This data protection policy:
gives you information about how we collect, use and disclose personal data about you
recognises both your right to protect personal data about you and our need to collect, use or disclose it for purposes that we believe are reasonable and appropriate in the circumstances of our charitable work and
applies to the personal data of all individuals (‘you’, ‘your’, etc.) who are:
donors to us
our employees, including volunteers
our members, members of our Board of Directors, members of any committee(s) formed by us (including any committee(s) formed by our Board) and any other similar individuals
online users of our website
If you are not in any of these categories but we collect, use or disclose personal data about you in the course of our charitable work this data protection policy will apply to that personal data consistently with the way in which it applies to an individual in these categories.
If you would like further information about the way in which we collect, use or disclose personal data about you, please do not hesitate to contact our Data Protection Officer (see 11 for contact information).
‘authorised personnel’ means any employee who has a need, as a result of occupying their position with us, to access personal data. This typically includes employees in service provider, financial and human resources positions as well as a limited number of our senior executives.
‘business contact information’ means an individual’s name, position name or title, business telephone number, business address, business email address or business fax number and any other similar information about the individual, not provided by the individual solely for their personal purposes.
‘data intermediary’ means an organisation that processes personal data on our behalf, but does not include an employee of that other organisation.
‘donor’ means an individual who makes a one-off or occasional or regular financial contributions to us:
directly and/or
through an appeal by us to the public for financial contributions and/or
through an appeal by a third party for financial contributions to us either solely or as one of a number of voluntary welfare organisations in Singapore
‘employee’ means any person employed by us on any basis and includes volunteers, members of our Board of Directors and members of any committee(s) formed by us.
‘online users’ means anyone who accesses our website.
‘personal data’ means data, whether true or not, about an individual who can be identified:
from that data or
from that data and other information to which we have access or are likely to have access
‘publicly available’, in relation to personal data about you, means personal data that is generally available to the public, and includes personal data which can be observed by reasonably expected means at a location or an event:
at which you appear and
that is open to the public
‘services’ means the better governance and organisational excellence services that we provide to our clients, which are other charities and non-profit organisations operating in Singapore, and our promotion of strategic partnerships and professional volunteerism for non-profit capability building.
‘our website’ means our website at www.thesparksfoundation.sg.
We collect personal data from donors, employees and other individuals and use and/or disclose that personal data so that we are able to provide our services efficiently and effectively and so that we can comply with our legal obligations.
Where we obtain your express consent to us collecting, using or disclosing personal data about you (see 3.4), we will first notify you of the purpose(s) for which we collect, use or disclose that personal data. This notification might be more specific than the above statement.
3.1 How we collect personal data about you
Where possible, we collect personal data directly from you. We do this in various ways, including telephone and in-person meetings and interviews, forms and questionnaires.
3.2 Your option not to provide us with personal data about you
If at any time you would prefer not to provide some personal data that we request, either during a discussion or in one of our forms or questionnaires, please let us know.
We will explain our purpose for collecting that personal data. If you still do not wish to provide it we will discuss with you whether or not we can proceed without it. We may not be able to do so.
3.3 Consent to us collecting, using or disclosing personal data about you
We collect, use, or disclose personal data about you only if:
you give (see 3.4), or are deemed to have given (see 3.5), your consent under the Personal Data Protection Act (PDPA) to us collecting, using or disclosing that personal data or
collection, use or disclosure by us of that personal data without your consent is required or authorised under the PDPA (see 3.6) or any other written law
3.4 Collecting, using or disclosing personal data about you with your consent
Where we ask you to consent to us collecting, using or disclosing personal data about you (see 3.3) we will first inform you of our purpose(s) for collecting, using or disclosing that personal data. We will do this on or before collecting the personal data.
We will not use or disclose personal data about you for any other purpose(s) without first informing you of the additional purpose(s) and getting your consent to us using or disclosing it for the additional purpose(s).
We may collect personal data about you from another individual or organisation if you have given that other individual or organisation consent that allows it to disclose personal data to us. In that case, we will use or disclose personal data only for the purpose(s) for which the other individual or organisation disclosed it to us.
3.5 Collecting, using or disclosing personal data about you with your deemed consent
You are deemed to have consented to us the collecting, using or disclosing personal data about you for a purpose if:
without actually giving us express consent (see 3.4), you voluntarily provide the personal data to us for that purpose and
it is reasonable that you would voluntarily provide that personal data
For example, if you pose for a photograph by our photographer at one of our events or if you fill up a job application form and send it to us you are deemed to have consented to us collecting, using or disclosing the personal data about you that is in the photograph (that is, your image) or the job application.
Where you are deemed to have consented to us collecting, using or disclosing personal data about you we will collect, use or disclose that personal data only for the purpose(s) for which you are deemed to have consented to us doing so.
3.6 Collecting, using or disclosing personal data about you without your consent
We are permitted by the PDPA to collect, use or disclose personal data about you without your consent in the following circumstances:
if it is publicly available or if it is business contact information
if doing so is in your interests and/or if there is an emergency
if we do so for evaluative purposes (such as assessing a job or volunteering application)
where the disclosure is related to law enforcement or where the collection, use or disclosure is in connection with certain legal issues
If you would like more information about the circumstances under which we may collect, use or disclose personal data without your consent, please contact our Data Protection Officer (see 11).
3.7 Collecting personal data from online users
If you browse our website, we do not currently capture any data that allows us to identify you.
4.1 Your right to withdraw consent to us collecting, using or disclosing personal data about you
On giving reasonable notice to us, you may at any time withdraw any consent you have given (see 3.4), or are deemed to have been given under the PDPA (see 3.5), in respect of us collecting, using or disclosing personal data about you for any purpose.
4.2 How to exercise your right to withdraw consent
Any notice of withdrawal of consent (see 4.1) should be given in writing (which includes email) sent to our Data Protection Officer (see 11).
4.3 Our response when we receive your notice of withdrawal of consent
The consequences of you withdrawing consent (see 4.1) to us collecting, using or disclosing personal data about you for any purpose may be onerous for you. Therefore:
we may require you to provide proof of your identity to assure ourselves we are dealing with the correct person and
we will inform you in writing (which may be by email) of the likely consequences of withdrawing your consent for the specified purpose
4.4 Our actions when you withdraw your consent
If, after knowing the consequences of withdrawing your consent to us collecting, using or disclosing personal data about you for any purpose (see 4.3), you still wish to withdraw your consent:
we will cease (and cause any and all of our data intermediaryies to cease) collecting, using or disclosing the personal data, unless doing so without your consent is required or authorised under the PDPA or other written law and
we will cease to retain our documents containing that personal data, or remove the means by which the personal data can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes
5.1 Your right to request access and/or information
On request by you, we will as soon as reasonably possible provide you with:
personal data about you that is in our possession or under our control and
information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request
There are some circumstances where we are not required to provide you with information (see 5.5), where we are not allowed to provide you with information (see 5.6) and where we may be able to provide you with limited information (see 5.7).
We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. Any such fee will reflect our incremental costs associated with responding to your request, such as the cost of making physical copies of the personal data requested. You may obtain information about the fee from our Data Protection Officer (see 11)
5.2 How to request access or information
Any request by you for access to personal data about you and/or for information about its use or disclosure by us (see 5.1) should be made in writing (which includes email) sent to our Data Protection Officer (see 11).
5.3 Our request for proof of your identity
When we receive your request for access to your personal data and/or for information about its use or disclosure by us (see 5.1) we may require you to provide proof of your identity. This is intended to ensure that access to personal data about you and/or information about its use or disclosure by us is provided only to the correct individual. This is one of the ways we protect personal data about you.
5.4 How we provide you with access and/or information
We will provide you with access to personal data about you that is in our possession or under our control by allowing you to inspect it and take notes and/or by providing you with a photocopy or a print out of it. If personal data (for example, your name and address details) is duplicated across our databases or files, we will generally provide it once, rather than multiple times.
5.5 When we are not required to provide access or information
In some circumstances, the PDPA does not require us to give you access to your personal data or information about how we have, or may have, used it in within the year before your request (see 5.1). This includes the following circumstances:
if the request would unreasonably interfere with our operations because of the repetitious or systematic nature of requests from you
if the burden on, or expense to, us of providing access would be unreasonable or disproportionate to your interests
if the information does not exist or we cannot find it
if the information is trivial
if the request is otherwise vexatious or trivial
if we keep or may use the personal data in relation to an investigation or legal proceeding or for purposes otherwise related to legal issues – if you would like more information about this exception, please contact our Data Protection Officer (see 11)
if the personal data is opinion data that we keep solely for evaluative purposes – these purposes are mostly related to employment: if you would like more information about this exception, please contact our Data Protection Officer (see 11)
5.6 When we are not allowed to provide access or information
The PDPA does not allow us to give you access to your personal data or information about how we have, or may have, used it in within the year before your request (see 5.1) in a range of circumstances. These include where our doing so could reasonably be expected to:
threaten the safety or physical or mental health of an individual other than you
cause immediate or grave harm to your safety or to your physical or mental health
reveal personal data about another individual
reveal the identity of an individual who has provided personal data about you and the individual providing the personal data does not consent to the disclosure of their identity
If we have disclosed your personal data to a prescribed law enforcement agency under certain circumstances the PDPA does not allow us to disclose to you that we have done so. If you would like information about the circumstances in which this prohibition applies, please contact our Data Protection Officer (see 11).
5.7 When we may provide limited information only
If we are able to provide you with access to your personal data and information about how we have, or may have, used it within the year before your request (see 5.1) without the personal data or other information that:
we are not required to provide to you (see 5.5) and/or
we are not permitted to provide to you (see 5.6)
we will provide you with access to your personal data and other information without the information that we are not required and/or permitted to provide to you.
6.1 Your right to request us to correct personal data
You may request us to correct an error or omission in the personal data about you that we hold or that is under our control.
However, there are some circumstances where we do not make a correction (see 6.6) and other circumstances where we are not required to act on such a request (see 6.7).
6.2 How to make a request to correct personal data
Any request by you for us to correct an error or omission in personal data about you (see 6.1) should be made in writing (which includes email) sent to our Data Protection Officer (see 11).
6.3 Our request for proof of your identity
When we receive your request for us to correct an error or omission in personal data about you (see 6.1), we may require you provide proof of your identity and/or documents or other evidence supporting your request.
6.4 When we will correct your personal data
If you request us to correct personal data about you (see 6.1), unless we are satisfied on reasonable grounds that a correction should not be made, we will:
correct the personal data as soon as practicable and
send the corrected personal data to every other organisation to which we have disclosed the personal data within a year before the date we made the correction
However, we do not have to send the corrected personal data to every other organisation if that other organisation does not need the corrected personal data for any legal or business purpose
In addition, we do not have to send the corrected personal data to every other organisation if you consent to us sending it only to specific organisations.
6.5 Where another organisation notifies us about corrected personal data
Another organisation that has disclosed your personal data to us might notify us that it has corrected personal data about you. If this happens, unless we are satisfied on reasonable grounds that we should not make the correction, we will correct your personal data that is in our possession or under our control.
6.6 Where we do not correct personal data about you
In any case where we are not satisfied that we should correct your personal data (see 6.4 and 6.5) we will:
write to you (which may be by email) to tell you why we have not made the correction and
annotate your personal data in our possession or under our control with the correction that was requested but not made
6.7 When we are not required to correct personal data
The PDPA sets out certain circumstances in which we are not required to correct your personal data – for example, where we keep opinion data for an evaluative purpose. This arises most often in connection with an employment relationship. If you would like information about this exception or the other circumstances where correction is not required, please contact our Data Protection Officer (see 11).
We make reasonable efforts to ensure that personal data that we collect about you or that is collected our behalf is accurate and complete if:
we are likely to use that personal data to make a decision that affects you or
we are likely to disclose that personal data to another organisation
We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure. Only authorised personnel are permitted to have access to personal data about you.
We cease to retain documents containing personal data about you, or we remove the means by which the personal data can be associated with you, as soon as it is reasonable to assume that:
the purpose for which we collected that personal data is no longer being served by retention of the personal data and
retention is no longer necessary for legal or business purposes
10.1 Our commitment to handling complaints
We strive for excellence in providing services to our clients and in all our interactions with donors, and with our employees, as well as with the community generally. This includes our compliance with the PDPA.
10.2 How to make a complaint to us about our collection, use or disclosure of personal data about you
Please direct any queries or complaints you have about the way in which we collect, use or disclose personal data about you to our Data Protection Officer (see 11).
Generally, we are unable to deal with anonymous complaints because we are unable to investigate them. If you raise a complaint anonymously we will nevertheless note the matter raised and, if possible, try and investigate and resolve it appropriately.
10.3 Providing details of the complaint
Whenever you make a complaint (see 10.2) our Data Protection Officer will seek to obtain sufficient information from you to enable us to investigate it. Please be prepared to provide our Data Protection Officer with information as to, for example:
the type of action, or lack of action, by us that has given rise to your concern
whether it was an isolated incident or is ongoing and, in the case of an isolated incident, when it occurred
a copy of any relevant correspondence you hold and
details about what you consider should have happened or should not have happened
10.4 Resolution of the complaint
Immediately upon receiving a complaint (see 10.2) our Data Protection Officer must investigate it and within two business days advise you of:
the outcome of the complaint and the reasons for that outcome or
write to you (which may be by email) advising you that the Data Protection Officer needs more time to investigate the complaint and stating when the Data Protection Officer expects to have resolved the complaint for you
The Data Protection Officer must in any event complete the investigation of your complaint within 10 business days.
10.5 Communicating the outcome of a complaint to you
If a complaint (see 10.2) is settled to your complete satisfaction, our Data Protection Officer is not required to advise you in writing of the outcome of the complaint, unless you request a written response (which may be by email).
If a complaint is not settled to your complete satisfaction, our Data Protection Officer will advise you of the outcome of the complaint and the reason(s) for that outcome in writing (which may be by email).
If you are not satisfied with the outcome, you may take your complaint to the Personal Data Protection Commission.
We have appointed a Data Protection Officer. To raise any questions or comments you may have about the way we collect, use or disclose personal data and/or about any aspect of this data protection policy and/or to make a complaint about how we have collected, used or disclosed personal data about you, please contact our Data Protection Officer.
To contact our Data Protection Officer:
Send an email to PDPA_Team@thesparksfoundation.sg
Call +65 8402 8590
Write to us at: The Hangar, NUS Enterprise
21 Heng Mui Keng Terrace, Singapore, 119613
We reserve the right to review, amend and/or update this data protection policy at any time and from time to time.
If we decide to make any changes to this data protection policy, we will post them on our website.
© 2017 The Sparks Foundation. All Rights Reserved | Design by W3layouts
The Sparks Foundation