Parish of Christ Church - Personal Data Protection Policy

Introduction

1.Parish of Christ Church recognises the importance of safeguarding personal data when dealing with information relating to its members, worshippers at its services, attendees of its programs, visitors and staff, and therefore is committed to fully implementing and complying with the provisions of the Personal Data Protection Act 2012 (the “Act”). Parish of Christ Church’s Personal Data Protection Policy set out here explains the procedures and systems in place to comply with the Act (the “Policy”), in respect of personal data as defined under the Act.

Purposes for the Collection, Use and Disclosure of Personal Data

2. Parish of Christ Church receives or collects the personal data of its members, worshippers at its services, attendees of its activities and programs, visitors and staff for purposes reasonably required by it as a place of worship with its attendant activities and programs.

3. These purposes include the following, whether within or outside Singapore:-
(a) operational planning and implementation of activities and programs such as bible teaching, family life ministry, fellowship and discipleship;
(b) communication of activities, programs and other church-related information including church bulletin and other publications;
(c) maintenance of records such as membership, participants of activities and programs, baptism, marriage, birth, death and financial pledges and giving;
(d) management and administration of employment relationships with staff such as work-related dealings, evaluation of performance, crediting salaries, administering staff benefit schemes and conducting audits on finance claims;
(e) reporting and sharing of information within the Diocese of Singapore including amongst her Parish of Christ Church of Christ Churches in furtherance of her religious objectives; and
(f) such other purposes as may reasonably be appropriate in the circumstances of the collection of personal data.

4. Parish of Christ Church will not use the personal data for any purpose other than that for which it was collected. Should Parish of Christ Church require any personal data in its possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought in order to use the data for that new purpose.

5. In the course of processing personal data for the above purposes, Parish of Christ Church may disclose such personal data to third parties within or outside Singapore. These third parties include:-
(a) governmental organisations or authorities to whom Parish of Christ Church is required by law to disclose the data;
(b) individuals who are legally entitled to the data;
(c) third parties who require the data in order to process and operate programs in which an individual intends to participate;
(d) third parties who provide Parish of Christ Church with data processing, administration, health, insurance or legal services, or other professional or management services; and
(e) such other persons as may reasonably be appropriate in the circumstances of the collection of personal data.

6.Disclosure to third parties outside Singapore shall only be to organisations that are required or undertake to process the data with a comparable level of data protection as that required under Singapore law.

Minors below 13

7. Parish of Christ Church shall not collect, use or disclose personal data of persons below the age of thirteen (13) for any purpose unless written parental or guardian consent has been given for such purpose.

Withdrawal of consent

Should you wish to withdraw or limit your consent to Parish of Christ Church’s collection, use and disclosure of your personal data, please write in with full particulars to our Data Protection Officer (“DPO”) using the contact details provided in paragraph 19 below.

Confidentiality

9. Any personal data collected by Parish of Christ Church shall be accessible by employee(s) of Parish to serve the purpose for which the data was collected. Such employee(s) shall observe strict confidentiality at all times.

10. In the event personal data is disclosed to third parties, such third parties will be required to sign an agreement requiring them to observe confidentiality at all times and to use the personal data only for the purpose for which it was disclosed to them.

Parish of Christ Church respects your personal data and privacy, and will only use and disclose your personal data in accordance with the legal requirements. If you wish to withdraw or limit your consent, please write to our Data Protection Officer at the address

Data Protection Officer

11. Parish of Christ Church has designated a DPO to deal with day-to-day data protection matters and complaints, encourage good data handling practices and ensure that Parish of Christ Church complies with the Act and implements the Policy. If you have any questions, complaints or concerns, please contact the DPO using the contact details provided in paragraph 19 below.

Accuracy

12. Parish of Christ Church endeavours to take all reasonable steps to ensure that personal data in its possession or under its control is accurate, up-to-date, and complete. If there is any error or omission in the personal data you have provided to Parish of Christ Church, please write in to our DPO with the necessary details for correction of your data. If any personal data you have provided to Parish of Christ Church becomes inaccurate, please contact our DPO to update your data.

Access

13. Should you wish to access any personal data collected by Parish of Christ Church or understand how such data has been used or disclosed, please write in to our DPO with your request. The DPO will provide you with the requested information within a reasonable time, after verification of your identity. Kindly note that Parish of Christ Church reserves the right to charge a reasonable administrative fee not exceeding SGD100 for responding to any such requests.

Retention

14. Parish of Christ Church will retain personal data for as long as it is necessary to serve the purpose for which it has been collected. Once the data in [Parish of Christ Church’s] possession is no longer necessary to serve the purpose for which it was collected, the data will be destroyed or anonymised in a secure manner.

Protection

15. Parish of Christ Church endeavours to maintain all personal data in its possession or under its control securely. To this effect, Parish of Christ Church has put in place measures to ensure the protection of data in its possession against unauthorised access, collection, use, disclosure, copying, modification, disposal or other risks.

Transfer

16. Parish of Christ Church shall not transfer any personal data in its possession to any parties outside Singapore except as specified in this Policy. Any outside party to which Parish of Christ Church intends to transfer data in its possession must have protections equivalent to those provided for in the Act.

Complaints

17. If an individual feels that his data has been erroneously or improperly handled by Parish of Christ Church, he may lodge a complaint in writing by post with the DPO. Once a complaint has been received, the DPO will acknowledge receipt of the same in writing by post, and will contact the relevant departments to investigate the complaint.

18. The outcome of the investigation will be communicated by the DPO to the complainant in writing by post, notifying him of the outcome.

Enquiries

19. Parish of Christ Church is committed to protecting the privacy and personal data of its members, worshippers at its services, attendees of its programs, visitors and staff. For enquiries about Parish of Christ Church’s Policy, please write to the DPO at the following address:- Parish of Christ Church, Data Protection Officer (DPO) No.1 Dorset Road, Singapore 219486 or Email to dpo@christchurch.org.sg

Updating the Policy

20. This Policy may be updated from time to time to take account of changes in policy, technology, and/or to ensure compliance with any legislative changes.