fbpx

Privacy Policy


1.

Overview

Singapore Indian Development Association (SINDA) recognises its obligations to the requirements of the Personal Data Protection Act 2012 and respects the privacy choices of its stakeholders

This policy governs the collection, use, and disclosure of personal data submitted to SINDA, and explains how we collect and handle personal data of individuals and comply with the requirements of the Personal Data Protection Act 2012 of Singapore and its regulation(s) (“PDPA”).

The purpose of this policy is to set out SINDA’s procedures on the protection of personal data of individuals under its custody. It contains essential information about how and why SINDA collects, uses, discloses and/or retains personal data. This policy takes into consideration the PDPA and all applicable advisory guidelines.

This privacy policy sets out and elaborates on:

  1. How Personal Data is managed;
  2. Type of Personal Data collected, used, disclosed and/or retained;
  3. Mode of collection, use, disclosure and/or retention of Personal Data; and
  4. Purpose(s) of collection, use, disclosure and/or retention of Personal Data.

Personal data collected enables us to provide beneficiaries with education, counselling, bursary and other assistance. The collected data helps to understand beneficiaries’ needs and serve them better. From time to time, with beneficiaries consent,  data may be shared with government agencies, partners of SINDA or third-party vendors, so that they can benefit from the various programmes and services that may be provided by them.

 

For any questions regarding the contents of this Policy or data protection practices, please contact

Data Protection Officer
Tel: 6393 7276
Email at DPO@sinda.org.sg
Write to Data Protection Officer, SINDA, 1 Beatty Road, Singapore 209943.

 

Background Information

Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA). The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and retention of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

The PDPA provides for the establishment of a national Do Not Call (DNC) Registry. The DNC Registry allows individuals to register their Singapore telephone numbers to opt-out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.

2.

Personal Data

“Personal Data” refers to any data about an individual who can be identified (a) from that data; or (b) from that data and other information to which SINDA has or are likely to have access to.

Examples of such Personal Data include (depending on the nature of interactions) name, NRIC, passport or any other identification number, telephone number(s), mailing address, email addresses, transactional data and any other information relating to any individuals provided through any forms submitted or via other modes of interactions.

3.

Collection of Personal Data

Generally, SINDA collects Personal Data:

  1. when forms are submitted, including but not limited to the application (manual/online), declaration, or referral forms;
  2. through interactions with staff, including front desk officers, via telephone calls (which may be recorded), letters, fax, face-to-face meetings and email;
  3. when images are captured via CCTV cameras of persons within SINDA premises, or via photographs or videos taken by SINDA representatives or staff, of attendees of events hosted by SINDA;
  4. when persons request to be contacted, be included in an email or another mailing list; or when they respond to SINDA’s request for additional Personal Data;
  5. when employment applications, documents or other information including resumes and/or curriculum vitae in connection with any appointment as a staff officer, volunteer or any other position are submitted;
  6. when electronic services are used, interactions with SINDA via its website or when availing its services ;
  7. when Personal Data is submitted for any other reason.

When providing Personal Data relating to a third party (e.g. information of dependent, spouse, children and/or parents) to us, it is implied that the consent of that third party has been obtained for the collection, use and disclosure of the Personal Data for the purposes listed above.

Information on the beneficiary and any other third party (e.g. dependents, spouse, children and/or parents), may be collected and retained by SINDA on software and technologies provided by third-party vendors. These vendors include:

  1. 365 Smart SMS
  2. Apsis Asia
  3. Google (and related services)
  4. HireRabbit
  5. InMotion Hosting
  6. Mailchimp
  7. Microsoft Dynamics CRM
  8. Paypal
  9. SingHost
  10. Survey Monkey
  11. WordPress
  12. Wufoo
  13. Zapier
  14. Zendesk

The respective third-party vendor’s privacy and data collection policies will apply in the above case. SINDA reserves the right to amend the above list of the third party at its discretion.

 

Use of Cookies:

Aggregate information is collected concerning the

  1. use of this Web Site, including which pages are most frequently visited, how many visitors this Web Site receives daily, and how long visitors stay on each page.
  2. users of SINDA’s website (for example, store users’ preferences and record session information) and the information that we collect is then used to ensure a more personalised service level.

Settings can be adjusted in the browser for receiving notification when receiving a cookie. Should there be a need to be disabling the cookies associated with these technologies, it can be done by changing the settings on the browser. However, by doing so, certain functions or enter certain part(s) of its website may not be usable.

 

NRIC Handling:

From 1 September 2019, under the Personal Data Protection Commission (PDPC) Advisory Guidelines on NRIC, organisations are generally not allowed to collect, use or disclose NRIC number (or copies of NRIC), but they may do so when:

  1. the collection, use or disclosure of NRIC numbers (or copies of NRIC) is required under the law (or an exception under PDPA applies); and
  2. the collection, use or disclosure of NRIC numbers (or copies of NRIC) is necessary to accurately establish or verify the identities of the individuals to a high degree of fidelity

SINDA will continue to collect full NRIC details for verification and/or record purposes for the following:

  1. Provision of social services
  2. Application for government subsidy or schemes
  3. Assessment for suitability for referral grants, subsidies and services
  4. Process applications and respond to enquiries for its programmes
  5. Verify identity for provision of SINDA services and granting programme fee subsidy
  6. Compliance with the legal process or requirements of any government agency

 

There are instances where SINDA will not collect NRIC, and these will involve areas where there is no requirement for verification or record purposes as identified above.

Pursuant to provisions in the PDPA, SINDA has policies and practices in place for compliance. As a good practice, SINDA will continue to notify the individual of the purpose for the collection, use or disclosure, as the case may be.

4.

Use of Personal Data

Personal data collected is used for the following purposes:

  1. programmes and services hosted by SINDA;
  2. programmes and services hosted by any agency selected by SINDA;
  3. responding to, processing and handling complaints, queries, requests, feedback and suggestions;
  4. verifying identity;
  5. managing the administrative and business operations of the organisation and complying with internal policies and procedures;
  6. matching any Personal Data held by us for any of the purposes listed herein;
  7. requesting feedback or participation in surveys, as well as analysis for statistical, profiling or other purposes for us to design its services, understand client, preferences, and to review, develop and improve the quality of its programmes and services;
  8. managing the safety and security of its premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
  9. project management;
  10. providing media announcements, interviews and responses;
  11. organising community-based events;
  12. managing and preparing reports on incidents and accidents;
  13. preventing and detecting crime;
  14. complying with any applicable rules, laws and regulations, codes of practice or guidelines or assisting  in law enforcement and investigations by relevant authorities; and/or
  15. Any other purpose relating to any of the above.

5.

Disclosure of Personal Data

All Personal Data held by us shall be kept confidential at all times. However, in order to enable us to carry out the purposes set forth above, we may share it with any government agencies, partners of SINDA or third party vendors. When doing so, we will require them to ensure that that the Personal Data disclosed to them are kept confidential and secure.

6.

Measures to protect the Personal Data

Generally accepted standards of technology and operational security have been implemented to protect the personal data in under its possession or control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

All SINDA staff follows a network-wide security policy. Only authorised SINDA staffs are provided access to personally identifiable information.

7.

Access and Correction

The stakeholders have rights to seek access or request to correct any errors or omissions to their personal data that is in SINDA’s possession or under its control. Any requests to seek access to or correction of personal data should be made by filling out this form and email to DPO@sinda.org.sg

8.

Withdrawal of Consent

The stakeholder may withdraw their consent given for any or all purposes set out in this policy by filling out this form and submitting the same via an email to DPO@sinda.org.sg. If there is a withdrawal of consent to any or all purposes and depending on the nature of the request, SINDA may not be in a position to continue to provide its services to the stakeholder.

9.

Accuracy of Personal Data

Reasonable efforts have been made to ensure that the personal data collected is accurate and complete. If there are any changes to the personal data, please inform us so that we can make the necessary updates.

10.

Limit to the retention of personal data

Personal data will be retained only for such period of time the purpose of collection of that personal data is still being served, and retention is still necessary for legal or business purposes.

Personal data that is kept will be destroyed after a reasonable period in line with its retention policy from the time when it becomes outdated or is no longer required for the purpose for which it was collected or when we receive the request to delete it.

Thereafter, we will decide on the appropriate means by which we will cease to retain the personal data depending on the nature of the personal data and the media it is kept/stored. This may include but not be limited to the destruction of documents or deletion of electronic data.

11.

Updates to the policy

As part of ongoing efforts to ensure that personal data is properly managed, protected and processed, policies, procedures, and processes will be reviewed from time to time. The right to modify or amend this Policy at any time is reserved. The effective date will be displayed at the beginning of this Policy. Any amended policy will be posted on SINDA website and can be viewed at https://www.sinda.org.sg/privacy-policy/