Singapore Hospice Council (SHC) respects the rights of the individuals to protect their personal data. This data protection policy provides information about how SHC (‘we’, ‘us’, ‘our’) collects, uses and/or discloses personal data while recognising both your right to protect your personal data and our need to collect, use and/or disclose it for purposes that SHC believes are reasonable and appropriate in the course of SHC’s work and not limited to organising, coordinating, promoting and providing training support in palliative care.
This data protection policy applies to the personal data of all individuals (‘you’, ‘your’) who are SHC’s employees, member organisation, community partners, volunteers and members of the public including sponsors and donors.
If you are not in any of above categories but SHC collects, uses and/or discloses your personal data for the purpose of our work, this data protection policy will apply to that personal data consistently with the way in which it applies to the above individuals.
We collect personal data from and about SHC’s employees, member organisation, community partners, volunteers, sponsors, donors and other individuals. We may use or disclose the personal data for purposes such as for providing service(s), interviews, mailing list subscription, administering sponsorships and donations and compliance with our legal obligations.
SHC collects personal data in various ways, including in-person meetings and interviews and through information and data collected through completed forms or questionnaires and other means.
We collect, use, or disclose personal data only if:
- You voluntarily give, or are deemed to have given, your consent under the Personal Data Protection Act (PDPA) to us collecting, using or disclosing that personal data or
- Collection, use or disclosure of the personal data without your consent is required or permitted under the PDPA or any other written law
We will notify you of the purpose for which personal data is collected, used and disclosed on or before such collection, of its usage or disclosure of personal data.
We may collect personal data from another individual or organisation if you have given that other individual or organisation consent that allows it to disclose personal data to us. We will use or disclose it only for the purposes for which the other individual or organisation disclosed it to us.
We are permitted by the PDPA to collect, use or disclose your personal data without your consent where:
- There is an emergency that threatens the life, health or safety of the individual or another individual
- There is any investigation or proceedings
- Data is publicly available
- It is for evaluative purpose (such as assessing a job or volunteering application)
Video-Recording and Photography
Appropriate, clear and obvious notices need to be made and displayed to inform about the use and purpose of such personal data. This is only applicable for private events, i.e. outdoor public events are excluded.
We do not disclose personal data to third parties except when required by law, when we have consent or deemed consent from the party involved – to provide necessary services to us, such as:
- Service providers e.g. hosting and maintenance services, delivery services, payment transactions etc
- Consultants and professional advisers e.g. accountants, lawyers, auditors
Upon giving a reasonable notice for withdrawal, you may at any time withdraw any consent you have given, or are deemed to have been given, to us collecting, using or disclosing your personal data for any purpose. Any notice of withdrawal of consent should be given in writing (which includes email) to our Data Protection Officer (DPO) at firstname.lastname@example.org
Once withdrawal of consent is notified, we will, within a reasonable time, cease collecting, using and/or disclosing the personal data.
In addition, we will cease to retain our documents containing that personal data, or remove the means by which it can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes. Depending on the nature and extent of withdrawal, SHC shall not be liable for unable to continue fulfilling services to you.
You may, at any time, request for details of your personal data collected by SHC or request for an update or correction of your personal data. On request by you, we will as soon as reasonably possible provide you with:
- Personal data about you that is in our possession or under our control
- Information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request
All requests must be made in writing to our DPO at email@example.com. We may require you to provide proof of your identity and/or documents or other evidence supporting your request.
There are some circumstances where we are not required to provide you with information, and others where we are not allowed by the PDPA to do so. In some circumstances we may be able to provide you with limited information. You may refer to the PDPA or contact our DPO for more information.
Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicably possible. We will also send the corrected personal data to organisations with which we have shared the original data twelve months prior to the correction being made (unless that other organisation does not need the corrected personal data for any legal or business purpose). Alternatively, with your consent, we will send the corrected personal data only to specific organisations as agreed with you.
Another organisation that has disclosed your personal data to us might notify us that it has corrected it. If this happens, unless we are satisfied on reasonable grounds that we should not make the correction, we will correct your personal data that is in our possession or under our control.
We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. The fee will reflect our incremental costs associated with responding to your request. You may obtain information about the fee from our Data Protection Officer.
We make reasonable efforts to ensure that personal data that we collect is accurate and complete. Should there be any updates and to ensure that your personal data is accurate and complete, please inform SHC as soon as possible.
We make reasonable security arrangements to ensure protection of personal data that is in our possession or under our control. We endeavour to protect it against risks such as loss or unauthorised access, destruction, use, copying, modification or disclosure. Only authorised personnel are permitted to have access to personal data.
We cease to retain documents containing personal data as soon as it is reasonable to assume that the purpose for which the personal data has been collected is no longer served by its retention and if the retention of such data is no longer required for legal and business purpose.
The Do-Not-Call (DNC) provisions under the PDPA prohibit organisations from sending specified messages to Singapore telephone numbers registered with the DNC Registry e.g. advertising or promoting services. However, non-marketing messages are excluded from the scope of DNC e.g. personal calls and SMSes, surveys, market research, messages by non-commercial programmes.
The DPO is responsible for ensuring SHC’s compliance with the PDPA in respect of the personal data in SHC’s possession or under SHC’s control. If you have any queries about your personal data or PDPA, you may contact the DPO through: