Personal Data Protection Policy (2025 Edition)

Effective Date: 19 April 2021

Last Updated: 08 October 2025

Christ Methodist Church (“CMC”, “we”, “us”, or “our”) respects your privacy and recognises the importance of protecting your personal data. This Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Personal Data Protection Act 2012 (“PDPA”).

1. Purpose

This Policy outlines how CMC manages personal data in accordance with the PDPA. It aims to help you understand how we collect, use, and protect your data as part of our ministry and administrative functions.

2. Scope of Policy

This Policy applies to all personal data collected, used, or disclosed by CMC in the course of its ministry, events, and operations. It covers members, visitors, volunteers, staff, and vendors who engage with CMC through physical or digital means.

3. Collection of Personal Data

We collect personal data only when it is reasonably necessary for our ministry or operations. Data is collected through physical forms, emails, digital systems (including CMC Trellis), and other interactions with us.

4. Types of Personal Data Collected

The personal data we collect may include:

  • Name, address, contact details, and identification numbers (e.g. NRIC/FIN where legally required)
    • Family information (e.g. next-of-kin, dependents)
    • Attendance, registration, and participation records
    • Photographs, videos, and other media content
    • Digital identifiers and system access logs
    • Payment or contribution records where applicable

5. Use and Purpose of Data

Your personal data is used only for purposes reasonably related to church life and administration, such as:

  • Membership and pastoral care management
    • Communication and announcements
    • Event and course registration
    • Volunteer coordination and training
    • Risk management, safety, and facility use
    • Legal and regulatory compliance

6. Consent and Withdrawal

By providing your personal data to us, you consent to its use for the purposes stated in this Policy. You may withdraw your consent at any time by contacting our Data Protection Officer (DPO). Withdrawal may affect our ability to continue providing certain services or support.

7. Access and Correction of Personal Data

You may request access to your personal data or ask for corrections to ensure accuracy. Such requests will be processed within 30 working days, unless additional time is required for valid reasons.

8. Accuracy of Personal Data

CMC takes reasonable steps to ensure that personal data collected is accurate and complete. Individuals are encouraged to update their information through CMC Trellis or by contacting the Church Office when changes occur.

9. Retention and Disposal of Data

We retain personal data only as long as necessary for legal, ministry, or administrative purposes. Retention periods vary depending on the type of data. For example, membership records may be kept indefinitely, while event registrations may be deleted after two years. When data is no longer required, it will be securely deleted or anonymised.

10. Protection of Personal Data

We take reasonable measures to safeguard your data from unauthorised access, modification, disclosure, or loss. These include access controls, password protection, encryption, and staff training to ensure responsible handling of data.

11. Cross-Border Data Transfers

If your personal data is transferred outside Singapore (for example, to cloud servers or service providers), we will ensure that the recipient provides a comparable standard of protection through contractual undertakings or binding data protection clauses.

12. Media, Photography, and Communications Use

During church events, photographs or videos may be taken for publicity and archival purposes. Where practicable, notice will be given at the venue or registration. You may inform us if you wish to opt out of being featured in such media. Images and recordings will be used responsibly and retained only as long as necessary for ministry and communication use.

13. Data Breach Notification

In the event of a data breach that results in or is likely to result in significant harm, CMC will notify affected individuals and the Personal Data Protection Commission (PDPC) in accordance with PDPA requirements. We will investigate, contain, and take corrective action to prevent recurrence.

14. Third-Party Disclosure

We may share personal data with trusted third parties (such as vendors, service providers, or Methodist Church in Singapore HQ) solely for church-related purposes. These parties are contractually bound to maintain confidentiality and ensure data protection.

15. Policy Review, Version Control, and Contact

This policy will be reviewed annually or as required by law or organisational changes. The most recent version will always be available on our website. Version history and review dates will be recorded for transparency. For any enquiries, feedback, or requests related to your personal data, please contact our Data Protection Officer: