Personal Data Protection Policy ( “POLICY” )
1. Introduction
1.1. Purpose of policy
Empower Ageing(EA) is committed to safeguarding the personal data entrusted to it by the individuals. This Policy sets out how Empower Ageing uses, collects and disclose personal data about you so that we can serve you better. It also sets out how you can update us or request to be unsubscribed from our records.
1.2. Definitions
Personal Data
Personal data generally refers to data about an individual who can be identified from that data, in whatever form. It includes information such as individual’s name, identification number, address, mobile phone number, email addresses and photos and video images of the person (including CCTV images). Employee data of Empower Ageing, such as salaries, medical records and educational records, is also recognised as personal data and is subject to all the obligations of the PDPA.
2. Policy Statement
EA will:
- comply with regulatory requirements as stated in the PDPA 2012;
- respect individual rights;
- be transparent and honest to the individuals whose data are held by us;
- provides training and support for staff and volunteers who handle personal data, so that they may confidently comply with this policy
- properly documented and protected by appropriate security and kept with trusted and authorised parties;
- kept for no longer than necessary.
3. Data Collection, usage and disclosure
3.1 Purpose for Information Collection
Personal data collected by Empower Ageing is mainly to help us understand your needs so as to enable us to serve you better.
These purposes include the following:
3.2 How do we acquire your personal data
Personal data is to be collected by fair, transparent and lawful means, without misleading or deceiving individuals as to the purposes for collection of personal data about them. Empower Ageing may collect personal data from a number of channels, but are not limited to:
- name, NRIC/FIN/Passport number, date of birth, gender;
- contact information, such as postal address, email address, telephone and fax number; and
- billing information, including name of the credit/debit card holder, credit/debit card number, security code and expiry date
3.3. Consent
Empower Ageing shall always seek consent from individual to collect, use or disclose the individual’s personal data, except in specific circumstances where collection, use or disclosure without consent is authorised or required by law.
Empower Ageing may not be able to fulfil certain services if individuals are unwilling to provide consent to the collection, use or disclosure of certain personal data.
3.4. Deemed Consent
Empower Ageing may assume individual has consented to collection, usage and disclosure of their personal data in situations where the individual provided information for obvious purposes.
Empower Ageing may deem individual’s consent was obtained for personal data collected prior to 2nd July 2014 for the purpose of which the personal data was collected. The consent may include for Empower Ageing usage and where applicable include disclosure.
Empower Ageing need not seek consent from staff (including volunteers and part-time workers) for purposes related to the staff’s work in Empower Ageing. However, staff’s consent shall be obtained if such purpose is unrelated to their work. Staff shall be informed that their personal data may be disclosed to public and arrangements may be made to limit such disclosure with mutual agreement.
3.5 Withdrawal of Consent
Any individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for Empower Ageing to fulfil its legal obligations. Empower Ageing shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between the individual and Empower Ageing. Empower Ageing may cease such services or arrangements as a result of the withdrawal.
3.6. Notification obligation
Empower Ageing shall collect this personal data directly from the individuals.
Prior or during collecting personal data, Empower Ageing shall make known to the individual the purpose for which the personal data was collected, except when such personal data is provided by an individual for an obvious purpose (E.g. individual provided personal data to register for an event, as such the purpose is for that event participation).
3.7. Accuracy obligation
Empower Ageing shall make every reasonable effort to ensure that individuals’ information it keeps are accurate and complete. Empower Ageing relies on individuals’ self-notification of any changes to their personal data that are relevant to Empower Ageing.
3.8. Data disclosure and Transfer of personal data in and outside Singapore
Empower Ageing may disclose individual personal data to internal/external/overseas organisations for necessary and appropriate purposes. Such transfer shall be done in a manner that is secure and appropriate align with PDPA requirements.
4. Security and storage
4.1. Protection of Personal data
All personal data held must be secured and protected against unauthorised access and theft.
Empower Ageing shall ensure that:
- Restriction of personal data access within the organisation;
- Provide physical security to personal data records and files;
- Personal computers and other computing devices that may access to personal data are password protected. Passwords are managed in accordance with industry best practices;
- Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorised access.
4.2. Storage of Personal Data
- Making confidential on documents with personal records clearly and prominently;
- Storing hardcopies of documents with personal records in locked file cabinet systems;
- Storing electronic files that contain personal data in secured folders.
4.3. Retention Limitation Obligation
EA shall retain individual’s personal data only for as long as it is reasonable to fulfil the purposes for which the information was collected for or as required by law.
5. Access and correction of personal data
We can provide and help you access your own personal data:
- Request for personal copy – A nominal administrative fee will be charged;
- For update or correction.
Request for personal data access or correction by individuals, including any enquires and complaints shall be submitted to Empower Ageing in writing to the Data Protection Officer at the following address and contact information:
Attention: Data Protection Officer
Empower Ageing
81 Ubi Ave 4, #11-09, Singapore 408830
Email: [email protected]
Telephone: 68419136
We may refute your access in cases if and when such related personal data is under legal proceeding, no proper identification or request is carried out with suspected fraudulent intent.
6. Accountability Obligation
Empower Ageing shall develop and publish data protection policy statements to inform staff, including part-time staff and volunteers, declaring the manner that their personal data are collected, used and disclosed. The data protection policy statements are made available to staff and the public in our website.
7. CCTV, video recording and photography
CCTV, video footage and photos may constitute personal data if an identifiable individual is captured.
- Appropriate notices shall be put up to inform that the premises are covered by CCTV video surveillance
- Notices shall be put up to inform visitors and volunteers that photographs and videos taken may be used by Empower Ageing for communication and publicity purposes in print or electronic media.
8. Data Breach Notification Obligation
Even with reasonable protection measures in place, there may be a possibility of a data breach. In the event the data breach is assessed to be notifiable, Empower Ageing will notify the affected individuals as soon as practicable, at the same time or after notifying the Commission. If the breach warrants notification to the Commission, Empower Ageing will make notification as soon as practicable but no later than three (3) calendar days.
9. Policy review
The Personal Data Protection Policy shall be maintained and updated by the Data Protection Officer, reviewed and approved by the Management in a timely manner but shall review at least yearly.
Approved and Effective Date: Dec 2023