Login|Sign Up

Privacy Policy

Last Updated: 12 November 2025

Rulang Primary School Alumni Association ("we", "us", or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

By using our website and services, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy.

1. Personal Data We Collect

We collect the following types of personal data:

Account Information

  • Full name, email address, and password
  • Date of birth and graduation year
  • Phone number and mailing address
  • Profile photograph (optional)

Payment Information

  • PayNow QR code screenshots for membership fee verification
  • PayNow transaction reference numbers
  • Stripe payment data for merchandise purchases (processed securely by Stripe)
  • Billing addresses for merchandise delivery

Usage Data

  • Event registrations and attendance records
  • Merchandise orders and delivery information
  • Website usage data (pages visited, time spent, browser type)
  • IP address, device information, and cookies

2. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Account Management: Create and maintain your member account, authenticate your identity, and provide member services
  • Membership Verification: Verify your eligibility for membership and alumni status
  • Event Management: Process event registrations, send event notifications, and manage attendance
  • Merchandise: Process orders, arrange delivery, and provide customer support
  • Communications: Send important updates, newsletters, event invitations, and respond to inquiries
  • Member Benefits: Provide access to partner discounts and exclusive member benefits
  • Website Improvement: Analyze usage patterns to improve our website and services
  • Legal Compliance: Comply with legal obligations and protect our legal rights

3. Disclosure of Personal Data

We may share your personal data with:

Service Providers

  • Vercel: Website hosting, database storage, and file storage
  • Stripe: Payment processing for merchandise purchases
  • Resend: Email delivery service for transactional emails
  • Analytics providers: Website usage analytics
  • Prisma: Database management and ORM services

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Partner Businesses

We may share limited personal data (name, email) with partner businesses to provide member benefits and discounts. We obtain your consent before sharing data with any partner.

Legal Requirements

We may disclose your personal data if required by law, court order, or government authority, or to protect our rights, property, or safety.

4. Data Retention

We retain your personal data based on the following policies:

  • Active Members: Data is retained indefinitely while your membership remains active, to maintain your lifelong connection with the Rulang alumni community
  • Rejected Applications: Applications that are not approved are automatically deleted after processing
  • Account Deletion: You may request account deletion at any time. We will delete your personal data within 30 days, except where retention is required by law
  • Transaction Records: Payment and transaction records are retained for 7 years to comply with Singapore tax and accounting requirements

5. Your Rights Under PDPA

Under the Personal Data Protection Act 2012, you have the following rights:

Access

Request access to your personal data we hold

Correction

Request correction of inaccurate or incomplete data

Withdrawal

Withdraw consent for data processing (may affect service access)

Deletion

Request deletion of your personal data

To exercise any of these rights, please contact us at secretary@rulangalumni.org. We will respond to your request within 30 days.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for data transmission
  • Password hashing and secure authentication (NextAuth.js)
  • Multi-factor authentication (MFA) for admin accounts
  • Role-based access controls to limit data access
  • Regular security audits and vulnerability assessments
  • Secure cloud infrastructure (Vercel, Postgres)
  • Comprehensive audit logging for all data access and modifications

We implement comprehensive data protection practices and will issue the necessary notifications in the event of a data breach, in line with PDPA obligations.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies

Required for authentication and website functionality (e.g., keeping you logged in). These cannot be disabled.

Analytics Cookies

Help us understand how visitors use our website to improve user experience. You can opt out of analytics tracking in your browser settings.

8. Minors and Parental Consent

Our services are open to alumni aged 13 years and older. For users under 21 years of age:

  • Ages 13-21: We require parental or guardian consent before collecting personal data. During registration, we will request a parent/guardian email for verification.
  • Under 13: We do not knowingly collect personal data from children under 13. If we discover we have collected such data, we will delete it immediately.

Parents or guardians may contact us to review, modify, or delete their child's personal data.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside Singapore, including by our service providers (Vercel, Stripe, Resend). We ensure that adequate safeguards are in place to protect your data in accordance with PDPA requirements, including:

  • Standard contractual clauses with service providers
  • Ensuring service providers comply with data protection standards comparable to PDPA
  • Conducting due diligence on data protection practices of overseas recipients

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to registered members
  • Displaying a prominent notice on our website

Your continued use of our services after the changes become effective constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights under PDPA, please contact our Data Protection Officer:

Email: secretary@rulangalumni.org

Subject Line: "PDPA Request" or "Privacy Inquiry"

We will respond to all requests within 30 days as required by PDPA. For complaints about our data protection practices, you may also contact the Personal Data Protection Commission (PDPC) of Singapore.

This Privacy Policy is governed by the laws of Singapore. By using our services, you agree to the collection, use, and disclosure of your personal data as described in this policy.