Our Privacy Policy
Elim Community Services (‘ECS’) is committed to safeguarding your privacy as accordance with the Personal Data Protection Act passed by the Singapore Government Parliament in October 2012. This following describes how we collect, use, disclose and care for the Personal Data of all individuals whom we deal with, including visitors to our website: www.elim.org.sg.
Personal Data
Personal Data refers to information which identifies you (or information which may be used together with any other information to identify you) such as your name, personal identification number (NRIC, passport number or other personal identifiers, which includes Birth Certificate numbers, FIN and Work Permit numbers etc.), electronic email address, mailing address, contact numbers, etc.
Collection, Use and Disclosure of Personal Data
Your Personal Data which we may collect are either: (a) acquired from you with your consent; or (b) voluntarily given to us by you. Your Personal Data will be used by us to carry out our activities. Specifically, they will be used for purposes which you have consented to. We will not disclose your Personal Data to third party fundraisers or for marketing purposes.
If you consent to our collection of your Personal Data, the purpose for which your Personal Data will be used would be made known to you before your consent is sought.
If your Personal Data was voluntarily given to us by you, then you are deemed to have consented to our collection and use of your Personal Data. This occurs when you provide us with your Personal Data for the following purposes:
-
to call / email / SMS or contact us to:
-
ask for support
-
refer us to someone in need of our support
-
enquire about our services
-
ask about the upcoming events and activities
-
-
to donate to us
-
to request to be in our mailing list
-
to sign up as a volunteer
-
to apply for assistance schemes
-
to receive in-kind / sponsored gifts
-
to participate in community outreach activity/event
-
to apply for employment
-
to enrol yourself or your family members in our programme
-
to respond by email to a web or direct communication
You are also deemed to have consented to our collection and use of your Personal Data when we take reasonable steps to alert you of our intention to collect or use your Personal Data for the above purposes and you do not object to such a collection or use of your Personal Data. If you wish to raise an objection, you may do so by
(a) informing our Data Protection Officer of your objection at the email address stated above; or (b) informing any of our staff members of your objection through telephone calls, text or voice messages, and you should do so within one (1) month from the date on which you have been alerted of our intention to collect or use your Personal Data. Prior to collecting your Personal Data in the aforementioned manner, we will conduct an assessment to determine if our proposed collection of your Personal Data will have an adverse effect on you. If so, measures are put in place to (a) eliminate any adverse effect; (b) reduce the likelihood of the occurrence of any adverse effect; and (3) mitigate the adverse effect. We will also ensure that all other prescribed requirements are satisfied and/or complied with.
In relation to the use of NRIC and other personal identifiers, please note that under the Advisory Guidelines on the Personal Data Protection Act for NRIC and other National Identification Numbers issued on 31 August 2018, organisations are generally not allowed to collect, use or disclose NRIC numbers (or copies of NRIC) and may only do so in specified circumstances (i.e., where required under the law to do so; where an exception under the Personal Data Protection Act applies; or where it is necessary to accurately establish or verify the identities of individuals to a high degree of fidelity). In that connection, we require your NRIC and/or passport number for verification purposes. As we work with seniors in the community, a failure to accurately ascertain the identity of a volunteer to a high degree of fidelity may pose a significant safety or security risk to them, which is why we require your NRIC and/or passport number or other personal identifiers.
We do not collect any Personal Data when you browse our websites. When you visit our website, your Internet Protocol (‘IP’) address is automatically collected and temporarily stored for statistical purposes and/or in order to make available our website to you. However, we are unable to identify you as an individual from your IP address. If you are a donor or supporter of ECS, we may publish your name in our annual reports, websites and collaterals, unless you have given written instructions not to publish your name in the materials stated above.
If you do not wish to receive our communications or do not wish to be contacted, you may opt out by writing to our Data Protection Officer at the mailing address or email address stated above.
Disclosure and Emergency
We will not share your Personal Data with third parties without your consent unless required to do so by law or in emergency situations that threatens your or another person’s life, health or safety to the hospital, police or law enforcement agency.
Protection of Personal Data
We will protect your Personal Data in our possession or under our control by making reasonable security arrangements to prevent any unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, and the loss of any storage medium or device on which your Personal Data is stored.
Retention of Personal Data
We will take suitable steps to ensure the information is accurate, up to date and kept only for so long as necessary for the purposes for which it is intended/used, provided that retention is no longer required for any legal or business purpose.
Data Breaches
A data breach may take many different forms, such as:
-
loss or theft of data or equipment on which personal data is stored;
-
unauthorised access to or use of personal data either by a member of staff or third party;
-
loss of data resulting from an equipment or systems (including hardware and software) failure;
-
human error, such as accidental deletion or alteration of data;
-
unforeseen circumstances, such as a fire or flood;
-
deliberate attacks on IT systems, such as hacking, viruses or phishing scams; or
-
where information is obtained by deception.
Where there is reason for us to believe that a data breach affecting the personal data in our possession or under our control has occurred, we will conduct (in a reasonable and expeditious manner) an assessment of whether the data breach is a notifiable data breach. A notifiable data breach is a data breach that: (a) results in, or is likely to result in, significant harm to an affected individual; or (b) is, or is likely to be, of a significant scale.
If we assess that there has been a notifiable data breach, we will notify the Commission of such a breach as soon as is practicable (which will in any case be no later than 3 calendar days after our assessment of the notifiable breach). If you are one of the affected individuals, you will be notified of the notifiable data breach unless we are required by law or by the Commission not to do so, or if we have taken any action in accordance with any prescribed requirement, which renders it unlikely that the notifiable data breach will result in significant harm to you as the affected individual.
Online postings
ECS reserves the right to monitor, remove and review the contents when found to be objectionable by us:
-
online discussions
-
online chats
-
forums
-
postings
-
message boards
Your consent
By providing us with your personal information you consent to the collection and use of that information for the purposes and in the manner described in this Privacy Policy.
Links to other websites
This website contains links to other websites that are not managed or maintained by ECS. We are only responsible for the one named websites (as stated above) that are under our charge and the information collected by them.
Changes/Updates
We will update the terms of the Privacy Policy Statement from time to time and the ‘Last Updated’ date at the top of our Policy will be amended accordingly. Please check the 'Last Updated' date for the last date of change.
If you have any queries about this policy statement, wish to change or update your Personal Data or wish to withdraw your consent for the use of your Personal Data, please write to us and attention it to the Data Protection Officer at Elim Community Services Limited, 1079 Serangoon Road, Postal 328182 or email to dataprotectionofficer@elim.org.sg.
We will respond to you within a reasonable period of time, depending on the nature and complexity of your query. If you wish to withdraw your consent for the use of Personal Data, please allow 2 weeks for us to process your request.