Privacy Policy

Effective Date: 01/07/2024
Last Updated: 01/07/2025

This Privacy Policy explains how World Exam Board Pte. Ltd. ("we", "our", "us", or "the Company") collects, uses, discloses, and protects your personal data when you use EXAM.SG and our related services. This policy complies with Singapore's Personal Data Protection Act 2012 (PDPA) and other applicable laws.

1. About Us

Company: World Exam Board Pte. Ltd.
Website: https://www.exam.sg
Business Address: 11 Slim Barracks Rise #08-02, Singapore 138664
Email: cem@exam.sg
Governing Law: Singapore

2. Personal Data We Collect

2.1 Information You Provide Directly

When you register, book exams, or use our services, we collect:

  • Identity Information: Full name, date of birth, nationality, gender

  • Contact Information: Email address, phone number, mailing address

  • Identification Documents: Passport number, national ID, student ID

  • Educational Information: Academic qualifications, institution details

  • Exam-Related Data: Test preferences, special accommodation requests, previous exam history

  • Payment Information: Billing details (payment processing is handled by secure third-party processors)

  • Communication Records: Correspondence with our support team, feedback, and survey responses

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system

  • Usage Data: Pages visited, time spent on site, click patterns, exam session data

  • Cookies and Tracking: See Section 11 for detailed information

2.3 Information from Third Parties

  • Verification data from educational institutions or certification bodies

  • Payment confirmation from payment processors

3. Legal Basis and Purposes for Processing

We process your personal data based on the following legal grounds under the PDPA:

3.1 Consent

  • Marketing communications (where you've opted in)

  • Optional services and features

3.2 Legitimate Interests

  • Exam Administration: Processing registrations, scheduling, conducting examinations

  • Identity Verification: Confirming eligibility and preventing fraud

  • Customer Service: Responding to inquiries and providing support

  • Website Operation: Maintaining and improving our platform

  • Security: Protecting against unauthorized access and ensuring data integrity

  • Legal Compliance: Meeting regulatory requirements and industry standards

  • Business Operations: Record-keeping, financial management, and service improvement

3.3 Performance of Contract

  • Delivering examination services you've registered for

  • Processing payments and issuing certificates

  • Providing customer support related to your bookings

4. How We Share Your Personal Data

4.1 Within Our Organization

We share data with authorized employees and departments on a need-to-know basis for:

  • Exam administration and customer service

  • Technical support and system maintenance

  • Compliance and audit purposes

4.2 Third-Party Service Providers

We may share data with trusted partners who assist us with:

  • Payment Processing: Secure payment gateways and financial institutions

  • IT Services: Cloud hosting, system maintenance, and technical support

  • Communication: Email and SMS service providers

  • Analytics: Website performance and user experience analysis

All third parties are contractually bound to protect your data and use it only for specified purposes.

4.3 Educational and Certification Bodies

With your explicit consent, we may share your exam results and certification data with:

  • Your educational institution

  • Employers or prospective employers

  • Professional certification bodies

  • Scholarship or grant organizations

4.4 Legal Requirements

We may disclose your data when required by:

  • Singapore law or regulation

  • Court orders or legal proceedings

  • Government agencies or regulatory bodies

  • Prevention of fraud or other illegal activities

4.5 Business Transfers

In the event of a merger, acquisition, or business restructuring, your data may be transferred to the successor entity under equivalent protection standards.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Data Security

We implement comprehensive security measures including:

5.1 Technical Safeguards

  • Encryption of data in transit and at rest

  • Secure server infrastructure with regular updates

  • Multi-factor authentication for staff access

  • Regular security assessments and penetration testing

5.2 Administrative Safeguards

  • Staff training on data protection principles

  • Access controls limiting data access to authorized personnel

  • Incident response procedures for potential breaches

  • Regular review and updating of security policies

5.3 Physical Safeguards

  • Secure office premises with controlled access

  • Protection of physical documents and storage devices

6. Data Retention

We retain your personal data for specific periods based on:

6.1 Retention Periods

  • Active Account Data: For the duration of your account plus 7 years

  • Exam Records and Certificates: 10 years from exam date (for verification purposes)

  • Payment Records: 7 years (for accounting and tax compliance)

  • Marketing Communications: Until you unsubscribe or 2 years of inactivity

  • Website Analytics: Anonymized after 26 months

  • Support Communications: 3 years from last contact

6.2 Deletion Criteria

Data is securely deleted when:

  • Retention period expires

  • Legal obligations are fulfilled

  • You withdraw consent (where consent is the legal basis)

  • Data is no longer necessary for original purposes

7. Your Rights Under PDPA

7.1 Access Rights

You can request:

  • Confirmation of what personal data we hold about you

  • Copies of your personal data

  • Information about how we use and share your data

7.2 Correction Rights

You can request correction of:

  • Inaccurate or incomplete personal data

  • Outdated information in your account

7.3 Withdrawal of Consent

You can withdraw consent for:

  • Marketing communications

  • Optional data processing activities

  • Third-party data sharing (where consent-based)

Note: Withdrawing consent may affect our ability to provide certain services.

7.4 Data Portability

Where technically feasible, you can request your data in a structured, commonly used format.

7.5 Making Requests

To exercise your rights:

  1. Submit requests in writing to [cem (at) exam.sg]

  2. Include proof of identity (copy of NRIC/passport)

  3. Specify the type of request and relevant details

Response Time: We will respond within 30 days of receiving your request.

8. International Data Transfers

If we transfer your data outside Singapore, we ensure adequate protection through:

  • Countries with adequacy decisions

  • Standard contractual clauses

  • Binding corporate rules

  • Your explicit consent

9. Minors' Data

9.1 Age Restrictions

Our services are intended for users aged 5 and above.

9.2 Parental Consent

For users aged 5-18, we recommend parental guidance and may require parental consent for certain services.

10. Automated Decision-Making

We may use automated systems for:

  • Fraud detection and prevention

  • Exam scheduling optimization

  • Basic customer service responses

You have the right to request human intervention in automated decisions that significantly affect you.

11. Cookies and Tracking Technologies

11.1 Types of Cookies

  • Essential Cookies: Required for website functionality and security

  • Performance Cookies: Help us understand how visitors use our site

  • Functional Cookies: Remember your preferences and settings

  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

11.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

11.3 Third-Party Tracking

We use Google Analytics and similar tools to understand website usage. These services have their own privacy policies.

12. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

  • Assess the risk and take immediate containment measures

  • Notify the Personal Data Protection Commission within 72 hours (if required)

  • Inform affected users if there's a high risk to their rights and freedoms

  • Provide clear information about the breach and recommended actions

13. Third-Party Websites

Our website may contain links to external sites. We are not responsible for their privacy practices. Please review their privacy policies before sharing personal data.

14. Updates to This Policy

We may update this policy to reflect:

  • Changes in our services or business practices

  • Legal or regulatory requirements

  • Industry best practices

Notification: We will notify you of material changes via email or website notice at least 30 days before implementation.

15. Contact Us

15.1 General Inquiries

Email: [cem (at) exam.sg]
Address: 11 Slim Barracks Rise #08-02, Singapore 138664

15.2 Data Protection Officer

For privacy-specific matters, contact our Data Protection Officer:

Email: [cem (at) exam.sg]
Address: 11 Slim Barracks Rise #08-02, Singapore 138664

15.3 Complaints

If you're unsatisfied with our response, please first contact our Data Protection Officer at [cem (at) exam.sg].

If the matter remains unresolved, you may lodge a complaint with: Personal Data Protection Commission Singapore

This policy demonstrates our commitment to protecting your privacy and complying with Singapore's data protection laws. Your trust is important to us.