We, BCS, endeavour to fulfil our responsibilities under the Personal Data Protection Act 2012 (the “PDPA”). This policy provides information on how BCS (“we”, “us”, “our”) collect, manage, use and disclose personal data. This policy applies to personal data collected from all individuals who are our clients, beneficiaries, members of the families of our clients or beneficiaries, employees, volunteers, donors, participants in our events, and anyone whose personal data we have possession of. For clients and beneficiaries who are minors or a person who is not legally capable of managing his/her affairs, it shall also include his/her legal guardian. In this policy, “personal data” shall have the same meaning ascribed to it in the PDPA; “clients” shall include “beneficiaries”.
We collect, use or disclose personal data only if:
- You have given express or deemed consent; or
- The collection, use or disclosure of personal data without consent is required or permitted by the PDPA or an exception under the law permits the collection, use or disclosure of personal data without consent.
We collect, use or disclose personal data of different individuals for different purposes. We will generally specify the purpose of collection of personal data at the point of collection. However, if that is not possible, the following are some purposes we collect, use and/or disclose personal data for.
We may collect, use or disclose personal data for the purpose of:
- Providing any of our services;
- Evaluating a client’s suitability for social services;
- Administering social services;
- Processing applications, instructions or requests from you;
- Communicating information about us, our events, our services, our financial accountability or fundraising, events or services of our partners, social services generally;
- Developing, improving, managing, or running our organisation, our operations, or our events or services;
- Our publicity materials or internal records;
- Responding to queries or feedback;
- Addressing or investigating any complaints, claims or disputes;
- Seeking professional advice;
- Submission to government authorities in accordance with law, including for donation-related matters and preparing of tax-deductible receipts; or
- Complying with any legal obligation.
We will collect personal data only to the extent that is reasonable and which is given with express or deemed consent. You are deemed to consent to providing your personal data when you voluntarily provide it, e.g. by emailing us, or submitting forms on our website. It is deemed that you have consented to providing your personal data for donation-related and communication purposes.
We may collect your personal data in various ways, including:
- In person-to-person meetings, visits or interviews;
- In telephone calls;
- Submitted documents, forms, surveys, questionnaires, whether in digital or non-digital form;
- By audio and/or visual recording, photography or videography at public events;
- By CCTV at our premises or premises where our events, programmes, or services are conducted;
We may from time to time, and in compliance with all applicable laws on data privacy, disclose your personal data to any of our employees, agents, contractors or service providers, whether located in Singapore or elsewhere, in order to carry out the purposes set out above. Third party contractors or service providers include: service providers providing services such as data processing, data storage, hosting and maintenance services, analysis services, email messaging services, delivery services, payment services, mail delivery services, consultants, and professional advisers (e.g. accountants, lawyers, auditors). When we disclose your personal data to such persons, we will require them to ensure that any personal data disclosed to them are kept confidential and secure.
We may disclose your personal data to third parties if we believe that we are required by law to so disclose or that such disclosure is reasonably necessary to protect the rights, property or safety of our clients, employees, partners, the public, you or us.
We may transfer, store, process and/or deal with your personal data outside Singapore. In doing so, we will comply with the PDPA and other applicable data protection and privacy laws.
Any express or deemed consent given in respect of the collection, use or disclosure of your personal data for any purpose may be withdrawn by writing an email to our Data Protection Officer.
Upon being notified of the withdrawal of consent, we will within a reasonable time, cease collecting, using or disclosing your personal data. The withdrawal of consent to use or disclosure of all or any of an individual’s personal data under certain circumstances may result in us not being able to provide the individual with certain services or permit the individual to participate in certain events or programmes if it is reasonable that the personal data is required for such service or participation.
We will make reasonable efforts to ensure that the personal data that we collect is accurate and complete. If you are submitting personal data to us, you shall use best endeavours to provide us with accurate and complete personal data. If you are submitting personal data that does not belong to you, you confirm that you have obtained the individual’s consent to provide such personal data. To ensure that such personal data is accurate and complete and up to date, all individuals should notify us of any change to personal data as soon as possible.
You may, at any time, request for details of your personal data collected by us or request for an update or correction of your personal data.
All requests should be made by email to our Data Protection Officer. We will require the person making the request to provide proof of identity, and relevant information or documents to support the request (including when and how the personal data was collected).
There are circumstances where we are not required to provide individuals making request for information about themselves maintained by us, including situations where we are not permitted by law to disclose the information to you or where we are allowed to provide you only with limited information.
We endeavour to make any correction to personal data within a reasonable time, unless there are reasonable grounds for us to believe that the correction should be not made.
We may charge an admin fee for providing access to your personal data or processing your correction request. We will not charge you simply because you make a request. Our Data Protection Officer will discuss this with you.
If your personal data has been provided to us by a third party, you should contact that third party to make such queries or access, correction or deletion requests to us on your behalf. However, if you are able to prove to our satisfaction that this is not possible, and if you are able to establish that personal data that we possess about you is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date. If you wish to request that we delete your personal data we possess which you did not give consent to, we will take reasonable steps to investigate your request, subject to our satisfaction as to the validity of your request.
We will take reasonable steps to protect personal data that is in our possession and will endeavour to protect it against risks such as loss or unauthorised access, disposal, use, modification or disclosure. Only authorised or relevant persons will be permitted to have access to personal data.
We will endeavour to implement appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure.
We will cease to retain personal data as soon as it is reasonable to assume that the purpose for which the personal data has been collected is no longer served by its retention and if the retention of such data is no longer required for legal and business purpose.
The Do-Not-Call (“DNC”) provisions under the PDPA prohibit organisations from sending marketing messages to Singapore telephone numbers registered with the DNC Registry. The DNC Registry, however, does not cover non-marketing messages sent for other purposes such as surveys, customer service and other service-related communication.
We will comply with the DNC provisions if we intend to send marketing messages to Singapore telephone numbers.
We may amend this policy from time to time to ensure that this policy is consistent with any developments to the way we use your personal data or any changes to the laws and regulations applicable to us. We will make available the updated policy on our website. All communications, transactions and dealings with us shall be subject to the latest version of this policy in force at the time.
This policy, our privacy practices and your use of our website shall be governed by Singapore law. We make no representation that this policy and our privacy practices comply with the laws of any other country. If you are not residing in Singapore, your use of our website shall be deemed to mean that you will not hold us responsible for any non-compliance with the laws of your residence to the extent that such laws are applicable. Further, by your continued use of our website, you consent to the transfer and use of your personal data outside your country.