PERSONAL DATA PROTECTION POLICY OF ALL SAINTS MEMORIAL CHAPEL

1. INTRODUCTION

1.1 All Saints Memorial Chapel (“ASMC”) respects the right of individuals to protect their personal data. ASMC is committed to protect the privacy of every individual's personal data in accordance with its obligations under the Personal Data Protection Act 2012 ("PDPA").

1.2  To comply with our obligations under the PDPA, we have produced this Personal Data Protection Policy ("Policy"). This Policy sets out what we must do when any personal data of an individual is collected, used or disclosed and it also seeks to provide general guidance as to how to collect, handle, store or transmit personal data that we may receive in the course of administering the affairs of ASMC.

1.3  This Policy applies to all personnel of ASMC whether employed or voluntary. All personnel of the ASMC must familiarize themselves and comply with the obligations, policies and practices set out in this Policy.

1.4  Compliance with the PDPA is important, because a failure to observe the obligations under the PDPA could potentially expose ASMC to complaints, criminal charges and/or bad publicity. Any failure by any personnel of ASMC to comply with the PDPA may lead to disciplinary action for serious or repeated breaches and/or a report being made to the Police, the Personal Data Protection Commission and any other relevant government authority.

2. OVERVIEW OF THE PDPA

The PDPA came into effect on 2 January 2013 with the main personal data protection provisions coming into force on 2 July 2014.

3. PURPOSE

3.1  The PDPA is concerned with the protection of "Personal Data", which is defined as any data, whether true or not, about an individual who can be identified from that data or from that data and other information that an organisation has access to. The PDPA seeks to balance the rights of an individual to protect his/her personal data and the need of organisations to collect, use and disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.

4. BUSINESS CONTACT INFORMATION

4.1  The PDPA does not apply to "Business Contact Information", such as an individual's name, position or title, business telephone number and fax number, business address, business email address and any other similar information about the individual, which was given for commercial purposes or for a non-personal purpose.

4.2  However, if a person gives his Business Contact Information to ASMC to receive goods or services from ASMC for his personal purposes (in other words, he/she wants ASMC to contact him/her at his/her office rather than his/her home), then the business contact information of that person will be personal data for the purposes of the PDPA.

5. CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL DATA

5.1 We will obtain the consent of our customers and visitors (collectively "Customer") before we collect use or disclose their personal data. In obtaining consent, we will use reasonable efforts to ensure that the Customer is advised of the identified purposes for which his/her personal data is being collected, used or disclosed. Purposes will be stated in a manner that can be reasonably understood by the Customer.

5.2  We will seek consent to use and disclose personal data at the same time as we collect the personal data. If we intend to use or disclose the personal data for a new purpose that was not previously identified, we will seek consent to use and disclose the personal data before it is used or disclosed for the new purpose.

5.3  We will collect personal data directly from Customers, but we may also collect personal data from other sources including public documents and relatives, friends or other third parties who have the right to disclose such personal data.

5.4  We will limit the type of personal data collected to that which is necessary for the purposes that we have identified to the Customer.

5.5  A Customer may withdraw any data or consent at any time, subject to legal or contractual restrictions and reasonable notice. A Customer may contact us for more information regarding the implications of withdrawing consent. Such implications may include our inability to service the Customer or his requests made after the withdrawal of consent.

5.6  In certain circumstances, personal data can be collected, used or disclosed without the consent of the individual. For example:

(a) the collection, use or disclosure is necessary for any purpose that is clearly in the interest of the individual. If consent for its collection, use or disclosure cannot be obtained in a timely way or the individual would not reasonably be expected to withhold consent, such as when the individual is seriously ill or mentally incapacitated;

(b) the collection, use or disclosure is necessary to respond to an emergency that threatens the life, health or safety of the individual or another individual;

(c) the collection, use or disclosure is necessary for any investigation or proceedings, if it is reasonable to expect that seeking the consent of the individual would compromise the availability or the accuracy of the personal data;

(d) the collection, use or disclosure is necessary for evaluative purposes;

(e) the personal data was provided to ASMC by another individual to enable ASMC to provide a service for the personal or domestic purposes of that other individual.

6. NOTIFICATION OF PURPOSE

6.1  We will identify the purposes for which we collect, use or disclose personal data on or before we collect, use or disclose the personal data of Customers. Upon receipt of the personal data, we will use or disclose the personal data only for the identified purpose and for purposes that a reasonable person would consider appropriate in the circumstances.

6.2  We generally collect, use and disclose personal data for the following purposes:

(a) To identify the Customers of ASMC, their relatives and next-of-kin;
(b) To carry out the programmes, services and activities of the ASMC;
(c) To manage the administration and operations of ASMC;
(d) To establish and maintain responsible relationships with Customers; and
(e) To meet our legal and regulatory obligations.

6.3  When personal data that has been collected is to be used or disclosed for a purpose not previously notified, the new purpose will be notified to Customers prior to use. Unless the new purpose is permitted or required by law, consent will be required before the personal data will be used or disclosed for the new purpose.

7. USE OF EXISTING PERSONAL DATA

7.1  Personal data collected prior to 2 July 2014, when the main provisions of the PDPA on the protection of personal data came into force, can continue to be used or disclosed but only for the purpose that the personal data was originally collected for, unless a Customer has withdrawn his/her consent for such continued use or disclosure of his/her personal data.

7.2  If there is a new purpose for the use or disclosure of existing personal data, a fresh consent has to be obtained from the Customer for this new purpose.

8. DISCLOSURE OF PERSONAL DATA

8.1  Generally, only staff and where appropriate, third party service providers and business partners of ASMC (including without limitation, engravers, casket companies etc.) with a need to know or whose duties or services reasonably require access to personal data are granted access to personal data about the Customer.

9. ACCESS TO PERSONAL DATA

9.1  Upon receipt of a request from a Customer, we will provide the Customer with a reasonable opportunity to review the personal data that we have about the Customer in our possession or under our control. Personal data will be provided within a reasonable time and a fee may be charged to cover administrative expenses.

9.2  Upon receipt of a request from a Customer, we will provide an account of the use and disclosure of the personal data of the Customer in the 12 months previous to the request. In providing an account of disclosure, we will provide a list of the organisations to which we may have disclosed personal data about the Customer.

9.3  In certain situations we may not be able to provide access to all of the personal data we hold about a Customer; for instance:

(a) If doing so would likely reveal personal data about another individual or could reasonably be expected to threaten the life or security of another individual;
(b) If doing so would reveal any confidential information;
(c) If the information is protected by legal privilege;
(d) If the information was generated in the course of a formal dispute resolution process; or
(e) If the information was collected in relation to the investigation of a contravention of a law or a breach of an agreement.

9.4  In such a case, we will provide the reasons for denying access to the personal data.

10. ACCURACY AND CORRECTION OF PERSONAL DATA

10.1  We will endeavor to ensure that the personal data collected will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. Ensuring that the personal data that we possess is sufficiently accurate, complete and up-to-date will help minimize the possibility that inappropriate decisions are being made.

10.2  Upon receipt of a request from a Customer to correct or update his/her personal data, we will do so promptly.

10.3  Where we are not able to confirm the accuracy or completeness of a Customer's personal data (such as those Customers who have emigrated or who are no longer contactable), a note will be made against that Customer's personal data of potential unresolved differences.

10.4  Where appropriate, we will inform third parties having access to the personal data in question of any amended personal data or the existence of any unresolved differences.

10.5  Customers are to regularly update the personal data of the Customer and any other person that they have submitted so that we may better serve them and communicate with them.

11. TRANSFER OF PERSONAL DATA OUTSIDE OF SINGAPORE

11.1  We will protect personal data disclosed to third parties by contractual or other means stipulating the purposes for which it is to be used and the necessity to provide at least a comparable level of protection accorded to their data under Singapore law.

11.2  We will not transfer any personal data to any organisation located in a country or territory outside Singapore unless that other organisation is subject (whether by way of legislation or contractual arrangement) to obligations of protection of personal data that are at least  comparable to those under Singapore law.

12. SECURITY

12.1  We have the responsibility under the PDPA to make reasonable security arrangements to protect the personal data that we possess or control to prevent unauthorised access, collection, use, disclosure or similar risks.

12.2  We will use appropriate security measures to protect personal data against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, regardless of the format in which the personal data is held.

12.3  We operate close circuit television (CCTV) cameras in our premises for security and operational purposes. Except for security purposes, we do not use these CCTV cameras to identify an individual personally.

13. RETENTION AND DESTRUCTION

13.1  We will keep personal data only as long as it remains necessary or relevant for the identified purposes or as required by law.

13.2  Once the personal data in our possession or control is no longer necessary for business, administrative or legal purpose, we will destroy or erase the personal data or remove the means by which the personal data can be associated with particular individuals (such as by way of anonymising the personal data).

14. COMPLAINTS

14.1  We will attend to and investigate any complaints concerning any possible breach of this Policy. If a complaint is found to be justified, we will take appropriate measures to resolve the complaint including, if necessary, amending our policies and procedures. The complainant will be informed of the outcome of the investigation regarding his/her complaint.

15.  HANDLING OF PERSONAL DATA OF ASMC STAFF

15.1  The personal data of ASMC Staff, whether permanent or temporary, (collectively " Staff") will be used only for purposes connected with their employment with ASMC and for as long a period as is necessary following the termination of their employment.

15.2  We value the privacy of our Staff and shall process the personal data of our Staff in a fair and lawful manner. We will endeavour to comply with the obligations under the PDPA on the use of personal data in an employer-employee relationship.

15.3  From time to time, we may need to disclose some information held about our Staff to government agencies, such as the Ministry of Manpower and the Central Provident Fund Board, and other relevant third parties, such as insurers, medical clinics and hospitals, solely for purposes connected with managing the employment of the  Staff and providing for his/her welfare during his/her employment with ASMC.

16.  CONSEQUENCES OF NON-COMPLIANCE

16.1  Failure to comply with the provisions of the PDPA may expose ASMC to an investigation by the Personal Data Protection Commission (the "PDPC") concerning the non-compliance.
16.2  If the PDPC is satisfied that ASMC is not complying with its obligations under the PDPA, the PDPC may give ASMC such directions as it thinks fit in the circumstances, which may include directions to:

(a)  stop collecting, using or disclosing personal data in contravention of the PDPA;
(b)   destroy personal data collected in contravention of the PDPA;
(c)   provide access to or correct the personal data in such manner and within such time as the PDPC may specify; or
(d)  pay a financial penalty of up to S$1 million.

17.  APPOINTMENT AND DUTIES OF THE DATA PROTECTION OFFICER

17.1  ASMC is required, as part of its compliance with the PDPA, to designate at least one person as its Data Protection Officer ("DPO").

17.2  It should be noted that the designation of a DPO does not relief ASMC of its legal obligations under the PDPA.

17.3  The DPO is responsible for ensuring that ASMC complies with the PDPA. The DPO must keep fully up to date with the requirements of the PDPA and ensure that all personnel who handle personal data are fully aware of these requirements.

17.4  Where appropriate, the DPO may delegate some of his/her responsibilities as DPO to other individuals to ensure that ASMC complies with the PDPA.

17.5  In addition to ensuring that ASMC complies with the PDPA, the DPO is also responsible for dealing with queries and requests from individuals in relation to ASMC's data protection policies and practices.

17.6  The contact information of the DPO must be made available to the public. It may be in the form of ASMC’s office address, telephone number or a general e-mail address.

17.7  If you wish to make inquiries about this policy or to complain or withdraw your consent, please contact the following person in writing or visit the office:

Samuel Chia
Data Protection Officer
All Saints Memorial Chapel
5 Poh Huat Road, Singapore 546703.
Telephone: 65-62885487
Email: dpo@asmc.org.sg


 

Copyright © 2014 All Saints Memorial Chapel (Singapore) Ltd (199907126R)
All rights reserved. Privacy Policy | Personal Data Protection Act | Created By PolarisHub