Data Protection

The Evangelical Free Church of Singapore (EFCS) is committed to safeguarding your personal data. This policy statement outlines the principles and practices adopted by EFCS in compliance with the Personal Data Protection Act 2012 in the collection, use and disclosure of personal data.

definition of personal data

Data, whether true or not, about an individual who can be identified either from that data and/or from other information to which EFCS has or is likely to have access, includes but is not limited to the following:

  1. NRIC/FIN/Passport Number

  2. Address

  3. Gender

  4. Date of Birth

  5. Marital Status

  6. Contact Numbers

  7. Email Addresses

  8. Job Position

  9. Church Affiliation

  10. Photographs and Videography Images

purpose of collection, use and disclosure of personal data

EFCS collects, uses or discloses personal information for purposes which may include but are not limited to the following:

  1. Planning, organizing and conducting of events, seminars, courses, retreats;

  2. Administration and management of EFCS operations, functions or other internal matters as the case may be, including but not limited to record keeping;

  3. Missions organization and management;

  4. Fundraising, donations and activities for charitable causes;

  5. Meeting regulatory requirements;

  6. Providing and services to one or more individuals, a community or the general public;

  7. Internal and external communications and publications;

  8. To communicate with an individual in respect of:

    • the individual’s participation in the denomination;

    • responding to a request or query by the individual;

    • any matters by reason of which the individual is reasonably associated with, affiliated with or connected to EFCS; or

    • any other matters in respect of which it is reasonably necessary for EFCS to communicate with the individual; whereby such communication may take the form of voice calls, messaging, email, or post;

    • any other purposes of which EFCS may notify individuals from time to time.

collection of personal data

Personal data is to be collected by fair and lawful means, without misleading or deceiving individuals as to the purposes for collection of their personal data. The avenues by which EFCS may collect personal data include, but are not limited to:

  1. Application and registration form(s) whether online or hard copy submitted by an individual to EFCS, such as membership application forms or other forms relevant to events and activities organized or managed by EFCS;

  2. Where an individual contacts representatives of EFCS to make enquiries or in relation to an event, program, or service that is conducted or managed by EFCS whether such enquiries are in writing, voice calls, email or otherwise;

  3. Where an individual attends an event or writes to EFCS for the purpose of making enquiries or to make requests relating to program or services managed by EFCS;

  4. Where an individual makes a request to EFCS to contact them for any purposes, such as a donation, or participation in a program;

accuracy of personal data

EFCS shall make every reasonable effort to ensure that individuals’ data it keeps are accurate and complete. EFCS  relies on individuals’ self-notification of any changes to their personal data that is relevant to EFCS.

consent

EFCS shall seek consent from an individual to collect, use or disclose their personal data, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law, or assumed individual has consented to collection, usage and disclosure of their personal data in situations where they provided information for obvious purposes.

Consent may be collected through written documentation (e.g. consent form, written note) or electronically (e.g. email consent, electronic forms). In situations that consent cannot be conveniently obtained in written form or electronically, EFCS may opt to obtain verbal consent and such process shall be approved by the Data Protection Officer.

withdrawal of consent

An individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for EFCS to fulfil its legal obligations. EFCS shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between them and the denomination. EFCS may cease such services or arrangements as a result of the withdrawal.

The withdrawal consent must be in the form of a formal written request addressed to the Data Protection Officer (DPO). EFCS will process the withdrawal request in 30 working days upon receipt of the request.

retention of personal data

EFCS will retain your personal data for as long as it is necessary to fulfil one or more of the purposes stated above, or as required to meet legal, regulatory or accounting requirements.

EFCS shall dispose personal data appropriately with little possibility of data recovery from the process.

security and storage of personal data

EFCS shall take reasonable and appropriate security measures to protect the storage of personal data, such as:

  1. Storing hardcopies of documents with personal records in locked file cabinets;

  2. Storing electronic files that contain personal data in secured cloud services;

  3. Archived paper records and data backup files may be stored in off-site facilities or service providers provided such facilities are secured.

EFCS shall ensure that personal data held must be secured and protected against unauthorized access and theft by:

  1. IT networks that host personal data are secured and protected against unauthorized access.

  2. Personal computers and other computing devices that have access to personal data are password protected.

  3. Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorized access.

  4. Ensure that IT service providers’ services or provisions comply with security standards in line with industry practices.

disclosure of personal data

EFCS will not disclose your personal data to external parties without your consent, except in specific circumstances where authorised or required by law to do so, or when such action is deemed necessary to:

  1. comply with any legal process served on EFCS

  2. protect and defend the rights of EFCS

  3. protect the personal safety of participants of EFCS or the public

video recording, photography, and cctv

Video footage, photos, and CCTV may constitute personal data if an identifiable individual is captured:

  1. Appropriate notices shall be put up to inform that the premises are covered by CCTV video surveillance.

  2. Notices shall be put up to inform visitors and volunteers that photographs and videos taken may be used by EFCS for communication and publicity purposes in print or electronic media.

  3. For special events, it should be stated in the invitation that photographs of attendees will be taken at the function for communication and publicity in print and electronic media.

  4. If photos and videos are taken out of the context of the above, EFCS must obtain an individual’s consent before using them.

Only authorized EFCS staff and office holders are allowed to access personal data. Where in doubt, please seek the advice of the Data Protection Officer.

access and correction process

The Data Protection Officer (DPO) will have oversight of all personal data access or correction requests and ensure that they are processed in accordance with this Policy. Request for personal data access or correction by individuals, including any enquiries and complaints, shall be submitted to EFCS in writing to the DPO at the following address and contact information:

Evangelical Free Church of Singapore
2 Kallang Ave #10-26
CT Hub @ Kallang
Singapore 339407
Email: dpo@efcs.org.sg

policy review

EFCS will review this Data Privacy Policy from time to time and it will be maintained and updated by the Data Protection Officer in a timely and appropriate manner.