logo
Personal Data Protection Whistle-Blowing Policy Terms of Use Information Security Policy General Terms of Enrolment (For Short Course)

Choose your right course

Search the right course by selecting the different course type or level:

“Personal Data” is defined under the PDPA as personal information, whether true or not and whether in electronic or other form, about an individual who can be identified:

  1. From that data; or
  2. From that data and other information to which the organisation has access or is likely to have access.

 

Personal data which we may collect includes, without limitation, your:

  1. name or alias, gender, last 4 characters of your NRIC/FIN or passport number, date of birth, nationality, and country and city of birth;
  2. mailing address, telephone numbers, email address and other contact details;
  3. resume, educational qualifications, professional qualifications and certifications and employment references;
  4. employment and training history;
  5. salary information and bank account details;
  6. details of your next-of-kin, spouse and other family members;
  7. work-related health issues and disabilities; and
  8. photographs.

 

Purpose of Collection

United Ceres College Pte Ltd collect, use, and disclose personal data for purposes related to the products or services applied for. These purposes may include, but are not limited to:

  1. Administration of applications, registrations, and enquiries, including personal data collected for any programme offered;
  2. Assessing and evaluating your suitability for employment in any current or prospective position within the organisation;
  3. Verifying your identity and the accuracy of your personal details and other information provided;
  4. Performing obligations under or in connection with your contract of employment with us, including payment of remuneration and tax;
  5. All administrative and human resources related matters within our organisation, including administering payroll, granting access to our premises and computer systems, processing leave applications, administering your insurance and other benefits, processing your claims and expenses, investigating any acts or defaults (or suspected acts or defaults) and developing human resource policies;
  6. Fulfilling obligations related to providing educational services to students or clients;
  7. Provision of student support and administrative services;
  8. Sharing of your personal data with relevant 3rd parties such as academic partners, teachers, and other organisations necessary for the provision of services;
  9. Response to complaints, feedback, requests, and enquiries;
  10. Disclosure of student records to parents or guardians upon request;
  11. Dissemination of information on events, talks, seminars, surveys, and institutional updates;
  12. Conducting checks with the Do Not Call Registry;
  13. Maintenance and updating of student, alumni, and associate lecturer records;
  14. Generation of financial, regulatory, management, or survey reports and statistics for internal business and administrative purposes;
  15. Compliance with internal policies and applicable laws, regulations, codes of practice, or orders issued by legal or regulatory authorities, including disclosures to regulators and audits;
  16. Prevention, detection, and investigation of crimes, offences, or breaches, including those related to the security of UCC’s premises (e.g. use of security cameras);
  17. Facilitating any proposed or confirmed merger, acquisition or business asset transaction involving any part of our organisation, or corporate restructuring process

 

We may disclose your personal data:

  1. where such disclosure is required for performing obligations in the course of or in connection with our provision of services requested by you; or
  2. to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned purposes.

 

Where personal data is submitted on behalf of a third party (e.g. parents), it is the responsibility of the data provider to ensure that the necessary consent has been obtained. In the event personal data is to be used for a new purpose, UCC will provide notice and obtain consent accordingly.

 

The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to your employment contract should you be hired) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).

 

Consent and Data Subject Rights

UCC ensures that personal data in its possession is kept confidential. When personal data is transferred to third-party service providers, agents, affiliates, or related corporations; whether in Singapore or overseas; or any of the stated purposes, UCC requires that these entities maintain the confidentiality and security of the personal data disclosed to them.

 

If an individual does not consent to provide the personal data required for the stated purposes, UCC may be unable to proceed with or continue the relevant interaction or transaction.

 

Consequences of non-consent may include:

  • UCC may be unable to assess suitability for recruitment or employment
  • UCC may be unable to provide services, grant access, or fulfil operational obligations
  • Interactions with UCC may be limited if data required for statutory or administrative reasons is withheld

 

You have choices regarding how your personal data is collected, used, and disclosed. However, if you choose not to provide the personal data required for the purposes stated in this notice, we may be unable to process your job application, fulfil the required services or carry out certain necessary business functions. You also have the right to object to the processing of your personal data and to withdraw your consent, as described in the withdrawal clause below.

 

Processing Personal Data of Children Below 18 Years Old

UCC may collect, use, or disclose personal data of individuals below 18 years of age for purposes necessary to provide educational and student support services.

 

In accordance with PDPA requirements and sector guidelines, UCC will:

  • Obtain parental or legal guardian consent before collecting, using, or disclosing the personal data of a child below 18 years old, unless the child is assessed to have sufficient maturity and understanding to provide consent independently;
  • Provide information in a manner that is understandable and appropriate for the child’s age and level of maturity;
  • Take additional security and privacy measures when handling the personal data of minors; and
  • Allow parents/guardians to submit access, correction, or withdrawal requests on behalf of their child.

 

Withdrawal of Consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing.  You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

 

Individuals may withdraw their consent for the collection, use, or disclosure of their personal data—either in whole or in part—by submitting a completed Personal Data Request Form. This form may also be used to opt out of receiving marketing communications. Upon receiving a withdrawal request, we will inform the individual of any likely consequences and will cease the relevant processing activities, unless such processing is required or authorised under applicable laws.

 

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within ten (10) days of receiving it.

 

Depending on the nature of the request, UCC may no longer be able to provide services or maintain an existing contractual relationship. In such cases, UCC reserves the right to cease services or terminate the contract.

 

Any withdrawal of consent will not affect prior consent given for the use of Singapore telephone numbers to receive marketing or promotional messages.

 

Where consent is not obtained, we may collect, use, or disclose personal data in accordance with an exception under the PDPA, such as where it is necessary to respond to an emergency that threatens the life, health, or safety of an individual.

 

UCC relies on accurate and complete personal data to deliver its services effectively. All individuals are responsible for ensuring that the personal data they provide is accurate, complete, and updated in a timely manner.

 

Students may update their particulars through the “Updating of Particulars” function on the UCC website. Alumni and associate lecturers may update their information through their respective departments or during the annual update process. Other individuals, such as job applicants, partners, agents, or enquirers, should update their personal data by contacting the relevant UCC department or the Data Protection Officer.

 

Access and Correction Request

Requests to view personal data held by UCC must be submitted via email to the relevant school. Access is restricted to the requestor’s own data. UCC will not disclose any information that could reveal another individual’s data, cause harm, or compromise national interest.

 

Personal data is retained for as long as necessary to fulfil the original purpose or for other legal or business needs. UCC takes commercially reasonable measures to secure stored and transmitted personal data and ensures that data intermediaries are aware of PDPA obligations. However, UCC is not responsible for unauthorised use of data arising from causes beyond its control.

 

Feedback or enquiries relating to PDPA matters, or requests to access or correct personal data, may be directed to the Data Protection Officer at [email protected].

 

Individuals may view the personal data collected and stored by UCC by submitting a formal request via email to the relevant department. Access is limited strictly to the requestor’s own data. UCC does not disclose any personal data that could reveal another individual’s information, pose a risk of harm, or conflict with national interest.

 

UCC expects all individuals to ensure that their personal data is accurate and complete at the point of submission. Updates should be made promptly through designated channels, such as the student portal or departmental contacts.

 

If you wish to make:

(a) an access request for a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or

(b) a correction request to correct or update any of your personal data which we hold about you,

you may submit your request in writing via email to our Data Protection Officer.

 

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

 

We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days on when we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

 

Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves.  In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.

 

Data Lifecycle Management

UCC follows a document retention policy that tracks the retention schedules for personal data in both paper and electronic formats. We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable laws. We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected and are no longer necessary for legal or business purposes.

 

When users visit or interact with UCC’s websites or online services, UCC and its authorised service providers may use cookies, web beacons, and similar technologies to collect, process, and store usage information. These tools help improve service quality and enhance user experience by enabling faster and safer browsing.

 

Information on the types of cookies used and their functions can be found at www.aboutcookies.org or www.allaboutcookies.org. Users may disable cookies via their browser settings, although this may affect the functionality of certain website features.

 

The Cookie Policy forms part of UCC’s overall data protection framework and may be updated from time to time. It is the responsibility of website users to check for updates periodically.

 

Protection of Data

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as the principle of Data Protection by Design (e.g., minimised collection of personal data), authentication and access controls (e.g., secure passphrase policies, need-to-know basis for data disclosure, etc.), encryption of data, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, and 2 factor authentication (2FA) to secure access.

 

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure.  While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

 

Incident Management and Compliance

In the event of a personal data breach, UCC will assess the situation promptly. If the breach is determined to be notifiable under the PDPA, UCC will notify affected individuals and, where required, the Personal Data Protection Commission (PDPC).

 

We take the protection of your personal data seriously and have put in place measures to prevent and manage data breaches.

 

In the event of a personal data breach that is likely to cause significant harm to individuals or affects 500 or more individuals, we will:

  1. Notify the Personal Data Protection Commission (PDPC) as soon as possible, and
  2. Inform affected individuals as soon as practicable, in line with the requirements under the Personal Data Protection Act (PDPA).

 

We will provide details such as the nature of the breach, the data involved, actions taken to mitigate risks, and any steps individuals should take to protect themselves.

 

The organisation is committed to taking all reasonable steps to evaluate and manage the breach in a timely and compliant manner.

 

Under the PDPA, derived personal data refers to new data elements created by UCC through the processing of existing personal data using mathematical, logical, statistical, computational, algorithmic, or analytical methods that apply business-specific rules.

 

However, in the context of data portability, derived personal data does not include information generated using commonly known or industry-standard methods, such as simple mathematical averaging or summation.

 

Cross Border Data Transfers

Where applicable, personal data may be stored on external servers located outside of Singapore. In the course of business operations, UCC may transfer personal data between its related corporations, affiliated organisations, and third-party service providers, some of which are based overseas.

 

All data transfers are carried out in accordance with the requirements of the PDPA or other applicable data protection laws. If personal data is transferred outside Singapore (e.g., to partners, cloud providers, overseas agents), we will ensure the recipient is bound by legally enforceable obligations (e.g., contracts or binding corporate rules) to provide a standard of protection comparable to the PDPA before the transfer.

 

Communications and Governance

UCC does not sell, trade, or otherwise transfer personally identifiable information to third parties, except to trusted service providers who assist in operating the website, conducting business activities, or delivering services, provided they agree to maintain confidentiality.

 

Personal data may be disclosed if required to comply with legal obligations, enforce site policies, or protect the rights, property, or safety of UCC and others. Non-personally identifiable visitor information may be shared with other parties for marketing, advertising, or similar uses.

 

UCC’s website may contain links to external websites. This privacy policy applies only to UCC’s website. Users who navigate to external websites are advised to review the privacy policies of those respective sites, as UCC does not accept responsibility for the practices of third-party websites.

 

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures; or if you wish to make any request, please do so in writing or in person to the following contact information:

Email: [email protected]

 

This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.

 

We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

 

Effective date : 01 Jul 2020

Last updated : 20 Mar 2026

United Ceres College | Quality & Future-Ready Education
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.