CITY HARVEST COMMUNITY SERVICES ASSOCIATION Data Protection Policy

1.    Introduction

1.1    City Harvest Community Services Association (“CHCSA”, “we”, “us” or “our”) takes the protection and proper use of your Personal Data seriously and are committed to protecting your Personal Data in our possession. We collect and process Personal Data in compliance with the Personal Data Protection Act (Act 26 of 2012) (the “PDPA”). The latest version of the PDPA is publicly accessible at the following URL: https://sso.agc.gov.sg/Act/PDPA2012.

1.2    This Policy applies to CHCSA, our initiatives and organisations that we may work with, both in official and unofficial capacities, in relation to the provision of services to you (our “Affiliated Organisations”), and sets out the processes and procedures in the handling of Personal Data (as defined under the PDPA) that we collect and hold, relating to our stakeholders, be it our members, clients, beneficiaries, volunteers, and all others who come into contact with us.

1.3    The following Policy is applicable to the use of the CHCSA website which may be accessed at the following URL: http://www.chcsa.org.sg/ (the “Website”).

2.     Personal Data

2.1    For the purposes of this Policy, “Personal Data” refers to all and any information relating to you and obtained by us, which we can use to identify or contact you, such as your name (first and last), home address, telephone number, religion, gender, race, language(s) spoken, emergency contact information, personal email address, date of birth, identification number (where required or allowed by law, or necessary), marital status, or the Personal Data of your family members, and any other information necessary to our purposes, which is voluntarily disclosed in the course of dealing with us.

2.2    We will treat your Personal Data as confidential and will accord the required level of care in accordance with our Policy and with the PDPA.

2.3    All your Personal Data will be stored on our servers in Singapore, or the servers of internet-based cloud service providers. We will not store or transmit your personal data overseas or to such cloud service providers unless the recipient is legally bound to protect your personal data by a standard at least as onerous as the standard prescribed by the PDPA.

3.     Information we collect

3.1    As a general rule, we will collect Personal Data directly or indirectly from you or your authorised representative with the appropriate consent from you, as required under the PDPA. 

3.2    The ways we collect information from you or your authorised representative include, but are not limited to the following:

  • When you sign up for or use our services.

  • When you are registered as a beneficiary/member with us.

  • When you are the Next-Of-Kin (NOK) or emergency contact of our beneficiary/member.

  • When you make a donation to us.

  • When you volunteer with us.

  • When you visit our premises.

  • When you contact us with your queries, requests or feedback.

  • When you attend an event organised by us (e.g. via registration for the event, or where photos and videos may be taken of you during the event).

  • When you apply for membership.

  • When you sign-up for newsletters or other communications with us.

  • When you submit your personal data for any other reason on your own initiative.

  • When you respond to our requests for Personal Data or otherwise.

3.3    From Cookies: A cookie is a small data file sent from a website to your browser that is stored on your device. Each website can send its own cookie to your browser if your browser's preferences allow it, but to protect your privacy your browser only permits a website to access the cookies it has already sent to you, and not the cookies sent to you by other sites. You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. (Each browser is different, so please check the "Help" menu of your browser to learn how to change your cookie preferences.)

 3.4    Information Collected by and From Affiliated Organisations: From time to time, we may collaborate with or utilise the services of our Affiliated Organisations in the provision of our services and may also receive Personal Data collected by those Affiliated Organisations in the course of the collaboration or performance of their services for us or otherwise. Where this is the case, we will select reliable third-parties and processing will be subject to written agreements between us and the third-parties processing the data. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process Personal Data with our specific written instructions. 

3.5    In the event that you provide us with any information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), you represent and warrant to us that you have sought for and obtained the consent of the relevant third party to provide us with their information for the respective purposes.

3.6    We reserve the right to collect your Personal Data without your consent only in accordance with the Second Schedule of the PDPA.

4.     How we use the information we collect

4.1    Depending on your relationship with us, we will generally use and/or process your Personal Data for various purposes, which include but are not limited to:

  • Verifying your identity and updating our records.

  • Developing, operating, improving, delivering and maintaining our services.

  • Providing a range of services (e.g. educational, medical, social) to you or to link you to our Affiliated Organisations or other service providers.

  • Conducting research and surveys in a community setting.

  • Sending you materials or updates relating to our events, activities or any services provided by us or our Affiliated Organisations.

  • Asking for and receiving payment from you.

  • Responding to your questions and resolving your complaints.

  • Publicising and promoting our events, activities, and services to the public-at-large by publishing on the Website or other promotional materials photographs and/ or videos that may be taken of you during events or activities organised by us or our Affiliated Organisations, or services delivered by us or our Affiliated Organisations.

  • Developing and training our staff, volunteers, and employees, and those of our Affiliated Organisations.

  • Carrying out polls, surveys, analysis, and research as well as soliciting feedback on how our services are being used and how we can improve them.

  • Furthering our services or those provided by our Affiliated Organisations by disclosing some but not all of your personal data (such as your name and email) (whether for no consideration or otherwise) to third-parties including government or public agencies, ministries, regulators, statutory boards, or similar authorities/agencies authorised to carry out specific government services or duties.

  • Performing such other functions or services as otherwise notified to you at the time.

4.2    We reserve the right to use your Personal Data without your consent only in accordance with the Third Schedule of the PDPA.

5.     Who we disclose your information to

5.1    We will not sell, trade or market your Personal Data with any other entity, or send mailings to you on behalf of other organisations unless you have given us specific permission to do so.

5.2    We may from time to time disclose your Personal Data to our Affiliated Organisations or other service providers as we deem necessary for the provision of smooth and effective provision of services to you. Notwithstanding the foregoing, we will not disclose your Personal Data to any other third-parties without first obtaining your consent except as otherwise required to facilitate your care or permitted by law, such as in the following circumstances:

  • In an emergency situation;

  • Where your Personal Data is publicly available data; and

  • For the purposes of contacting the Next-Of-Kin or emergency contact of any injured, ill, or deceased individual.

6.     Disclosure and transfer of information

6.1    By registering with us and/or using our services, you authorise us to use and disclose your information in Singapore, and transfer any of such information out of Singapore to other countries where we or our Affiliated Organisations or our/their respective service providers (including data storage service providers) operate for the purposes mentioned above in Section 4. We will at all times ensure that your information is transferred in accordance with this Policy and protected in accordance with any applicable laws on personal data protection (including, but not limited to, the PDPA).

7.     Protecting your Personal Data

7.1    The security of your information is of utmost importance to us. In connection with this, we have put in place security measures to protect your Personal Data from unauthorised access, use or disclosure and alteration of information under our control. 

7.2    Some of the measures we take to protect your Personal Data include:

  • Maintaining physical security over physical documents containing Personal Data such as by storing such physical documents in locked file cabinet systems.

  • Ensuring that any online documents are stored and secured on trusted third-party hosts.

  • Protecting our websites and other web applications which may be connected to any databases which contains your Personal Data.

  • Ensuring that our internal computer networks are secured by equipping them with securities devices or software such as firewalls and anti-malware applications.

  • Preventing users without proper clearance from accessing to the database and encrypting confidential or sensitive Personal Data.

  • Restricting employee access to physical or online documents containing Personal Data on a need-to-know basis.

  • Proper disposal of physical or online documents containing Personal Data that are no longer needed through shredding, deletion, reformatting or similar means.

  • Adhering to generally accepted industry standards to protect the information transmitted to us over the internet, both during transmission and upon receipt.

7.3    However, please note that no method of transmission over the internet, and/or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we are unable to guarantee its absolute security. 

7.4    In particular, please note that we may utilise third party software in connection with the provision of our services or our Website and is unable to bear any responsibility and/or liability for any loss, misuse and/or alteration of information which may result from the use of any such third-party software. Further, you should be aware that we have no control over the security of other sites on the internet that you may visit or interact with even when a link to any such third party site appears on our Website.

8.     Children/Minors

8.1    We are especially concerned with the privacy and safety of children/minors when they use the internet. 

8.2    Should a child or a minor below 18 years of age provide us with information, parental consent and/or legal guardian consent (as the case may be) must first be obtained before the collection of such information.

8.3    If a child or a minor provides us with information without the requisite parental consent and/or legal guardian consent, the parent or legal guardian (as the case may be) may notify us, and we will delete such information from our records. 

9.    Accessing and updating your information

9.1    Where you have provided Personal Data about yourself to us, the responsibility falls on you to provide us with accurate, not misleading, complete, and up-to-date information about yourself, and to update such Personal Data as and when such information becomes inaccurate, misleading, incomplete, or out-of-date.

9.2    In certain circumstances, it may be necessary for you to provide to us Personal Data about someone else. If this is the case, we rely on you to inform the said individual that you are providing his or her Personal Data to us, to obtain his or her consent to you providing us with his or her Personal Data, and to inform him or her about where he or she can find and obtain a copy of this Policy. It is important that he or she reads this Policy and agrees to the terms herein when giving his or her consent to the provision of his or her information to us.

9.3    In the event that you wish to:

      (a) apply for a copy of the information we possess about you; or

      (b) withdraw the consent you previously provided to us to use, collect, or disclose the information we hold about you,

Kindly contact our Personal Data Protection Officer whose contact details are set out in Section 12 below.

9.4    Please grant us a reasonable period of time to respond to any request received and to effect any requested changes. While processing your request, we may contact you to verify your identity and to ask for more information about your request. Where we are legally permitted to do so, we may refuse your request and may give you our reasons for doing so.

9.5    Where you have requested for a copy of the information we possess about you, we may charge you a reasonable administrative fee to cover the costs of responding to your request. If we decide to do so, we will provide you with a written estimate of such fee beforehand and obtain your consent to the fee before proceeding with your request.

10.    Legal Disclaimer

10.1    We may disclose Personal Data as and when required by law or on a good faith basis that such action is necessary in order to conform to the law or comply with any legal process served on us. Although we employ security precautions that we believe to be appropriate to protect your Personal Data, we do not guarantee that our security precautions will protect against, and we expressly disclaim any liability for, any loss, misuse, or alteration of your Personal Data.

11.     Changes to this Policy

11.1    We reserve the right to make changes to this Policy at any time and all changes that have been made will be published here. Please check back frequently to view any updates or changes that have been made to this Policy. 

11.2    If we are of the opinion that a proposed change to this Policy is material, we will notify you of such change by posting a notice on the Website or by way of email. Please note that it is your responsibility to review and take note of the changes which we make to this Policy. 

11.3    At all times, your continued use of our services constitutes your acceptance of the updated Policy, as the case may be.

12.    Contact us

12.1    If you have any questions, complaints, concerns or comments on our Policy, we welcome you to contact us by sending an email to info@chcsa.org.sg. In this regard, please include an appropriate subject header indicating what is the issue you are contacting us for, as this would assist us in attending to your email speedily by passing it on to the relevant staff in our organisation. For example, you could insert the subject header as "Accessing Personal Data".