OUR PRIVACY POLICY
This Data Protection Notice (“Notice”) outlines how Nas Education Pte Ltd (“we,” “us,” or “our”) collects, uses, discloses, and processes personal data of our customers in compliance with the UK data protection regulations, including the General Data Protection Regulation (GDPR). This Notice applies to personal data that we collect, possess, or control, including personal data collected by organizations engaged by us for data processing purposes.

PERSONAL DATA
As used in this Notice: “customer” refers to an individual who (a) has contacted us through any means to inquire about our goods or services, or (b) may have entered into a contract with us for the provision of goods or services, including as a student or prospective student. “Personal data” refers to information about a customer that can directly or indirectly identify the individual, either from that data alone or in conjunction with other information to which we have access. Depending on the nature of your interaction with us, examples of personal data we may collect from you include your name, identification numbers (such as NRIC, FIN, passport details, work permit, or birth certificate), residential address, email address, telephone number, nationality, gender, date of birth, employment information, and educational background. Other terms used in this Notice shall have the meanings given to them in the applicable data protection regulations, including the General Data Protection Regulation (GDPR).

COLLECTION, USE, AND DISCLOSURE OF PERSONAL DATA
We generally do not collect your personal data unless one of the following conditions is met:
You provide the data to us voluntarily, either directly or through an authorized representative who has obtained your consent and informed you of the purposes for which the data will be collected and used.
Collection and use of personal data without consent are permitted or required by the applicable data protection laws and regulations.

We will seek your consent before collecting any additional personal data and before using your personal data for purposes that have not been previously notified to you, unless such collection or use is permitted or authorized by law.

We may collect and use your personal data for the following purposes:
Performing obligations related to the provision of goods and/or services requested by you.
Verifying your identity.
Responding to and processing queries, requests, applications, complaints, and feedback from you.
Managing and maintaining your relationship with us.
Processing payment or credit transactions.
Complying with applicable laws, regulations, codes of practice, guidelines, or rules, and assisting in law enforcement and regulatory investigations.
Fulfilling any other purposes for which you have provided the information.
Transmitting personal data to relevant third-party service providers, agents, and governmental/regulatory authorities, both within and outside of the UK, for the aforementioned purposes.
Undertaking any other incidental business activities related to or in connection with the above purposes.

We may disclose your personal data in the following circumstances:
When disclosure is necessary for performing obligations related to the provision of requested goods and services.
To third-party service providers, agents, and other organizations engaged by us to perform functions related to the purposes mentioned above.

The purposes mentioned in the clauses above may continue to apply even after the termination or alteration of your relationship with us, for a reasonable period thereafter, including the enforcement of our rights under a contract with you.

WITHDRAWING YOUR CONSENT
The consent you provide for the collection, use, and disclosure of your personal data will remain valid until you withdraw it in writing. You have the right to withdraw your consent and request us to stop collecting, using, and/or disclosing your personal data for any or all of the purposes mentioned above. To withdraw your consent, please submit your request in writing or via email to our Data Protection Officer using the contact details provided below.
Upon receiving your written request to withdraw consent, we may require a reasonable amount of time to process your request and notify you of the consequences of such withdrawal. The processing time will depend on the complexity of the request and its impact on our relationship with you. In general, we aim to process withdrawal requests within fourteen (14) business days.
While we respect your decision to withdraw consent, please note that depending on the nature and extent of your request, we may not be able to continue providing our goods or services to you. In such cases, we will inform you before completing the processing of your request.
It is important to understand that withdrawing consent does not affect our right to continue collecting, using, and disclosing personal data when such collection, use, and disclosure without consent is permitted or required under applicable laws.
ACCESS TO AND CORRECTION OF PERSONAL DATA
If you wish to request (a) access to a copy of the personal data we hold about you or information regarding how we use or disclose your personal data, or (b) correction or updating of any of your personal data that we hold, you may submit your request in writing or via email to our Data Protection Officer using the contact details provided below. Please be aware that a reasonable fee may be charged for access requests. If applicable, we will inform you of the fee before proceeding with your request.
We will make every effort to respond to your request in a timely manner. Generally, you can expect a response within fourteen (14) business days. In the event that we are unable to provide a response within thirty (30) days after receiving your request, we will notify you in writing within that period and inform you of the expected timeline for our response.
If we are unable to provide you with access to your personal data or fulfill a correction request, we will generally explain the reasons behind our inability to do so (except where not required by the UK privacy rules). Please note that grades and comments given by teachers, trainers, tutors, facilitators, and other staff/contractors will not be subject to correction as they fall under the category of “Teacher’s Opinion” and are therefore exempt from correction requirements. However, this clause does not negate your right to appeal through our established mechanisms. Access requests made under this policy for grades that have not yet been released will be declined.

PROTECTION OF PERSONAL DATA
We are committed to protecting your personal data and have implemented various measures to safeguard it from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include:
Administrative Measures: We have established internal policies and procedures to ensure the proper handling and protection of personal data. Our employees and authorized personnel are trained on data protection practices and are required to adhere to strict confidentiality obligations.
Physical Measures: We have implemented physical security measures to prevent unauthorized access to our premises and storage areas where personal data is kept. Access to these areas is restricted to authorized personnel only.
Technical Measures: We employ industry-standard security technologies and practices to protect personal data. These measures include the use of encryption, firewalls, secure hosting, and regular system monitoring to detect and prevent security breaches. Access to personal data is granted on a need-to-know basis, and we regularly review and update our security protocols to enhance data protection.

While we strive to maintain the security of your personal data, it is important to note that no method of transmission over the Internet or electronic storage is completely secure. Despite our best efforts, there is always a risk of unauthorized access or disclosure. Therefore, we cannot guarantee the absolute security of your information.
In the event of a data breach or unauthorized access to personal data that is likely to result in a risk to your rights and freedoms, we will take prompt action to mitigate the impact of such an incident. We have established procedures to assess and respond to data breaches in accordance with applicable laws and regulations.
We continuously review our data protection measures to ensure that they remain effective and aligned with industry best practices. Our commitment to protecting your personal data is an ongoing effort, and we will continue to enhance our security measures as technology advances and new threats emerge.

ACCURACY OF PERSONAL DATA
It is important to us that the personal data we hold about you is accurate, complete, and up-to-date. We rely on the information provided by you or your authorized representative to maintain the accuracy of your personal data. To ensure that your personal data is current and correct, we kindly request that you inform us. If you believe that any of the personal data we hold about you is inaccurate, incomplete, or outdated, please notify us as soon as possible. We will promptly review the information and make the necessary updates or corrections, where applicable and as required by law.
Please note that we may require you to provide supporting documents or evidence to verify the accuracy of the updated information. This is to ensure that we maintain the integrity and reliability of your personal data.
We appreciate your cooperation in keeping your personal data accurate and up-to-date. By doing so, we can better serve you and ensure that the information we hold about you is reliable and relevant for the purposes for which it was collected.

RETENTION OF PERSONAL DATA
We will retain your personal data for the duration necessary to fulfill the purpose for which it was collected, as well as to comply with applicable laws and regulations. Once it is reasonable to assume that the retention of your personal data no longer serves the purpose for which it was collected and is no longer necessary for legal or business purposes, we will take steps to remove any means by which the data can be associated with you.
Please note that in the course of providing our goods and services to you, we may use services located outside of the United Kingdom that involve the storage of data on servers and data processing by individuals outside of the United Kingdom. In such cases, we will obtain your consent for the transfer of your personal data and ensure that appropriate measures are in place to safeguard your data’s security and privacy. We will take steps to ensure that your personal data continues to receive a level of protection that is at least comparable to the protection provided under the UK privacy rules.
If you have any questions about our data retention practices or would like more information about the specific retention periods applicable to your personal data, please contact us.