Privacy Policy

Ancourage Academy ("we", "us", "our", or the "Centre") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore.

This Privacy Policy applies to all personal data collected from students, parents/guardians, website visitors, and any individuals who interact with our services.

By enrolling at Ancourage Academy, using our website, or providing us with your personal data, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy.

This Privacy Policy should be read together with our Terms & Conditions and Enrolment & Attendance Policies.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices and ensuring compliance with the PDPA.

If you have any questions, concerns, or requests regarding the protection of your personal data, please contact our DPO:

We collect the following categories of personal data:

1. Student Information

• Full name and preferred name
• Date of birth and age
• Gender
• NRIC number or FIN (for students with identification documents)
• School name, grade level, and subject levels
• Academic records and assessment results
• Attendance records
• Homework completion and progress tracking
• Medical conditions, allergies, and medications
• Special educational needs or learning requirements
• Photographs and videos (for documentation and marketing, subject to separate consent)
• Student artwork, essays, and project work

2. Parent/Guardian Information

• Full name
• NRIC number or passport number (for identification purposes)
• Contact details (mobile number, email address, home address)
• Emergency contact information
• Payment information (bank account details, transaction records)
• Communication records (WhatsApp messages, emails, phone calls)

3. Website and Online Data

• IP addresses and device information
• Browser type and version
• Pages visited and time spent on website
• Referral source and navigation patterns
• Cookies and similar tracking technologies (see Section on Cookies below)
• Contact form submissions and enquiries

4. Sensitive Personal Data

We may collect sensitive personal data with your explicit consent, including:

• Medical conditions, allergies, and health information
• Special educational needs or disabilities
• Psychological or behavioural assessments (if provided by parents)

Sensitive data is collected only when necessary for the safety and well-being of students and is handled with heightened security measures.

We collect personal data through the following methods:

• Enrolment Forms: Information provided during registration process
• Direct Communication: WhatsApp messages, emails, phone calls, in-person conversations
• Assessment and Progress: Academic evaluations, homework tracking, attendance records
• Observations: Teacher observations of student behaviour, learning style, and progress
• Payment Transactions: Bank transfer details, PayNow information, cryptocurrency wallet addresses and transaction IDs
• Website Interactions: Contact forms, newsletter subscriptions, cookies
• Photography/Videography: Photos and videos taken during classes, events, or activities (separate consent obtained)
• Third Parties: In limited cases, from schools or previous tutors (with your consent)

We use your personal data for the following purposes:

1. Educational Services

• Managing enrolment, class placement, and scheduling
• Delivering lessons, assessments, and educational activities
• Tracking academic progress and providing feedback
• Customising teaching methods to individual learning needs
• Preparing homework, worksheets, and learning materials

2. Communication

• Contacting parents regarding class schedules, events, or cancellations
• Providing progress updates and teacher feedback
• Responding to enquiries and support requests
• Sending newsletters, announcements, and important notices

3. Payment Processing

• Processing enrolment fees and lesson package payments
• Issuing receipts and maintaining financial records
• Managing payment reminders and late payment follow-ups

4. Health and Safety

• Ensuring student safety during classes and activities
• Responding to medical emergencies and contacting emergency services
• Maintaining allergy and medical condition records for teacher awareness
• Complying with health-related government regulations when required

5. Marketing and Promotion

• Showcasing student work and achievements on our website and social media (with separate consent)
• Creating promotional materials, brochures, and advertisements
• Sharing testimonials and success stories (with consent)
• Sending marketing communications about new programmes or events to existing contacts

6. Legal Compliance

• Complying with applicable laws and regulations in Singapore (e.g., PDPC obligations, IRAS record-keeping)
• Responding to legal requests or court orders
• Maintaining records for tax and accounting purposes
• Investigating complaints or disputes

7. Analytics and Improvement

• Analysing website traffic and user behaviour
• Improving teaching methods and curricula
• Evaluating programme effectiveness
• Internal training and quality improvement

1. General Consent

By enrolling at Ancourage Academy and providing your personal data, you consent to our collection, use, and disclosure of your personal data as described in this Privacy Policy and for the purposes outlined above.

2. Consent for Children Under 13

For students under 13 years of age, we require parental/guardian consent. By enrolling a child under 13, parents/guardians provide consent on behalf of the child for the collection, use, and disclosure of the child's personal data (PDPC Children's Privacy Guidelines 2024).

3. Consent for Children Aged 13-17

For students aged 13-17 years, the student may give valid consent if they can understand the purposes and consequences of the data collection. In education contexts, we may still seek parental consent as a prudent practice to ensure clarity and transparency.

4. Withdrawal of Consent

You may withdraw consent for specific purposes at any time by providing written notice to our Data Protection Officer at tuition@ancourage.net.

Important: Withdrawal of consent must be as easy as giving consent. We will process withdrawal requests promptly.

Withdrawal of consent may affect our ability to provide services. For example:

• Withdrawing consent for contact details may prevent us from communicating class updates
• Withdrawing consent for medical information may compromise student safety
• Withdrawing consent for payment processing may prevent enrolment

We will process withdrawal requests within 7 business days and inform you of any consequences.

We may disclose your personal data to the following parties:

1. Internal Parties

• Teachers and instructors (for educational purposes)
• Administrative staff (for enrolment, billing, and communication)
• Centre management (for oversight and quality assurance)

2. Service Providers

We engage third-party service providers to support our operations. These providers are contractually bound to protect your data and use it only for specified purposes:

• Payment Processors: Banks, PayNow service providers, cryptocurrency exchanges (for processing payments)
• Website Hosting: Vercel or other hosting providers (for website infrastructure)
• Communication Platforms: WhatsApp, email providers (for messaging)
• Analytics Tools: Google Analytics, Facebook Pixel (for website analytics)
• Cloud Storage: Google Drive or similar services (for document storage)

3. Government Authorities

We may disclose personal data to government agencies when required by law, including:

• Inland Revenue Authority of Singapore (IRAS) for tax purposes
• Personal Data Protection Commission (PDPC) for data breach notifications or compliance enquiries
• Law enforcement agencies if required by court order or legal investigation
• Other regulatory authorities as required by applicable Singapore law

4. Emergency Services

In medical emergencies, we may disclose relevant health information to ambulance services, hospitals, or medical professionals to ensure proper treatment.

5. No Sale of Personal Data

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

Retention Periods:

• Active Students: For the duration of enrolment + 1 year after last class
• Academic Records: 2 years after student graduation or withdrawal
• Financial Records: 7 years (our conservative practice; IRAS/Companies Act minimum is 5 years)
• Communication Records: 1 year after last communication
• Marketing Materials (Photos/Videos): Until opt-out requested or 3 years, whichever is earlier
• Website Analytics Data: 14 months (GA4 event data retention; Google-signals has separate retention controls)
• CCTV Footage: Typically 30 days, or longer where necessary for incident investigation. We display signage explaining purpose and DPO contact details (PDPC Selected Topics Guidelines)

Data Deletion:

After the retention period expires, we will:

• Permanently delete personal data from our systems
• Destroy physical documents containing personal data
• Remove personal data from backups within 90 days

You may request early deletion of your data by contacting our DPO, subject to legal requirements and operational needs.

We implement reasonable security measures to protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.

Security Measures:

• Access Controls: Limited access to personal data on a need-to-know basis
• Password Protection: Strong password policies for all systems and accounts
• Multi-Factor Authentication (MFA): Enabled for all administrative accounts (email, cloud storage, hosting, analytics) to prevent unauthorised access
• Encryption: HTTPS/SSL encryption for website data transmission
• Encryption at Rest: Cloud documents encrypted at rest where supported; routine access reviews conducted
• Secure Storage: Physical documents stored in locked cabinets; digital files password-protected
• Staff Training: Regular data protection training for all employees
• Device Security: Antivirus software, firewalls, and security updates
• Disposal Procedures: Secure deletion of digital data; shredding of physical documents
• Children's Data Protection: Children's personal data is treated as sensitive and protected with enhanced security measures (PDPC guidelines)

Limitations:

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your personal data. You are responsible for:

• Keeping your WhatsApp account and email passwords confidential
• Not sharing sensitive information via insecure channels
• Reporting suspicious activity or potential security breaches immediately

In accordance with the PDPA (Amendment) Act 2020, we are required to notify the Personal Data Protection Commission (PDPC) and affected individuals of data breaches that meet notifiability thresholds.

Our Commitment:

• Investigate suspected data breaches immediately
• Assess notifiability promptly upon discovering a breach
• Notify PDPC within 3 calendar days of determining that the breach is notifiable
• Notify affected individuals as soon as practicable
• Provide information on steps being taken to mitigate harm
• Cooperate fully with PDPC investigations

Notifiable Data Breach Thresholds:

We will notify PDPC if a data breach:

• Is likely to result in significant harm to affected individuals, OR
• Affects ≥ 500 individuals (significant scale threshold), even if significant harm is not likely

What Constitutes Significant Harm:

Significant harm may include:

• Identity theft or fraud
• Financial loss
• Damage to reputation
• Physical or psychological harm
• Loss of employment or business opportunities

If you believe your personal data has been compromised, please contact our DPO immediately at tuition@ancourage.net.

Under the Personal Data Protection Act, you have the following rights:

1. Right of Access

You may request a copy of your personal data held by us. We will respond as soon as reasonably possible. If we cannot respond within 30 days, we will inform you within 30 days of the reason and when we will respond.

Access includes information on how your data has been used or disclosed in the past year (disclosure history).

Access requests are typically provided free of charge. In limited cases involving complex or voluminous requests, a cost-based fee (limited to incremental costs) may be charged. We will provide a written fee estimate before proceeding.

2. Right to Correction

You may request correction of inaccurate or incomplete personal data. We will make reasonable efforts to correct the data within 30 days, or inform you within 30 days if more time is needed.

3. Right to Withdraw Consent

You may withdraw consent for specific purposes (e.g., marketing communications, photography) at any time. We will process withdrawal requests within 7 business days.

Note: Withdrawal of consent for essential purposes (e.g., contact details, payment processing) may affect our ability to provide services and may result in termination of enrolment.

4. How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to our Data Protection Officer:

We reserve the right to refuse requests that are frivolous, vexatious, or made in bad faith. We will notify you of refusal and provide reasons.

Our website uses cookies and similar tracking technologies to enhance user experience and analyse website traffic.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and understand how you use the site.

Singapore Implied Consent Model

Types of Cookies We Use:

• Essential Cookies: Required for website functionality (login, session management) - cannot be disabled
• Analytics Cookies: Google Analytics to track website traffic and user behaviour
• Marketing Cookies: Facebook Pixel to measure ad performance and conversions
• Preference Cookies: Remember your language, theme, or cookie consent choices

Third-Party Cookies:

We use the following third-party services that may set cookies:

• Google Analytics (GA4): Analyses website usage and traffic sources. Event data retention: 14 months; Google-signals has separate retention controls
• Facebook Pixel: Tracks conversions from Facebook ads

Managing Cookies:

You can control and delete cookies through:

• Cookie Consent Banner: Manage preferences via our cookie banner (click "Cookies" in footer)
• Browser Settings: Most browsers allow you to refuse or delete cookies
• Opt-Out Links:
  • Google Analytics Opt-Out
  • Facebook Cookie Policy

Note: Disabling essential cookies may affect website functionality.

1. Separate Consent for Photography/Videography

We obtain separate consent for capturing and using photographs, videos, and testimonials featuring your child for marketing purposes. This consent is requested during enrolment or at the time of photography.

With consent, we may use photos/videos for:

• Documenting student learning and progress (internal use)
• Displaying student work in the Centre
• Posting on our website and social media (Instagram, Facebook)
• Creating promotional materials (brochures, flyers, advertisements)
• Sharing success stories and testimonials

2. Privacy Safeguards

We are mindful of student privacy and will:

• Avoid publishing full names unless you provide explicit permission
• Not disclose personal contact details (phone, address, school name) in public materials
• Use first names only or pseudonyms when appropriate
• Ensure images are appropriate and respectful

3. Opt-Out Option

You may opt out of having your child's photo/video used for marketing purposes at any time by:

• Emailing our DPO at tuition@ancourage.net
• Replying via WhatsApp message to our Centre number
• Subject line: "Photo/Video Opt-Out - [Student Name]"

4. Removal of Published Content

Upon receiving an opt-out request, we will:

• Cease future use of your child's photos/videos
• Remove content from our website and social media where reasonably practicable
• Notify third parties if content has been shared

Note: We cannot remove content already in circulation (e.g., printed brochures distributed, third-party websites, or search engine caches). Removal will be completed within 14 days for digital content.

5. Parent Photography Rules

Parents attending Centre events may not photograph or video record other students without permission from those students' parents. Violation may result in exclusion from future events.

Your personal data may be transferred to, stored, or processed in locations outside Singapore, including:

• Cloud Storage: Google Drive (servers in USA and other jurisdictions)
• Website Hosting: Vercel (servers globally distributed)
• Analytics: Google Analytics (servers in USA)
• Marketing: Facebook (servers in USA)

Transfer Limitation Obligation Compliance

We ensure that overseas transfers comply with PDPA's Transfer Limitation Obligation by:

• Ensuring overseas recipients provide a standard of protection comparable to PDPA through:
  • ASEAN Model Contractual Clauses (MCCs) - currently being implemented
  • Binding corporate rules
  • Specified certifications where applicable
• Entering into Data Protection Agreements (DPAs) with service providers acting as data intermediaries
• Conducting due diligence on service providers' data protection practices

By providing your personal data, you consent to such overseas transfers, subject to the above safeguards.

Our services are primarily directed at children and minors (ages 4-18). We take children's privacy seriously and comply with PDPA requirements for collecting children's personal data.

Parental Consent:

• For children under 13, parental consent is required and obtained during enrolment
• For children 13-17, we typically obtain parental consent, though the child may consent if they demonstrate sufficient understanding of the purposes and consequences
• Parents may exercise all rights on behalf of their children, including access, correction, and withdrawal of consent

Protection Measures:

• Children's data is treated as sensitive and handled with heightened security measures (PDPC guidelines)
• Access to children's data is restricted to authorised personnel only
• We do not knowingly share children's personal data with third parties for marketing without explicit parental consent
• Enhanced security protocols apply to all systems processing children's data

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

Notice of Changes:

• The "Last Updated" date at the top of this page will be revised
• For material changes, we will notify you via email or prominent website notice
• Continued use of our services after changes constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically.

Internal Complaints:

If you have concerns or complaints about how we handle your personal data, please contact our Data Protection Officer:

We will investigate your complaint and respond within 14 business days.

External Complaints:

If you are not satisfied with our response, you may file a complaint with the Personal Data Protection Commission:

For general enquiries about this Privacy Policy or our data protection practices, please contact: