Personal data collected is on a voluntary basis
Lutheran Church in Singapore (Including her local congregations) (“LCS”) is committed to compliance of the Personal Data Protection Act (the “PDPA”) in the collection, use and disclosure of personal data.
This Personal Data Protection Policy (the “Policy”) contains policies and practices adopted by LCS in the collection, use and disclosure of personal data.
Personal data means data, whether true or not, about an individual who can be identified either from that data and or from other information to which JCC has or is likely to have access. Personal data includes, but is not limited to the following:
- NRIC/FIN (Foreign Identification Number)/Passport number;
- Residential address;
- Date of birth;
- Marital status;
- Contact particulars such as personal telephone numbers and personal email address;
- Financial information such as bank account or credit/debit numbers;
- Photograph and video image.
- Medical Records
JCC respects the privacy and confidentiality of individuals.
2. Purposes for collection, use and disclosure of personal data
JCC collects, uses and discloses personal data for purposes which may include, but are not limited to, the following:
- Planning, organising and conducting of church services, events, activities, seminars, courses and programmes;
- Administration and management of church operations, processes, functions or other internal matters as the case may be, including but not limited to record keeping;
- Pastoral care, mentoring and follow up of members or other individuals where applicable;
- Providing services to one or more individuals, a community or the general public;
- Internal and external communications and publications;
- For the purposes of the JCC’s ministries, which include but not limited to the following carried out by JCC’s staff, leaders or volunteers:
- Addressing an individual at JCC events or activities to welcome that individual;
- Communicating with an individual in the manner set out in this clause;
- Visitations of the individual;
- Meeting and interacting with the individual; and
- Conducting ceremonies such as weddings, house blessings and funerals;
- Transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
- Communication with any individual in respect of:
- any of the matters set out in this clause;
- the individual’s membership with JCC;
- any request or query by the individual;
- any complaints;
- any matters by reason of the individual being reasonably associated with, affiliated with or connected to JCC; or
- any other matters in respect of which it is reasonably necessary for JCC to communicate with the individual;
whereby such communication may take the form of email, letter, fax, voice call, SMS and any other message receivable on a mobile phone, a computer or an electronic gadget (e.g., messages via WhatsApp, Line, WeChat, Viber, Skype, Facebook messenger, etc.).
3. Collection of personal data
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
JCC will collect personal data that is reasonably necessary to fulfil the purposes for which the personal data is collected.
- Personal data will be collected by reasonable and lawful means, without intentionally misleading or deceiving individuals as to the purposes for collection of personal data about them.
- The manners in which JCC may collect personal data include but are not limited to the following:
- Application form, whether online and in hard copy, submitted by an individual to JCC, such as membership application form or other forms relating to events and activities organised or managed by JCC;
- Where an individual contacts staff or representatives of JCC to make enquiries on or in relation to pastoral care, mentoring, follow up, life groups, services or any events, activities, courses or programs organised, conducted or managed by JCC, whether such inquiries are in writing or verbally;
- Where an individual attends at or writes in to the Church Office for the purpose of making enquiries or to make requests relating to pastoral care, mentoring, follow up, life groups, services or any events, activities, courses or programs organised, conducted or managed by JCC;
- Where an individual makes a donation to JCC;
- Where an individual makes a request to JCC to contact that individual for any purpose;
- Where an individual submits that individual’s personal data for the purposes of employment;
- Where an individual submits that individual’s personal data for the purpose of volunteering at LCS’ events, activities, programmes or courses;
- Where an individual submits that individual’s personal data for the purposes of membership.
4. Disclosure of personal data
We may disclose your personal data:
- where such disclosure is required for, or in connection with, the provision of the services requested by you;
- to third party service providers, agents and other organisations we have engaged to perform any of the purposes listed in clause 5 above for us;
- to comply with any applicable laws, regulations, codes of practice, guidelines, rules or requests by public agencies, or to assist in law enforcement and investigations; and
- any other party to whom you authorised us to disclose your personal data to, or where necessary to undertake any action requested by you.
The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your personal data in relation to those purposes.
5. Access request
The data subject may request for (i) information on the personal data in our possession and the ways in which the data may have been used or disclosed and (ii) correction of any error or omission in the data.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you within thirty (30) days of the time by which we will be able to respond to your request.
6. Withdrawal of consent
An individual who does not wish JCC to retain his or her personal data may give reasonable written notice to JCC to withdraw his or her consent to the retention of his or her personal data. JCC will cease to retain personal data about the person within ten (10) business days from receiving such written notice of withdrawal (pending the complexity and consequences and legal liability affecting your rights and our relationship with you) unless there are circumstances under which retention does not require the individual’s consent.
Where an individual withdraws his or her consent for JCC to collect, use or disclose his or her personal data, JCC may no longer be able to carry out the purposes set out in Part 3 above for or in relation to the individual.
An individual who wishes to make a request, or to lodge a complaint to JCC pertaining to any matters relating to the PDPA, may make a written request or lodge a written complaint by doing one of the following:
- visiting the Church Office and filling in a written request or complaint;
- contacting the DPO at email address is firstname.lastname@example.org or the telephone number of the Church Office; or
- in writing by post sent to the Church Office and attention to “Data Protection Officer”.
The DPO will investigate the complaint within a reasonable time of receiving the written request or complaint and will contact the complainant within a reasonable time, in order to address any concerns relating to matters with the PDPA. JCC reserves the right to reject, among others, frivolous or vexatious requests or complaints.
8. Protection of personal data
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one time password(otp)/2 factor authentication (2fa)/multi-factor authentication (mfa) to secure access, and security review and testing performed regularly.
9. Accuracy of personal data
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer at the contact details provided below.
10. Retention of personal data
We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
11. Data protection officer
You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
- Name of DPO: Caleb Oh Xi Mi
- Contact No.: 6266 0537
- Email Address: email@example.com
Last updated: 06/10/2022