PERSONAL DATA PROTECTION POLICY
1.1) The Mt Carmel Bible-Presbyterian Church (collectively referred to herein as “the Church”, “we”, “us”, “our”) is committed to protecting the privacy and personal data of individuals who provide personal information to it, including those information provided through our websites.
1.2) The personal data collected, during the course of activities undertaken by the Church, enables us to minister to the faithful and to fulfil our obligations. the Church is bound by the Singapore Personal Data Protection Act (2012) (the “Act” or “PDPA”) that governs how the Church collects, uses and/or discloses any personal data.
1.3) This policy describes ways in which the Church collects, uses, discloses, stores, and disposes of personal information.
1.4) This data protection policy applies to all ministries, classes and groups including CGs and DCGs) of the Church (“Church Groups”).
2. Understanding of personal data
2.1) ‘’Personal data” generally refers to any data, whether true or not, about an individual who is identifiable from the provided data or information to which we have or are likely to have access to. This will include the data from our records which may be updated from time to time.
2.2) The personal data that Church Groups may collect and/or hold of individuals includes the following:
- Personal details, such as name, age, marital status
- Personal identification details such as NRIC, FIN or passport number, and applicable via or permits, such as employment pass, work permit etc.
- Personal contact details such as telephone numbers or email addresses
- Church records including baptism, confirmation of faith and marriage details.
- Information relating to employment application such as employment history and academic qualifications
- Information relating to pastoral care needs
- Photographs and video recordings
- Information relating to a person’s enrolment at a Presbyterian institution such as preschool, school, orphanage, retirement or welfare home.
The exact data to be collected will be dependent on the purpose and needs of the Church body collecting the data. the Church endeavours to only collect, use or disclose personal data about an individual which it considers reasonably necessary for the purposes underlying such collection, use or disclosure.
3. Purpose of collecting personal data
3.1) Church Groups collect personal data for purposes such as those indicated below:
- Administration of activities related to hiring and the management of the employment of the Church’s employees
- Administration of all Church activities
- Fulfilment of statutory/accountability activities and reporting including the holding of meetings of members
- Send news, updates and promote the Church’s activities to members
- Administration of activities related to vendors and service providers
- Registration and administration of training and educational activities like seminars, talks, workshops and retreats
- Administration of pastoral care related activities
- Enrolment and administration of Church and Ministry’s social services such as orphanages and homes
- To refer individuals requiring assistance to the relevant individuals and organisations providing assistance
- To co-ordinate care services provided by other care providers and referring/collaborating with/transferring members to other institutions, care professionals, caregivers, persons, organisations for procedures, additional support on treatment, specialist assistance, the procurement or provision of follow up care or as part of integrated/seamless/holistic care arrangements
- Responding to, processing and handling complaints, queries, requests, feedback and suggestions;
- Contacting parties in relation to events that the Church is hosting
- To provide information to vendors to facilitate their provision of services on behalf of the Church to church members, including excursions, outing and funeral services
- Contacting volunteers regarding their tasks, or regarding future volunteering opportunities; responding to, processing and handling complaints, queries, requests, feedback and suggestions
- To provide information to the relevant funding agencies and donors
- Assisting and contacting parties in relation to the services they have requested
- The registration and administration of programs, events and activities such as fundraising, concerts & exhibitions
- Management of the Church, including the Church’s internal record keeping
- Complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities
3.2) Where Church Groups collect data for purposes other than those listed above, the Church body would disclose such purpose to the individual, by suitable means, when collecting the personal data from the individual.
3.3) Personal data will generally be obtained directly from the individual. In the case of children, personal data will be collected from either their parents or guardians, unless specific and/or unusual circumstances require that the collection be made directly from the child concerned.
4. Use of personal data
4.1) All personal data will be used for the purpose for which it was collected. Church Groups may also use the personal data for purposes which are permitted by law.
4.2) For prospective employees, the Church may collect personal data by speaking with employment referees. The Church may contact applicants’ previous employers who have not been nominated as referees. All personal data given as part of a prospective employment application will be used to assess the applicant’s suitability for the position that has been applied for. Such personal data may also be used to assess the individual’s suitability for a position for which the applicant have not applied, but one which we believe the individual may be suited. Should this be the case, we will seek the consent of the individual before considering the applicant for such other position.
5. Disclosure of personal data
5.1) The Church may from time to time and in compliance with all applicable laws on data protection, disclose your personal data to third parties, whether located in Singapore or elsewhere, in order to carry out the purposes set out above. Where the Church makes such disclosure, confidentiality agreements would be in place in order to protect the personal data.
5.4) The Church may transfer, store, process and/or deal with your personal data outside of Singapore. Where the Church does so, the Church will comply with the PDPA and other applicable data protection and privacy laws.
6.1) By providing your personal data to the Church Groups, you consent to the Church’s collection, use and disclosure of your personal data in accordance with this policy statement.
7. Accuracy of information
7.1) The Church strives to ensure the accuracy of the personal data it has. However the individual also plays a part to ensure that the personal data provided is correct. Please see the sections below on how you may correct any errors or omissions of your personal data.
8. Access of personal data
8.1) You may request for access to your personal data.
8.2) The Church is entitled to impose a reasonable charge on the requestor for providing them with the personal information, particularly where photocopying, scanning and/or some form of electronic transfer is required.
8.3) All access requests must be made in person and in writing using the specified form. Access requests are to be directed to the relevant Data Protection Officer (see below). Please bring along proper identification documents to confirm your identity.
8.4) You may request that the Church corrects any error or omission in relation to your personal data using the prescribed form.
8.5) Requests for access to personal data of demised individuals (including Church records) shall require the prior written permission and consent from the estate of the deceased. Failing which, reviews and access to personal Church records of demised individuals will only be allowed 25 years after the year of death.
9. Withdrawal of Consent
9.1) Any individual who wishes to withdraw his or her consent to any collection, use or disclosure of his or her personal data may do so by contacting the Church’s Data Protection Officer. The Church will advise on the exact timeframe required to respond to the notification and effect any change. However all changes will be implemented within three months from the date of notification.
9.2) If any individual withholds or withdraws his / her consent to the collection, use and disclosure of his / her personal data, the Church may not be able to:
- Attend to the individual’s religious or spiritual needs
- Attend to the individual’s welfare needs
- Attend to the child’s educational needs
- Attend to any pastoral care or ministry needs that the individual might have
- Offer any individual employment
- Deal with any enquiries, difficulties or concerns that the individual might have
10. Security, protection and retention of personal information
10.1) The Church will take reasonable security measures to safeguard the personal data collected
10.2) Any unsolicited personal data that the Church receives from individuals will be assessed to determine whether it is necessary to retain any of this data to provide the individual with any services that they have requested.
11. Questions and feedback
11.1) If there are any queries about this policy or feedback regarding the handling of personal data by any Church body, please contact the Data Protection Officer of the Church body in question directly:
Data Protection Officer: The DPO, Mount Carmel BP Church
Tel: 6779 5077
Email: [email protected]
11.2) All feedback is taken seriously and will be reviewed accordingly. The Church will endeavour to resolve all raised issues efficiently.
12. Changes to the policy
12.1) The Church may from time to time review this policy statement and amend it to reflect changes in legislation or other operational requirements. The current version of this policy statement may be found at our website at carmel.sg.