BETHANY CHURCH SINGAPORE DATA PROTECTION NOTICE

This Data Protection Notice (“Notice”) explains how Bethany Church Singapore (“we, “us”, “our” or the “Church”) manages your personal data in compliance with the Personal Data Protection Act 2012 (“PDPA”).

We collect, use, disclose, transfer, store and/or process your personal data in accordance with this Notice. This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for or in connection with the purposes identified below.

PERSONAL DATA

  1. As used in this Notice:

    “personal data” means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

  2. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include full name, identification numbers such as NRIC, FIN, work permit, and passport numbers, contact information such as your residential address, email address or telephone number, nationality, gender, date of birth, marital status, medical history, photographs and other audio-visual information, employment details such as your job title/profession and your employer’s name and address, religious information (attendance, denominational details, spiritual milestones), names and ages of children, emergency contact information of your preferred emergency contact, your signature, photographs, audio/video recordings and digital images, Internet Protocol address (which is automatically collected when you access this Site), information about your web browser type and version (automatically collected when you access this Site) and access times, information about your mobile device model and software version, which allows us to identify and fix bugs and otherwise improve the performance of our App, cookies, information you post on the Site and/or the App, CCTV footage (when you are within our premises or when you participate in events organised by us), other information which you may provide to the Church. For the avoidance of doubt, data that has been anonymised by the removal of personally identifiable information shall not be regarded as personal data.
  3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

COLLECTION, USE, DISCLOSURE AND TRANSFER AND/OR PROCESSING OF PERSONAL DATA

  1. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
  2. We may collect, use, disclose, process and/or transfer your personal data, whether obtained from you or from other sources, for the following purposes:
    • Processing and evaluating your registration to our membership or other forms of applications submitted by you;
    • Verifying your identity;
    • Establishing or managing your relationship with us;
    • Providing pastoral care and oversight;
    • Connecting you to cell groups or other ministry/homogeneous groups, including Community of Love groups and managing cell groups and attendance information;
    • Providing you with information on our upcoming events or activities in person or virtually, where you have specifically requested to receive such information;
    • Sharing testimonies (which may or may not be anonymised), including during our private and public services, activities, gatherings, programmes and events, on our website and on our social media platforms including but not limited to FaceBook, Instagram, and YouTube;
    • Notifying you of our news, announcements, publications, activities and events;
    • Internal record keeping;
    • Responding to, handling, and processing queries, requests, applications, complaints and feedback from you;
    • Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
    • Managing our administration and operations, including but not limited to audit, accounting, risk management and record keeping purposes;
    • Monitoring, evaluating, improving, enhancing and developing our services, the quality of our services provided, and the effects of the services provided (both in the short and long term, and after you have stopped using the services);
    • Enabling you to access or use the Site and/or the App, including enabling you to post content on the Site and/or the App;
    • Performing our obligations in the course of or in connection with the provision of our services or your use of the Site and/or App;
    • Evaluating whether to, temporarily or permanently, suspend, revoke, or terminate your account on the Site and/or the App;
    • Notifying you when updates and upgrades are available for the App;
    • To store, host, back up data, including personal data;
    • To prevent a threat to life, health or safety, if necessary;
    • Transmitting to our third party service providers and agents, whether in Singapore or abroad, for the aforementioned purposes; and
    • Any other incidental purposes related to or in connection with the above.
    The purposes listed may continue to apply even in situations where a person’s relationship with us has been terminated or altered in any way, for a reasonable period thereafter.
  3. We may disclose or permit the disclosure of your personal data to:
    • relevant leaders, staff, vendors, volunteers, partners and third party service providers or other organizations, whether located in Singapore or outside of Singapore, for fulfilling any of the purposes listed in clause 5 above;
    • where such disclosure is required for, or in connection with, the provision of the services requested by you;
    • comply with any applicable laws, regulations, codes of practice, guidelines, rules or requests by public agencies, or to assist in law enforcement and investigations;
    • any other party to whom you authorised us to disclose your personal data to, or where necessary to undertake any action requested by you;
    • our professional advisers (including but not limited to lawyers, accountants and auditors) to the extent that it is necessary to disclose such information;
    • service providers which provide services to or conduct business activities on our behalf, including cloud data storage services.
  4. We will make reasonable arrangements to ensure that the third parties, whom your Personal Data is being disclosed to, will provide an undertaking or undertake contractual obligations to provide a standard of protection, or are by the applicable law required to provide a standard of protection, for the transferred Personal Data that is comparable to that of the PDPA. If your personal data is transferred out of Singapore, we will take make reasonable arrangements to ensure that the recipients are bound by legally enforceable obligations (such as laws, contracts, binding corporate rules or any other legally binding instrument), so that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. However, we do not provide any warranty or take any responsibility on the manner or care in which these third parties maintain, protect or utilise your Personal Data, or any misuse by such third parties.

REQUESTS FOR WITHDRAWAL OF CONSENT, ACCESS, OR CORRECTIONS

Withdrawal of Consent

  1. The consent that you provide for the collection, use, disclosure and transfer of your personal data will remain valid until such time it is being withdrawn by you or your authorised representative in writing. You or your authorised representative may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request via email or otherwise in writing to our Data Protection Officer at the contact details provided below.
  2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within twenty-one (21) business days of receiving it.
  3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in the manner described in clause 8 above.
  4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
  5. Please note that we may use personal data, without consent, to the extent permitted under the PDPA, for the purposes of improving, enhancing and developing:
    1. the quality of our programs and services.
    2. the quality of our operational processes.

Access To and Correction of Personal Data

  1. You may request:
    1. access to your personal data held by us;
    2. correction of your personal data;
    3. deletion of your personal data (but only where it is no longer required for a legitimate purpose);
    4. that you no longer receive marketing communications;
    5. that the processing of your personal data is restricted; and/or
    6. that certain personal data that you have provided to us in a structured, digital form be transmitted to another party, if this is technically feasible.
  2. If you would like to request access to, correction or deletion of your personal data, or request that the processing of your personal data be restricted, or opt out of marketing communications, you may (as applicable), (a) follow the instructions in the applicable communication, or (b) email our Data Protection Officer at the contact details provided below.
  3. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the applicable fee before processing your request.
  4. In order for us to facilitate the processing of your request, it may be necessary for us to request further information relating to your request.
  5. If you make a specific request, the request must:
    1. provide enough information for us to be able to verify you are the person whose personal data we hold or are an authorised representative of that person. We cannot respond to your request unless we can verify your identity or authority to make the request. We will aim to verify your identity based on personal data we already hold about you. If we need to request further information from you in order to verify your identity, we will only use that personal data for the purposes of identifying you or that you have authorized the request; and
    2. describe your request in enough detail so that we can properly locate the personal data the request relates to.
  6. To the extent permissible under law, we may refuse such requests if deemed unreasonable.
  7. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) business days after receiving your request, we will inform you in writing within thirty (30) business days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

PROTECTION OF PERSONAL DATA

  1. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures. We will take reasonable measures to protect your Personal Data from unauthorised access, improper use, disclosure or transfer, unauthorised modification, unlawful destruction or accidental loss.
  2. You should be aware, however, that no method of transmission over the internet or method of electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of the personal data and will constantly review and enhance our information security measures. If you have reason to believe that your interaction with us is no longer secure, please immediately notify our Data Protection Officer at the contact details located below.
  3. We do not represent or warrant that our Site and App are free of errors, infection by computer viruses, and/or other harmful or corrupting code, program, macro and such other unauthorized software. We do not assume responsibility for any unauthorised use of your Personal Data by third parties, which are wholly attributable to factors beyond our control.
  4. Our staff and volunteers are required to keep Personal Data confidential and only authorised persons have access to such information.

ACCURACY OF PERSONAL DATA

  1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer at the contact details provided below.

RETENTION OF PERSONAL DATA

  1. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
  2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

COOKIES AND LINKS

  1. A cookie is a small piece of information that is placed on your computer when you visit certain websites.
  2. We use cookies and other similar technologies in the following way:
    • Analytics: We use Google Analytics which provides us with information about how visitors use our website. Google uses cookies as part of the process to collect anonymous information, such as the number of visitors to the website, where they are from, the pages they visit and the length of time they have spent on our website.
  3. You may change your browser settings to block cookies or to alert you when cookies are being sent to your device. Please note that if you decide to disable cookies, you may not be able to access certain functions of our website.
  4. Please also note that when you visit our website, information is automatically collected by the technology platforms providing the experience. For example, your web browser or mobile device may share certain data with us as those devices interact with our website. This data includes device ID, network access, IP addresses, referrer headers, data identifying your web browser and version, web beacons and events.
  5. The Site and the App contains links to other websites. The Church is not responsible for the privacy policies and practices of third parties or third-party websites to which links are provided. You should check the privacy policies on these sites before providing any Personal Data.

MISCELLANEOUS

  1. To the maximum extent permitted by law, we shall not be liable in any event for any special, exemplary, punitive, indirect, incidental or consequential damages of any kind or for any loss of reputation or goodwill, whether based in contract, tort (including negligence), equity, strict liability, statute or otherwise, suffered as a result of unauthorised or unintended use, access or disclosure of your personal data.
  2. This Notice, our privacy practices and your use of our services or other media of collection in connection with services, shall be governed by Singapore law. We make no representation that this Notice and our privacy practices comply with the laws of any other country. If you are not residing in Singapore, your use of our website or application shall be deemed to mean that you will not hold us responsible for any non-compliance with the laws of your residence to the extent that such laws are applicable. Further, by your continued use of our website or our application for any services or events, you consent to the transfer and use of your personal data outside your jurisdiction.

DATA BREACH NOTIFICATION & DATA PROTECTION OFFICER

  1. In the event of a data breach that is a notifiable data breach under the PDPA, we will notify the affected individuals and/or the Commission in accordance with the PDPA’s requirements. We will use reasonable efforts to communicate with the affected individuals using the contact information provided to us or through other appropriate means where necessary. Our communication may include text messages, WhatsApp messages, Telegram messages, messages on any messaging platform, email, or phone calls.
  2. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, by way of email to dpo@bcs.org.sg or a call at 64634695.

EFFECT OF NOTICE AND CHANGES TO NOTICE

  1. This Notice applies in conjunction with any other notices, agreements, and contractual clauses that apply in relation to the collection, use, disclosure, transfer, and processing of your personal data by us. In the event of any inconsistency between this Notice and any other notices, agreements, and contractual clauses, this Notice shall prevail.
  2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Any revisions or changes shall become effective from the time the revised Notice is made available for your access at www.bcs.org.sg/privacy-notice. Your continued use of our services, or your application as a prospective user of our services, or your continued membership of Bethany Church Singapore, or your continued volunteering with us, or your continued employment or engagement with us constitutes your acknowledgement and acceptance of such changes.

Updated as at 1 November 2023.