ASAMAN
Contact Us

Terms & Conditions

Clear guidelines that define how Asaman works and protects its users.

Data Processing Agreement

Effective Date: Oct 28th, 2025

  • Asaman Technologies Ltd., a global education technology company.
  • The Subscribing School or Educational Institution.

together referred to as the "Parties."

This DPA forms an integral part of the Asaman Terms of Service and governs the processing of personal data in connection with the provision of Asaman's platform and related services.

  • Purpose And Scope
    • Purpose And Scope
      • General Data Protection Regulation (EU) 2016/679 (GDPR) UK GDPR
      • Personal Data Protection Act (PDPA, Singapore)
      • Personal Information Protection Law (PIPL, China)
      • Family Educational Rights and Privacy Act (FERPA, USA)
    • This DPA applies to all personal data processing performed by Asaman in the course of providing services to the school.
  • Definitions
    • Personal Data means any information relating to an identified or identifiable individual.
    • Processing means any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
    • Controller means the School, which determines the purpose and means of processing.
    • Processor means Asaman, which processes data on behalf of the Controller.
    • A Sub-processor is any third party that Asaman engages to process Personal Data on its behalf.
    • Data Subject means the individual to whom the Personal Data relates (e.g., students, parents, staff).
  • Roles And Responsibilities
    • Controller (School) Obligations
      • Ensure all Personal Data shared with Asaman is lawfully obtained.
      • Securely provide data and maintain accurate records of processing.
      • Obtain parental or guardian consent for minor users, as required by law.
      • Respond to Data Subject requests in compliance with applicable legislation.
    • Processor (Asaman) Obligations
      • Process Personal Data solely on documented instructions from the Controller (School).
      • Maintain confidentiality and ensure that appropriate obligations bind all personnel.
      • Implement technical and organisational measures to ensure the security and integrity of data.
      • Not use or disclose Personal Data except as necessary to provide the Service.

  • Nature and Duration of Processing

    CategoryDetails
    Nature of ProcessingCloud-based management of school activity registration, attendance, scheduling, communication, and payment services.
    DurationFor the term of the subscription and up to 12 months after termination for secure data export or deletion.
    Categories of Data SubjectsStudents, Parent / Guardians, Staff, and Service Providers.
    Types of Data ProcessedName, contact information, grade / class, enrolment, attendance, schedule, payment metadata (no financial card data).
    Special CategoriesNone intentionally processed. No biometric, medical, or sensitive data is stored.
  • Data Security

    • Asaman maintains a comprehensive Information Security Management System (ISMS) aligned with ISO / IEC 27001 and SOC 2 standards. These measures include:

    • Encryption of all data in transit (TLS 1.3) and at rest (AES-256).
    • Role-based access controls and least-privilege principles.
    • Multi-factor authentication for administrative users.
    • Daily encrypted backups, retained regionally.
    • Security event logging and regular vulnerability testing.
  • Sub-Processors (Third Party)
    • Asaman may engage sub-processors for specific functions such as hosting, storage, or messaging.
    • Asaman shall:
      • Use only sub-processors providing equivalent levels of data protection
      • Enter into written agreements imposing obligations no less protective than this DPA
      • Notify the School of any intended sub-processor changes, allowing the School to object on reasonable grounds
  • Data Transfers
    • Regional HostingData are hosted regionally:
      • Mainland China Schools: Alibaba Cloud (Mainland China).
      • All other Schools: AWS or Azure (Asia-Pacific, Europe, or North America).
    • Cross-Border TransfersNo data transfer outside the School’s selected hosting region occurs without written authorization. Where required, Asaman applies:
      • Standard Contractual Clauses (SCCs)for EU/UK transfers.
      • PIPL-compliant transfer agreements for China.
  • Confidentiality
    • Confidentiality agreements are binding for all Asaman employees and contractors.
    • Access to Personal Data is limited to personnel who require it for operational reasons.
    • Confidentiality obligations survive termination of this Agreement.
  • Data Subjects Rights

    • Asaman assists the School in fulfilling Data Subject rights requests, including:

    • Access, correction, deletion, and portability (where applicable).
  • Data Breach Notification

    • In the event of a confirmed Personal Data breach, Asaman shall:

    • Notify the School without undue delay (normally within 48 hours of confirmation)
    • Provide details, including nature, scope, and affected data
    • Assist in assessing impact and mitigation
    • Cooperate with regulatory notification requirements where applicable
  • Audits And Compliance
    • Asaman maintains detailed audit logs of data access and processing.
    • Asaman will provide documentation demonstrating compliance with this DPA (e.g., security certifications, policies) upon reasonable request.
    • On-site audits by the school or its auditor may be arranged once per year, provided 30 days’ notice is given, subject to confidentiality and cost-sharing arrangements.
  • Return or Deletion of Data

    • Upon termination of the Service or at the School’s written request, Asaman shall:

    • Make all Personal Data available for export in a standard format (CSV/Excel)
    • Delete or anonymize all remaining copies after 12 months
    • Confirm deletion in writing to the School
  • Liability

    • Each Party’s liability under this DPA shall be subject to the limitations of liability defined in the Terms of Service. Asaman’s total liability shall not exceed the School’s annual subscription value.

  • Governing Law And Jurisdiction

    • This Agreement shall be governed by and construed in accordance with the laws of Singapore. Any dispute shall be resolved exclusively by the courts of Singapore unless arbitration under the Singapore International Arbitration Centre (SIAC) rules is agreed upon.

  • Order of Precedence

    • If any term of this DPA conflicts with the Terms of Service, this DPA shall prevail in data protection and privacy matters.