Diocese of Singapore - Personal Data Protection Policy
1. The Diocese of Singapore (“Diocese”) recognises the importance of safeguarding personal data when dealing with information relating to its members, worshippers at its services, attendees of its programs, visitors and staff, and therefore is committed to fully implementing and complying with the provisions of the Personal Data Protection Act (the “Act”). The Diocese’s Personal Data Protection Policy set out here explains the procedures and systems in place to comply with the Act (the “Policy”), in respect of personal data as defined under the Act.
Purposes for the Collection, Use and Disclosure of Personal Data
2. The Diocese receives or collects the personal data of its members, worshippers at its services, attendees of its activities and programs, visitors and staff for purposes reasonably required by it as a place of worship with its attendant activities and programs.
3. These purposes include the following, whether within or outside Singapore:-
(a) operational planning and implementation of activities and programs such as bible teaching, family life ministry, fellowship and discipleship;
(b) communication of activities, programs and other church-related information including church bulletin and other publications;
(c) maintenance of records such as membership, participants of activities and programs, baptism, marriage, birth, death and financial pledges and giving;
(d) management and administration of employment relationships with staff such as work-related dealings, evaluation of performance, crediting salaries, administering staff benefit schemes and conducting audits on finance claims;
(e) reporting and sharing of information within the Diocese of Singapore including amongst her parishes in furtherance of her religious objectives; and
(f) such other purposes as may reasonably be appropriate in the circumstances of the collection of personal data.
4. The Diocese will not use the personal data for any purpose other than that for which it was collected. Should the Diocese require any personal data in its possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought in order to use the data for that new purpose.
5. In the course of processing personal data for the above purposes, the Diocese may disclose such personal data to third parties within or outside Singapore. These third parties include:-
(a) governmental organisations or authorities to whom the Diocese is required by law to disclose the data;
(b) individuals who are legally entitled to the data;
(c) third parties who require the data in order to process and operate programs in which an individual intends to participate;
(d) third parties who provide the Diocese with data processing, administration, health, insurance or legal services, or other professional or management services; and
(e) such other persons as may reasonably be appropriate in the circumstances of the collection of personal data.
6. Disclosure to third parties outside Singapore shall only be to organisations that are required or undertake to process the data with a comparable level of data protection as that required under Singapore law.
Minors below 13
7. The Diocese shall not collect, use or disclose personal data of persons below the age of thirteen (13) for any purpose unless written parental or guardian consent has been given for such purpose.
Withdrawal of consent
8. Should you wish to withdraw or limit your consent to the Diocese’s collection, use and disclosure of your personal data, please write in with full particulars to our Data Protection Officer (“DPO”) using the contact details provided in paragraph 19 below.
9. Any personal data collected by the Diocese shall be accessible by employee(s) of the Diocese to serve the purpose for which the data was collected. Such employee(s) shall observe strict confidentiality at all times.
10. In the event personal data is disclosed to third parties, such third parties will be required to sign an agreement requiring them to observe confidentiality at all times and to use the personal data only for the purpose for which it was disclosed to them.
Data Protection Officer
11. The Diocese has designated a DPO to deal with day-to-day data protection matters and complaints, encourage good data handling practices and ensure that the Diocese complies with the Act and implements the Policy. If you have any questions, complaints or concerns, please contact the DPO using the contact details provided in paragraph 19 below.
12. The Diocese endeavours to take all reasonable steps to ensure that personal data in its possession or under its control is accurate, up-to-date, and complete. If there is any error or omission in the personal data you have provided to the Diocese, please write in to our DPO with the necessary details for correction of your data. If any personal data you have provided to the Diocese becomes inaccurate, please contact our DPO to update your data.
13. Should you wish to access any personal data collected by the Diocese or understand how such data has been used or disclosed, please write in to our DPO with your request. The DPO will provide you with the requested information within a reasonable time, after verification of your identity. Kindly note that the Diocese reserves the right to charge a reasonable administrative fee not exceeding $20 for responding to any such requests.
14. The Diocese will retain personal data for as long as it is necessary to serve the purpose for which it has been collected. Once the data in the Diocese’s possession is no longer necessary to serve the purpose for which it was collected, the data will be destroyed or anonymised in a secure manner.
15. The Diocese endeavours to maintain all personal data in its possession or under its control securely. To this effect, the Diocese has put in place measures to ensure the protection of data in its possession against unauthorised access, collection, use, disclosure, copying, modification, disposal or other risks.
16. The Diocese shall not transfer any personal data in its possession to any parties outside Singapore except as specified in this Policy. Any outside party to which the Diocese intends to transfer data in its possession must have protections equivalent to those provided for in the Act.
17. If an individual feels that his data has been erroneously or improperly handled by the Diocese, he may lodge a complaint in writing by post with the DPO. Once a complaint has been received, the DPO will acknowledge receipt of the same in writing by post, and will contact the relevant departments to investigate the complaint.
18. The outcome of the investigation will be communicated by the DPO to the complainant in writing by post, notifying him of the outcome.
19. The Diocese is committed to protecting the privacy and personal data of its members, worshippers at its services, attendees of its programs, visitors and staff. For enquiries about the Diocese’s Policy, please write to the DPO at the following address:-
Data Protection Officer
The Diocese of Singapore
1 Francis Thomas Drive
Updating the Policy
20. This Policy may be updated from time to time to take account of changes in policy, technology, and/or to ensure compliance with any legislative changes.
@ February 2016