you have agreed to and accepted as part of your enrolment with ARiMI.

For employees

• Evaluating suitability for employment with us.
• Administering and managing your employment relationship with the Institute, or transfer to affiliates, related corporations/associated companies and third-party organisations, managing our training programmes.
• Administering our employee records, such as running our recruitment process, keeping our records up to date, managing our payroll and benefit schemes, processing disciplinary actions.
• The purposes listed in the Employee Personal Data Notice and Consent Statements (as the same may be amended/revised, updated and/or supplemented from time to time) which you have agreed to and accepted as part of your employment with the Institute.

For alumni

• Administering alumni activities including notifying you of the Institute and alumni-related initiatives and activities, inviting you to the Institute and alumni-related events, updating you on alumni information, submitting alumni surveys and communicating other alumni-related materials.
• Understanding the profile of the alumni community to inform the Institute’s policy making and planning.

Other purposes

• Carrying out due diligence or other screening activities and background checks in accordance with our legal or regulatory obligations or risk management procedures, including obtaining references and/or other information from prior educational institutions and employers.
• Responding (in accordance with our legal or regulatory obligations) to requests for information from government or public agencies, ministries, statutory boards or other similar authorities or non-government agencies authorised to carry out specific Government services or duties.
• Carrying out your instructions or responding to any enquiry given or submitted by you or on your behalf.
• Contacting you or communicating with you via various modes of communication such as voice call, text message, fax message, email or postal mail for the purposes of administering and managing your relationship with us.
• Dealing with, administering and managing your use of the Institute facilities, IT services and other campus
• Any other Purposes which the Institute may inform you of in writing from time to time.

4. WHO DOES ARIMI SHARE YOUR PERSONAL DATA WITH?

In order for ARIMI to offer services to you, we may have to disclose your personal data to third-parties in order for them to process it on our behalf. This may include the following categories of recipients:

• Our service providers – for example, suppliers who are in charge of running aspects of our websites, or other services such as for example HR service suppliers who manage payroll;
• Our agents – who may be delivering parts of our services on our behalf; and
• Our affiliates or related companies – who may be delivering parts of our services on our behalf.

Some of these third-parties may be located outside of Singapore. ARIMI will only disclose your personal data to third-parties where we are allowed to do so under data protection laws. More specifically, ARIMI will not disclose your personal data to any third-parties without your prior consent to do so, unless such disclosure is sanctioned under the PDPA exemptions. When sharing your personal data with third-parties, ARIMI will always ensure that appropriate safeguards are in place to protect the security and confidentiality of your personal data when in the hands of such third-parties. Those safeguards will always comply with the minimum requirements set out in data protection laws.

5. REQUESTS FOR ACCESS, CORRECTION AND/OR WITHDRAWAL OF PERSONAL DATA

You may request to access and/or correct the personal data currently in our possession, or object to the collection, use and/or disclosure of your personal data in our possession or under our control, at any time by submitting your request to the ARIMI Data Protection Office.

For a request to access personal data, ARIMI will provide you with a copy of the relevant personal data within a reasonable amount of time from when the request is made.

For a request to correct personal data, ARIMI will process your request as soon as practicable after the request has been made. Such correction may involve necessary verifications.

ARiMI may also charge a reasonable fee for the handling and processing of your requests to access and/or correct your personal data. You will be notified in advance of such costs.

For a request to object to the processing of your personal data by us, ARIMI will process your request within a reasonable time from when the request is made. Do note that such requests may adversely impact the quality of the services ARIMI delivers to you. ARIMI will notify you in advance of such impacts.

6. HOW DOES THE INSTITUTE PROTECT YOUR PERSONAL DATA?

The Institute will take appropriate measures to keep your personal data accurate, complete and updated. The Institute will take precautions and preventive measures to ensure that your personal data is adequately protected and secured in accordance with data protection laws. Appropriate security arrangements will be made to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration to or of your personal data. The Institute will also make reasonable efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that:

• the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and
• retention is no longer necessary for any other legal or business purposes.

7. PERSONS LOCATED INSIDE THE EUROPEAN ECONOMIC AREA (“EEA”)

The European Union (“EU”) General Data Protection Regulation (“GDPR”) is a EU framework for data protection that came into force on 25 May 2018. It applies to organisations processing and holding the personal information of data subjects residing in the EEA, regardless of where the organisation is located. ARiMI is committed to full compliance with the General Data Protection Regulation (“GDPR”) with respect to your personal data and we are aligning our privacy framework and organisational practices with the GDPR. Hence If you are located inside the EEA, you are an “EU Data Subject” for this Privacy Notice and the additional specific provisions set out in this section will also apply to your personal data. In the event of any conflict between this section and the rest of this Privacy Notice, the provisions contained in this section will prevail.

A. Protection Principles

ARiMI will comply with the following data protection principles when processing personal data:

• we will process personal data lawfully, fairly and in a transparent manner;
• we will collect personal data for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
• we will only process the personal data that is adequate, relevant and necessary for the relevant purposes;
• we will keep accurate and up to date personal data, and take reasonable steps to ensure that inaccurate personal data are deleted or corrected without delay;
• we will keep personal data in a form which permits identification of EU Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; and
• we will take appropriate technical and organisational measures to ensure that personal data are kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

B. Legal Basis for Processing Personal Data

In relation to any processing activity that involves personal data, we will before the processing starts for the first time:

• review the purposes of the particular processing activity, and select the most appropriate lawful basis for that processing, that is: that the EU Data Subject has consented to the processing; that the processing is necessary for the performance of a contract to which the EU Data Subject is party or in order to take steps at the request of the EU Data Subject prior to entering into a contract; that the processing is necessary for compliance with a legal obligation to which ARIMI is subject; that the processing is necessary for the protection of the vital interests of the EU Data Subject or of another natural person; that the processing is necessary for the performance of a task carried out in the public interest or where the processing is necessary for the purposes of the legitimate interests ARIMI or a third party, except where those interests are overridden by the interests of fundamental rights and freedoms of the EU Data Subject.
• except where the processing is based on consent, satisfy ourselves that the processing is necessary for the purpose of the relevant lawful basis;
• document our decision as to which lawful basis applies, to help demonstrate our compliance with the data protection principles;
• include information about both the purposes of the processing and the lawful basis for it in our privacy notices to you; and
• ARiMI does NOT collect or processes sensitive personal data. See next paragraph C. on Sensitive Personal Data

C. Sensitive Personal Data

Sensitive personal data (sometimes referred to as ‘special categories of personal data’) are personal data, about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.

At ARiMI, the collection and processing of sensitive personal data is prohibited regardless of the legal basis set out in previous paragraphs in this Privacy Notice.

D. Will Your Personal Data be transferred outside the EEA?

As ARIMI is located in Singapore, your personal data will be transferred and processed outside of the EEA. We ensure that adequate safeguards are in place to offer equivalent protection as your personal data would receive within the EEA and in compliance with applicable data protection laws as set out in this Privacy Notice.

E. What Are Your Rights in Respect of Your Personal Data?

In addition to the rights listed in Section 5 of this Privacy Notice, you have several rights (subject to certain conditions) when it comes to your personal data, as detailed in the table below. You can exercise any of these rights by contacting us using the details in Section 1 of this Privacy Notice. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.

The right to object to processing

You have the right to object to certain types of processing, including processing which rely on legitimate interest as a lawful basis, processing for direct marketing purposes (i.e. if you no longer want to receive direct marketing from us) and processing for profiling purposes (i.e. automated processing of your personal data to evaluate certain things about you).

The right of access

You have the right to obtain access to your personal data (if ARIMI is processing it). This is so you’re aware and can check that ARIMI is using your personal data in accordance with data protection laws.

The right to rectification

You are entitled to have your personal data corrected if it is inaccurate or incomplete.

The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not an absolute right; there are exceptions.

The right to restrict processing

You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, ARIMI can still store your personal data, but may not use it further. This is not an absolute right; there are exceptions.

The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services.

The right to withdraw consent

If you have given your consent to anything ARIMI does with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything ARIMI has done with your personal data with your consent up to that point is unlawful). This includes the right to withdraw consent to us using your personal data for marketing purposes.

F. How Long Does ARiMI Keep Your Personal Data For?

Personal data that ARIMI collects will be retained only for as long as is necessary to fulfil the Purposes described in this Privacy Notice. This will generally (but not in all cases) be linked to the duration of time you are enrolled with us as a student or work for us as employee, or to comply with our legal obligations. When determining the relevant retention periods for your personal data, ARIMI will take a number of factors into account, including:

• our contractual obligations and rights in relation to the personal data involved;
• our legal obligations under applicable laws to retain data for a certain period of time;
• our legitimate interests;
• statute of limitations under applicable laws;
• (potential) disputes; and
• guidelines issued by relevant data protection authorities.

Personal data that is no longer required will be deleted or anonymized permanently from our information systems and any hard copies will be destroyed securely.

8. COOKIE POLICY

This policy (“Cookie Policy“) is issued by the Asia Risk Management Institute Pte Ltd (“ARiMI”). This Cookie Policy applies to our use of cookies in connection with our website www.arimi.org and our mobile application (collectively “Site”).