Data protection policy

WEFC

Data Protection Policy


data protection policy

Woodlands Evangelical Free Church (WEFC) is committed to safeguarding your personal data. This policy statement outlines the principles and practices adopted by WEFC in compliance with the Personal Data Protection Act (PDPA) 2012 in the collection, use and disclosure of personal data.

definition of personal data

Data, whether true or not, about an individual who can be identified either from that data and/or from other information to which WEFC has or is likely to have access, includes but is not limited to the following:
  1. NRIC/FIN (Foreign Identification Number)/Passport Number
  2. Residential Address
  3. Gender
  4. Date of Birth
  5. Marital Status
  6. Nationality
  7. Contact Numbers
  8. Email Addresses
  9. Financial Information – Bank Account Numbers
  10. Photographs and Videography Images

purpose of collection, use and disclosure of personal data

The Church collects, uses or discloses personal information for purposes which may include but are not limited to the following:
  1. Planning, organizing and conducting of church services, events, activities, seminars, courses, programs;
  2. Administration and management of the Church’s operations, functions or other internal matters as the case may be, including but not limited to record keeping;
  3. Pastoral care, mentoring, follow-up of members or other individuals where applicable;
  4. Missions organization and management;
  5. Fundraising, donations and activities for charitable causes;
  6. Meeting regulatory requirements (Charity portal declaration);
  7. Providing and services to one or more individuals, a community or the general public;
  8. Internal and external communications and publications;
  9. To communicate with an individual in respect of:
    • the individual’s membership;
    • responding to a request or query by the individual;
    • responding to and resolving any complaints;
    • any matters by reason of which the individual is reasonably associated with, affiliated with or connected to the Church; or
    • any other matters in respect of which it is reasonably necessary for the Church to communicate with the individual; whereby such communication may take the form of voice calls, SMS, other messages receivable on a mobile phone (e.g. WhatsApp, Telegram, WeChat, Skype messages etc.), email, fax or post;
    • any other purposes of which the Church may notify individuals from time to time.
  10. For the purpose of ministries, which include but are not limited to the following carried out by WEFC staff (paid or unpaid), leaders and volunteers:
    • Welcoming an individual at church events and activities;
    • Communicating with an individual in the manner set out in this clause;
    • Visiting the individual;
    • Meetings and interacting with the individual; and
    • Conducting ceremonies such as weddings, house blessings and funerals

collection of personal data

Personal data is to be collected by fair and lawful means, without misleading or deceiving individuals as to the purposes for collection of their personal data. The avenues by which the Church may collect personal data include, but are not limited to:
  1. Application form(s) whether online or hard copy submitted by an individual to the Church, such as membership application forms or other forms relevant to events and activities organized or managed by the Church;
  2. Where an individual contacts staff or representatives of the Church to make enquiries or in relation to pastoral care, mentoring, follow up, services, events, activities, courses or programs organized, conducted or managed by the Church whether such enquiries are in writing, voice calls, email or otherwise;
  3. Where an individual attends at or writes to the Church Office for the purpose of making enquiries or to make requests relating to pastoral care, mentoring, follow up, services, events, activities, courses or programs organized, conducted or managed by the Church;
  4. Where an individual makes a donation to the Church;
  5. Where an individual makes a request to the Church to contact them for any purposes;
  6. Where an individual submits their personal data for the purposes of employment;
  7. Where an individual submits their personal data for the purpose of volunteering at the Church’s events, activities, programs or courses;
  8. Where an individual submits their personal data for the purpose of membership or baptism.

accuracy of personal data

The Church shall make every reasonable effort to ensure that individuals’ data it keeps are accurate and complete. The Church relies on individuals’ self-notification of any changes to their personal data that is relevant to the Church.

consent

The Church shall seek consent from an individual to collect, use or disclose their personal data, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law, or assumed individual has consented to collection, usage and disclosure of their personal data in situations where they provided information for obvious purposes.

Consent may be collected through written documentation (e.g. consent form, written note) or electronically (e.g. email consent, electronic forms). In situations that consent cannot be conveniently obtained in written form or electronically, the Church may opt to obtain verbal consent and such process shall be approved by the Data Protection Officer.

withdrawal of consent

An individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for the Church to fulfill its legal obligations. The Church shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between them and the Church. The Church may cease such services or arrangements as a result of the withdrawal.

The withdrawal consent must be in the form of a formal written request addressed to the Data Protection Officer (DPO). WEFC will process the withdrawal request in 30 working days upon receipt of the request.

retention of personal data

The Church will retain your personal data for as long as it is necessary to fulfil one or more of the purposes stated above, or as required to meet legal, regulatory or accounting requirements.

The Church shall dispose personal data appropriately with little possibility of data recovery from the process.

security and storage of personal data

The Church shall take reasonable and appropriate security measures to protect the storage of personal data, such as:
  1. Storing hardcopies of documents with personal records in locked file cabinets;
  2. Storing electronic files that contain personal data in secured folders;
  3. Archived paper records and data backup files may be stored in off-site facilities or service providers provided such facilities are secured.
The Church shall ensure that personal data held must be secured and protected against unauthorized access and theft by:
  1. IT networks that host personal data are secured and protected against unauthorized access.
  2. Personal computers and other computing devices that have access to personal data are password protected.
  3. Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorized access.
  4. Ensure that IT service providers’ services or provisions comply with security standards in line with industry practices.

disclosure of personal data

WEFC will not disclose your personal data to external parties without your consent, except in specific circumstances where authorised or required by law to do so, or when such action is deemed necessary to:
  1. comply with any legal process served on WEFC
  2. protect and defend the rights of WEFC
  3. protect the personal safety of participants of WEFC or the public

cctv, video recording and photography

CCTV, video footage and photos may constitute personal data if an identifiable individual is captured:
  1. Appropriate notices shall be put up to inform that the premises are covered by CCTV video surveillance.
  2. Notices shall be put up to inform visitors and volunteers that photographs and videos taken may be used by the Church for communication and publicity purposes in print or electronic media.
  3. For special events, it should be stated in the invitation that photographs of attendees will be taken at the function for communication and publicity in print and electronic media.
  4. If photos and videos are taken out of the context of the above, the Church must obtain an individual’s consent before using them.

Only authorized Church staff are allowed to access personal data. Where in doubt, please seek the advice of the Data Protection Officer.

access and correction process

The Data Protection Officer (DPO) will have oversight of all personal data access or correction requests and ensure that they are processed in accordance with this Policy. Request for personal data access or correction by individuals, including any enquiries and complaints, shall be submitted to WEFC in writing to the DPO at the following address and contact information:

Woodlands EFC
1 Woodlands Street 83 Singapore 738488
Tel: +65 6303 6130
Email: [email protected]

policy review

WEFC will be reviewing this Data Privacy Policy from time to time and it will be maintained and updated by the Data Protection Officer in a timely and appropriate manner.