All SEGi University and Colleges institutions ("SEGi") are committed towards the protection of Personal Data in accordance to the requirements of the Personal Data Protection Act 2010 ('Act'). This policy describes the policy and practices involved with respect to personal data protection and set out the principles which will apply to safeguard the processing of personal data of SEGi's current, past or prospective students, visitors to SEGi's campuses or websites or such other persons' whose personal data may be collected together with the data of the aforesaid persons.
The following expressions follow as closely as possible to the meaning in the Act. In the event of any conflict in the interpretation between the meaning of the Act or this Policy, the Act shall prevail.
||An individual who is the subject of the Personal Data. In this case, it shall refer to the current, past or prospective students, visitors to SEGi's campuses or websites and such other personal data that may be collected together with the aforesaid person’s data (e.g personal data of parents, guardians, siblings, emergency contact persons, etc.)
||A company which processes or authorises the processing of any Personal Data or has control over Personal Data, but does not include a data processor. In this case, the Data User shall refer to SEGi.
The data processor refers to any one, other than an employee of data user who processes personal data solely on behalf of the Data User, and does not process the personal data for any of his own purposes. In this case, the data processor refers to e.g, third party contractors or service providers engaged by SEGi to process personal data for the benefit of SEGi such as but not limited to SEGi University and Colleges providers for information technology systems, networks and softwares, outsourced data processing centres recruitment or programme representatives, managers, co-ordinators or agents, etc.
||Any information that relates directly or indirectly to a Data Subject who is identified or identifiable from that information or from that and other information in the possession of a Data User, including any Sensitive Personal Data and expression of opinion about the Data Subject.
(e.g name, passport number, identity card number, contact number, fingerprint, photograph, progression or assessment, report or results, financial details, information on the Data Subject’s family, medical history, or any other information personal to the Data Subject)
|Sensitive Personal data
||Any personal data consisting of information as to the physical or mental health or condition of a Data Subject, his political opinions, his religious beliefs or other beliefs of a similar nature.
||Collecting, disclosing, recording, holding or storing the Personal Data or carrying out any operation or set of operations on the Personal Data of the Data Subject.
1. The following describes SEGi’s policies and practices with respect to the processing of Personal Data in compliance with the aforesaid data protection principles under the Act.
SEGi will collect and process Personal Data for the following purposes:
2.1 Personal Data collected in respect of Prospective Students and visitors.
- SEGi may collect and process Personal Data of enquiring prospective students or visitors.
- The information collected through whatever source will be used for SEGi’s assessment of the candidate’s suitability to programmes offered, for administration, management and support services (including, accommodation, transportation, immigration services), assessment and analysis, programme promotion and which may be disclosed to SEGi’s service providers and agents, the SEGi University and Colleges Group companies and Partner Universities (if applicable) for these purposes or if required to be disclosed to regulatory, statistical authorities, agencies or bodies. The information requested is necessary for the above purposes and a candidate’s failure to provide the information, or providing inaccurate information may result in SEGi not being able to fulfill the purposes above and could result in rejection or delay of the candidate’s application to enroll with SEGi.
- All information collected will be kept by SEGi for a reasonable period according to legal requirements, and also for administration and marketing purposes and SEGi may contact the candidate on any promotions.
- If the candidate does not wish SEGi to contact him for the purpose stated in item (c) above, please see paragraph 6 where Data Subject may opt out of SEGi’s database
- information provided by the candidate will become SEGi’s student record and will be necessary to be retained by SEGi in the manner stated in paragraph 2.3
2.2 Personal Data collected for security measures in respect of visitors or Students to SEGi’s campuses.
- SEGi’s security guards may stop visitors or students at SEGi’s campuses and request for certain Personal Data as part of SEGi’s security measure (e.g visitor’s name, identity number, driving license, purpose of visit, vehicle registration no, etc.) Failure of providing the information requested may result in denial of entry.
- The information in log books (or any security images captured, etc) where the aforesaid Personal Data is recorded shall be kept by SEGi for a reasonable period according to law and will be transferred to SEGi’s security department where access is restricted to specific authorised SEGi personnel only.
2.3 Personal Data collected in respect of current and past students.
- The personal data of current and past students will be collected and processed from time to time in the student’s continued engagement with SEGi and will be processed by SEGi for the following purposes:
- maintenance of the student record (including personal, academic or training details,) and management of academic or training processes (for example, programme delivery, academic or training audits, examination boards, issue of transcripts and awarding of degrees, certificates, etc);
- the management of student services, including provision of learning resources and facilities, student accommodation, transportation, immigration, pastoral care and welfare services;
- alumni operations, including fund-raising and notification of alumni activities and provision of alumni benefits;
- the provision of advice and support to students (via, amongst others, immigration services, student services, student accommodation services, the counseling services, the students’ clubs or association, careers services, internship, practicum or other industrial engagement);
- provision of applicable extracurricular activities (for example, student leadership programmes, student ambassador programmes, outward bound programmes, career development programmes, etc);
- fees, student loans (including creation, management and administration of Student’s loan accounts) or scholarship processing, payment, collection, credit reporting and recovery of debts;
- conduct of surveys and analysis;
- submissions, research and all other information as required by regulatory or statistical authorities agencies or bodies including the Ministry of Education, Malaysian Qualifications Agency, Ministry of Human Resources and the Department of Skills Development, Pembangunan Sumber Manusia Berhad, Ministry of Home Affairs and the Department for Immigration, Perbadanan Tabung Pendidikan Tinggi Nasional, Perbadanan Tabung Pembangunan Kemahiran and, in relation to international students, foreign authorities and embassies or consulates of the student’s home country;
- to provide the student with information on the programmes activities and services of SEGi and related corporations in relation to SEGi University Group’s programmes, activities and services;
- internal and external audits or disclosures or such other functions required to be complied in law;
- administration, including enforcement of SEGi’s rights such as commencing legal proceedings, reporting to credit reporting agencies, etc;
- other purposes as may be specifically set out in the applicable specific programmes or activities as and when it may be entered between SEGi and the student from time to time.
(collectively “the Purposes”)
- It will be necessary for SEGi to process the Personal Data, without which SEGi will not be able to continue to use the student’s Personal Data for any of the above Purposes.
- The Purposes above for which Personal Data is processed is essential for SEGi to carry out its functions as an education or training institution and in providing to the students the services for which the student has or will be contracting for. Upon enrollment of the student in SEGi, the student is taken to consent to the processing of the Personal Data for the aforesaid purposes unless the student indicates so in writing.
- However, under the Act, a student has the choice not to consent, or to withdraw the consent at any time to all or any specific Purposes. Nevertheless, as the aforesaid Purposes are deemed essential for SEGi to carry out its functions and its services to the student, a student’s failure to consent or withdrawal of consent to all or any specific purpose may affect or disrupt the functions or services to be provided by SEGi to the student and to such extent SEGi shall not be held responsible for such disruption of service and may, if deemed appropriate by SEGi, terminate its services to be provided to the student and claim for reimbursement of benefits conferred on the student.
- Further if required for the foregoing Purposes, the Personal Data may be transferred to locations outside Malaysia or disclosed to SEGi’s related corporation or partner universities or institutions who may be located within or outside Malaysia. Save for the foregoing, a student’s Personal Data will not be knowingly transferred to any place outside Malaysia or be knowingly disclosed to any third party.
SEGi discloses a student’s information to a variety of recipients, notably:
- the person(s) a student has already authorised to receive disclosure of Personal Data in the application for enrollment form;
- employees of SEGi (on a need-to-know-basis only);
- students’ sponsors (including parents or guardians (if applicable), Perbadanan Tabung Pendidikan Tinggi Nasional, Perbadanan Tabung Pembangunan Kemahiran, funding councils and agencies acting on their behalf) scholarship boards, legal advisers and credit rating agencies in relation to credit reporting and recovery of debts;
- the person(s) having concern over the Students’ wellbeing and welfare, and the progress of the Students’ studies such as parents and family members, embassies or consulates of the Students’ home country (“Concern Person”).
- regulatory or statistical authorities, agencies or bodies including the Ministry of Education, Malaysian Qualifications Agency, Ministry of Human Resources and the Department of Skills Development, Pembangunan Sumber Manusia Berhad; and in relation to international students, foreign authorities, embassies or consulates of the student’s home country;
- the Ministry of Home Affairs and the immigration authorities, Education Malaysia Global Services and such other authorities, agencies or service providers for processing of immigration visas, permits or approvals
- current or potential employers of students or organisations hosting students’ internship, practicum or industrial engagement;
- current or potential providers of education to students including partner or franchise institutions in connection with the delivery of academic programmes of education;
- SEGi’s service providers or agents (on a need-to-know-basis only), such as but not limited to, providers for student’s insurance policies, providers for SEGi University and Colleges information technology systems, networks and softwares, outsourced data processing centres, recruitment or programme representatives, managers, co-ordinators or agents auditors, Legal advisors and other consultants.
- persons involve in enforcing SEGi’s rights such as lawyers, courts or arbitration centres, credit control agencies (e.g. CTOS), etc;
- disclosures to person or institutions not listed above will be made only with the student’s consent unless exceptional circumstances apply, as provided by law.
4. NOTICE AND CHOICE PRINCIPLE
4.1 At the point of enrolment with SEGi, the student shall be referred to SEGi’s Privacy Notice containing, amongst others, the Purposes and the above list of authorised persons or institutions for disclosure and the student’s consent will be sought for the processing of data accordingly.
4.2 Under the Act, a student has the choice not to consent, or to withdraw consent at any time to the Purposes and disclosure to all or any specific persons or institutions listed above. Nevertheless, as the aforesaid Purposes and persons or institutions authorised for disclosure are deemed essential for SEGi to carry out its functions and its services and failure to consent or withdrawal of consent at any time to the Purposes or disclosure to all or any specific persons or institution above may affect or disrupt, the functions or services to be provided by SEGi to the student and to such extent SEGi shall not be held responsible for such disruption of service and may, if deemed appropriate by SEGi, terminate its services to be provided to the student and claim for reimbursement of benefits conferred on the student.
4.3 Should the student at any time withdraw consent for disclosures of any or all Personal Data to the persons in category 3(i) and/or (iii) above SEGi reserves the right to notify those persons that such withdrawal has taken place.
4.4 Special Note on Accessing or using SEGi’s web-sites or SEGi’s on-line learning sites and systems:
- In accessing or using SEGi’s web-sites or SEGi’s on-line learning sites and systems (“SEGi Internet Sites”), the Data Subject may be assigned with a unique identity consisting of the Data Subject’s user identity and/or password (“Identity”). It shall be the responsibility of the Data Subject to keep his Identity secured and not share or enable anyone else to access the Data Subject’s Identity (whether or not the Data Subject has acted negligently or otherwise). SEGi shall not be liable for any breach of security or privacy where it is due to any act or omission of the Data Subject which enables third party(ies) to access the Data Subject’s Identity or services provided by SEGi through the Data Subject’s Identity.
The type of data collected through SEGi Internet Sites through the cookies or tracking technologies may include the Data Subject’s IP address, date and time of visit or access to SEGi’s services, whether the Data Subject’s requests were met. It is meant to inter alia, facilitate login, identify and track browsing pattern, to present personalized version of the site or services or to track the use of the sites or services.
SEGi may permit third party(ies) (including advertisers or providers) to set cookies on SEGi Internet Sites for purposes which may include market research, serving advertisements, revenue tracking, to improve functionality of the sites or monitoring for compliance. SEGi may not have access to these third party cookies and these parties may have their own privacy policies and information generated by such cookies form the use at our SEGi Internet Sites and may be transmitted to and stored at servers of such third parties at locations outside Malaysia to process the data.
The Data Subject may choose to delete or block the cookies by changing the setting on the Data Subject’s computer or device. However, choosing to do so may reduce the functionality of the SEGi Internet Sites, the quality and efficiency of delivery of services or may prevent access to certain features of the site.
5.1 SEGi undertakes to take practical steps to protect the Personal Data from loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.
5.2 For these purposes SEGi has in place adequate secured systems, which are password protected and has users and authorisation levels to ensure that Personal Data is given access to only personnel in SEGi to the extent it is necessary for them to perform their services for the students.
5.3 Important Note on Using Information Systems, Equipments and Networks:
All electronic communications, information systems and equipment and network system (“Information Systems, Equipments and Networks”) on SEGi campuses made open for student or public use (e.g open network or wifi-systems, computers in IT labs etc) are NOT guaranteed privacy and may be monitored by SEGi. The student shall not use such Information Systems, Equipments and Networks except in relation to his programme of study or training and no personal privacy right or security of the Information Systems, Equipments or Networks is guaranteed in connection with its use or with its transmission, receipt or storage of information therein.
5.4 Personal data of visitors
As SEGi’s security measure, SEGi may collect Personal Data of visitors, students, parents or members of public (“Visitors”) visiting SEGi’s premises. Refusal by Visitors to provide such information or identity documents may result in denial of entry. Premises of SEGi may further be fitted with CCTV cameras where images may be taken for security measures. Such records will be kept with security or IT departments accessible to only specific authorised SEGi personnel and will be kept for a reasonable period allowed by law and destroyed upon expiry of such period.
6.1 Records maintained by SEGi shall be retained for a reasonable period according to law or as directed by the relevant authorities dealing with education/training in Malaysia.
6.2 Certain Student’s academic or training records will have to be retained permanently in order to fulfil request for verification of certificates.
7. DATA INTEGRITY, ACCESS AND CORRECTION/CHANGE
7.1 SEGi undertakes to the extent reasonable, to ensure that Personal Data of Data Subjects are accurate, complete, not misleading and kept up to date.
7.2 However, as SEGi is reliant on the Data Subject for much of the data it holds, it is advised that the Data Subject, on any change of information (e.g change of address, contact details, etc) should assist SEGi to keep its records up to date by notifying any changes.
7.3 A Data Subject has the right to a copy of the current personal information held by SEGi. The Data Subject may at any time make written inquiry by filling the ‘Data Access Form’ and payment of a prescribed fee to request access to the Data Subject’s Personal Data. The ‘Data Access Form’ is available at the relevant campus Registry/Office of Admission and Records (“OAR”).
Take Note: Request for Result Slips, Transcripts, Certificates, Academic Results shall not be treated as a Data Access request. Any student wishing to request for the aforesaid matters must follow the normal campus procedure governing the request for such items and pay the Fees prescribed under those procedures.
Fees chargeable for request to access Personal Data are as follows:
Data access request for a data subject’s personal data with a copy
Data access request for a data subject’s personal data without a copy
Data access request for a data subject’s sensitive personal data with a copy
Data access request for a data subject’s sensitive personal data without a copy
Note: SEGi may request student to pay additional charges if payment above is insufficient to cover postage/delivery to student, or copies of data requested is substantial.
7.4 SEGi’s Registry/OAR will comply with data access request made in the aforesaid manner. However, the Registry may refuse to comply if:
- the Data User is not supplied with such information as he may reasonably require:
- in order to satisfy himself as to the identity of the requestor;
- where the requestor claims to be a relevant person, in order to satisfy himself-
- as to the identity of the Data Subject in relation to whom the requestor claims to be the relevant person; and
- that the requestor is the relevant person in relation to the Data Subject;
- the Data User is not supplied with such information as he may reasonably require to locate the Personal Data to which the data access request relates;
- the burden or expense of providing access is disproportionate to the risks to the Data Subject’s privacy in relation to the Personal Data in the case in question;
- the Data User cannot comply with the data access request without disclosing Personal Data relating to another individual who can be identified from that information unless :-
- that other individual has consented to the disclosure of the information to the requestor; or
- it is reasonable in all the circumstances to comply with the data access request without the consent of the other individual;
7.5 A Data Subject has the right to correct any inaccurate, incomplete, misleading or not up-to-date Personal Data kept with SEGi. The Data Subject may at any time, by filling in the ‘Data Correction/Change Form’ request for the correction or change. The ‘Data Correction/Change Form’ is available at the relevant campus Registry/OAR.
7.6 SEGi’s Registry/OAR will comply with the data correction request made in the aforesaid manner. However, the Registry may refuse to comply, if:
- Registry is not supplied with the information reasonably required, (i.e the identity of the student);
- insufficient information to decide if Personal Data is inaccurate, incomplete, misleading and not up to date;
- information provided by the student of the Personal Data is inaccurate, incomplete, misleading and not up to date;
- correction of the Personal Data is not accurate, misleading or up to date; or
- prohibited by other Data User who controls the Personal Data.
8. RIGHT TO PREVENT PROCESSING FOR DIRECT MARKETING
If a Data Subject wishes SEGi to cease or not begin processing his Personal Data for purpose of direct marketing (e.g to opt out of receiving any direct marketing materials) he may do so by send a written request to:
Group Marketing, 5th Floor,
SEGi University, No. 9,
Jalan Teknologi, Taman Sains Selangor
Kota Damansara, PJU 5,
47810 Petaling Jaya, Selangor.
with the following information:
- state that the data subject does not wish to receive any direct marketing materials
- full name of data subject
- NRIC / Passport no. of data subject
- address of data subject
9. COMPLAINTS ON BREACH OF PRIVACY
SEGi University and Colleges is committed to compliance with the Act.
Should anyone feel aggrieved of a non-compliance of the Act by SEGi, please write in to the relevant campus Registry providing us a brief of the complaint (with details on matter complained of, date and time of incident, etc) and provide your full name (and student ID if applicable), contact number and email for SEGi to get in touch with you. Complaints received will be investigated and appropriate action will be taken.