CITY HARVEST COMMUNITY SERVICES ASSOCIATION Data Protection Policy

城市丰收关怀服务社资料保护政策

1.    Introduction

1.1    City Harvest Community Services Association (“CHCSA”, “we”, “us” or “our”) takes the protection and proper use of your Personal Data seriously and are committed to protecting your Personal Data in our possession. We collect and process Personal Data in compliance with the Personal Data Protection Act (Act 26 of 2012) (the “PDPA”). The latest version of the PDPA is publicly accessible at the following URL: https://sso.agc.gov.sg/Act/PDPA2012.

1.2    This Policy applies to CHCSA, our initiatives and organisations that we may work with, both in official and unofficial capacities, in relation to the provision of services to you (our “Affiliated Organisations”), and sets out the processes and procedures in the handling of Personal Data (as defined under the PDPA) that we collect and hold, relating to our stakeholders, be it our members, clients, beneficiaries, volunteers, and all others who come into contact with us.

1.3    The following Policy is applicable to the use of the CHCSA website which may be accessed at the following URL: http://www.chcsa.org.sg/ (the “Website”).

2.     Personal Data

2.1    For the purposes of this Policy, “Personal Data” refers to all and any information relating to you and obtained by us, which we can use to identify or contact you, such as your name (first and last), home address, telephone number, religion, gender, race, language(s) spoken, emergency contact information, personal email address, date of birth, identification number (where required or allowed by law, or necessary), marital status, or the Personal Data of your family members, and any other information necessary to our purposes, which is voluntarily disclosed in the course of dealing with us.

2.2    We will treat your Personal Data as confidential and will accord the required level of care in accordance with our Policy and with the PDPA.

2.3    All your Personal Data will be stored on our servers in Singapore, or the servers of internet-based cloud service providers. We will not store or transmit your personal data overseas or to such cloud service providers unless the recipient is legally bound to protect your personal data by a standard at least as onerous as the standard prescribed by the PDPA.

3.     Information we collect

3.1    As a general rule, we will collect Personal Data directly or indirectly from you or your authorised representative with the appropriate consent from you, as required under the PDPA. 

3.2    The ways we collect information from you or your authorised representative include, but are not limited to the following:

  • When you sign up for or use our services.

  • When you are registered as a beneficiary/member with us.

  • When you are the Next-Of-Kin (NOK) or emergency contact of our beneficiary/member.

  • When you make a donation to us.

  • When you volunteer with us.

  • When you visit our premises.

  • When you contact us with your queries, requests or feedback.

  • When you attend an event organised by us (e.g. via registration for the event, or where photos and videos may be taken of you during the event).

  • When you apply for membership.

  • When you sign-up for newsletters or other communications with us.

  • When you submit your personal data for any other reason on your own initiative.

  • When you respond to our requests for Personal Data or otherwise.

3.3    From Cookies: A cookie is a small data file sent from a website to your browser that is stored on your device. Each website can send its own cookie to your browser if your browser's preferences allow it, but to protect your privacy your browser only permits a website to access the cookies it has already sent to you, and not the cookies sent to you by other sites. You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. (Each browser is different, so please check the "Help" menu of your browser to learn how to change your cookie preferences.)

 3.4    Information Collected by and From Affiliated Organisations: From time to time, we may collaborate with or utilise the services of our Affiliated Organisations in the provision of our services and may also receive Personal Data collected by those Affiliated Organisations in the course of the collaboration or performance of their services for us or otherwise. Where this is the case, we will select reliable third-parties and processing will be subject to written agreements between us and the third-parties processing the data. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process Personal Data with our specific written instructions. 

3.5    In the event that you provide us with any information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), you represent and warrant to us that you have sought for and obtained the consent of the relevant third party to provide us with their information for the respective purposes.

3.6    We reserve the right to collect your Personal Data without your consent only in accordance with the Second Schedule of the PDPA.

4.     How we use the information we collect

4.1    Depending on your relationship with us, we will generally use and/or process your Personal Data for various purposes, which include but are not limited to:

  • Verifying your identity and updating our records.

  • Developing, operating, improving, delivering and maintaining our services.

  • Providing a range of services (e.g. educational, medical, social) to you or to link you to our Affiliated Organisations or other service providers.

  • Conducting research and surveys in a community setting.

  • Sending you materials or updates relating to our events, activities or any services provided by us or our Affiliated Organisations.

  • Asking for and receiving payment from you.

  • Responding to your questions and resolving your complaints.

  • Publicising and promoting our events, activities, and services to the public-at-large by publishing on the Website or other promotional materials photographs and/ or videos that may be taken of you during events or activities organised by us or our Affiliated Organisations, or services delivered by us or our Affiliated Organisations.

  • Developing and training our staff, volunteers, and employees, and those of our Affiliated Organisations.

  • Carrying out polls, surveys, analysis, and research as well as soliciting feedback on how our services are being used and how we can improve them.

  • Furthering our services or those provided by our Affiliated Organisations by disclosing some but not all of your personal data (such as your name and email) (whether for no consideration or otherwise) to third-parties including government or public agencies, ministries, regulators, statutory boards, or similar authorities/agencies authorised to carry out specific government services or duties.

  • Performing such other functions or services as otherwise notified to you at the time.

4.2    We reserve the right to use your Personal Data without your consent only in accordance with the Third Schedule of the PDPA.

5.     Who we disclose your information to

5.1    We will not sell, trade or market your Personal Data with any other entity, or send mailings to you on behalf of other organisations unless you have given us specific permission to do so.

5.2    We may from time to time disclose your Personal Data to our Affiliated Organisations or other service providers as we deem necessary for the provision of smooth and effective provision of services to you. Notwithstanding the foregoing, we will not disclose your Personal Data to any other third-parties without first obtaining your consent except as otherwise required to facilitate your care or permitted by law, such as in the following circumstances:

  • In an emergency situation;

  • Where your Personal Data is publicly available data; and

  • For the purposes of contacting the Next-Of-Kin or emergency contact of any injured, ill, or deceased individual.

6.     Disclosure and transfer of information

6.1    By registering with us and/or using our services, you authorise us to use and disclose your information in Singapore, and transfer any of such information out of Singapore to other countries where we or our Affiliated Organisations or our/their respective service providers (including data storage service providers) operate for the purposes mentioned above in Section 4. We will at all times ensure that your information is transferred in accordance with this Policy and protected in accordance with any applicable laws on personal data protection (including, but not limited to, the PDPA).

7.     Protecting your Personal Data

7.1    The security of your information is of utmost importance to us. In connection with this, we have put in place security measures to protect your Personal Data from unauthorised access, use or disclosure and alteration of information under our control. 

7.2    Some of the measures we take to protect your Personal Data include:

  • Maintaining physical security over physical documents containing Personal Data such as by storing such physical documents in locked file cabinet systems.

  • Ensuring that any online documents are stored and secured on trusted third-party hosts.

  • Protecting our websites and other web applications which may be connected to any databases which contains your Personal Data.

  • Ensuring that our internal computer networks are secured by equipping them with securities devices or software such as firewalls and anti-malware applications.

  • Preventing users without proper clearance from accessing to the database and encrypting confidential or sensitive Personal Data.

  • Restricting employee access to physical or online documents containing Personal Data on a need-to-know basis.

  • Proper disposal of physical or online documents containing Personal Data that are no longer needed through shredding, deletion, reformatting or similar means.

  • Adhering to generally accepted industry standards to protect the information transmitted to us over the internet, both during transmission and upon receipt.

7.3    However, please note that no method of transmission over the internet, and/or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we are unable to guarantee its absolute security. 

7.4    In particular, please note that we may utilise third party software in connection with the provision of our services or our Website and is unable to bear any responsibility and/or liability for any loss, misuse and/or alteration of information which may result from the use of any such third-party software. Further, you should be aware that we have no control over the security of other sites on the internet that you may visit or interact with even when a link to any such third party site appears on our Website.

8.     Children/Minors

8.1    We are especially concerned with the privacy and safety of children/minors when they use the internet. 

8.2    Should a child or a minor below 18 years of age provide us with information, parental consent and/or legal guardian consent (as the case may be) must first be obtained before the collection of such information.

8.3    If a child or a minor provides us with information without the requisite parental consent and/or legal guardian consent, the parent or legal guardian (as the case may be) may notify us, and we will delete such information from our records. 

9.    Accessing and updating your information

9.1    Where you have provided Personal Data about yourself to us, the responsibility falls on you to provide us with accurate, not misleading, complete, and up-to-date information about yourself, and to update such Personal Data as and when such information becomes inaccurate, misleading, incomplete, or out-of-date.

9.2    In certain circumstances, it may be necessary for you to provide to us Personal Data about someone else. If this is the case, we rely on you to inform the said individual that you are providing his or her Personal Data to us, to obtain his or her consent to you providing us with his or her Personal Data, and to inform him or her about where he or she can find and obtain a copy of this Policy. It is important that he or she reads this Policy and agrees to the terms herein when giving his or her consent to the provision of his or her information to us.

9.3    In the event that you wish to:

      (a) apply for a copy of the information we possess about you; or

      (b) withdraw the consent you previously provided to us to use, collect, or disclose the information we hold about you,

Kindly contact our Personal Data Protection Officer whose contact details are set out in Section 12 below.

9.4    Please grant us a reasonable period of time to respond to any request received and to effect any requested changes. While processing your request, we may contact you to verify your identity and to ask for more information about your request. Where we are legally permitted to do so, we may refuse your request and may give you our reasons for doing so.

9.5    Where you have requested for a copy of the information we possess about you, we may charge you a reasonable administrative fee to cover the costs of responding to your request. If we decide to do so, we will provide you with a written estimate of such fee beforehand and obtain your consent to the fee before proceeding with your request.

10.    Legal Disclaimer

10.1    We may disclose Personal Data as and when required by law or on a good faith basis that such action is necessary in order to conform to the law or comply with any legal process served on us. Although we employ security precautions that we believe to be appropriate to protect your Personal Data, we do not guarantee that our security precautions will protect against, and we expressly disclaim any liability for, any loss, misuse, or alteration of your Personal Data.

11.     Changes to this Policy

11.1    We reserve the right to make changes to this Policy at any time and all changes that have been made will be published here. Please check back frequently to view any updates or changes that have been made to this Policy. 

11.2    If we are of the opinion that a proposed change to this Policy is material, we will notify you of such change by posting a notice on the Website or by way of email. Please note that it is your responsibility to review and take note of the changes which we make to this Policy. 

11.3    At all times, your continued use of our services constitutes your acceptance of the updated Policy, as the case may be.

12.    Contact us

12.1    If you have any questions, complaints, concerns or comments on our Policy, we welcome you to contact us by sending an email to info@chcsa.org.sg. In this regard, please include an appropriate subject header indicating what is the issue you are contacting us for, as this would assist us in attending to your email speedily by passing it on to the relevant staff in our organisation. For example, you could insert the subject header as "Accessing Personal Data".

 

1.     简介

1.1    城市丰收关怀服务社(City Harvest Community Services Association)(“CHCSA”、“我们”或“我们的”)非常重视保护和正确使用您的个人资料,并承诺保护我们所拥有的您的个人资料。我们根据《个人资料保护法》(2012年第26号)收集和处理个人资料。最新版本的《个人资料保护法》可在以下网址公开获取:https://sso.agc.gov.sg/Act/PDPA2012。

1.2    本政策适用于CHCSA,我们以官方和非官方身份合作的措施和组织(我们的“分支机构”)向您提供服务,并列出处理我们所收集并持有的有关我们的利益相关者(无论是我们的会员、客户、受益人、志愿者和所有与我们接触的人)的个人资料(根据《个人资料保护法》定义)的过程和程序。

1.3    以下政策适用于使用CHCSA网站,网址为http://www.chcsa.org.sg/(以下简称“网站”)。 

2.     个人资料 

2.1    就本政策而言,“个人资料”是指我们获得的所有和任何与您有关的信息,我们可以利用这些信息来识别或联系您,例如您的姓名(名字和姓氏)、家庭住址、电话号码、宗教信仰、性别、种族、语言、紧急联络资料、个人电子邮件地址、出生日期、身份证号码(如法律规定或允许或必要)、婚姻状况或您的家庭成员的个人资料,以及在我们处理过程中自愿披露的任何其他必要资料。

2.2    我们将把您的个人资料视为机密资料,并根据《个人资料保护法》和我们的政策给予必要的保密水平。

2.3    您所有的个人资料将被存储在我们在新加坡的服务器上,或者基于互联网的云服务提供商的服务器上。我们不会将您的个人资料存储或传输到海外或云服务提供商,除非接收方在法律上有义务保护您的个人资料的标准至少与《个人资料保护法》规定的标准一样严格。

3.     我们所收集的信息 

3.1    作为一般规则,根据《个人资料保护法》规定,我们将在征得您的适当同意后,直接或间接向您或您的授权代表收集您的个人资料。 

3.2    我们向您或您的授权代表收集信息的方式包括但不限于以下情况:

  • 在您注册或使用我们的服务时。

  • 在您注册为我们的受益人/会员时。

  • 在您是我们的受益人/会员的直系亲属或紧急联系人时。

  • 在您捐款给我们时。

  • 在您是我们的志愿者时。

  • 在您到访我们的场所时。

  • 在您有疑问、要求或反馈而与我们联系时。

  • 在您参加我们举办的活动时(例如通过注册参加活动,或我们可能会在活动期间拍摄您的照片和视频)。

  • 在您申请会员资格时。

  • 在您向我们订阅时事通讯或其他通信时。

  • 在您出于任何其他原因而自行提交您的个人资料时。

  • 在您回应我们对您的个人资料或其他的要求时。

3.3    Cookie:Cookie是一种从网站发送到您的浏览器,并存储在您的设备上的小型资料文件。如果您的浏览器的首选项允许,每个网站都可以将自己的Cookie发送到您的浏览器,但为了保护您的隐私,您的浏览器只允许网站使用它给您发来的Cookie,而不是其他网站发来的。您可以将浏览器配置为接受所有Cookie、拒绝所有Cookie或发送Cookie时通知您。(每种浏览器都是不同的,因此请查看浏览器的“帮助”菜单以了解如何更改您的Cookie首选项。)

 3.4    由及向分支机构收集的信息:我们可能会不时地与我们的分支机构合作或利用其服务提供我们的服务,也可能会在合作或这些分支机构为我们履行服务或其他的过程中接受它们所收集的个人资料。在这种情况下,我们将选择可靠的第三方,处理将受我们与处理资料的第三方之间的书面协议所规限。这些书面协议规定各方的权利和义务,并规定第三方实施适当的安全措施,并且只按照我们的具体书面指示处理个人资料。 

3.5    如果您向我们提供任何有关第三方的信息(例如您的配偶、子女、父母和/或雇员的信息),您向我们声明并保证您已经寻求并获得相关第三方的同意向我们提供相关信息。

3.6    我们保留只根据《个人资料保护法》附表2,在未经您同意的情况下收集您的个人资料的权利。

4.     我们如何使用我们所收集的信息

4.1    依您与我们的关系而定,我们一般会为各种目的使用和/或处理您的个人资料,其中包括但不限于:

  • 验证您的身份并更新我们的记录。

  • 开发、运营、改善、交付和维护我们的服务。

  • 为您提供各种服务(例如教育、医疗、社交)或将您连接到我们的分支机构或其他服务提供商。

  • 在社区范围内进行研究和调查。

  • 向您发送有关我们的活动,或者我们或我们的分支机构提供的任何服务的材料或更新。

  • 向您要求并收取付款。

  • 回应您的问题并解决您的投诉。

  • 通过在我们网站或其他宣传材料上发布,在我们或我们的分支机构举办的活动期间可能会拍摄您的照片和/或视频,或我们或我们的分支机构提供的服务,向公众宣传和推广我们的活动和服务。

  • 开发和培训我们及我们的分支机构的职员、志愿者和员工。

  • 进行民意调查、调查、分析和研究,并就如何使用我们的服务以及如何改进征求意见。

  • 通过向第三方(包括政府或公共机构、部门、监管机构、法定机构或获授权执行特定政府服务或职责的类似机构)披露您的部分而非全部的个人资料(例如您的姓名和电子邮件),进一步提供我们的服务或我们的分支机构所提供的服务。

  • 执行当时另行通知您的其他功能或服务。

4.2    我们保留只根据《个人资料保护法》附表3,在未经您同意的情况下使用您的个人资料的权利。

5.     我们会向何人披露您的信息

5.1    除非经您特别允许,否则我们不会将您的个人资料出售、交易或推销给任何其他实体,也不会代表其他机构向您发送邮件。

5.2    我们可能会不时将您的个人资料披露给我们的分支机构或其他服务供应商,因为我们认为这是为您顺利有效提供服务所必需的。尽管有上述规定,除非为方便您保密或法律许可,否则在没有事先获得您的同意的情况下,我们不会将您的个人资料披露给任何其他第三方,例如在以下情况下:

  • 在紧急情况下;

  • 若您的个人资料是可公开获得的资料;

  • 为了与任何受伤、生病或死亡的个人的直系亲属联系或紧急联系的目的。

6.     披露和传递信息

6.1    向我们注册和/或使用我们的服务,即表示您授权我们可在新加坡使用和披露您的信息,并将任何此类信息从新加坡转移到我们或我们的分支机构或我们/他们各自的服务提供商(包括资料存储服务提供商)为上文第4部分中提到的目的而运营的其他国家。我们将始终确保您的信息根据本政策进行传输,并根据任何适用的个人资料保护法(包括但不限于新加坡《个人资料保护法》)受到保护。

7.     保护您的个人资料

7.1    您的信息安全对我们至关重要。在这方面,我们实施安全措施,以保护您的个人资料免受未经授权的访问、使用、披露和变更在我们控制之下的信息。 

7.2    我们采取的一些措施来保护您的个人资料,包括:

  • 维持含有个人资料的有形文件的实体安全,例如将这些有形文件存储在锁定的文件柜系统中。

  • 确保任何在线文件存储并在可信任的第三方主机上受到保障。

  • 保护我们的网站和其他可能连接到任何含有您的个人资料的资料库的网络应用程序。

  • 确保我们的内部电脑网络通过配备安全设备或软件(如防火墙和反恶意软件应用程序)来保证安全。

  • 防止未经适当许可的用户访问资料库和加密机密或敏感的个人资料。

  • 限制员工基于“有必要知晓”原则访问含有个人资料的有形文件或在线文件。

  • 妥善处置含有个人资料的有形文件或在线文件,将这些不再需要的文件切碎、删除、重新格式化或类似手段。

  • 遵守普遍接受的行业标准,保护通过互联网传输给我们的信息,无论是在传输过程中或是在接收时。

7.3    然而,请注意,没有任何一种互联网传输和/或电子存储方法是100%安全的。因此,虽然我们努力采用商业可接受的手段保护您的个人信息,但是我们不能保证绝对安全。

7.4    尤其是,请注意我们可能会利用与提供我们的服务或我们的网站有关的第三方软件,并且不承担使用任何此类第三方软件导致的任何信息丢失、误用和/或更改的任何责任和/或赔偿责任。此外,您应该知道,即使在我们的网站上出现任何此类第三方网站的链接,我们也无法控制您可能访问或与之互动的其他网站的安全性。

8.     儿童/未成年人

8.1    我们特别关心儿童/未成年人使用互联网的隐私和安全。

8.2    如果18岁以下的儿童或未成年人向我们提供信息,在收集此类信息之前,必须首先获得父母同意和/或法定监护人的同意(视情况而定)。

8.3    如果儿童或未成年人在没有获得父母的必要同意和/或法定监护人的同意的情况下向我们提供信息,则其父母或法定监护人(视情况而定)可能会通知我们,我们将从我们的记录中删除这些信息。

9.    访问和更新您的信息

9.1    如果您向我们提供有关您自己的个人资料,则您有责任向我们提供有关您自己的准确、无误导性、完整和最新的资料,并在此类资料变成不准确,具误导性、不完整或过时的资料时,更新此类个人资料。

9.2    在某些情况下,您可能需要向我们提供有关其他人的个人资料。如果是这种情况,我们依靠您通知所述个人您正在向我们提供他或她的个人资料,以征得他或她的同意,向我们提供他或她的个人资料,并通知他或她在何处可以找到并获得本政策的副本。在同意向我们提供他/她的信息时,他/她已阅读本政策并同意本文中的条款,这一点非常重要。

9.3    如果您希望:

         (a)   申请我们拥有的关于您的信息的副本;或

         (b)   撤回您以前同意提供给我们使用、收集或披露我们持有的关于您的信息,

请联络我们的个人资料保护主任,其联络资料载于下文第12条。

9.4    请给予我们一段合理的时间来回应所收到的任何请求,并实施所要求的更改。在处理您的请求时,我们可能会联系您,以验证您的身份,并要求提供更多关于您的请求的信息。在法律允许的情况下,我们可能会拒绝您的要求,并向您解释原因。

9.5    如果您要求提供我们拥有的关于您的信息的副本,我们将向您收取回应您的请求的合理管理费。如果我们决定这样做,我们会事先向您提供此类费用的书面估计,并在继续处理您的请求之前征得您的同意。

10.    免责声明

10.1    我们可能会在法律要求的情况下或者在真诚的基础上披露个人资料,以确保遵守法律或遵循要求我们履行的法律程序。尽管我们采取我们认为适合保护您的个人资料的安全防范措施,但我们不能保证我们的安全防范措施可保护您的个人资料免遭丢失、误用或篡改,并且我们明确表示不承担任何责任。

11.     本政策的变更

11.1    我们保留随时对本政策进行修改的权利,所有已经做出的更改将在本网页上公布。请时常查看,以查看对本政策所做的任何更新或更改。

11.2    如果我们认为对本政策的拟议修改是重要的,我们会通过在网站上发布通知或通过电子邮件的方式通知您。请注意,您有责任审查并注意我们对本政策所做的更改。 

11.3    在任何情况下,您继续使用我们的服务,即表示您接受更新后的政策(视情况而定)。

12.    联系我们

12.1    如果您对我们的政策有任何问题、投诉、担忧或意见,欢迎您通过发送电子邮件至info@chcsa.org.sg与我们联系。在这方面,请包括一个适当的主题标题,说明您与我们联系的问题是什么,因为这样可以帮助我们快速地将您的电子邮件传递给本组织的相关员工。例如,您可以插入“访问个人资料”作为主题标题。