St Andrew’s Cathedral Personal Data Protection Policy
(effective 28th Sept 2016)
- St Andrew’s Cathedral recognises the importance of safeguarding personal data when dealing with information relating to its members, worshippers at its services, attendees of its programs, visitors and staff, and therefore is committed to fully implementing and complying with the provisions of the Personal Data Protection Act (the “Act”). St Andrew’s Cathedral’s Personal Data Protection Policy set out here explains the procedures and systems in place to comply with the Act (the “Policy”), in respect of personal data as defined under the Act.
Purposes for the Collection, Use and Disclosure of Personal Data
- St Andrew’s Cathedral receives or collects the personal data of its members, worshippers at its services, attendees of its activities and programs, visitors and staff for purposes reasonably required by it as a place of worship with its attendant activities and programs.
- These purposes include the following, whether within or outside Singapore:-
- operational planning and implementation of activities and programs such as bible teaching, family life ministry, fellowship and discipleship;
- communication of activities, programs and other church-related information including church bulletin and other publications;
- maintenance of records such as membership, participants of activities and programs, baptism, marriage, birth, death and financial pledges and giving;
- management and administration of employment relationships with staff such as work-related dealings, evaluation of performance, crediting salaries, administering staff benefit schemes and conducting audits on finance claims;
- reporting and sharing of information within the Diocese of Singapore including amongst her parishes in furtherance of her religious objectives; and
- such other purposes as may reasonably be appropriate in the circumstances of the collection of personal data.
- St Andrew’s Cathedral will not use the personal data for any purpose other than that for which it was collected. Should St Andrew’s Cathedral require any personal data in its possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought in order to use the data for that new purpose.
- In the course of processing personal data for the above purposes, St Andrew’s Cathedral may disclose such personal data to third parties within or outside Singapore. These third parties include:-
- governmental organisations or authorities to whom St Andrew’s Cathedral is required by law to disclose the data;
- individuals who are legally entitled to the data;
- third parties who require the data in order to process and operate programs in which an individual intends to participate;
- third parties who provide St Andrew’s Cathedral with data processing, administration, health, insurance or legal services, or other professional or management services; and
- such other persons as may reasonably be appropriate in the circumstances of the collection of personal data.
- Disclosure to third parties outside Singapore shall only be to organisations that are required or undertake to process the data with a comparable level of data protection as that required under Singapore law.
Minors below 13
- St Andrew’s Cathedral shall not collect, use or disclose personal data of persons below the age of thirteen (13) for any purpose unless written parental or guardian consent has been given for such purpose.
Withdrawal of consent
- Should you wish to withdraw or limit your consent to St Andrew’s Cathedral’s collection, use and disclosure of your personal data, please write in with full particulars to our Data Protection Officer (“DPO”) using the contact details provided in paragraph 19 below.
- Any personal data collected by St Andrew’s Cathedral shall be accessible by employee(s) of St Andrew’s Cathedral to serve the purpose for which the data was collected. Such employee(s) shall observe strict confidentiality at all times.
- In the event personal data is disclosed to third parties, such third parties will be required to sign an agreement requiring them to observe confidentiality at all times and to use the personal data only for the purpose for which it was disclosed to them.
Data Protection Officer
- St Andrew’s Cathedral has designated a DPO to deal with day-to-day data protection matters and complaints, encourage good data handling practices and ensure that St Andrew’s Cathedral complies with the Act and implements the Policy. If you have any questions, complaints or concerns, please contact the DPO using the contact details provided in paragraph 19 below.
- St Andrew’s Cathedral endeavours to take all reasonable steps to ensure that personal data in its possession or under its control is accurate, up-to-date, and complete. If there is any error or omission in the personal data you have provided to St Andrew’s Cathedral, please write in to our DPO with the necessary details for correction of your data. If any personal data you have provided to St Andrew’s Cathedral becomes inaccurate, please contact our DPO to update your data.
- Should you wish to access any personal data collected by St Andrew’s Cathedral or understand how such data has been used or disclosed, please write in to our DPO with your request. The DPO will provide you with the requested information within a reasonable time, after verification of your identity. Kindly note that St Andrew’s Cathedral reserves the right to charge a reasonable administrative fee for responding to any such requests.
- St Andrew’s Cathedral will retain personal data for as long as it is necessary to serve the purpose for which it has been collected. Once the data in St Andrew’s Cathedral’s possession is no longer necessary to serve the purpose for which it was collected, the data will be destroyed or anonymised in a secure manner.
- St Andrew’s Cathedral endeavours to maintain all personal data in its possession or under its control securely. To this effect, St Andrew’s Cathedral has put in place measures to ensure the protection of data in its possession against unauthorised access, collection, use, disclosure, copying, modification, disposal or other risks.
- St Andrew’s Cathedral shall not transfer any personal data in its possession to any parties outside Singapore except as specified in this Policy. Any outside party to which St Andrew’s Cathedral intends to transfer data in its possession must have protections equivalent to those provided for in the Act.
- If an individual feels that his data has been erroneously or improperly handled by St Andrew’s Cathedral, he may lodge a complaint in writing by post with the DPO. Once a complaint has been received, the DPO will acknowledge receipt of the same in writing by post, and will contact the relevant departments to investigate the complaint.
- The outcome of the investigation will be communicated by the DPO to the complainant in writing by post, notifying him of the outcome.
- St Andrew’s Cathedral is committed to protecting the privacy and personal data of its members, worshippers at its services, attendees of its programs, visitors and staff. For enquiries about St Andrew’s Cathedral’s Policy, please write to the DPO at the following address:-
Data Protection Officer
St Andrew’s Cathedral
11, St Andrew’s Road
Updating the Policy
- This Policy may be updated from time to time to take account of changes in policy, technology, and/or to ensure compliance with any legislative changes.