Privacy Policy

Privacy Policy

Data Privacy Policy 


Last updated: 31st Oct 2025


This Data Privacy Policy explains how EduPro Learning (“we”, “us”, “our”) collects, uses, discloses, and protects Personal Data in accordance with the Singapore Personal Data Protection Act 2012 and its regulations (collectively, “PDPA”). We are a Singapore-based education company that organises overseas education programmes for Singapore based students and Singapore education programmes for overseas students.


If you are a parent/guardian providing Personal Data of a minor (under 18 years old), you confirm you have authority to do so and consent on the minor’s behalf as required.


Note: This Policy is intended for Singapore operations and PDPA compliance. Where our overseas partners process Personal Data, their local compliance obligations may also apply; we address cross-border transfer safeguards below.


1) Definitions
 

- “Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which we have or are likely to have access (e.g., name, NRIC, Birth Certificate number, passport number, contact details).
- “Processing” includes collection, use, disclosure, storage, transfer, and disposal of Personal Data.
- “Minor” refers to participants under the age of 18 unless a different age threshold is required by applicable law or school policy.


2) Personal Data We Collect
 

We collect Personal Data relevant to programme enrollment, travel, welfare, and safety:
- Identity data: full name, date of birth, gender, nationality, NRIC/Birth Certificate number, passport details, photographs, video and audio recordings from programme activities.
- Contact data: home/mailing address, email, phone number, emergency contact details, parent/guardian contact details.
- Educational data: school name and level 

- Travel and logistics data: visa information, flight and accommodation details, itinerary and attendance logs, insurance information.
- Health and safety data: medical conditions, allergies, dietary requirements, disability/access needs, vaccination records where relevant to destination entry or host requirements, incident reports.
- Financial/transaction data: billing name, bank transfer details, payment history.
- Technology data: device identifiers, IP address, browser type, access logs to our platforms, cookies and similar technologies used on our websites/apps.
- Communications: enquiries, complaints, consent forms, waivers, indemnities, surveys, marketing preferences.


We generally do not collect NRIC/ Birth Certificate number unless necessary to accurately identify individuals for visas, insurance, safety or regulatory requirements, and then we comply with PDPC’s Advisory Guidelines on NRIC and other national identification numbers.


3) How We Collect Personal Data


- Directly from you (or your parent/guardian) via application forms, consent forms, emails, messaging, phone, events, and our website/app portals.
- From your school or educational institution where the programme is arranged through them.
- From third parties with your consent or as permitted by law (e.g., travel agents, insurers, medical providers).
- Automatically via our digital services (cookies, analytics); see “Cookies and Similar Technologies”.


4) Purposes for Collection, Use and Disclosure


We collect, use and/or disclose Personal Data for the following purposes and rely on consent or other PDPA exceptions where applicable:


A. Programme administration and performance
- Enrollment and eligibility checks; verifying identity.
- Planning, organising, and delivering our programme activities in Singapore and overseas.
- Coordinating with partner schools, universities, cultural institutions, and service providers overseas.
- Travel, visa, immigration and logistics arrangements.
- Accommodation, meals, transport, and campus access arrangements.


B. Student welfare, safety and emergency management
- Managing medical, dietary and accessibility needs.
- Incident management, emergency contact notification, insurance claims, interfacing with medical providers and authorities.
- Conducting risk assessments and implementing safeguarding measure


C. Compliance and governance
- Compliance with laws and regulations, customs and border requirements, school policies, and audit obligations.
- Record-keeping, security, fraud prevention and detection.
- Reporting to schools/institutions and public agencies where required.


D. Learning outcomes and quality assurance
- Attendance tracking, feedback, assessments, certificates, and programme improvement.
- Surveys, research and analytics in aggregated or de-identified form where practicable.


E. Communications and marketing
- Sending programme information, updates, pre-departure briefings, and administrative notices.
- With consent, sending marketing communications about new programmes, events, and promotions, which you may opt out of at any time.


If we intend to use Personal Data for a purpose not listed above, we will seek fresh consent unless an exception under the PDPA applies.


5) Consent


- We obtain express or deemed consent where appropriate. For minors, consent should be provided by a parent/guardian or authorised school representative as applicable.
- You may withdraw consent at any time by contacting us (see Section 15). Note: withdrawing consent may affect our ability to provide or continue parts of the programme (e.g., travel, insurance).
- We may process Personal Data without consent where permitted by the PDPA (e.g., emergencies affecting life, health or safety; investigations; legal proceedings; business asset transactions with safeguards).


6) Accuracy
 

We make reasonable efforts to ensure Personal Data we use is accurate and complete. Please inform us promptly of any changes to your details.


7) Protection and Retention


- We implement reasonable administrative, physical and technical safeguards to protect Personal Data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Measures include access controls, encryption in transit and at rest where suitable, secure storage, staff confidentiality obligations, and vendor due diligence.
- We retain Personal Data only for as long as necessary to fulfill the purposes stated in this Policy or as required by law (e.g., limitation periods, regulatory retention). After that, we will securely delete or anonymise the data.


8) Cross-Border Transfers


- When transferring Personal Data outside Singapore (e.g., to overseas partner schools, logistics providers, accommodation, or medical facilities), we ensure the recipient provides a standard of protection comparable to the PDPA, through contractual clauses, binding policies, or reliance on PDPC-approved mechanisms.
- For transfers to some countries, we take additional steps considering local Personal Information Protection Law to ensure recipients only process data for agreed purposes with appropriate security measures.
- We will inform you where cross-border transfer is necessary to deliver the programme and obtain any consents required.


9) Disclosure to Third Parties (in Singapore or Overseas)


We may disclose Personal Data to:
- Partner schools/universities and cultural institutions.
- Travel and logistics providers (airlines, accommodation, ground transport, visa service providers).
- Insurance companies and medical providers.
- Your school or institution, and your parent/guardian for minors.
- IT service providers, payment processors, cloud and communication platforms.
- Professional advisors, auditors, and insurers.
- Public agencies and regulators, immigration/border authorities, law enforcement where required.


We require third parties to protect Personal Data in a manner consistent with the PDPA and our contractual obligations.


We do not sell Personal Data.


10) Cookies and Similar Technologies


- We use cookies and analytics tools to operate our websites/apps, remember preferences, and analyse usage to improve services and marketing (with consent where required).
- You can manage cookie preferences through your browser settings. Disabling cookies may affect functionality.


11) Access and Correction Requests


- You may request access to your Personal Data in our possession or control, and information about how it has been used/disclosed in the past 12 months, subject to exceptions under the PDPA.
- You may request correction of any error or omission.
- Reasonable administrative fees may apply for access requests; we will inform you of the fee before processing.
- We will respond to access/correction requests as soon as reasonably possible.


How to submit a request: See “Contacting Us” in Section 15.
 

12) Data Breach Notification


- If a data breach results in, or is likely to result in, significant harm to affected individuals, or involves a significant scale of Personal Data, we will notify the PDPC and affected individuals as required by the PDPA.


13) Children and Students
 

- We are committed to safeguarding young persons. We collect and process minors’ Personal Data with appropriate consent from parents/guardians or schools and apply enhanced safeguards.
- We do not knowingly collect more data than necessary for programme delivery, welfare, and safety.


14) Marketing Preferences
 

- You can opt out of receiving marketing messages at any time by using the unsubscribe link in our emails/SMS or by contacting us. We will continue to send essential service messages related to your enrolment.


15) Contacting Us (DPO)


Officer (DPO):
- Data Protection Officer: Philip Kwan
- Email: support@eduprolearn.com


Please allow a reasonable period for us to investigate and respond.


For any queries, access/correction requests, withdrawal of consent, or complaints regarding your Personal Data, please contact our Data Protection


16) Updates to this Policy


We may update this Policy from time to time to reflect changes in laws or our practices. The latest version will be posted on our website with the “Last updated” date. Material changes will be notified where appropriate.


17) Legitimate Interests and Legal Basis Clarification


Under the PDPA, we rely on consent or applicable exceptions. In limited cases, we may rely on the “legitimate interests” exception with appropriate balancing and mitigation (e.g., CCTV at events for safety, fraud detection, IT security). Where we do so, we conduct assessments and implement safeguards.


18) CCTV, Photography and Media


- We may record photos and videos during programme activities for safety, documentation, and, with consent, publicity.
- If you prefer not to appear in publicity materials, please inform us; we will take reasonable steps to accommodate, noting that incidental capture in group settings may occur.


19) Data Intermediaries and Vendors


We may engage processors to provide services on our behalf. They process Personal Data only on our documented instructions, are subject to confidentiality obligations, and must implement appropriate security measures. We monitor vendor compliance proportionately to risk.


20) Data Minimisation and Privacy by Design
 

We limit data collection to what is necessary, segregate datasets where feasible, apply role-based access, encrypt data in transit, and conduct pre-trip data checks to ensure only required data is transferred to overseas partners.


21) Record of Processing and Retention Schedule (Summary)
 

- Student enrollment and consent records: programme duration + 6 years.
- Travel and logistics records: trip end + 3–6 years (depending on contractual/insurance limitations).
- Incident and medical reports: incident resolution + up to 7 years or as required by law/insurers.
- Financial records: 5–7 years per accounting/tax requirements.
 

We periodically review and securely dispose of records past retention.
 

22) How to Withdraw From a Programme
 

If you withdraw from a programme, we will retain only what is necessary for legal, accounting, and compliance purposes and will cease marketing to you if you opt out.
 

23) Third-Party Links

Our websites/apps may contain links to third-party sites. We are not responsible for their privacy practices. Review their privacy policies before providing Personal Data.


24) Language


This Policy is published in English. We may provide translations for convenience. In the event of inconsistencies, the English version prevails.

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.