Catholic Family Life Personal Data Protection Policy
Personal Data Protection Policy
Catholic Family Life Limited is committed to protecting the privacy of individuals who provide personal information to us.
This Personal Data Protection Policy ("Policy") sets out the basis which Catholic Family Life Limited ("CFL", "we", "us", or "our") may collect, use, disclose or otherwise process personal data of our research and programme participants in accordance with the Personal Data Protection Act ("PDPA"). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose, or process personal data for our purposes.
As used in this Policy:
- "Individual" means an individual who (a) has agreed to participate in CFL's programmes and/or talks, (b) use our services, (c) volunteer the individual’s time with us, (d) participate in any of our surveys/feedback forms, (e) donate to CFL, (f) is employed by CFL.
- "Personal data" means any data, whether true or not, about an individual who can be identified: (a) from the provided data; or (b) from the provided data and other information to which we have or are likely to have access to. This will include the data from our records which may be updated from time to time.
- Depending on the nature of the individual’s interaction with us, some examples of personal data which we may collect from the individual include the individual’s name, contact information such as the individual’s address, NRIC, email address or telephone number, nationality, gender, marital status, household information (including gross income), religion and/or information related to employment.
- The exact data to be collected will be dependent on the purpose and needs of the programme or service that the individual is engaging with our organisation. We endeavour to only collect, use or disclose personal data about an individual which it considers reasonably necessary for the purposes underlying such collection, use or disclosure.
- Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
Collection, Use and Disclosure of Personal Data
- We shall seek the individual’s consent before collecting any personal data for the purposes mentioned below and before using the individual’s personal data for a purpose which has not been notified to the individual (except where permitted or authorised by law).
- We may collect and use the individual’s personal data for any or all of the following purposes:
- For registration of our programmes, talks, and services and / or to process the individual’s request on volunteering and donations.
- To disseminate information on our programmes, talks, and services
- To determine the effectiveness and quality of our programmes, talks, and services
- To provide statistical report to organisations that provide us grants to run our programmes and services
- To apply for subsidies, rebates, and fee waiver for or on behalf of individuals
- For survey response evaluation and analysis relating to research purposes
- For any other purposes for which the individual has provided the information
- CFL may distribute aggregated statistical information to the Board of Directors for reporting purposes, and to our grant funding organisations. The data will be anonymised such that no individual will be identified.
- CFL will not disclose any personal data for marketing purposes without the individual’s prior consent.
Consent of Personal Data
- By providing the individual’s personal data to CFL, the individual consents to CFL’s collection, use and disclosure of the individual’s personal data in accordance with this policy.
- The consent that the individual provides for the collection, use and disclosure of the individual’s personal data will remain valid until such time it is being withdrawn by the individual in writing. The individual may withdraw consent and request us to stop using and/or disclosing the individual’s personal data for any or all of the purposes listed above by submitting the individual’s request in writing or via email to our Data Protection Officer at the contact details provided below.
- Upon receipt of the individual’s written request to withdraw the individual’s consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the individual) for the individual’s request to be processed and for us to notify the individual of the consequences of us acceding to the same, including any legal consequences which may affect the individual’s rights and liabilities to us. In general, we shall seek to process the individual’s request within ten (10) business days of receiving it.
- Withdrawing consent does not affect our rights to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
Access to and Correction of Personal Data
- If the individual wishes to make (a) an access request for access to a copy of the personal data which we hold about the individual or information about the ways in which we use or disclose the individual’s personal data, or (b) a correction request to correct or update any of the individual’s personal data which we hold about the individual, the individual may submit the individual’s request in writing or via email to our Data Protection Officer at the contact details provided below.
- We will respond to the individual’s request as soon as reasonably possible. Should we not be able to respond to the individual’s request within thirty (30) days after receiving the individual’s request, we will inform the individual in writing within thirty (30) days of the time by which we will be able to respond to the individual’s request. If we are unable to provide the individual with any personal data or to make a correction requested by the individual, we shall generally inform the individual of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
Protection of Personal Data
- To safeguard the individual’s personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third-party service providers and agents only on a need-to-know basis.
- However, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of the individual’s information and are constantly reviewing and enhancing our information security measures.
Accuracy of Personal Data
- We generally rely on personal data provided by the individual (or the individual’s authorised representative). In order to ensure that the individual’s personal data is current, complete and accurate, we will seek the individual’s assistance to update us if there are changes to the individual’s personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
Retention of Personal Data
- We may retain the individual’s personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
- We will cease to retain the individual’s personal data or remove the means by which the data can be associated with the individual, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal, business or research purposes.
Data Protection Officer
- The individual may contact our Data Protection Officer if the individual has any enquiries or feedback on our personal data protection policies and procedures, or if the individual wishes to make any request, in the following manner:
Subject: PDPA Concerns/Enquiry, attention of: Veronica Low, Data Protection Officer, 2 Highland Road, #01-03, Singapore 549102, or via email firstname.lastname@example.org.
Effect of Notice and Changes to Notice
- This Policy applies in conjunction with any other policies, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of the individual’s personal data by us.
- We may revise this Policy from time to time. The individual may determine if any such revision has taken place by referring to the date on which this Policy was last updated.
Effective date: 4 May 2021
Last updated: 7 May 2021