Personal Data Protection Policy
Your personal data is important to Madrasah Irsyad Zuhri Al-Islamiah.
Your personal data is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This Policy outlines how we manage the personal data we hold in compliance with the Personal Data Protection Act in Singapore (the “Act”) and applies to all divisions and organizations in the Madrasah Irsyad Zuhri Al-Islamiah stable of companies (collectively, “MIZAI”, “we”, “us” or “our”) further details of which are available at our website www.irsyad.sg. We also comply with local data protection and privacy laws in our operations out of Singapore.
We may collect and hold personal data of persons/entities including but not limited to:
– job applicants and employees;
– service providers; and
– other people who we may come into contact.
Examples of such personal data include biodata, contact details, account information and your preferences, queries, requests and feedback.
The ways in which we may collect your personal data include (but are not limited to) collecting directly or indirectly from you or your authorized representatives in the course of:
– you visiting our website;
– you renting our premises;
– you applying for a job with us;
– you participating in our marketing or promotional events;
– you using our products or services;
– you contacting us with your queries, requests or feedback.
– our conducting or completing of transactions;
– our conducting interviews.
In general, we may use your personal data for the following purposes:
– conducting and completing transactions (e.g processing orders and payments; providing products or services that have been requested);
– managing your renting in any our premises;
– providing customer service (e.g responding queries and requests; informing you about service status and product updates; sending you alerts and newsletters);
– conducting market research and improving customer service (e.g conducting market research or surveys; performing market analysis; managing and enhancing our products and services; developing new products);
– complying with applicable laws, regulations and other requirements (e.g providing assistance to law enforcement agencies, regulatory authorities and other governmental agencies; performing internal audits);
– performing evaluations (e.g assessing suitability of employees).
We will only use, disclose and/or transfer your personal data for the purposes you have been notified of and consented to or which are permitted under applicable laws and regulations.
Depending on the product or service concerned, personal data may be disclosed or transferred to:
other divisions or organizations within Irsyad;
our service providers and specialist advisers/institutions who have been contracted to provide administrative, financial, legal, accounting, information technology, research or other services;
– other insurers, credit providers, courts, tribunals, law enforcement agencies, regulatory authorities and other governmental agencies as agreed or authorized by law;
– credit reporting or reference agencies or insurance investigators;
– anyone authorized by an individual, as specified by that individual or the contract.
Where personal data is disclosed or transferred to organizations outside of Irsyad who handle or obtain personal data as service providers to Irsyad, we require such organizations to acknowledge the confidentiality of such personal data, undertake to respect any individual’s right to privacy and comply with the Act and this Policy and use such personal data only for our purposes and otherwise follow our reasonable directions with respect to this data.
In addition, where personal data is transferred overseas and we may need to process or deal with your personal data outside Singapore, we will ensure that such transfer is in compliance with the Act and this Policy or is permitted under applicable data protection and privacy laws and regulations.
We have appointed Data Protection Officer (“DPOs”) from each of our business units to oversee our management of personal data in accordance with the Act.
We regard breaches of your privacy very seriously and we have implemented measures to secure and protect your information, such as training our employees who handle your personal data to respect the confidentiality of such personal data and your privacy, storing personal data in a combination of secure computer storage facilities and paper based files and other records, taking steps to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
However, you will appreciate that it is not for us to perfectly secure your personal data from cyber attacks, such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your personal data arising from such risks.
The Act also requires us not to store personal data longer than necessary. We will cease to retain your personal data when we no longer require such personal data for the purposes we originally notified you of or any business or legal needs.
How do we keep personal data accurate and up-to-date and how to exercise your rights to correct the personal data we hold of you?
We endeavor to ensure that the personal data we hold about you is accurate and up-to-date. We realize that such personal data changes frequently with changes of address and other personal circumstances. We encourage you to contact us as soon as possible in order to update any personal data it holds about you. Please complete the Personal Data Correction Form and send to the DPO of the Business Unit you have been dealing with. Our contact details are set out below. We may require you to verify your identity.
We endeavour to ensure that the personal data we hold about you is accurate and up-to-date. We realize that such personal data changes frequently with changes of address and other personal circumstances.
We encourage you to contact us as soon as possible in order to update any personal data it holds about you. Please complete the Personal Data Correction Form and send to the DPO of the Business Unit you have been dealing with. Our contact details are set out below. We may require you to verify your identity.
To make a request to access the personal data we hold about you, please contact the DPO of the Business Unit you have been dealing with in writing using the Request to Access Personal Data Form. We will require you to verify your identity and to specify what data you require.
We may charge a fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested. If the data sought is extensive, we will advise the likely cost in advance and can help to refine your request if required.
To make a request to withdraw your consent previously given, please contact the DPO of the Business Unit you have been dealing with in writing.
If you consider that any action of MAA breaches the Act or this Policy, you can make a complaint to the Coordinating DPO by completing the Complaint Form. We will endeavour to act promptly in response to a complaint.
You can contact us @