Privacy & Data Protection Policy

Novena Church (referred to herein as “the Church”, “we”, “us”, “our”) is committed to protecting the personal data of individuals who provide personal information to us, including personal data provided through our websites as referred to in Clause 1.1 of the Terms and Conditions of Use. The personal data collected by the Church enables us to minister to the faithful and to fulfil our canonical and civil law obligations under the Code of Canon Law and under Singapore Law.  The Church is bound by the Singapore Personal Data Protection Act (2012) (the “Act” or “PDPA”) which governs how the Church collects, uses and/or discloses any personal data. This Policy describes ways in which the Church collects, uses, discloses, stores, and disposes of personal data.

  1. Introduction to the Personal Data Protection Act 2012
    1. “Personal data” generally refers to any data, whether true or not, about an individual who is identifiable from the provided data or information to which we have or are likely to have access to. This will include the data from our records which may be updated from time to time. Business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to- business (B2B) transactions.
    2. The personal data that the Church may collect about you includes the following (the list is non-exhaustive):
  • Personal information, such as name, age, date of birth, religion and birth sex
  • Personal identification information such as NRIC, FIN, passport number, employment pass, work permit and other applicable visa or permits
  • Personal contact information such as telephone numbers, email addresses, platform user handles
  • Biometric information such as facial scan and palm scan
  • Sacramental records, such as baptism, confirmation and marriage
  • Pastoral information such as personal, family and health background when you request for prayer, ministry or other services relating to pastoral care needs
  • Photographs and video recordings such as photos taken during services and events, CCTV recordings
  • Health and medical information such as allergies when necessary for participating in activities or events
  • Enrolment information relating to a person’s enrolment at a Catholic institution such as preschool, school, orphanage, retirement and welfare home.
  • Donor information such as bank account number and donor records
  • Payment information such as bank accounts when you purchase goods and services (e.g. books, niches, room bookings etc)
  • Employment information such as employment history and academic qualifications when applying for internships or employee positions
  • Account profile information such as username
  • Usage and Technical information such as internet protocol addresses, cookies and browser information related to your use of any of our online platforms
  • Marketing information such as your preferences in receiving details of our services and programme

2. PURPOSE OF COLLECTING PERSONAL DATA

The exact personal data collected will depend on the purpose and needs of the Church. We endeavour to only collect, use or disclose personal data which we consider reasonably necessary for the purposes underlying such collection, use or disclosure.

2.1 The Church collects personal data for purposes such as those indicated below (the list is non-exhaustive):

2.1.1  Events, Activities and Service

  • To minister to the faithful including the performance of the Sacraments

  • To provide pastoral care and services

  • To register attendance and manage participation for events and activities such as retreats, talks, seminars, conferences, fundraising, concerts, exhibitions, etc.

  • To monitor the movement of visitors to our physical premises for safety and security purposes

2.1.2  Donations, Giving and Payments for services

  • To process donations and all types of giving
  • To process payments and refunds

2.1.3. Schools and Social Services

  • To process and manage applications to educational establishments operated by or affiliated to the Church
  • To process and manage enrolment into Catholic social services such as orphanages or homes

2.1.4. Volunteering, Internship and Employment

  • To assess and manage volunteer recruitment and deployment to ministries
  • To assess and manage applications of interns and employees

2.1.5. Online Services

  • To administer the dissemination of information and news by way of newsletters, magazines and the like
  • To process and manage registrations
  • To maintain user accounts
  • To respond to requests and queries
  • To analyse and personalise online services experience

2.1.6. Others

  • To process data for statistical analysis and reporting
  • To carry out our obligations arising from any contracts entered into between you and us
  • To comply with legal obligations and regulatory requirements

2.2 Where the Church collects data for purposes other than those listed above, the Church will disclose to you such purpose by suitable means. 

3. USE OF PERSONAL DATA

3.1 All personal data will be used for the purpose for which it was collected.  The Church may also use the personal data for purposes which are permitted by law.

3.2 For prospective employees, the Church may collect personal data by speaking with employment referees.  The Church may contact applicants’ previous employers who have not been nominated as referees.  All personal data given as part of a prospective employment application will be used to assess the applicant’s suitability for the position that has been applied for.  Such personal data may also be used to assess the individual’s suitability for a position for which the applicant has not applied, but one which we believe the individual may be suited for.  Should this be the case, we will obtain consent before considering the applicant for such other position. 

4. PURPOSE OF PERSONAL DATA

4.1 We disclose some of the personal data we have collected about you to the following parties outside the Church:

  • Catholic organisations which are body corporates, registered societies or are otherwise legal entities in their own right
  • Government agencies such as the Ministry of Manpower, Commissioner of Charities, Registry of Societies.
  • Providers of professional services such as lawyers, auditors.
  • Banks, insurers, payment gateway service providers and other financial institutions.
  • Third party service providers such as freight and courier services, data processing, cloud services, web hosting companies

4.2 The Church may from time to time and in compliance with all applicable laws on data protection disclose your personal data to third parties, whether located in Singapore or elsewhere, in order to carry out the purposes set out above. Where the Church makes such disclosure, confidentiality agreements would be in place in order to protect the personal data.

4.3 The Church may distribute aggregated statistical information to the Vatican and other Catholic Church agencies for reporting purposes. In most cases, personal data will be anonymised such that no individual will be identified.

4.4 The Church will not disclose any personal data for direct marketing purposes without your prior consent.

5. OBTAINING CONSENT

By providing your personal data to the Church, you consent to the Church’s collection, use and disclosure of your personal data in accordance with this Policy.

5.1 Before collection, usage or disclosure of your personal data, the Church will notify you of the purposes and will obtain express consent from you.  The Church will not collect more personal data than is necessary for the stated purpose and will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

5.2 Under certain circumstances, the Church may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose such as when you apply for a job with us or pose for a photo for the Church.

5.3 We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances:

  • The personal data is publicly available.
  • The personal data is disclosed by a public agency or disclosed to a public agency.
  • The personal data is necessary for any investigation or proceedings.
  • The personal data is necessary for evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for).
  • The personal data is necessary for the purpose of managing or terminating an employment relationship.

5.4 Third-Party Consent

If you have a one-on-one meeting with us, communicate with us in any form or have a transaction with us on behalf of another individual (e.g. your spouse, child or family member) , you represent and warrant that the collection, use and disclosure of that personal data to us, as well as the further processing of that personal data by us for the purposes set out in this Policy is lawful.

6. ACCURACY OF INFORMATION

6.1 The Church strives to ensure the accuracy of the personal data that we have by taking reasonable precautions and performing verification checks to ensure that the personal data we have collected from you is reasonably accurate, complete and up-to-date.

6.2 From time to time, the Church may do a verification exercise with you to update on any changes to your personal data. If you are in an ongoing relationship with the Church, it is important that you update us of any changes to your personal data (such as a change in your residential address).

6.3 However, you also play a part to ensure that the personal data provided is accurate, relevant and up to date. Please see the next section 8 on how you may correct any errors or omissions of your personal data.

7. ACCESS AND CORRECTION OF PERSONAL DATA

7.1 You may request for access to your personal data that the Church has in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before the Church accedes to your request, we may need to verify your identity by checking your legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within 30 days, we will let you know and give you an estimate of how much longer we require.

7.2 The Church is entitled to impose a reasonable charge on the requestor for providing them with the personal information, particularly where photocopying, scanning and/or some form of electronic transfer is required.

7.3 All access requests must be made in person and in writing using the specified form. Access requests are to be directed to the relevant Data Protection Officer (see below).  Please bring along proper identification documents to confirm your identity.

7.4 Requests for access to the personal data of demised individuals (including sacramental records) shall require the prior written consent from the Estate of the demised individual, failing which access to sacramental records of demised individuals will only be allowed 10 years after the year of death.

7.5 If you find that the personal data that the Church holds about you is inaccurate, incomplete or not up-to-date, please contact us to correct the data.  Unless the Church is satisfied on reasonable grounds that a correction should not be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.

8. WITHDRAWAL OF CONSENT

8.1 If you wish to withdraw your consent to any collection, use or disclosure of your personal data, you should give the Church reasonable advance notice.  We will advise on the exact timeframe required to respond to the notification and effect any change.  However, all changes to be effected should be implemented no more than one month from the date of notification.

8.2 If you withdraw your consent to the collection, use and disclosure of your personal data, the Church may not be able to:

  • Attend to your religious or spiritual needs
  • Attend to your welfare needs
  • Attend to your pastoral care or ministry needs
  • Attend to your child’s or other family member’s needs
  • Offer you volunteer opportunities, internship or employment
  • Deal with any enquiries, difficulties or concerns that you might have

8.3 Your request for withdrawal of consent can take the form of an email to us by contacting the Data Protection Officer or through the “UNSUB” feature on an online service.

9. PROTECTION OF PERSONAL DATA

9.1 The Church has implemented reasonable and appropriate security measures to protect the personal data we hold about you against loss, misuse, destruction, unauthorised alteration/modification, access, disclosure or similar risks.  The Church has also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.

9.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure.  While security cannot be guaranteed, the Church strives to protect the security of your personal data and is constantly reviewing and enhancing our information security measures.

10. RETENTION OF PERSONAL DATA

10.1 The Church will only retain the personal data collected for as long as it is required for the fulfilment of the purposes or allowed by any applicable law to be retained and will ensure that personal data that is no longer needed will be destroyed or disposed of in a secure manner.

10.2 Any unsolicited personal data received from individuals will be assessed whether it is necessary to provide the individual with services that they have requested for and will be deleted if found to be unnecessary.

11. TRANSFER OF PERSONAL DATA

The Church may transfer your personal data outside of Singapore.  Where the Church does so, we will comply with the PDPA and other applicable data protection and privacy laws.

12. QUESTIONS AND FEEDBACK

12.1  If there are any queries about this policy or feedback regarding the handling of personal data, please contact the Archdiocesan Data Protection Officer at dpo.nov@catholic.org.sg  directly.

12.2 Any query or complaint should include, at least, the following details:

  • Your full name and contact information
  • Brief description of your query or complaint

12.3 All feedback is taken seriously and will be reviewed accordingly. The Church will endeavour to resolve all raised issues efficiently.

13. LINKS TO OTHER SITES

13.1 Our web services may contain links to other web services that are not operated by us.  If you click on a third-party link, you will be directed to that third party’s website.

13.2 It is important that you review the privacy policy of every site you visit. We have no control over, and are unable to assume any responsibility for the content, privacy policies or practices of any third-party sites or services.

14. CHANGES TO THE POLICY

14.1 The Church may review and update our policy, procedures and processes from time to time and may amend the terms of this policy at our discretion.  We will post the latest version of our Policy on our website which can be view at https://novenachurch.com.  Please revisit this page periodically to ensure that you are well-informed of our latest policy.

14.2 Changes to this Policy are effective when they are posted on our website.

1st updated on 10 June 2021, 2nd update on 3 March 2024, Last updated:  1 December 2024

In Him, there is Plentiful Redemption.