TOUCH Community Services' data protection policy
TOUCH is committed to complying with the Personal Data Protection Act passed by the Singapore Government Parliament in October 2012 and our personal data protection policy.
TOUCH respects and honours our stakeholders including sponsors, donors, partners, volunteers, job applicants and clients; their right to be treated courteously, fairly and have their privacy protected.
Personal information is given in good faith by stakeholders and will only be used to maintain or enhance their relationship with TOUCH.
This notification describes how TOUCH (collectively, "TOUCH", "we", "us", "our" or similar expression) may collect, use, disclose and manage your personal data.
Collection, Use and Disclosure of Personal Data
TOUCH’s personal data protection policy applies to all individuals whose personal data is within TOUCH’s possession or control, including job applicants. Providing us with your Personal Data is voluntary. However, if you choose not to provide us with the Personal Data described in this Policy, we may not be able to fulfil our contractual duties towards you, facilitate your request or provide the service to you.
Personal data generally includes any data that can be used to identify an individual, such as name, identification number or address, but excludes business contact information. If you have provided the personal data of another individual (such as a family member or next-of-kin), you agree that you have obtained his/her consent to TOUCH’s collection, use and disclosure of his/her personal data according to TOUCH’s personal data protection policy or that you give us such consent on their behalf.
Where consent is not obtained, TOUCH collects personal data pursuant to an exception under the PDPA law such as to respond to an emergency that threatens the life, health, and safety of the individual. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose that has not been communicated to you (except where permitted or authorised by law).
In accordance with the PDPA, we have processes and procedures in place to ensure that your personal data is collected, used and disclosed only for the following purposes:
- delivery of social services
- evaluating and assessing the suitability of job applicants
- verification of identity
- volunteer engagement
- donor engagement
- member engagement
- regulatory reporting
- business and internal administrative purposes, such as internal records and references or to process any queries or feedback
- facilitate any business asset transactions (which may extend to any sale, transfers, assignments or novation of assets, rights or obligations); or
- any other purposes for which we have obtained your consent, for which you may be deemed to have provided consent or are reasonably related to the foregoing
Access and Correction
Under the Act, you have the right to request for information about your personal data that is in our possession or under our control. You can also request for information about the ways in which your personal data has been or may have been used or disclosed by us. An administrative fee of $20 will be imposed for the request.
Please email your request to [email protected]
We will respond to your access or correction request as soon as reasonably possible, or within thirty (30) calendar days from the date we receive your request. If we are unable to do so within 30 calendar days, we will let you know and give you an estimate of how much longer we require. If we are unable to provide you with any personal data or make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
We may refute your access in cases if and when such related personal data is under legal proceeding, no proper identification or request is carried out with suspected fraudulent intent.
Withdrawal of Consent
You also have the right to withdraw any consent that you have given to us. Please let us have any notice of withdrawal in writing, indicating your instructions clearly.
Do note that withdrawal of personal data as client may result in TOUCH not being able to continue fulfilling our services to the client.
If you withdraw your consent for the collection, use or disclosure of your personal data, we will put the withdrawal into effect within thirty (30) working days of your request.
Please email your request to [email protected]
Accuracy of Personal Data
TOUCH keeps personal data as accurate, complete and up to date as necessary, taking into account its use and the interests of our clients, members, volunteers and donors. Where possible, we will validate data provided using generally accepted practices and guidelines. This includes the requests to see original documentation before we may use the personal data such as with Personal Identifiers and/or proof of address.
Protection of Personal Data
TOUCH protects personal data against loss or theft, as well as unauthorised access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the personal data, regardless of the format in which it is held.
Retention of Personal Data
TOUCH will retain your personal data only for as long as the purposes for which such data is collected or used (as conveyed to you) continues, or where necessary for our legal or business purposes. Thereafter, TOUCH will delete or destroy the personal data, or remove the means by which the data can be associated with you.
Transfer of Personal Data
TOUCH may transfer any personal data in its possession or control to another TOUCH entity as may be necessary in order to achieve the purposes set out above and to provide services to you. TOUCH may transfer the personal data outside Singapore and TOUCH will ensure that appropriate safeguards are put in place in compliance to PDPA.
Data Breach Notification
In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data, we shall promptly assess the impact and, if appropriate, report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required.
Feedback and Queries
If you have any feedback or queries in relation to the protection and retention of your personal data, you may also write to our Personal Data Protection Officer. We will look into your feedback or queries and will provide you with a response within three (3) working days.
Changes to Notification
We reserve the right to modify or change this notification at any time. This notification may be amended in tandem with changes in the legislation.
You may email our Personal Data Protection Officer at the below address:
Data Protection Officer
TOUCH Community Services
Email: [email protected]
For general information about PDPA, please visit the Personal Data Protection Commission’s website at http://www.pdpc.gov.sg