Data Protection Notice
This Data Protection Notice (“Notice”) sets out the basis upon which Christ Methodist Church (“the Church”) may collect, use, disclose or otherwise process personal data of our members which they have consented to provide, in accordance with the Personal Data Protection Act (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
The Church recognises both the rights of members to protect their personal data, including rights of access and correction, and the needs of the Church to collect, use or disclose personal data for legitimate and reasonable purposes. You can have our assurance that such data will only be used in accordance with this Notice.
Your Personal Data
Your record includes the information you provided as a member or regular worshipper of the Church or for application of membership or baptism or other church activities.
Some examples of personal data which we may collect from you include:
- Name or alias, gender, NRIC/FIN or passport number, date of birth, nationality, and country and city of birth;
- Mailing address, telephone numbers, email address and other contact details;
- Details of your next-of-kin, spouse and other family members; and
- Photographs and other audio-visual information.
Any information submitted by you may be used to update your record. When providing your data to us, please ensure that it is complete and accurate in order for the Church to maintain data accuracy.
Your personal data collected is limited to administrative purposes and what is necessary to facilitate the carrying out of activities by the Church. It will be kept confidential and will be used strictly for Church related programs only. Save as otherwise permitted under the PDPA, it will not be disclosed to external parties without your due consent.
Your personal data is retained only for as long as it is reasonable to fulfil the purposes for which it was collected for or as required by the law.
Mode of Collection of Personal Data
Personal data is collected from :
- registration forms for participation in events and activities (eg. talks, seminars, workshops, mission trips, etc).
- response forms from participants of events and activities; and
- on a necessary basis for compliance with regulatory and other administrative needs.
To avoid ambiguity, any forms, where used, will clearly state the purpose for the collection of data, its usage, and the ways in which the data will be disclosed.
The Church has put in place necessary security measures and administrative, physical and technical procedures to minimize the risk of unauthorized access or disclosure and unlawful destruction or alteration, and to ensure the appropriate use of information.
Data Protection Officer (DPO)
The Church has an appointed Data Protection Officer (DPO) to ensure that we comply with the Personal Data Protection Act 2012 (PDPA) of Singapore.
The DPO’s duties include :
(a) reviewing regularly the policy and practice for handling personal data so as to be compliant with legal requirements and facilitate the advancement of the purpose of the Church;
(b) upon review and, where updating is necessary, proposing to and seeking approval from the Local Church Executive Committee of the Church, to do so;
(c) disseminating data protection policy and practice to members so that they are made aware of their responsibility to comply; and
(d) handling queries or complaints relating to the Personal Data Protection Act (PDPA).
The DPO’s contact details are as follows:
Use and Protection of Personal Data
We shall use personal data for the stated purpose only.
By participating, including signing up for and providing personal information, in the worship services or activities of the Church and its Ministries, you consent to the Church collecting, using, disclosing and sharing amongst the relevant ministries your personal data, for the purpose of organizing and planning of activities, as well as communication of events, programs and church matters.
If required to be used for another purpose, we shall give notification of such intended use and obtain your consent for the use.
Protection of the personal data means
- to keep the data confidential;
- to keep hard copies in locked cupboards or in secure places with limited authorised access;
- to keep soft-copy databases password-protected or encrypted
- to maintain up-to-date antivirus protection;
- to restrict access to authorized persons only, whether internally or to third parties on a need-to-know basis; and
- to destroy personal data when no longer required.
Retention of Personal Data
Personal data shall be retained only for as long as it is reasonable to fulfill the purposes for which the data was collected or as required or permitted by applicable law.
Hard copies of personal data no longer required shall be disposed off by shredding or perforation in such manner as will prevent identification of individuals from them.
Soft copies of personal data no longer required shall be disposed off by deletion in a permanent manner.
The Church will not transfer any personal data to a country or territory outside Singapore except in accordance with requirements under the Personal Data Protection Act (PDPA) (section 26(1), PDPA).
Appropriate steps will be taken by the Church:
- to ensure it complies with the data protection provisions set out in Parts III to VI of the PDPA in respect of the transferred personal data, if the personal data remains in its possession or under its control.
- And where the personal data is transferred to a third party recipient in a country or territory outside Singapore, the recipient is bound by legally enforceable obligations to provide a standard of protection that is at least comparable to that under the PDPA.
Any complaint relating to the PDPA shall be referred to the DPO.
For general queries, feedback or complaint, you will get a reply within 2 weeks. For queries that require further investigation or evaluation, do expect a reply in 2 to 4 weeks.
The DPO shall investigate the complaint and report his finding to the Local Church Executive Committee so that a timely and appropriate response is given to the complainant.
Where remedial action is required, the DPO shall ensure it is taken and reported to the Local Church Executive Committee.
Rights of Providers of Personal Data
Access to Personal Data
If you wish to access your personal data being held by the Church, please submit your request in writing or via email to our Data Protection Officer and allow us one week to process your request. Should we not be able to respond to your access request within the week, we will inform you in writing of the time by which we will be able to respond to your request, which should not exceed thirty (30) days. If we are unable to provide you with any personal data, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
Personal data record will only be released to you by the Church Data Protection Officer upon verification of your identity card and the signed request form. This is necessary to protect your personal data. Failing to do so may result in your request not being acceded to.
Correction of Personal Data/Update
If you believe that your personal information in the Church database is incorrect or incomplete, you may write to the Church Data Protection Officer stating your full name, NRIC no, contact information and the details of your requested correction/update.
We will update any information found to be incorrect within 2 weeks.
Withdrawal of Consent
Any individual may withdraw his/her consent to the use and disclosure of his/her personal data at any time, unless such personal data is necessary for the Church to fulfil its legal obligations. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data by submitting your request in writing or via email to our Data Protection Officer at the contact details provided.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
We shall comply with the withdrawal request and inform the individual if such withdrawal will affect the services and arrangements between the individual and the Church. In general, we shall seek to process your request within fourteen (14) business days of receiving it.
Upon withdrawal of consent, we shall cease to use the personal data and delete it from our records or destroy it.
Video Recording and Photographs
Video footage and photographs may constitute personal data if an identifiable individual is captured.
We shall notify participants of events that photographs and videos taken may be used by the Church for communication and publicity purposes in print or electronic media.
Effect of Notice and Changes to Notice
The Church will regularly review and update our Personal Data Protection Policy. The latest version will be available from the Church office upon request.
Effective date: 19 April 2021