PRIVACY & DATA PROTECTION POLICY

Novena Church recognises the importance of personal data entrusted to us.
We strongly believe and are committed to discharging our duty to ensure that your personal data is properly managed, protected and processed.
This Data Protection Policy is intended to assist you in understanding how we collect, use, disclose, protect and process any personal data that we receive from you, and designed in accordance with the requirements under the Personal Data Protection Act 2012 (“PDPA”).

1. Introduction to the Personal Data Protection Act 2012

1.1 “Personal Data” is hereinafter defined as data, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access.
1.2 Various examples of Personal Data may include full names, NRIC/FIN numbers, passport numbers, mobile telephone numbers, photographs or video images of an individual, and personal email.
1.3 In general, before we collect any personal data from you, we will notify you of the purposes for which your Personal Data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your Personal Data for the intended purposes.

2. Purposes for Personal Data

2.1 Depending on the type of relationship you have with us, the Personal Data that we gather from you may be collected, used and/or disclosed for the following purposes.
2.2 Administering and/or managing relationships with Novena Church (including responding to enquiries, the mailing of correspondence, statements or notices which could involve the disclosure of certain Personal Data to bring about delivery of the same);
2.3 Responding to requests for information from government or public agencies, ministries, statutory boards or other similar authorities or non-government agencies authorised to carry out specific Government services or duties;
2.4 Carrying out market-related, evaluative or similar research and analysis for Novena Church and policy planning purposes, including providing data to external parties for programme evaluation and partner institutions for jointly administered programmes;
2.5 Outreach and engagement to garner support and resources for Novena Churc, its community and affiliated institutions;
2.6 Supporting Novena Church functions including, but not restricted to, the personal and professional development of staff and administration of Novena Church;
2.7 Engaging worshippers including but not limited to notification on Novena Church-related initiatives and activities, invitation to Novena Church-related events, updating of worshipper information, invitation to participate in worshipper surveys and sending of communication collaterals;
2.8 Taking of photographs and/or videos (whether by Novena Church or third party photographers and/or videographers) during programmes, events or seminars organised by Novena Church or its affiliates for publicity purposes;
2.9 For record keeping (including and not limited to video surveillance, visitor registration);
2.10 To provide updates on Novena Church events;
2.11 If consented to in the registration form and/or other methods of consent notification, providing marketing, advertising and promotional information via postal mail, electronic mail, SMS or MMS, fax and/or voice calls;
2.12 Any other purposes which Novena Church may inform you of in writing from time to time, but for which Novena Church will seek your separate consent.

3. Specific Issues for the Disclosure of Personal Data to Third Parties

3.1 We respect the confidentiality of the Personal Data you have provided to us.
3.2 In that regard, we will not disclose any of your Personal Data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your Personal Data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
3.3 Situations in which the disclosure is required based on the applicable laws and/or regulations;
3.4 Situations in which the purpose of such disclosure is clearly in your interests and consent cannot be obtained in a timely way;
3.5 Situations in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
3.6 There are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
3.7 Situations in which the disclosure is necessary for any investigation or proceedings;
3.8 Situations in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer; and/or
3.9 Situations in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
3.10 Where Personal Data is disclosed to third parties with your express consent, we will provide for adequate forms of protection over such Personal Data and employ our best efforts to require such third parties to protect your Personal Data in compliance with the PDPA and our data protection policies.

4. Request for Access, Correction and/or Withdrawal of Personal Data

4.1 You may request to access and/or correct the Personal Data currently in our possession, or have the option to withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by submitting a written request to our PDPA Contact Person (See Below).
4.2 For a request to access your Personal Data, we will provide you with the relevant Personal Data within a reasonable time from such a request being made.
4.3 For a request to correct your Personal Data, once we have sufficient information from you to deal with the request, we will send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
4.4 For a request to withdraw consent, we will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your Personal Data in the manner stated in your request.
4.5 The withdrawal of your consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we will be unable to continue with your existing relationship with us.
4.6 We may also be charging you a reasonable fee for the handling and processing of your request to access and/or correct your Personal Data. You will be notified in advance of such cost, and we will provide you with a written estimate of the fee we will be charging.

5. Administration and Management of Personal Data

5.1 We will take reasonable efforts to ensure that your Personal Data is accurate and complete and updated.

5.2 Reasonable security arrangements will be made to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.

5.3 We will also take reasonable efforts and measures to ensure that the Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.

6. Updates on Data Protection Policy

6.1 As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will be reviewing our policies, procedures and processes from time to time.
6.2 We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. You may request for the latest version of the Data Protection Policy at any time.
6.3 You are strongly encouraged to check and/or request for the latest version of the Data Protection Policy from time to time on our website, https://novenachurch.com/, to ensure that you are well informed of our latest policies in relation to Personal Data Protection.

7. Complaint Process and Feedback

7.1 If you have any complaint, grievance or feedback regarding how we are handling your Personal Data or about our compliance with the PDPA, you are welcome to contact us with your complaint, grievance or feedback.
7.2 Kindly contact us through one of the following methods with your complaint, grievance or feedback:
7.3 Singapore Telephone Number: 6255 2133
7.4 Email: secretariatcssr@novenachurch.com  Attention it to the ‘Data Protection Officer’
7.5 Office Address: Church of St. Alphonsus (Novena Church) 300 Thomson Road, Singapore 307653

7.6 We will certainly aim to deal with any complaint, grievance or feedback that you may have efficiently and fairly.

updated as at 10 June 2021