Privacy & Data Protection Policy
Introduction
The Institute of Internal Auditors (IIA) Singapore respects your privacy and recognises that your personal data is important to you. We are committed to protect the privacy of your personal information. By providing your personal data to us, you are consenting to the collection, use and disclosure as described in this policy.
The IIA Singapore collects ‘Personal Data’ defined as any information relating to an identified or identifiable individual. Personal data is typically a name, an identification number, location data, an online identifier, etc.
We process your data in accordance with Singapore’s PDPA, which establishes a data protection law that governs the collection, use, disclosure and care of personal data. If you reside in the UK or Europe, we will process personal data in accordance with the General Data Protection Regulation (GDPR) and similar European and UK data protection laws.
This policy explains how IIA Singapore gathers information and its handling practices. If you have any questions regarding IIA Singapore’s privacy policy or do not feel that your concerns have been otherwise addressed, please contact IIA Singapore Data Protection Officer (DPO) by sending an e-mail to dpo@iia.org.sg. The DPO is responsible for administering this privacy policy and maintaining compliance with personal data protection laws. The DPO does this by advising colleagues on personal data protection practices and monitoring the internal IIA Singapore procedures.
Type of Personal Data We Collect
We request information from you in several ways, such as through our website, IIA Singapore portals for membership and exam applications, seminars and conference registrations, forms, surveys, and/or other channels that may be used to personally identify you. These include but are not limited to:
1) Your personal information such as your name, NRIC/FIN/Passport number, date of birth, gender;
2) Your contact information such as postal addresses, email addresses, telephone and fax numbers;
3) Your past and present employment information such as company name, company type, sector, designation, business telephone and fax numbers;
4) Your past and present academic qualifications and academic results;
5) Your professional qualifications and memberships with other professional bodies; and
6) Your billing information, including the name of the credit/debit cardholder, credit/debit card number, security code and expiry date.
Our collection of data is in alignment with the Data Minimisation Principle. This means that we only collect the minimum amount of data that is relevant and necessary to achieve the above purposes, to provide you with IIA Singapore’s services.
Purposes for which the Personal Data is Collected and Processed
The IIA Singapore collects and processes personal data for the purpose of providing individuals with IIA Singapore’s services. These services include:
1) Providing membership to the IIA Singapore;
2) Training courses for members of IIA Singapore;
3) Certification courses for members of IIA Singapore; and
4) Hosting conferences for members of IIA Singapore.
Use of Personal Data
In providing the services listed above, the IIA Singapore uses and/or processes the personal data you have provided in one or more of the following ways:
1) To process and administer your membership and certification with us;
2) For your registration and/or payment for Continuing Professional Education (CPE) training courses, events, seminars, workshops and/or conferences;
3) For organizing of events such as conferences, roundtables, panel discussions, workshops and talks and also corporate social responsibility projects;
4) For the supply of any goods and/or services which we may offer to you or you may require from us;
5) For your use of the online services on our websites and/or through other digital or telecommunication channels;
6) For identification and verification purposes in connection with any of the goods and/or services that may be supplied to you;
7) To contact you regarding your enquiries and/or feedback;
8) For the conduct of statistical studies and analysis (including but not limited to data analytics, surveys, focus groups and/or profiling) to improve our services and facilities for your benefit, or to improve any of our programmes or events;
9) To administer contests and lucky draws conducted by us or on our behalf which you have participated in;
10) To send news and event updates, and/or marketing campaigns in relation to the goods and/or services that we and/or our business partners provide, or on our behalf. You may unsubscribe from this service at any time;
11) To facilitate payment for goods and/or services provided by us or our subsidiaries, and/or a third party on our behalf including verification of credit card details with third parties (including but not limited to banks, payment service providers or payment gateways) and using the personal data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);
12) To store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
13) Purposes which are reasonably related to the aforementioned.
Disclosure of Personal Data
IIA Singapore will take reasonable steps to protect your personal data against unauthorised disclosure. Subject to the provisions of any applicable law, your personal data may be disclosed, for the purposes listed above (where applicable), to the following categories of third parties:
1) Agents, contractors or third party service providers who provide operational services to IIA Singapore, such as courier services, information technology, system operation and maintenance or other services to IIA Singapore;
2) Our professional advisers such as auditors and lawyers;
3) Any other party to whom you authorise us to disclose your personal data to.
In providing the services outlined above, your personal data may be disclosed or shared for the following reasons and/or in the following circumstances:
1) For sharing of your personal data with The Institute of Internal Auditors for the purpose of maintaining membership, CPE training and certification records on our systems;
2) For sharing of your personal data with the examination site administering IIA certification programmes;
3) For sharing your personal data with IIA Singapore Board Members and volunteers for conducting IIA Singapore’s internal business operations;
4) If you are an event attendee, speaker, or sponsor, some of your information will be included in the event roster, which will be publicly disclosed, and may also be shared with third-parties such as event sponsors and exhibitors;
5) If you use our Career Centre services, your information may be accessible to potential employers or recruiters;
6) To those who wish to determine if you are certified, your certification status will be shared with those who inquire with your consent in writing;
7) To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside Singapore; and
8) In any other circumstance reasonably related to the purposes aforementioned.
Data Protection and Retention
Security of your personal data is important to us. We take appropriate action to protect personal data from loss, misuse, unauthorised access or disclosure and alteration or destruction using the same safeguards as we use for our own proprietary information. All information you provide to us is stored on secure servers and any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or online portal, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.
We will put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that:
(a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and
(b) retention is no longer necessary for any other legal or business purposes.
If you are located in the European Economic Area, when you cancel your IIA Singapore membership or withdraw your consent for the processing of your personal information, all your personal data received and stored will be erased if no longer needed by us.
Consent
If you, as a visitor, choose to log on as a member, register for courses or events, purchase products, apply for membership or certification, or otherwise submit personally identifiable information, you are consenting to IIA Singapore’s use of such data in accordance with this privacy policy.
Links to Other Websites
IIA Singapore website and other digital and telecommunication channels may contain links to other sites that are operated by third party companies with different privacy practices and/or policies. You should remain alert and read the privacy statements of other sites. We have no control over personal data that you submit to or receive from these third parties.
Data Subject Rights
You have a number of individual rights in regard to your data. It is important to be aware of these rights should you want to exercise any of them. These rights are outlined below.
Right to Withdraw Consent
You have the right to ask us not to use your personal data for a marketing purpose. If you no longer wish to receive marketing messages from us via voice call and/or text messages, you may request to withdraw your consent by informing us through email at dpo@iia.org.sg or write to us at:
The Data Protection Officer
The Institute of Internal Auditors Singapore
137 Telok Ayer Street
#04-03
Singapore 068602
Right to Erase and Object
In some circumstances you may have the right to erase your personal data stored or processed by the IIA Singapore. There are a number of exemptions to this right, which can apply in circumstances where the data must be kept to comply with other legal obligations, for public health reasons and archival, statistical or research purposes.
In addition, you have the right to object to different types of processing undertaken by the IIA Singapore and, if processing is based on consent, the right to withdraw this consent.
You may request to use your right to erasure and objection by informing us through email at dpo@iia.org.sg or write to us at:
The Data Protection Officer
The Institute of Internal Auditors Singapore
137 Telok Ayer Street
#04-03
Singapore 068602
Right to Data Access and Correction
You have the right to access and/or correct any personal data that we hold about you, subject to the requirements of the PDPA. In addition, the IIA Singapore will take every reasonable step to ensure that your personal data is accurate and, where necessary, up to date. European and UK residents will have a right to request access of personal data subject to the requirements of the European and UK Data Protection Laws. If you would like to request for a copy of your personal data being held by us (such right being subject to applicable exemptions), or to update and/or correct the personal data which you have previously provided to us, please send in your request to dpo@iia.org.sg or write to us at:
The Data Protection Officer
The Institute of Internal Auditors Singapore
137 Telok Ayer Street
#04-03
Singapore 068602
We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request.
For request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested.
For request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 days. Where we are unable to do so within 30 days, we will notify you of the soonest practicable time within which we can make the correction. Kindly note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.
We reserve the right, or may, charge a reasonable fee for the processing of any data access request.
General
For avoidance of doubt, in the event that Singapore personal data protection law permits an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply. This also applies for European and UK Data Protection laws for European residents.
Questions, Concerns or Complaints
If you have any questions, concerns or complaints about this Privacy and Data Protection Policy, please write to:
The Data Protection Officer
The Institute of Internal Auditors Singapore
137 Telok Ayer Street
#04-03
Singapore 068602
Email: dpo@iia.org.sg
Tel: (65) 6324 9029
IIA Singapore reserves the right to change this policy with or without notice. Any changes to this policy will be posted on and can be viewed here.
