- 1.1 Providence Presbyterian Church (the “Church”) respects the right of individuals to protect their personal data. The Church is committed to protect the privacy of every individual’s personal data in accordance with the Personal Data Protection Act 2012 (the “PDPA”).
- 1.2 To comply with the PDPA, we have produced this Personal Data Protection Policy (“Policy”). This Policy sets out what we need to do when any personal data of an individual is collected, used or disclosed and it also seeks to provide general guidance as to how to collect, handle, store or transmit personal data that we may receive in the course of administering the affairs of the Church.
2. OVERVIEW OF THE PDPA
The PDPA came into effect on 2 January 2013 with the main personal data protection provisions coming into force on 2 July 2014.
The PDPA is concerned with the protection of “Personal Data”, which is defined as any data, whether true or not, about an individual who can be identified from that data or from that data and other information that an organisation has access to. The PDPA seeks to balance the rights of an individual to protect his/her personal data and the need of organisations to collect, use and disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.
OBLIGATIONS UNDER THE PDPA
- 4. Consent for Collection, Use or Disclosure of Personal Data
- 4.1 We will, as best as we can, obtain the consent of our members, regular worshippers and visitors (individually “Congregant” and collectively “Congregants”) before we collect use or disclose their personal data. In obtaining consent, we will use reasonable efforts to ensure that the Congregant is advised of the identified purposes for which his/her personal data is being collected, used or disclosed. Purposes will be stated in a manner that can be reasonably understood by the Congregant.
- 4.2 We will seek consent to use and disclose personal data at the same time as we collect the personal data. If we intend to use or disclose the personal data for a new purpose that was not previously identified, we will seek consent to use and disclose the personal data before it is used or disclosed for the new purpose, unless such new consent is not required by law.
- 4.3 We will limit the type of personal data collected to that which is necessary for the purposes that we have identified.
- 4.4 A Congregant may withdraw or may limit consent at any time, subject to reasonable notice.
- 5. Notification of Purpose
- 5.1 We will identify the purposes for which we collect, use or disclose personal data on or before we collect, use or disclose the personal data of Congregants. Upon receipt of the personal data, we will use or disclose the personal data only for the identified purpose and for purposes that a reasonable person would consider appropriate in the circumstances.
- 5.2 As a religious organisation, we generally collect, use and disclose personal data for the following purposes:
- (a) To identify our members and those who regular worship with us and visitors to the Church;
- (b) To carry out the ministry programmes and activities of the Church;
- (c) To manage the administration and operations of the Church;
- (d) To communicate to Congregants activities, programs and other church-related information including church bulletin and other publications;
- (e) To maintain and update records such as membership, participants of activities and programs, baptism, marriage, birth, death and financial pledges and giving;
- (f) To meet our legal and regulatory obligations; and
- (g) For such other purposes as may reasonably be appropriate in the circumstances of the collection of personal data.
Personal data collected prior to 2 July 2014, when the main provisions of the PDPA on the protection of personal data came into force, can continue to be used or disclosed but only for the purpose that the personal data was originally collected, unless a Congregant has withdrawn his/her consent for such continued use or disclosure of his/her personal data.
- 7. Disclosure of Personal Data
- 7.1 Generally, only the Pastoral Staff, the Office Staff, members of the Session, members of the Elders and Deacons Court, and Ministry Leaders with a need to know or whose duties or services reasonably require access to personal data are granted access to personal data about the Congregants.
- 7.2 As a member of the Presbyterian Church in Singapore, we may, however, disclose personal data of the Congregants to the relevant Presbytery and the Synod of the Presbyterian Church in Singapore in order for each of us to fulfil our respective roles and responsibilities as constituents of the Presbyterian Church in Singapore.
- 7.3 Points 7.1 and 7.2 herein constitute part of the process of disclosure mentioned in Point 5.1 above.
Upon receipt of a request from a Congregant, we will provide the Congregant with a reasonable opportunity to review the personal data that we have about the Congregant in our possession or under our control.
- 9. Accuracy and Correction of Personal Data
- 9.1 We will endeavor to ensure that the personal data collected will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- 9.2 We will promptly correct or complete any personal data found to be inaccurate or incomplete. Upon receipt of a request from a Congregant to correct or update his/her personal data, we will promptly correct or update his/her personal data.
- 10. Transfer of Personal Data Outside of Singapore
- 10.1 We will protect personal data disclosed to third parties by contractual or other means stipulating the purposes for which it is to be used and the necessity to provide a comparable level of protection.
- 10.2 We will not transfer any personal data to any organisation located in a country or territory outside Singapore unless that other organisation is subject (whether by way of legislation or contractual arrangement) to obligations of protection of personal data that are comparable to those under the PDPA.
We will use appropriate security measures to protect personal data against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, regardless of the format in which the personal data is held.
- 12. Retention and Destruction
- 12.1 We will keep personal data only as long as it remains necessary or relevant for the identified purposes or as required by law.
- 12.2 Once the personal data in our possession or control is no longer necessary for administrative or legal purpose, we will destroy or erase the personal data or remove the means by which the personal data can be associated with particular individuals.
We will attend to and investigate any complaints concerning any possible breach of this Policy. If a complaint is found to be justified, we will take appropriate measures to resolve the complaint. The complainant will be informed of the outcome of the investigation regarding his/her complaint.
- 14.1 Appropriate notices shall be put up to inform that the premises are covered by CCTV video surveillance, if any. Notices shall be put up to inform visitors and volunteers that photographs and videos taken may be used by the Church for communication and publicity purposes in print or electronic media.
- 14.2 For special events, it should be stated in application forms or equivalent document at the inception of the event that photographs of attendees will be taken at the function for communication and publicity in print and electronic form.
14. CCTV, video recording and photography
For enquiries about this Policy, please write to the Data Protection Officer at the following address:
Providence Presbyterian Church
3 Orchard Road
Attn: Data Protection Officer
16. UPDATING THE POLICY
This Policy may be updated from time to time to take in consideration changes in policy, technology, and/or to ensure compliance with any legislative changes.