Email: ceespore-pr@catholic.org.sg
PDPA - Privacy Policy
PDPA - Privacy Policy
Catholic Engaged Encounter Singapore (CEES)
DATA PROTECTION NOTICE
CEES is committed to protecting personal data entrusted to us by individuals. This Data Protection Notice (“Notice”) sets out the basis upon which CEES collects, uses and discloses your personal data. This Notice also explains how you can update us on changes in your personal data or request that we delete your personal data from our records.
Personal Data
1. Definition:
“personal data” means any data, whether true or not, about you from which you can be identified, either: (a) from that data; or (b) from that data and other information to which we have or are likely to have access;
“PDPA” means the Singapore Personal Data Protection Act 2012; and
“PDPC” means the Singapore Personal Data Protection Commission.
2. Depending on the nature of your interaction with us, some examples of personal data which we may collect include your name, identification number, contact information such as your address, email or telephone number, nationality, gender, date of birth, marital status, employment information, education background, language proficiency, race, religion, medical history, family background, photographs and other audio-visual information, and information about your usage of and interaction with our website.
Collection, Use and Disclosure of Personal Data
Collection
3. We may collect your personal data in various ways, including but not limited to forms that you fill out and submit to us; your interactions with our community, volunteers, board or committee members via meetings, email messages, or telephone conversations; your participation in our events and activities when photos and/or video recordings may be taken; or your visit to our premises which may be under CCTV surveillance.
4. Your personal data may also be disclosed to CEES by third parties with your consent, or where otherwise permitted by law.
5. We may also collect your personal data where required or permitted by laws or regulations binding on CEES.
Purposes
6. We may collect, use and/or disclose your personal data for any or all of the following purposes as well as any other purposes that you may have specifically consented to:
(a) to provide our services to you;
(b) in carrying out our operations;
(c) for community and volunteer recruitment purposes, including but not limited to conducting background or reference checks;
(d) for billing and reporting, such as for invoicing and account management purposes and tax-deductible donations submissions to the Inland Revenue Authority of Singapore;
(e) for follow-up action regarding any complaints, feedback, queries or requests received via our website or any other communication channels; and
(f) to comply with all applicable laws and regulations, including but not limited to assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority. The purposes listed above may continue to apply even where your relationship with us (for example, pursuant to an event) has been concluded or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
7. We may collect, use and/or disclose your personal data on behalf of government agencies, in which case, we will do so in accordance with the government’s prevailing data management policies.
8. We may collect, use and/or disclose your personal data pursuant to an exception under the PDPA or other written law such as during the following situations:
(a) to respond to an emergency that threatens your life, health and safety or that of another individual; and
(b) where necessary in the national interest, for any investigation or proceedings.
9. We may disclose your personal data to third parties for the purposes mentioned above. Such third parties include but are not limited to:
(a) our service providers;
(b) our volunteers and community;
(c) our professional advisers such as lawyers and auditors;
(d) government agencies and regulatory bodies;
(e) law enforcement officials; and
(f) any other party that you may have specifically consented to.
Consent and Notification Obligation
10. We will seek your consent before collecting your personal data, except where collection, use or disclosure of your personal data without consent is required or permitted by law.
11. You have the right of choice regarding the collection, usage and/or disclosure of your personal data. However, we may not be able to provide certain services to you or enter into a relationship with you if you are not willing to provide your consent to our collection, use or disclosure of your personal data.
12. Where you have provided your personal data for an obvious purpose, we will assume that you have consented to our collection, use and disclosure of your personal data for that purpose (e.g., when you provide your personal data to register for an event, we will assume that you have consented to our collection, use and disclosure of your personal data for the purpose of your participation in that event).
13. Either before or when we collect your personal data, we will inform you of the purpose for which your personal data is collected, except when such personal data is provided by you for an obvious purpose.
Accuracy of Personal Data
14. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer at the contact details provided in paragraph 30 below.
Access to and Correction of Personal Data
15. If you wish to make
(a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
(b) a correction request to correct or update any of your personal data which we hold about you,
you may submit your request in writing to our Data Protection Officer at the contact details provided in paragraph 30 below.
16. We will respond to your request as soon as reasonably possible. Before we accede to your access or correction request, we may need to verify your identity by checking your identification document, and the legitimacy of your request. If we are not able to respond to your request within thirty (30) calendar days after receiving your request, we will inform you in writing within thirty (30) calendar days of the time by which we will be able to respond to your request.
17. Please note that we may refuse your request under certain circumstances as set out in the PDPA. Further, depending on the circumstances, we may only need to provide you with access to your personal data contained in the documents requested, and not to the entire documents themselves. It may also be appropriate for us to simply provide you with confirmation of your personal data that we have on record if the record of your personal data forms a negligible part of the document.
18. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
Withdrawal of Consent
19. You may withdraw your consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed in paragraph 6 above or any other purposes that you may have specifically consented to, by submitting your request in writing to our Data Protection Officer at the contact details provided in paragraph 30 below.
20. We will try to process your request within ten (10) business days of receipt and will notify you if we require more time to give effect to your request.
21. Please note that depending on the nature and scope of your request, we may not be in a position to continue providing our services to you or to continue our relationship with you and we will, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please notify our Data Protection Officer at the contact details provided in paragraph 30 below.
22. Please note that withdrawing your consent does not affect our right to continue to collect, use and disclose your personal data where such collection, use and disclosure without consent is required or permitted under the PDPA or other applicable laws.
Protection of Personal Data
23. To safeguard your personal data from unauthorised or accidental access, collection, use, disclosure, copying, modification, loss, disposal or destruction or other similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date anti-virus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to authorised third parties and agents only on a need-to-know basis. We strive to protect the security of your personal data by regularly reviewing and enhancing our information security measures.
24. If there is a need to disclose your personal data to third parties in line with the purposes mentioned in paragraph 6 above, we will ensure that such third parties provide sufficient guarantees to us to have implemented the necessary security measures to protect your personal data.
Retention of Personal Data
25. We will retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws.
26. You may request that we delete your personal data by contacting our Data Protection Officer at the contact details provided in paragraph 30 below. However, we will not be able to comply with your request if we are required to retain your personal data for business or legal purposes. In such circumstances, you may withdraw your consent to our further use or disclosure of your personal data – please refer to paragraphs 19 to 22 above.
Cross-border Transfers of Personal Data
27. Generally, we will not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, including entering into an agreement with the receiving party to accord similar levels of data protection as those in Singapore.
Data Breach Notification
28. As no method of transmission over the Internet or method of electronic storage is completely secure, there remains a possibility of data breach. In the event a breach of security leads to unauthorised or accidental access, collection, use, disclosure, copying, modification, loss, disposal or destruction of personal data, we will promptly assess the impact and if appropriate, notify the affected individuals at the same time or after reporting the breach to the PDPC and other relevant regulatory agencies (if any). Reporting to the PDPC (where required) will be made no later than three (3) calendar days after our assessment.
Data Protection Officer
29. You may contact our Data Protection Officer if you have any enquiry, feedback or complaint regarding our personal data protection policies and procedures, if you wish to make any request, or if you believe that information we hold about you is incorrect or out-dated.
30. You may contact our Data Protection Officer via email at scee.dpo@gmail.com
Modifications
31. We may revise this Notice from time to time to ensure that it is consistent with changes in legal or regulatory requirements and is in line with future developments and industry standards. You may determine if any such revision has taken place by referring to the date on which this Notice was last issued. Your continued use of our services or continuation of your relationship with us constitutes your acknowledgement and acceptance of such changes.
End