METHODIST WELFARE SERVICES
DATA PROTECTION POLICY
The Personal Data Protection Act 2012 (the “PDPA”) establishes a general data protection law in Singapore which governs and regulates an organisation’s activities relating to the collection, use and disclosure of individuals’ personal data. The PDPA is intended to set the minimum standards that all organisations in Singapore must observe.
Methodist Welfare Services (“MWS”) takes its responsibility under the PDPA seriously.
This Data Protection Policy outlines how MWS collects, uses, discloses and manages the personal data you have provided to it, as well as to assist you in making an informed decision before providing MWS with any of your personal data.
1. INTRODUCTION TO THE PDPA
1.1 Personal data is defined widely under the PDPA to mean “any data about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.”
1.2 Examples of such personal data you may provide to us include personal particulars, medical records, educational records, financial records, pictures and videos, whether such data is stored in electronic or non-electronic form.
2. PURPOSES FOR COLLECTION, USE & DISCLOSURE OF PERSONAL DATA
2.1 MWS will collect your personal data in accordance with the PDPA. In general, before MWS collects any personal data from you, MWS will notify you of the purposes for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes.
2.2 Written parental/guardian consent will be required for the collection of personal data of persons (below the age of 16) or those with certified medical/mental conditions.
2.3 By providing personal data relating to a third party (e.g. information of your dependent, spouse, children and/or parents) to MWS, you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of the personal data for the purposes listed in paragraph 2.4 below.
2.4 The personal data which MWS collects may be collected and/or used for the following purposes:
(a) processing your application for clinical and/or social services;
(b) evaluating your suitability or eligibility for clinical and/or social services, e.g. the grant of financial or social assistance;
(c) seeking aids from governmental bodies or other voluntary welfare organisations such as financial subsidies or other social assistance;
(d) administering the provision of clinical and/or social services to you by MWS and/or managing your relationship with MWS;
(e) administering your donations and/or communications pertaining to your donations to MWS;
(f) administering your volunteer services and/or communications pertaining your volunteer services with MWS;
(g) communicating and updating you on other charity initiatives or related activities including soliciting donations and volunteers for activities or programmes organised by MWS or other charitable organisations;
(h) MWS’ publications and materials including but not limited to MWS Annual Report, MWS Uncommon Voices and MWS brochures, posters, and banners;
(i) MWS’ publicity and fundraising initiatives including but not limited to disclosures in/on MWS’ letters, electronic mailers, Facebook, website, and events; and/or
(j) as required by laws and regulations.
2.5 In connection with the purposes set out in paragraph 2.4 above, your personal data may/will be disclosed by MWS to persons including social workers, hospitals, governmental bodies and/or other voluntary welfare organisations.
2.6 Please note that MWS may collect, use or disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
(a) it is necessary for any purpose that is clearly in your interest and consent cannot be obtained in a timely way;
(b) it is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(c) it is necessary in the national interest;
(d) the personal data is publicly available;
(e) it is necessary for any investigation or proceedings; and
(f) it is required based on the applicable laws and/or regulations.
2.7 The instances listed above at paragraph 2.6 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the PDPA Act 2012 which is publicly available at https://sso.agc.gov.sg/Act/PDPA2012.
2.8 Where a free decision to opt in to a process or situation where the collection or use of personal data can be reasonably expected, then implied permission can be assumed. Situations where implied consent may be applied:
⦁ Online applications (if applicable when applications or admissions are submitted for services provided by MWS)
⦁ Course/Conference/Webinar sign-up (including recordings of the Course/ Conference/ Webinar)
⦁ Events sign-up (either displayed at entrance or event confirmation emails to cover the taking and use of photos and videos of the event)
⦁ Centres – CCTV recordings
3. DATA SECURITY
3.1 MWS undertake to implement appropriate security measures to protect collected personal data against accidental or unlawful destruction or accidental loss, altercation, unauthorised disclosure or access, in particular when the processing of data involves the transmission or storage on or within a network.
3.2 Security measures include:
(a) Industry standard firewall or other network security features;
(b) Clear guidelines for staff on the device and network security expectations placed on them;
(c) Robust data backup and recovery process;
(d) Security audits of online systems;
3.3 MWS undertake to notify data subjects about any accidental or unauthorised access of their data that may lead to significant damage or harm to the individual, and/or are of significant scale, we are required to notify PDPC and the affected individuals as soon as practicable.
4. REQUEST FOR ACCESS, CORRECTION AND/OR WITHDRAWAL OF DATA
4.1 You may request to access and/or correct your personal data currently in MWS’s possession or withdraw your consent for the collection, use and/or disclosure of your personal data at any time by submitting your request through the following methods:
(a) written request by electronic email to : firstname.lastname@example.org
(b) verbal request by contacting MWS at : +65 6478 4700
(c) written letter delivered to : Methodist Welfare Services, 70 Barker Road #05-01, Singapore 309936
4.2 Where a request to access personal data has been made, MWS will, as soon as reasonably possible, provide you with your personal data which is in the possession or control of MWS and information about the ways in which your personal data has been used or disclosed by MWS within a year from the date of the request.
4.3 Where a request to correct personal data has been made, MWS will correct the error or omission in your personal data as soon as practicable after the request has been made. MWS will send the corrected personal data to every other organisation to which the personal data was disclosed by MWS within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose, or if you so consent, only to specific organisations to which the personal data was disclosed by MWS within a year before the date the correction was made.
4.4 Where a request to withdraw consent has been made, MWS will process your request within a reasonable time from such a request. MWS will inform you of the likely consequences of withdrawal of your consent.
5. ACCURACY OBLIGATION
5.1 You shall ensure that at all times the information provided by you to MWS is correct, accurate and complete. Please inform MWS as soon as possible of any changes in the personal data. MWS will ensure that personal data is updated and amended when requested.
6. PROTECTION OBLIGATION
6.1 MWS will protect your personal data by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risk.
6.2 MWS will adopt the following measures to fulfill this obligation:
(a) staff working areas must be secure. Access to work areas must be limited by appropriate security measures. Access to office equipment containing personal data must be password protected;
(b) requiring employees to be bound by confidentiality obligations in their employment agreements; and
(c) to provide training for staff on the PDPA to equip them with the knowledge and basic skills to ensure PDPA compliance; and conducting regular training sessions for staff to impart good practices in handling personal data.
7. RETENTION LIMITATION OBLIGATION
MWS will not retain any documents containing personal data if it is reasonable to assume that the purpose for which that data was collected is no longer being served or that retention is no longer needed for legal or business purposes.
8. TRANSFER LIMITATION OBLIGATION
Where personal data is transferred overseas, MWS will ensure that such transfer is in compliance with the PDPA.
9. OPENNESS OBLIGATION
9.1 MWS has appointed a Data Protection Officer (the “DPO”) to oversee management of personal data in accordance with the PDPA. If you, at any time, have any queries on this policy or any other queries in relation to how MWS may manage, protect and/or process your personal data, please do not hesitate to contact the DPO at :
Email address: email@example.com
Telephone number: +65 6478-4700
9.2 MWS may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with any future developments and/or any changes in legal or regulatory requirements.
Updated : 1 April 2021