pdpc_decisions_version_detail (view)
3 rows where nature = "Consent, Purpose Limitation, Notification"
This data as json, CSV (advanced)
Suggested facets: decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 185 | 185 | 1 | 952 | Spring College International failed to notify and obtain consent from the parents of young students before disclosing online the students’ personal data for marketing purposes. Directions were issued to Spring College International. | [
"Consent",
"Purpose Limitation",
"Notification",
"Directions",
"Education"
] |
2018-05-24 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Spring_College_International_240518.pdf | Consent, Purpose Limitation, Notification | Breach of Consent and Purpose Limitation Obligations by Spring College International | https://www.pdpc.gov.sg/all-commissions-decisions/2018/05/breach-of-consent-and-purpose-limitation-obligations-by-spring-college-international | 2018-05-24 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 15 Case No DP-1705-B0799 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Spring College International Pte. Ltd. … Organisation DECISION Spring College International Pte. Ltd. Mr Yeong Zee Kin, Deputy Commissioner — Case No DP-1705-B0799 24 May 2018 Background 1 This matter involves a private educational institution that posted information about its students, including their names and photographs, on a public social media page, in order to promote its courses. The Organisation operates a private educational institution, known as “Spring College International Pte. Ltd.” (“SCI”), that offers various academic courses to students of varying ages and levels. A complaint was made to the Personal Data Protection Commission (“PDPC”) regarding the unauthorised disclosure of a student’s personal data on the Organisation’s Facebook page. The complaint was made by the student’s parent (“the Complainant”). 2 The Commissioner’s findings and grounds of decision, based on the investigations carried out in this matter, are set out below. Material Facts 3 Since September 2010, the Organisation has maintained a Facebook page which is accessible to the general public, titled “Spring College International”. In December 2015, the Complainant enrolled her son (“Individual A”) as a student in SCI. Sometime thereafter, the Spring College International Pte. Ltd. [2018] SGPDPC 15 Complainant came across a post on the Organisation’s Facebook page, dated 24 April 2016 (“Post A”). The post contained the following text: Application for Supplementary Admissions Exercise for International Students 1 We are pleased to inform you that your application for admission to a secondary school through the Supplementary Admissions Exercise for International Students is successful. The results of your application are as follows: … 4 Post A further set out the following information about Individual A: full name; partially masked passport num… | Directions | ab610ebd87a5e51bcfa08294b0f5948e87401467 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 193 | 193 | 1 | 952 | A financial penalty of $12,500 was imposed on Aventis for using the personal data of individuals beyond the notified purposes, and for failure to give effect to the withdrawal of consent within a reasonable time. | [
"Consent",
"Purpose Limitation",
"Notification",
"Financial Penalty",
"Directions",
"Education"
] |
2018-04-30 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Aventis_300418.pdf | Consent, Purpose Limitation, Notification | Breach of Notification and Consent Obligations by Aventis | https://www.pdpc.gov.sg/all-commissions-decisions/2018/04/breach-of-notification-and-consent-obligations-by-aventis | 2018-04-30 | PERSONAL DATA PROTECTION COMMISSION Case No DP-1705-B0766 [2018] SGPDPC [7] In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Aventis School of Management Pte. Ltd. … Organisation DECISION Aventis School of Management Pte. Ltd. [2018] SGPDPC [7] Tan Kiat How, Commissioner — Case No DP-1705-B0766 30 April 2018 Background 1 The present matter concerns an individual (the “Complainant”) who had signed up to receive a free brochure for a specific programme organised by the Organisation, but ended up also receiving numerous marketing emails from the Organisation that were unrelated to the programme which the individual was interested in. The question raised is whether the Organisation’s “use” of the Complainant’s personal data to send him the marketing emails without his consent is a breach of the Personal Data Protection Act 2012 (“PDPA”). In the Commissioner’s findings, the answer is in the affirmative. 2 The Commissioner also found that the Organisation had failed to carry out the Complainant’s request to remove his email address from the Organisation’s mailing list in a timely manner, which led to further marketing emails being sent to the Complainant after the withdrawal request was made. 3 The Commissioner’s findings and grounds of decision of the matter are now set out below. Aventis School of Management Pte. Ltd. [2018] SGPDPC 7 Material Facts 4 The Organisation is an educational institution that collaborates with overseas universities to offer degrees, courses, and programmes to students across various disciplines such as Finance, Marketing, and Business. 5 The Complainant was interested in one of the programmes offered by the Organisation, and submitted his name, email address, and contact number through a web form on the Organisation’s website, titled “Take Action Today – Download Free Brochure”, at http://asm.edu.sg/california-state-university on 12 January 2017. 6 After signing up for this free brochure, the Complainant started recei… | Financial Penalty, Directions | ee94ae697675c228c71fd7f5fba9305226984d44 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 232 | 232 | 1 | 952 | Directions were issued to Universal Travel Corporation for disclosing a passenger list, consisting of 37 customers' personal data, to four of its customers without consent. The organisation was also penalised for its lack of data protection policies. | [
"Consent",
"Purpose Limitation",
"Notification",
"Directions",
"Others"
] |
2016-04-21 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---universal-travel-corporation-(210416).pdf | Consent, Purpose Limitation, Notification | Breach of Consent and Other Obligations by Universal Travel Corporation | https://www.pdpc.gov.sg/all-commissions-decisions/2016/04/breach-of-consent-and-other-obligations-by-universal-travel-corporation | 2016-04-21 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1508-A496 UNIVERSAL TRAVEL CORPORATION PTE LTD (UEN. 197302113R) ... Respondent Decision Citation: [2016] SGPDPC 4 GROUNDS OF DECISION 20 April 2016 A. BACKGROUND 1. The Personal Data Protection Commission (“Commission”) received a complaint from a credible source concerning the alleged disclosure by the Respondent of personal data of 37 customers (the “passenger list”) in early March 2015 to certain individual(s) who participated in the 12 Days Legend of the Balkans Tour from 17 February 2015 to 28 February 2015 (“Balkans Tour”). 2. In the premises, the Commission decided to carry out an investigation into the matter. The Commission’s findings are set out below. B. MATERIAL FACTS AND DOCUMENTS 3. Sometime in or around late February 2015, four of the customers of the Balkans Tour requested the Respondent to furnish formal documentation confirming the cancellation of their transit flight to Sofia on 18 February 2015 (TK1027/18FEB15 ISTANBUL-SOFIA) (“formal confirmation”) to process their insurance claims. 4. The Respondent therefore requested from Turkish Airline written confirmation of the flight cancellation and the affected passenger list. 5. Sometime in early March 2015, the Respondent sent the formal confirmation together with the letter from Turkish Airline and the passenger list by email to four of the customers of the Balkans Tour. The passenger list that was sent contained the name, nationality, date of birth, passport number, passport expiry date and passenger name record (a record in the database of a computer reservation system (CRS) that contains the itinerary for a passenger, or a group of passengers travelling together) of all 37 of the passengers/customers that were on the Balkans Tour. The passengers’ details were not masked or redacted when it was sent by the Respondent. It is not disputed that the passengers’ details constituted personal data under the control of the Respondent at the material time. 6. In the R… | Directions | 5a0ff182bd0082f840e509fc39079487ae98fb3a | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;