utu Academy

PERSONAL DATA PROCESSING NOTICE  

This Notice is published to ensure compliance with General Data Protection Regulation (EU GDPR), UAE Federal Decree-Law No. (45) of 2021 (UAE PDPL), Singapore Personal Data Protection Act (PDPA) and any Other local data protection regulations as applicable and sets out the guidelines UTU Group (defined hereinafter) adheres to when processing personal data of its Users.  UTU Pte Ltd, based in Singapore (398007) – 229 Mountbatten Road #01-01, Mountbatten Square, e-mail address [email protected], and its subsidiaries (collectively, “utu Group” or “utu”) User" refers to any individual who accesses or uses utu Group’s services, website, or applications. For the purposes of this document, "User" shall have the same meaning as "Data Subject". utu hereby inform Users that personal data collected and provided while browsing, consulting and using the utu Website or App will be processed in accordance with applicable data protection laws.   

utu Group reserves the right to modify or update, in whole or in part, this Notice at any time at its discretion including to take into account changes in the provisions of laws and regulations relating to the protection of personal data and will notify Users of the Website of any such changes.   

utu Group informs Users that the content of this Notice does not apply to websites owned or managed by third parties and declines any liability for any request and/or release of personal data to third party websites and in relation to the management of authentication credentials provided by third parties. 

A. Data Controllers are the Companies of the utu Group , including but not limited to utu Pte Ltd, utu Technologies Pte Ltd, utu Points Pte Ltd, utu Tax Free Pte Ltd, utu Rewards Pte Ltd, utu Rewards S.r.l., utu Rewards France SAS.   

B. Data Protection Officer: Mr. Sridhar Vorla , DPO  can be contacted at the following email: [email protected]l   

C. Information collection, use and disclosure   

• This Notice describes how utu processes personal data collected, used, disclosed, shared and stored through its platforms managing the utu run Website https://utuacademy.thinkific.com/, by accessing the Website while enrolling/signing up with the utu academy.   
• The data provided will be kept only for the time necessary to carry out the activities and to achieve the purposes specified below and further stored for the period provided for the fulfilment of legal obligations on Data Controllers or expressly permitted by laws and regulations in force for the protection of personal data or until the consent given for processing, where applicable, is withdrawn. Personal Data shall not be kept after the purpose of its processing has been exhausted 
• For the avoidance of doubt, in the event of any inconsistency between this Notice and the General Data Protection Regulation (EU GDPR), UAE Federal Decree-Law No. (45) of 2021 (UAE PDPL), Singapore Personal Data Protection Act (PDPA) and any Other local data protection regulations as applicable the provisions of the above mentioned shall take precedence. UTU remains committed to full compliance with all applicable data protection laws.  

D. Type and source of personal data   

1. Data provided by Users   

• Identification data: full name, date of birth, nationality, address, mobile number, email; 
• Registration data: UTU account credentials, utu member account, user preferences for the successful registration to utu website and the use of services; 

1. Data collected automatically   

• The computer systems and software procedures functional to the UTU Website acquire, during their operations, some personal data whose disclosure to utu is implicit in the use of Internet communication protocols. This category of data includes IP addresses, type of browser used, operating system, domain name and websites address, page visits, time of access, single page visit staying, analysis of internal path and other parameters relating to the operating system and Users computer/devices environment.   
• These technical/IT data are collected and used exclusively in aggregated and anonymous manner for statistical purposes and to check the correct functioning of the utu Website. Some of these information may be collected from cookies installed on your browser when you visit the Website or download the App. For more information about cookies, please see Cookie Policy.   

E. Purposes of data processing   

• Users personal data will be processed by utu for the following purposes:  to ensure, within the legitimate interest of the utu Group, the compliance with the Website use terms, the security of the utu Website and its Users, the protection of the rights and/or assets of the utu Group Companies; to ensure the management, maintenance and control of the proper functioning of utu Website;   
• to use the personal data in court or in the previous steps in the event of an establishing lawsuit against Users illicit use of the Website or the related services; to investigate the liability in the event of any computer crimes against the Website, in order to protect the rights and legitimate interests of the utu Group.   
• The provision of personal data for the above purposes is essential to provide the services or products requested or to allow the access to the functionality required, so the personal data are necessary for the exact fulfilment by utu of contractual obligations, for the proper application of laws provisions and regulations, for the exercise of its legitimate interests. Failure to enter such data may result in the inability to complete the registration as a User or the inability to receive such services or products or to benefit from the functionality required.    
• In the event of explicit consent to the purposes described above (marketing and profiling), personal data will be made visible and stored in a single computer file for managing customer relations, so-called Customer Relationship Management (CRM) and Customer Service accessible to all Group Companies, so the updating, rectification and/or deletion of data provided will have effect for all the utu Group Companies.   

Each of the above activities and communications may be carried out only upon a specific consent which can be explicated by ticking or Opting in at consent boxes.    Such consents shall be optional and can be always withdrawn by writing to the following address [email protected],   It is therefore understood that any refusal of one or more of these consents does not affect in any way the establishment and the management of the contractual relationship and the requested services and products providing.    Users have the right to object at any time to the processing of personal data for direct marketing and profiling purposes.   

F. Special categories of personal data – minors   

• Failure to give consent to the processing of particular categories of data will make it impossible for the utu Group to carry out the activities involving the processing. The particular personal data, so-called “sensitive”, will be processed until the User decides to withdraw the consent, except for the storage period for the performing of services agreement and under the provisions of laws and regulations.   
• Utu Group does not process personal data of individuals under the age of 18 years.   

G. Methods of data processing   

• Personal data may be processed by utu using paper, computer and digital tools, with organisational methods and with logic strictly related to the purposes indicated and, in any case, in a manner that guarantees safety, confidentiality, integrity and availability, in in accordance with the current provisions on the processing of personal data.   
• Within the utu Group, personal data are accessible by any unit/entity that needs to process them in order to fulfil contractual obligations and/or legal obligations and to exercise legitimate interests. All data processing operations will be carried out by personnel appointed by the Data Controller and properly trained to comply with the provisions in force on data protection. The persons in charge of the processing of utu are those persons, belonging to the staff of utu, who materially provide for the processing of personal data under the supervision of the relevant Head of Internal sector. Personal data information may be received by third parties appointed by utu Group to provide services to utu Group for the provision of the services requested for by the Users.   

H. Security measures   

• In accordance with the provisions on the protection of personal data, the utu Group has implemented appropriate technical and operational measures adequate to ensure a level of security appropriate to the risk.   
• These measures include, in particular, ensuring the confidentiality, integrity and availability of data through the control of physical access, inclusion and disclosure. Furthermore, utu Group undertakes to take account of data protection from the outset of the development or selection of hardware, software and technical procedures, in accordance with the principle of data protection by design and protection by default.   

I. International Transfer of personal data   

• In order to operate a global business, utu and its subsidiaries may process, transfer and store Users personal data within the Group Companies or with their services providers within the local limit of the specific country 
• The management of databases, the processing of personal data and their storage are bound to the purposes for which such data are collected and processed and are carried out in compliance with the standards of confidentiality and security in accordance with the Laws and regulations in force on the protection of personal data applicable. To this end, utu Group undertakes to implement all appropriate and necessary contractual measures and the due steps to ensure the adequate level of protection of Users personal data 

J. Information Sharing   

utu will share personal information only with Users consent or as required or permitted by applicable laws, such as with:   

• other utu Group Companies and utu appointed service providers whose responsibilities and business activities are defined in respective contracts with utu;   
• competent tax authorities, customs officers, national and international authorities , judicial authorities and courts; regulatory authorities and governmental agencies;   
• services providers: for the processing and storage of personal data for the processing and storage of accounting and administrative documents;   
• lawful recipients, including third parties in the event of mergers, acquisitions, sale of business for the trading activity.    

K. Users Rights   

With regard to the above described processing of personal data, Users have the right to:   

• access to personal data, having confirmation that their data are being    processed or not and, in this case, to request a copy;   
• rectification of any inaccurate personal data or their integration if incomplete;   
• erasure of personal data without undue delay where: personal data are no longer necessary for the purposes of processing; the given consent is withdrawn and there is no other legal ground for processing; personal data have been unlawfully processed;   
• withdraw at any time any given consent, without prejudice to the processing based on consent given before withdrawal;   
•  restriction of processing personal data where the accuracy of personal data is contested; the processing is unlawful or objected;   
• object at any time the processing of personal data based on Data Controller legitimate interest and/or the processing for  profiling purpose;   

The rights listed above can be exercised by writing to the following address [email protected]