(Sing) Privacy Policy

Thank you to our Customers, Users and Partners for trusting, choosing, and using the products, platforms, software, and services of PREP PTE. LTD. in Singapore.

PREP PTE. LTD., hereinafter referred to as “Prep”, respects the privacy, confidentiality, and control over personal data of its Customers, Users, Students, Partners, and other relevant individuals.

Prep understands that information of Customers and Partners, including personal data, account information, learning information, transaction information, contractual information, operational information, technical information, and other related information, constitutes important information that must be kept confidential, protected, and processed in a careful, transparent, lawful, and responsible manner.

This Policy is developed to help Customers, Users, and Partners understand:

a. what types of information Prep collects;

b. how Prep collects information;

c. for what purposes Prep uses information;

d. with whom Prep may share information;

e. how Prep protects and retains information;

f. what rights Customers, Users, and Partners have in relation to their information;

g. how to contact Prep to request access, correction, withdrawal of consent, provide feedback, or lodge complaints regarding the processing of information.

This Policy is developed on the basis of compliance with the Personal Data Protection Act 2012 of Singapore (“PDPA”), the relevant regulations and guidelines of the Personal Data Protection Commission Singapore (“PDPC”), and other applicable laws relating to information security, system security, electronic commerce, electronic marketing communications, and prevention of unauthorised access in Singapore.

Where Prep processes personal data of individuals residing in the United Kingdom or the European Union in the course of providing services in Singapore or cross-border services, Prep will review the applicability of the General Data Protection Regulation (“GDPR”) or equivalent regulations, where applicable. In all cases, Prep will prioritise compliance with Singapore law and ensure that compliance with any foreign regulation does not conflict with Singapore law.

This Policy supplements, but does not supersede or replace, any terms, conditions, notices, contracts, appendices, data processing agreements or separate consents that Customers, Users or Partners have provided to Prep in specific cases.

 

Article 1. Scope of Application

This Policy applies to individuals and organisations whose information is collected, used, stored, shared, protected or processed by Prep in the course of providing products and services and conducting business activities in Singapore, including:

a. individual Customers, Users and Students who register accounts, purchase, access or use Prep’s products, courses, platforms, software or services;

b. parents, guardians or legal representatives of Students, where the use of the services requires the participation, consent or support of such individuals;

c. Partners that are organisations, enterprises, schools, educational centres, distributors, corporate customers, suppliers or entities cooperating with Prep;

d. legal representatives, authorised representatives, personnel in charge of contracts, operational contact persons, technical personnel or contact persons of Partners;

e. teachers, collaborators, contractors, service providers, data intermediaries or parties supporting Prep in the provision, operation, maintenance or development of products and services;

f. other individuals or organisations related to the use of products, services, transactions, cooperation or exchange of information with Prep in Singapore.

 

Article 2. Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed to them below:

2.1. Prep

Prep means PREP PTE. LTD., incorporated and operating under the laws of Singapore, being the entity that operates and provides the products, platforms, software, and services at prepedu.com.

2.2. Customer

Customer means an individual or organisation that searches for, accesses, purchases, registers for, or uses products, courses, platforms, software, educational services, test preparation services, assessment services, or other services provided by Prep.

2.3. User or Student

User or Student means an individual, regardless of age, who directly creates an account, logs in, studies, takes tests, uses practice features, interacts with teachers, uses assessment tools, or uses any feature on Prep’s platform. 

2.4. Student under 18

Student under 18 means a Student who is below eighteen (18) years of age at the time of registration, access to, or use of Prep’s products, platforms, software, or services.

For the purposes of this Policy, references to a Student under 18 may include a child or young person whose Personal Data is processed by Prep in connection with the provision of online learning, test preparation, assessment, learning support or related educational services.

2.5. Parent, Guardian, or Legal Representative

Parent, Guardian or Legal Representative means an individual who has lawful authority or responsibility to give consent, provide support, make requests or act on behalf of a Student under 18 in relation to the use of Prep’s products, platforms, software or services, where applicable. 

2.6. Partner

Partner means an organisation, enterprise, school, educational centre, distributor, corporate customer, supplier, teacher, collaborator, contractor or other individual/organisation that cooperates, enters into an agreement or contract, or coordinates with Prep in the course of providing products, services or operating business activities.

2.7. Information of Customers and Partners

Information of Customers and Partners includes personal data and other related information arising in the course of Customers, Users, Students or Partners learning about, registering for, purchasing, using products or services, conducting transactions, communicating, cooperating or working with Prep.

2.8. Personal Data

Personal Data means data, whether true or not, about an individual who can be identified:

a. from that data; or

b. from that data and other information to which Prep has or is likely to have access,

as defined under Section 2(1) of the PDPA.

2.8.1. For individual Customers, Users, and Students

Prep may process the following Personal Data:

1. full name, including middle name and other names, if any; 

2. date of birth (if any); 

3. place of birth  (if any); 

4. permanent residential address, temporary residential address, current residential address, place of origin and contact address  (if any); 

5. personal image  (if any); 

6. telephone number; 

7. email address;

8.  detailed learning data, including assessment results, scores, error analysis, personalised learning pathways, progress reports or learning records of Students; 

9. approximate geographic location inferred from internet protocol address (“IP Address”), such as country, region, city or province level, where applicable, for service operation, regional support, system security, detection of unusual access, prevention of account misuse, unauthorised account sharing, course resale or other violations of Prep’s terms of use. Such information does not identify the individual’s precise physical address, real-time location, Global Positioning System (“GPS”) location or continuous movement, unless separately notified and consented to where required by applicable law; 

10. voice recordings, speaking content, written content, pronunciation data or data generated from speaking practice, correction or skill assessment features; 

11. login information, authentication information, access rights, login logs, operation logs or account security data. 

2.8.2. For Partners that are organisations

Prep may process organisational information and Personal Data of the representative, authorised person, contact person or personnel in charge of the Partner.

2.8.3. For Partners that are individuals or personal information of representatives of Partners

Prep may process the following Personal Data:

1. full legal name, including middle name and other names, if any; 

2. date of birth; 

3. place of birth, place of birth registration, permanent residential address, temporary residential address, current residential address, place of origin and contact address; 

4. telephone number and email address. 

2.9. Derived Personal Data

Derived Personal Data means Personal Data about an individual that is created, inferred, analysed or derived by Prep in the course of its business from other Personal Data in Prep’s possession or under Prep’s control, whether such underlying Personal Data relates to that individual or another individual, but does not include Personal Data derived by any means or method excluded under applicable laws.

2.10. Information Requiring Enhanced Protection

Prep recognises that certain types of information may create higher risks if accessed, used, disclosed, modified, lost or processed without authorisation. Accordingly, depending on the circumstances, Prep may apply enhanced protection measures to information including:

• detailed learning data, including assessment results, scores, error analysis, personalised learning pathways, progress reports or learning records of Students; 

• voice recordings, speaking content, written content, pronunciation data or data generated from speaking practice, correction or skill assessment features; 

• approximate geographic location inferred from internet protocol address (“IP Address”), such as country, region, city or province level, where applicable. Such information is used for service operation, regional support, system security, detection of unusual access, prevention of account misuse, unauthorised account sharing, resale of courses or other violations of Prep’s terms of use, and does not identify the individual’s precise physical address or real-time location. Prep does not collect GPS location data or continuous location tracking data, unless separately notified and consented to where required by applicable law;  

• login information, authentication information, access rights, login logs, operation logs or account security data. 

 

Article 3. Purposes of Information Processing

Prep collects, uses, stores, shares, protects or processes information of Customers, Users, Students, Partners and other relevant individuals and organisations for lawful and reasonable purposes, in accordance with the scope of products, services, cooperation relationships and business activities of Prep in Singapore.

Unless otherwise permitted or required by Singapore law, Prep will process information within the scope of the purposes that have been notified, approved or are necessary for providing products and services, performing contracts, protecting systems, and protecting the rights and legitimate interests of Prep, Customers, Users, Students, Partners or relevant third parties.

3.1. For individual Customers, Users and Students

Prep may process information of individual Customers, Users and Students for the following purposes:

a. creating, verifying, managing and maintaining user accounts;

b. providing, activating, operating and managing access rights to Prep’s products, courses, platforms, software or services;

c. recording learning history, service usage history, learning progress, exercise results, test results and assessment results;

d. providing learning, test preparation, correction, skill assessment, error analysis, learning content recommendation and personalised learning pathway services;

e. processing essays, speaking submissions, recordings, answers or other learning data provided by Users when using the relevant features of Prep;

f. processing orders, payments, invoices, receipts, promotion codes, refunds, reconciliation and transactions relating to the purchase or use of products and services;

g. sending notifications relating to accounts, courses, class schedules, tests, transactions, service updates, policy changes or necessary operational notices;

h. receiving, verifying, responding to and handling support requests, feedback, complaints, disputes, technical errors or requests relating to the use of services;

i. protecting accounts, detecting abnormal access, preventing fraud, abuse, unauthorised account sharing, system interference or violations of terms of use;

j. measuring, analysing and improving the quality of products, learning content, interface, features, system performance and user experience;

k. sending information about learning programmes, promotions, events, surveys, newsletters or other marketing content within the scope permitted by Singapore law and in accordance with the User’s preferences.

3.2. For parents, guardians or legal representatives of Students

Where the use of services requires the participation, consent or support of a parent, guardian or legal representative of a Student, Prep may process information of such individuals for the following purposes:

a. verifying the relationship with the Student and the authority to represent, consent to or support the Student’s use of the services;

b. recording consent, registration confirmation, payment confirmation or confirmation of requests relating to the Student’s account, courses or data;

c. contacting them to provide information on the Student’s learning, learning progress, transactions, technical support or issues arising in relation to the Student;

d. processing payments, invoices, refunds, complaints or support requests where the parent, guardian or legal representative conducts the transaction with Prep;

e. receiving and handling requests for access, correction, withdrawal of consent, feedback or complaints relating to the Student’s information, to the extent permitted by law;

f. taking necessary measures to protect the rights, safety and learning experience of the Student.

3.3. For Partners that are organisations, enterprises, schools, educational centres, distributors, corporate customers, suppliers or entities cooperating with Prep

Prep may process information of Partners for the following purposes:

a. learning about, assessing, establishing, maintaining and developing cooperation relationships with Partners;

b. preparing, negotiating, entering into, performing, managing, renewing, amending or terminating contracts, appendices, orders, quotations, acceptance minutes or other cooperation documents;

c. implementing products, services, learning programmes, distribution programmes, technical integrations or cooperation activities as agreed between Prep and the Partner;

d. managing Student lists, user accounts, access rights, classes, learning groups, cohorts or learning programmes registered, referred or managed by the Partner;

e. preparing service usage reports, progress reports, learning reports, cooperation effectiveness reports or operational reports within the scope of the contract and as permitted by law;

f. conducting reconciliation, payment, debt management, invoice issuance, document management, auditing, accounting or other financial obligations;

g. sending operational notices, contractual notices, service notices, technical notices or information relating to the cooperation relationship;

h. receiving, responding to and handling support requests, incidents, complaints, disputes or issues arising during cooperation;

i. evaluating cooperation effectiveness, improving coordination processes, and enhancing the quality of products, services and Partner experience;

j. complying with legal obligations, requirements of competent authorities, audits, risk management requirements, or protecting Prep’s rights and legitimate interests.

3.4. For legal representatives, authorised representatives, personnel in charge of contracts, operational contact persons, technical personnel or contact persons of Partners

Prep may process information of individuals belonging to or representing Partners for the following purposes:

a. verifying the identity, title, representative authority or scope of responsibility of the individual in relation to the Partner;

b. contacting, communicating, coordinating, confirming, approving or handling matters relating to contracts, service implementation, operations, technical matters, payments, acceptance or support;

c. granting, managing, authorising, monitoring and revoking system access accounts, administrator accounts or service usage rights, if any;

d. recording communication history, support requests, feedback, confirmations, approvals or decisions relating to the cooperation process;

e. protecting systems, controlling access, recording login logs and operation logs, and detecting abnormal activities;

f. handling complaints, disputes, support requests, reconciliation, acceptance, payment or issues arising between Prep and the Partner;

g. complying with legal obligations, contractual obligations, audits, internal governance requirements and protecting the legitimate interests of Prep or the Partner.

3.5. Use of information for new purposes

Where Prep intends to use, share or process information for a purpose different from the purposes stated in this Policy or previously notified, Prep will provide additional notice and/or obtain appropriate consent where required by Singapore law.

Where Singapore law permits the processing of information without separate consent, Prep may conduct such processing within the scope permitted by law, provided that appropriate security and control measures are still applied.

 

Article 4. Methods of Information Processing

Prep processes information of Customers, Users, Students, Partners and other relevant individuals and organisations by methods consistent with the notified purposes, scope of services, agreements between the parties and Singapore law.

The processing of information is carried out on the basis of the key obligations under the PDPA, including the obligations relating to notification, consent, purpose limitation, accuracy, data protection, retention limitation, transfer of data outside Singapore and notification of data breaches where an incident is notifiable. The PDPA provides for these obligations in the relevant provisions concerning collection, use, disclosure, access, correction, care, protection, retention, transfer and notification of data breaches.

4.1. Provision of Personal Data and Consent  

Prep respects the rights of individuals, and where applicable their Parents, Guardians or Legal Representatives, to be informed of and to give consent to the collection, use and disclosure of their Personal Data in accordance with the PDPA.

Depending on the specific activity, Personal Data may be provided to or received by Prep through the following sources:

a. Personal Data provided directly to Prep

Customers, Users, Students or, where applicable, their Parents, Guardians or Legal Representatives may provide Personal Data directly to Prep through the official channels and collection methods set out in this Policy, including Prep’s websites, applications, platforms, forms, customer support channels, email, telephone, messages or other official communication channels.

Consent may be given or evidenced through appropriate methods, including written or electronic confirmation, digitally signed documents, recorded calls, SMS confirmation, email confirmation, ticking a consent box, clicking a confirmation button on Prep’s website, application or platform, or other verifiable methods that allow Prep to record the time, content and scope of consent.

b. Personal Data provided to Prep by Partners

In B2B arrangements, a Partner may provide Personal Data of Customers, Users, Students, personnel, representatives or relevant individuals to Prep for the purposes set out in this Policy, including service implementation, account creation, access management, learning support, reporting, technical support, reconciliation or performance of the relevant contract.

Where a Partner provides Personal Data to Prep, the Partner represents and warrants that it has provided all required notices, obtained valid consent where required, or otherwise has a lawful basis to collect, use, disclose and provide such Personal Data to Prep.

The scope of Personal Data received by Prep and the scope of processing by Prep shall depend on the consent, notice or lawful basis relied upon by the Partner, the agreement between Prep and the Partner, and this Policy.

Where any complaint, dispute, claim or loss arises from the Partner’s failure to provide proper notice, obtain required consent, or establish a lawful basis for providing Personal Data to Prep, the Partner shall be responsible for addressing such matter and shall cooperate with Prep to protect the lawful rights and interests of Prep and the relevant individuals.

c. Personal Data received from third-party platforms or lawful third-party sources

Prep may receive Personal Data from third-party platforms or lawful third-party sources, including public or official sources that may be lawfully accessed, third-party login providers such as Google, Facebook or similar platforms, and technical, analytics, measurement or service providers engaged by or integrated with Prep.

Where Customers, Users or Students choose to register or log in using a third-party login service, their consent may be given through their active selection of that login method and their authorisation for the third-party platform to share relevant data with Prep. The scope of data shared with Prep may depend on the terms, permissions and privacy settings of the relevant third-party platform.

4.2. Methods of information collection

Prep may collect information directly or indirectly from Customers, Users, Students, Partners or relevant parties through the following methods:

a. from Prep’s websites, applications and platforms, when Customers, Users, Students or Partners access the website, use the application, register an account, log in, use features, resources, courses, practice exercises, tests or other Prep services;

b. from the process of searching for, accessing, purchasing, registering for or using products or services, including course registration, purchase of service packages, account activation, use of promotion codes, payment, submission of exercises, taking tests or use of learning, test preparation, correction and assessment features;

c. from communications and interactions with Prep, including direct communications, emails, phone calls, messages, forms, customer service systems, call centres, live chat, social media, surveys, feedback, complaints or other electronic communication channels;

d. from Business-to-Business (“B2B”) Partners or parties designated by such Partners, where the Partner provides information of Students, users, personnel, representatives, operational contact persons or data necessary for Prep to implement services, create accounts, manage access rights, report progress or perform contracts;

e. from Prep’s official social media channels or communities, including fan pages, community groups, support channels, forums, online events or communication channels managed by Prep or coordinated with Partners;

f. from recording devices or content recording features, where Users use speaking practice, pronunciation correction, skill assessment features, submit speaking content, attend classes, communicate with support teams or interact with Prep through features that record audio/content, provided that such collection has been notified or appropriately consented to if required by law;

g. from cookies, logs, pixels, software development kits (“SDKs”), beacons or automatic data collection technologies, including IP Address, device type, operating system, browser, language settings, access time, referring uniform resource locator (“URL”), interaction data, error data, diagnostic data and other technical information;

h. from public sources, official sources or lawful third parties, to the extent necessary for verifying information, performing contracts, preventing fraud, protecting systems, complying with law or conducting other lawful purposes.

4.3. Methods of information use

Prep uses information within the scope of the purposes stated in this Policy, including:

a. providing, operating and managing products, services, accounts, courses, tests, learning features and related access rights;

b. performing contracts, orders, transactions, payments, reconciliations, invoices, acceptance procedures or financial obligations with Customers, Users, Students or Partners;

c. recording, analysing and assessing learning processes, exercise results, learning progress, capabilities, learning needs and service usage experience;

d. receiving, handling and responding to support requests, feedback, complaints, technical errors, disputes or requests relating to information;

e. protecting accounts and systems, detecting abnormal access, preventing fraud, abuse, unauthorised account sharing or violations of terms of use;

f. improving products, services, learning content, interface, features, system performance, operational processes and cooperation quality;

g. sending service notices, operational notices, contractual notices, policy notices, support information, marketing information or communications content within the scope permitted by Singapore law.

4.4. Methods of information storage

Prep stores information on the principles of necessity, lawfulness, consistency with the notified processing purposes, and for such period as is necessary for business or legal purposes.

Personal Data may be stored and retained in Singapore or in other jurisdictions where Prep, its affiliates, Partners, data intermediaries or authorised service providers operate systems, databases, cloud infrastructure, backup systems, technical logs, customer support tools, learning management systems, payment and reconciliation systems, or other storage environments used for the provision, operation, support, protection and administration of Prep’s products, platforms, software and services.

Where Personal Data is transferred, stored, accessed or processed outside Singapore, Prep will take appropriate steps to ensure that such Personal Data is protected to a standard comparable to the protection required under the PDPA, including through contractual obligations, security requirements, access controls or other appropriate safeguards.

When Customers, Users, Students or Partners access Prep’s websites, applications, platforms, social media channels or online services, Prep may temporarily store technical or browsing information through cookies, clickstream data, logs, pixels, software development kits, beacons or similar technologies. Such information may be used for service operation, session management, user experience improvement, analytics, system security, fraud prevention, detection of abnormal access, prevention of account misuse, and protection of Prep’s lawful interests.

Personal Data of Customers, Users and Students may be retained during the period in which they access or use Prep’s products, platforms, software or services. After such access or use ends, Prep may continue to retain certain Personal Data and related information to the extent necessary for system operation, service administration, reconciliation, complaint handling, dispute resolution, audit, accounting, tax, legal compliance, fraud prevention, backup retention, protection of legitimate interests, or other lawful business or legal purposes.

Where a Customer, User, Student or Partner has not submitted a valid deletion request, Prep may continue to retain the relevant information for a period consistent with applicable law, Prep’s internal retention policies, contractual requirements, and any applicable record-keeping obligations.

Pursuant to Section 25 - Retention of personal data of the PDPA, Prep will cease to retain documents containing Personal Data or remove the means by which Personal Data can be associated with particular individuals when there is reasonable basis to determine that the purpose for which the data was collected is no longer served by the continued retention, and retention is no longer necessary for legal or business purposes.

 

4.5. Methods of sharing, disclosure or transfer of information

Prep may share, disclose or transfer information of Customers, Users, Students and Partners to the extent necessary to provide services, perform contracts, operate systems, support customers, comply with law, or protect the rights and legitimate interests of Prep and relevant parties.

With respect to Personal Data, the sharing, disclosure or transfer of information shall be carried out in accordance with the PDPA and the following key principles:

a. Valid consent principle: Prep will only disclose Personal Data where the individual has consented or is deemed to have consented under the PDPA, unless such disclosure does not require consent under Section 13 and Section 17 of the PDPA or other applicable Singapore law;

b. Purpose limitation principle: disclosure of Personal Data shall only be made for reasonable purposes that have been notified to the individual or purposes that an individual may reasonably expect in the circumstances, in accordance with Section 18 and Section 20 of the PDPA;

c. Security principle: Prep will apply reasonable security measures to protect Personal Data when sharing, disclosing or transferring it to third parties, including access control, limiting access to authorised persons and requiring recipients to protect data in accordance with Section 24 of the PDPA;

d. Recipient control principle: where a third party receives or processes Personal Data on behalf of Prep, Prep will take reasonable steps to require such recipient to process data only for the proper purposes, keep the data confidential, refrain from unauthorised disclosure, and delete, return or cease processing the data when it is no longer necessary;

e. Cross-border transfer principle: where Personal Data is transferred, stored, accessed or processed outside Singapore, Prep will take appropriate measures to ensure that the data is protected to a standard comparable to that under the PDPA, in accordance with Section 26 of the PDPA.

4.6. Methods of security, encryption and access control

Prep applies reasonable technical, organisational and administrative security measures to protect Personal Data and information of Customers, Users, Students and Partners against risks of loss, unauthorised access, unauthorised collection, misuse, unauthorised disclosure, copying, modification, destruction or unauthorised processing.

The protection of Personal Data is carried out in accordance with Section 24 - Protection of personal data of the PDPA, under which an organisation must protect Personal Data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Prep’s security measures may include:

a. access authorisation based on roles, responsibilities and work needs;

b. management of administrator accounts, internal accounts, Partner accounts and third-party accounts with system access;

c. application of passwords, authentication, access control mechanisms and appropriate account protection measures;

d. encryption or application of appropriate security measures for data during transmission, storage or transfer, depending on the nature of the data and the level of risk;

e. logging of access, monitoring of system activities and detection of abnormal access;

f. data backup and recovery, and maintenance of system continuity;

g. security testing, vulnerability review, system updates and application of necessary technical defence measures;

h. personnel training, confidentiality undertakings and restriction of access to Personal Data within the scope of assigned work;

i. control of suppliers, data intermediaries and third parties that access, store or process information on behalf of Prep;

j. establishment of procedures for receiving, assessing, handling and recording security incidents or data breaches.

Where a third party processes Personal Data on behalf of Prep, Prep will take reasonable steps to require such party to protect the Personal Data, process the data only within the assigned scope, and notify Prep when an incident arises. The guidelines of the PDPC on protecting data in electronic media also emphasise that organisations should have appropriate security measures for Personal Data in their possession or under their control.

4.7. Methods of deletion, destruction or anonymisation of information

Prep will not retain Personal Data for longer than is necessary for business or legal purposes. Pursuant to Section 25 - Retention of personal data of the PDPA, an organisation must cease to retain documents containing Personal Data, or remove the means by which the Personal Data can be associated with particular individuals, where it is reasonable to assume that:

a. the purpose for which the Personal Data was collected is no longer served by the continued retention of such data; and

b. retention is no longer necessary for legal or business purposes.

On that basis, Prep may delete, destroy, deactivate, anonymise or remove the association between information and a particular individual in the following cases:

a. the purpose of processing information has been completed or is no longer appropriate;

b. the information is no longer necessary for the provision of services, performance of contracts, system operation or support of Customers, Users, Students or Partners;

c. the information is no longer necessary for legal, accounting, tax, audit, dispute resolution, risk management or other lawful business purposes;

d. a Customer, User, Student or Partner has made a valid request for deletion, destruction or cessation of retention, and Prep no longer has a lawful basis to continue retaining the information;

e. the contract, account, learning programme, service package or cooperation relationship has ended and Prep no longer has a lawful purpose to continue retaining the information;

f. the law, court, regulator or competent authority requires Prep to delete, destroy, restrict processing or cease retaining the information.

Deletion, destruction, deactivation, anonymisation or removal of data association may be carried out by one or more appropriate methods, including:

a. removing information from the main operating system;

b. deleting or disabling accounts, access rights or related data;

c. deleting data from databases, storage environments or relevant systems to the extent technically feasible;

d. anonymising, aggregating or de-identifying data so that it is no longer associated with a particular individual;

e. removing or disabling identifiers, identification codes or linking data that permit identification of an individual;

f. sending corresponding requests for deletion, destruction, return, anonymisation or cessation of processing to relevant suppliers, data intermediaries or Partners if such parties are processing information on behalf of Prep.

Prep may continue to retain certain information to the extent necessary where such retention serves lawful legal or business purposes, including but not limited to compliance with law, accounting, tax, audit, dispute resolution, fraud prevention, protection of rights and legitimate interests, system security or maintenance of backup copies within a reasonable technical cycle.

For data in backups, system logs, caches or disaster recovery storage environments, deletion or removal of data may be carried out in accordance with Prep’s technical cycles, retention policies or security operation procedures, provided that such data is not used for any new purpose outside the permitted scope.

4.8. Methods of retrieval and restoration of information

For the purposes of this Policy, “retrieval of information” means Prep’s restoration or retrieval of certain information, data or accounts where such information has not been permanently deleted, has not been fully anonymised, or is still lawfully retained in Prep’s systems, backups, technical logs or storage environments.

Retrieval or restoration of information is not an absolute right of Customers, Users, Students or Partners, but shall be carried out on a case-by-case basis, depending on technical feasibility, data status, the continuing validity of the processing purpose and Singapore law.

Prep may retrieve or restore information in the following cases:

a. a Customer, User, Student or Partner withdraws a request for deletion/destruction of information or submits a request for account restoration, provided that the relevant information has not been permanently deleted, has not been anonymised, and Prep still has a lawful basis to retain and process such information;

b. restoration is necessary to handle technical errors, system incidents, operational mistakes, payment issues, complaints, disputes or support requests relating to the use of products or services;

c. retrieval is necessary to protect system security, detect or investigate fraud, unauthorised access, account abuse or violations of terms of use;

d. retrieval or restoration is required by a court, government agency, regulator, law enforcement authority or other competent authority under Singapore law;

e. retrieval or restoration is necessary for Prep to perform legal, accounting, tax, audit, risk management obligations, protect its rights and legitimate interests or conduct other lawful business purposes.

Before performing retrieval or restoration at the request of a Customer, User, Student or Partner, Prep may require verification of identity, representative authority,  and validity of the request in order to prevent mistakes, fraud or unauthorised access.

Where information has been permanently deleted, anonymised, de-associated from a particular individual or no longer exists in a reasonably retrievable system, Prep may be unable to retrieve or restore such information.

The retrieval, restoration or continued retention of information must comply with Section 24 - Protection of personal data and Section 25 - Retention of personal data of the PDPA. Accordingly, Prep must apply reasonable security measures to protect Personal Data in its possession or under its control, and must not continue to retain Personal Data where the purpose of retention is no longer served and retention is no longer necessary for legal or business purposes.

 

Article 5. Organisations and Individuals Related to the Purposes of Personal Data Processing

To the extent permitted by Singapore law, Prep may share or disclose information of Customers, Users, Students and Partners to relevant organisations and individuals where such sharing is necessary for the purposes of information processing set out in this Policy.

The sharing or disclosure of Personal Data shall be carried out in accordance with the PDPA, including the principles of consent, purpose limitation, notification of purpose and protection of Personal Data under Section 13, Section 18, Section 20 and Section 24 of the PDPA. Where Personal Data is transferred outside Singapore, Prep will take appropriate measures in accordance with Section 26 of the PDPA.

Prep may share information with the following categories of recipients:

a. organisations or individuals providing services to or cooperating with Prep, including providers of information technology solutions, software, applications, cloud/hosting services, system operation, customer care, incident handling, infrastructure development, data analytics, security, email, short message service (“SMS”), customer relationship management (“CRM”), payment or other supporting services;

b. teachers, graders, collaborators, contractors, learning support persons or parties participating in the provision, operation, support, assessment or improvement of Prep’s products and services;

c. consulting, auditing, accounting, legal, banking, payment, professional advisory or transaction support service providers, to the extent necessary for contract performance, transactions, payments, audits, legal advice, complaint handling, dispute resolution, or compliance with legal obligations;

d. B2B Partners, schools, educational centres, enterprises, distributors or organisational customers, where Customers, Users or Students are part of a programme, contract or service registered, sponsored, managed, referred or jointly implemented by such Partner with Prep;

e. individuals or organisations that are representatives, authorised persons or parties lawfully acting on behalf of Customers, Users, Students or Partners;

f. affiliates, branches, representative offices or entities within the same Prep ecosystem, where such parties participate in the provision, operation, management, support or improvement of products and services;

g. transferees, merger recipients, investors, purchasers or parties participating in corporate transactions, where sharing is necessary for a lawful merger, acquisition, transfer, restructuring, investment or other corporate transaction;

h. government agencies, courts, regulators, law enforcement authorities or other competent authorities, where there is a lawful request or where such sharing is permitted by Singapore law.

Prep will take reasonable steps to require recipients of information to keep the shared information confidential, use it only for the proper purposes, refrain from unauthorised disclosure, and delete, return or cease processing the information when it is no longer necessary, unless continued retention is permitted or required by law.

 

Article 6. Roles and Responsibilities of the Parties in Information Processing

6.1. General principle

Depending on the specific activity, contractual arrangement and actual role of the parties, Prep may process Personal Data either for its own purposes in connection with the provision and operation of its products and services, or on behalf of a Partner under a written contract.

Under the PDPA, an “organisation” is generally responsible for Personal Data in its possession or under its control, while a “data intermediary” means an organisation that processes Personal Data on behalf of another organisation but does not include an employee of that other organisation.

6.2. Where Prep determines the purposes and means of processing 

In most Business-to-Consumer (“B2C”) activities, where Customers, Users or Students directly register, purchase, access or use Prep’s products, platforms, software or services, Prep generally determines the purposes and means of processing Personal Data and directly performs the relevant processing activities.

In such cases, Prep is responsible for complying with the applicable data protection obligations under the PDPA, including notification, consent where required, purpose limitation, protection of Personal Data, retention limitation, access and correction, and other applicable obligations.

6.3. Where Prep engages third parties to process Personal Data on its behalf  

In certain activities, Prep may determine the purposes and means of processing Personal Data, but engage service providers, technology vendors, cloud/hosting providers, payment providers, customer support tools, analytics providers, contractors or other third parties to process Personal Data on behalf of Prep.

In such cases, Prep will take reasonable steps to require such third parties to process Personal Data only for the agreed purposes, apply appropriate security measures, maintain confidentiality, and comply with the relevant contractual and legal obligations.

6.4. Where Prep acts as a data intermediary for a Partner 

In Business-to-Business (“B2B”) arrangements, where Prep processes Personal Data on behalf of and for the purposes of a Partner under a written contract, Prep may act as a data intermediary for that Partner in respect of the relevant processing activities.

In such cases, the Partner remains responsible for collecting, notifying, obtaining consent where required, and providing Personal Data to Prep in compliance with applicable data protection laws. Prep’s responsibilities will be limited to the scope of processing performed on behalf of the Partner and the obligations applicable to a data intermediary under the PDPA.

Pursuant to Section 4(2) and Section 4(3) of the PDPA, where a data intermediary processes Personal Data on behalf of and for the purposes of another organisation under a written contract, the data intermediary is subject to certain applicable obligations, while the organisation engaging the data intermediary remains responsible for Personal Data processed on its behalf. 

6.5. Role-based responsibility  

In all cases, Prep’s responsibilities in relation to Personal Data will be determined according to the specific role that Prep performs in the relevant processing activity, the applicable contract or arrangement, and the requirements of the PDPA and other applicable laws.  

 

Article 7. Rights of Customers, Users, Students, and Partners in Relation to Personal Data

7.1. Right to request access to Personal Data

Customers, Users, Students, Partners or relevant individuals have the right to request Prep to provide information about their Personal Data held or controlled by Prep, to the extent permitted by Singapore law.

Pursuant to Section 21 - Access to personal data of the PDPA, an individual has the right to request an organisation to provide Personal Data about the individual that is in the possession or under the control of the organisation, as well as information about the ways in which such Personal Data has been or may have been used or disclosed, to the extent permitted by law.

7.2. Right to request correction of Personal Data

Customers, Users, Students, Partners or relevant individuals have the right to request Prep to correct their Personal Data if they consider that such data is inaccurate, incomplete or not up to date.

Pursuant to Section 22 - Correction of personal data of the PDPA, an individual has the right to request an organisation to correct Personal Data in the possession or under the control of the organisation, unless the organisation has reasonable grounds not to make such correction.

7.3. Right to withdraw consent

Customers, Users, Students, Partners or relevant individuals may withdraw the consent previously provided to Prep for the collection, use or disclosure of their Personal Data by giving reasonable notice to Prep.

Pursuant to Section 16 - Withdrawal of consent of the PDPA, an individual may withdraw the consent given, or deemed to have been given, for an organisation to collect, use or disclose the individual’s Personal Data. Upon receiving a request to withdraw consent, Prep may inform the individual of the consequences that may arise, including that Prep may be unable to continue providing part or all of its products or services if the relevant data is necessary for the provision of such products or services.

7.4. Consequences of deletion, destruction or cessation of retention requests

Where a Customer, User, Student, Partner or relevant individual requests Prep to delete, destroy, anonymise, cease retaining or cease processing certain Personal Data, Prep may inform the requester of the possible consequences of such request before acting on it, where appropriate.

The requester acknowledges that, depending on the nature of the Personal Data and the services involved, such request may result in certain consequences, including inability to access or use certain products, services, accounts, learning records, test results, certificates, support history, transaction records or other related features.

By submitting and maintaining such a request after being informed of the possible consequences, the requester acknowledges and accepts the consequences that may reasonably arise from the deletion, destruction, anonymisation, cessation of retention or cessation of processing of the relevant Personal Data, to the extent permitted by Singapore law.

Prep may refuse, limit or defer such request where Prep has a lawful basis or legal/business purpose to continue retaining or processing the relevant Personal Data, including for legal compliance, accounting, tax, audit, dispute resolution, fraud prevention, system security, backup retention or protection of legitimate interests.

7.5. Right to opt out of marketing information

Customers, Users, Students, Partners or relevant individuals may request Prep to stop sending advertising information, newsletters, promotional programmes, course information or other marketing content through the opt-out mechanism provided in each communication channel, or by contacting Prep in accordance with this Policy.

Withdrawal of consent to receive marketing information shall not affect Prep’s sending of necessary notices relating to accounts, transactions, courses, contracts, security, service operations or legal obligations.

7.6. Right to complain, provide feedback or request explanation

Customers, Users, Students, Partners or relevant individuals have the right to submit questions, feedback or complaints if they believe that their Personal Data has been processed for improper purposes, beyond the notified scope, inconsistently with this Policy or inconsistently with Singapore law.

Prep will receive, review and respond to requests, feedback or complaints within a reasonable time.

7.7. Verification of identity and representative authority

Before handling requests for access, correction, withdrawal of consent, complaints or other requests relating to Personal Data, Prep may require the requester to provide information necessary to verify identity or representative authority.

Where a request is submitted by a parent, guardian, legal representative, authorised representative or Partner, Prep may require documents proving the representative capacity or lawful authority to submit the request on behalf of the relevant individual.

7.8. Timeframe for handling requests

Prep will handle requests relating to Personal Data within a reasonable time in accordance with the PDPA and relevant regulations and guidelines of Singapore.

Where Prep is unable to respond to or complete the handling of a request within the expected timeframe, Prep may inform the requester of the time required for further handling.

7.9. Circumstances where Prep may refuse or limit requests

Prep may refuse, limit, or defer the handling of all or part of a request in circumstances permitted by Singapore law, including but not limited to where:

a. the request is not reasonably grounded, is repeated multiple times, is unclear, or the identity/representative authority cannot be sufficiently verified;

b. providing the data may disclose Personal Data of another person;

c. providing the data may affect system security, fraud investigations, prevention of violations, risk management or the rights and legitimate interests of Prep or relevant parties;

d. the requested data relates to trade secrets, internal information, security assessments, risk assessments or legally protected materials;

e. Prep has a legal obligation, contractual obligation or other lawful basis to continue retaining, using or not disclosing the data;

f. Other circumstances exist where the PDPA, PDPC regulations, a court, regulator or Singapore law permits Prep to refuse or limit the request.

Any refusal or limitation by Prep, where applicable, will be made on reasonable grounds and in accordance with Singapore law.

 

Article 8. Processing of Personal Data of Students under 18

Prep recognises that Personal Data of Students under 18 should be handled with particular care, especially in the context of online learning, test preparation, assessment and educational support services.

Prep will collect, use, disclose, store and protect Personal Data of Students under 18 in accordance with the PDPA, the relevant guidelines of the PDPC, and this Policy.

Where a Student is below thirteen (13) years of age, Prep will require consent from the Student’s parent or guardian before collecting, using or disclosing the Student’s Personal Data, unless otherwise permitted or required by Singapore law.

Where a Student is between thirteen (13) and seventeen (17) years of age, Prep may obtain consent directly from the Student if the relevant notices, consent terms, withdrawal mechanisms and explanations are presented in language that is readily understandable to the Student. However, depending on the nature of the service, the sensitivity of the data, the relevant B2B arrangement, or the level of risk involved, Prep may require additional consent or confirmation from the Student’s parent, guardian or legal representative.

Prep may collect or process age-related information where reasonably necessary to determine whether parental or guardian consent is required, provide age-appropriate services, protect the Student, or comply with applicable legal or regulatory requirements.

Prep will take appropriate steps to protect Personal Data of Students under 18, including limiting access to such data, applying appropriate account security measures, restricting unnecessary disclosure, and applying enhanced protection where the data relates to learning records, assessment results, voice recordings, speaking submissions, written submissions, progress reports, account information or other information requiring enhanced protection.

Parents, guardians or legal representatives may contact Prep to submit requests, feedback or complaints relating to the processing of Personal Data of Students under 18, to the extent permitted by Singapore law and this Policy.

 

Article 9. Use of Artificial Intelligence, Automated Processing and Data Analytics 

Prep may use artificial intelligence, machine learning, automated processing, data analytics, recommendation systems and similar technologies, collectively referred to as “AI and Data Analytics Technologies”, to provide, operate, support, assess, personalise and improve its products, platforms, software and services.

9.1. Purposes of use

Prep may use AI and Data Analytics Technologies for the purposes set out in this Policy, including:

a. recommending learning content, courses, exercises, tests or learning pathways suitable for Users or Students;

b. assessing learning progress, test results, answers, essays, speaking submissions, written submissions or other learning content;

c. analysing errors, strengths, weaknesses, learning needs, interaction patterns and service usage behaviour;

d. supporting speech recognition, pronunciation assessment, speaking practice, writing correction and skill evaluation;

e. generating feedback, explanations, learning suggestions, practice prompts, follow-up questions or alternative expressions;

f. personalising user experience, notifications, reminders, displayed content, learning support and service recommendations;

g. improving product quality, system performance, learning materials, assessment tools, customer support, security and operational efficiency;

h. detecting abnormal access, account abuse, fraud, misuse of services, unauthorised account sharing or other activities affecting system security or service integrity.

9.2. Data used for AI and automated features

Depending on the relevant feature or service, Prep’s AI and Data Analytics Technologies may process information such as learning history, test results, answers, essays, speaking submissions, voice recordings, pronunciation data, interaction time, completion rate, login frequency, device information, technical logs and other relevant information processed in accordance with this Policy.

AI-supported features may, for example, analyse learning history to recommend learning pathways, assess answers or submissions against assessment criteria, convert voice recordings into text, analyse pronunciation or fluency, generate learning feedback, or personalise reminders and displayed content.

9.3. Transparency and user awareness

Where a feature involves direct interaction with an AI system or where automated processing materially affects the learning experience, assessment result or service experience of a User or Student, Prep may provide appropriate notices, labels, interface indicators or explanations to help the User or Student understand that the relevant output is generated or supported by an automated system.

9.4. Protection of Personal Data

Prep will process Personal Data in connection with AI and Data Analytics Technologies in accordance with the PDPA, relevant PDPC guidelines and this Policy.

Where appropriate, Prep may apply safeguards such as access control, data minimisation, encryption, de-identification, anonymisation, aggregation, monitoring, output review, retention limitation and restrictions on unnecessary disclosure.

Where AI or automated features process voice recordings, speaking submissions, written submissions, learning records, assessment results, account information, data of Students under 18 or other Information Requiring Enhanced Protection, Prep may apply additional security and access control measures according to the nature and risk level of the data.

9.5. Requests and explanations

Customers, Users, Students, Partners or relevant individuals may contact Prep to submit questions, feedback or complaints relating to AI-supported or automated processing of their Personal Data.

Where appropriate and reasonably practicable, Prep may provide a general explanation of the relevant automated output or assessment result that affects the individual’s use of Prep’s products or services. Such explanation will not require Prep to disclose source code, model parameters, confidential algorithms, trade secrets, security-sensitive information, proprietary technology or other commercially confidential information.

Where a User or Student requests Prep to limit or stop certain AI-supported or automated processing, Prep will consider the request in accordance with this Policy, technical feasibility, the nature of the service and applicable law. Certain features, assessments, feedback, recommendations or personalised learning functions may be limited or unavailable if such processing is restricted.

9.6. AI-generated or inferred results

Outputs, inferences, profiles, recommendations, scores, assessments, classifications or other results generated through AI and Data Analytics Technologies may be treated as Personal Data where they relate to or can be associated with an identifiable individual.

Where such outputs or analytics have been anonymised, aggregated, de-identified or otherwise processed so that they no longer identify a particular individual, Prep may use, retain, share or analyse them for research, product development, service improvement, statistical analysis, system training, quality assurance or other lawful business purposes.

9.7. Accuracy and limitations

AI-generated, automated or data analytics-based outputs may support learning, assessment, recommendation, feedback, system security or service improvement, but may not always be complete, error-free or suitable for every individual situation.

Prep may review, improve, adjust or update such technologies from time to time to enhance accuracy, reliability, fairness, safety and service quality. Users and Students may contact Prep for clarification or support through the channels stated in this Policy.

Article 10. Unintended Consequences and Damage That May Occur in Relation to Information

Prep applies reasonable security measures to protect information of Customers, Users, Students, and Partners in accordance with Singapore law, including the obligation to protect Personal Data under Section 24 - Protection of personal data of the PDPA.

However, Customers, Users, Students and Partners understand that no information technology system, online platform, website, application, internet transmission line or electronic storage method can guarantee absolute security. Certain unintended consequences or damage may occur, including:

a. information being accessed, collected, used, disclosed, copied, modified, lost, destroyed or processed without authorisation;

b. accounts being accessed without authorisation due to leakage of passwords, one-time passwords (“OTPs”), login information or unsafe devices of Customers, Users, Students or Partners;

c. information being leaked due to cyberattacks, malware, online scams, impersonation, system errors, software errors, infrastructure errors or incidents involving service providers;

d. data being lost, inaccurate, interrupted, or unable to be immediately restored due to technical incidents, operational incidents, or events beyond Prep’s reasonable control;

e. information being unintentionally disclosed due to Customers, Users, Students or Partners sharing information themselves, using unsafe devices, accessing untrusted websites/applications, or failing to secure their accounts;

f. the use of products or services being interrupted, limited or temporarily suspended for Prep to inspect, isolate, remedy incidents, protect systems or comply with requests from competent authorities.

Where Prep discovers or has reasonable grounds to suspect that an incident involving information has occurred, Prep will take appropriate measures to receive, assess, isolate, investigate, remedy and mitigate damage. Where the incident is notifiable under Part 6A - Notification of Data Breaches of the PDPA, Prep will perform its obligation to notify the competent authority and/or affected individuals in accordance with Singapore law.

Customers, Users, Students and Partners are responsible for cooperating with Prep in protecting information, securing accounts and promptly notifying Prep when they discover or suspect any risk relating to information, accounts or the use of products or services.

Article 11. Commencement and Termination of Information Processing

11.1. Commencement of processing

Prep begins collecting, using, storing, sharing, protecting, or processing information of Customers, Users, Students and Partners from the time when:

a. the individual or Partner provides information to Prep;

b. the individual registers an account, purchases, accesses or uses Prep’s products or services;

c. the Partner provides information for Prep to implement contracts, programmes, accounts, courses or services;

d. the individual has given, or is deemed to have given, consent under the PDPA to Prep’s collection, use or disclosure of Personal Data, as evidenced through the consent methods set out in Article 4.1 of this Policy, where applicable;

e. the processing of information is permitted or required by Singapore law.

11.2. Termination of processing

Prep will terminate the processing of information when the processing purpose has been completed, the information is no longer necessary for business or legal purposes, or upon a valid request from a Customer, User, Student, Partner, government agency, court, or competent authority.

Pursuant to Section 25 - Retention of personal data of the PDPA, an organisation must cease retaining documents containing Personal Data, or remove the means by which Personal Data can be associated with particular individuals, when retention no longer serves the purpose of collection and is no longer necessary for legal or business purposes.

11.3. Methods of terminating processing

When terminating processing, Prep may apply one or more appropriate measures, including:

a. deleting information from systems;

b. disabling accounts, access rights or related data;

c. anonymising, aggregating or removing the association between data and a particular individual;

d. restricting access to information;

e. requesting relevant suppliers, data intermediaries or Partners to delete, return, anonymise or cease processing information.

11.4. Continued retention

Personal Data of Customers, Users and Students may be retained by Prep during the period in which they access or use Prep’s products, platforms, software or services.

A Customer, User or Student ceasing to use the services, or a Partner terminating cooperation with Prep, does not mean that all information will be deleted immediately.

Prep may continue to retain certain Personal Data and related information to the extent necessary for system operation, service administration, reconciliation, complaint handling, dispute resolution, fraud prevention, audit, accounting, tax, legal compliance, protection of legitimate interests, maintenance of backups, or other lawful business or legal purposes.

Where a Customer, User, Student or Partner has not submitted a valid deletion request, Prep may continue to retain the relevant information for a period consistent with applicable law, Prep’s internal retention policies, contractual requirements for any reporting or record-keeping obligations required by competent authorities.

After there is no longer any lawful basis or reasonable business or legal purpose for continued retention, Prep will delete, destroy, anonymise or remove the association between the information and a particular individual in accordance with its internal procedures and appropriate technical capabilities.

 

Article 12. Complaints, Feedback, and Contact Channels

If Customers or Partners have any questions, feedback or complaints relating to the use of information for improper purposes or beyond the notified scope, Customers or Partners may contact Prep’s support department using the following contact details:

PREP PTE. LTD.

Registered Office: 114 Lavender Street, #11-83 CT Hub 2, Singapore 338729

Hotline: +65 8816 1286 

Email: fa@prepedu.com 

Where it is discovered that Personal Data has been used beyond the notified or permitted purposes, or for improper purposes, Prep will promptly take reasonable steps to assess the matter, stop or restrict the improper use, contain and remediate the incident, and delete, anonymise, restrict access to, or cease retaining the relevant Personal Data where continued retention is no longer necessary for legal or business purposes. Where the matter constitutes a notifiable data breach under the PDPA, Prep will notify the PDPC and/or affected individuals in accordance with applicable Singapore law. 

 

Article 13. Circumstances Where Personal Data May Be Processed Without Consent

Prep may collect, use, or disclose Personal Data without separate consent from Customers, Users, Students, or Partners in circumstances permitted by the PDPA or Singapore law.

Pursuant to Section 17 of the PDPA, the collection, use, or disclosure of Personal Data without consent may be carried out in the circumstances set out in the First Schedule and Second Schedule to the PDPA.

Such circumstances may include:

a. where the processing is necessary to protect the life, health or safety of an individual;

b. where the processing is necessary to respond to an emergency or in the public interest;

c. where the processing is necessary to comply with law, a court order, or a requirement of a government agency, regulator or competent authority;

d. where the processing is necessary to investigate, prevent or address fraud, abuse, unauthorised access, security breaches, breaches of terms of use or violations of law;

e. where the processing is necessary to protect the legitimate interests of Prep or a relevant party, to the extent permitted by Singapore law;

f. where the processing is necessary for a lawful corporate transaction, including merger, acquisition, transfer, restructuring, investment or transfer of business operations;

g. where the Personal Data has been lawfully made public or obtained from a public source that Singapore law permits to be used;

h. where the processing is necessary for legal, accounting, tax, audit, dispute resolution obligations, or for protecting the rights and legitimate interests of Prep, Customers, Users, Students, Partners or relevant parties.

When processing Personal Data without consent, Prep will still limit the processing to what is necessary, reasonable, proper in purpose, and will apply appropriate security measures in accordance with the PDPA.

 

Article 14. Implementation Provisions

The access, registration, purchase, use of products or services, or continued cooperation with Prep by Customers, Users, Students or Partners after this Policy has been published shall be understood as such parties having been notified of this Policy and agreeing to Prep’s processing of information within the scope stated in this Policy, unless Singapore law requires a separate form of notice or consent.

Prep may amend, supplement or update this Policy from time to time to reflect changes in Singapore law, business operations, products, services, technology systems or Prep’s internal governance requirements. The updated version will be published on Prep’s website, application or official communication channel.

Where an amendment materially affects the lawful rights or interests of Customers, Users, Students or Partners, Prep will provide appropriate notice in accordance with Singapore law or by such method as Prep considers reasonable.

This Policy is developed, issued and implemented in accordance with the PDPA, the regulations and guidelines of the PDPC, and other applicable laws of Singapore.