Personal Data Protection Policy

The Salvation Army ("TSA") respects the privacy of all our customers and business contacts, and is committed to protecting the personal information you provide to us. This Personal Data Protection Policy (“Policy”) aims to help you understand how we collect, uses and discloses personal data about you while recognizing both your right to protect personal data about you and our need to collect, use or disclose it for purposes that we believe are reasonable and appropriate in the circumstances of the Army’s Corps, charitable work, and other work in the community.

1. Application of Policy
   This Policy is based on the Singapore Personal Data Protection Act 2012 (“PDPA”) and all the associated regulations and guidelines as may from time to time be issued by the Personal Data Protection Commission (“PDPC”) of Singapore. TSA may be subject to different or more restrictive local laws in the jurisdictions outside of Singapore.
   
   This Policy provides information about how TSA collects, uses and discloses personal data about you while recognising both your right to protect personal data about you and our need to collect, use or disclose it for purposes that we believe are reasonable and appropriate in the circumstances of the TSA’s Corps, charitable work, and other work in the community.
   
   It applies to the personal data of all individuals (‘you’, ‘your’, etc.) who attend services or other meetings of TSA Corps and/or are the beneficiaries/clients or potential beneficiaries/clients of the TSA’s work as well donors, employees, volunteers, and online users of our website (https://www.salvationarmy.org.sg) and associated microsites.
   
   If you are not in any of these categories but we collect, use or disclose personal data about you in the course of our work in the community, this data protection policy will apply to that personal data consistently with the way in which it applies to the above individuals.


2. Collection of Personal Data
   We collect personal data directly from you or your authorised representative. We do this in various ways, including in-person meetings and interviews, forms, and questionnaires.
   
   For the purpose of carrying on TSA’s business, you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
   1. Full Name
   2. Mobile Number
   3. Residential Address
   4. Home Number
   5. Personal Email Address
   6. Passport/NRIC number
   7. Date of Birth
   8. Photograph
   9. Medical History
   10. Payment methods (e.g. Credit Card number, Bank Account number)
   11. Financial / employment information
   12. Social information (e.g. Family tree, financial details of each family member, personal likes/dislikes, religion, smoking history, alcohol history)


3. Use of Cookies
   We and our business partners collect information about your use of our online services using cookies. This collection of data is used for statistical analysis about our website for use by us or our advertisers. Any information shared will not identify who you are, but rather be mathematical data about our visitors and their use of our site. The data does not give out any personal details. Cookies may be used to gather this general internet data. When used, cookies are downloaded to your computer without prompting. The cookie file is stored on your hard drive, where the files are transferred to. This information will help us improve our site and services to you. Most web browsers and devices can be set to notify you when you receive a cookie or to prevent cookies from being sent; if you use these features, you may limit the functionality we can provide you when you visit our site.


4. Use of Personal Data Collected
   TSA either currently uses or may in the future use your personal data for the purposes you have been notified of and consented to or which are not prohibited by applicable law. This includes the following purposes:
   1. Verification of identity
   2. Client registration
   3. Application of grants and financial aid
   4. Provision of medical care
   5. Referral to other service providers in relation to care
   6. Government audits and applications for government schemes
   7. Processing of billing for services
   8. Processing of donations, including filling of tax deductibility for eligible donations
   9. Responding to, handling, and processing queries, requests, applications, complaints, and feedback
   10. Facilitate product and service development via feedback, data analysis, and market research
   11. For safety and security purposes
   12. Sending you marketing information about our goods or services including notifying you of our events and initiatives
   13. Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority
   14. Transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes
   15. Any other purposes which TSA may inform you of in writing from time to time, but for which TSA will seek your separate consent
   If we wish to use, disclose or process your Personal Data for another purpose we will seek your explicit consent in writing beforehand.


5. Disclosure of Personal Data
   We may disclose or share your personal data to third party service providers, agents, government agencies and other organisations we have engaged to perform any of the functions listed in clause 3 above for us where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you.


6. Withdrawal of Consent
   The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing.
   
   If you do not wish for us to use or disclose your Personal Data for any of the above purposes, you may withdraw your consent at any time by contacting us at dataprotection@smm.salvationarmy.org and submitting your application for withdrawal of consent form. Depending on the circumstances and the nature or extent of your withdrawal, the withdrawal of your consent may result in us not being able to provide services to you.
   
   Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
   
   Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us at dataprotection@smm.salvationarmy.org . Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.


7. Access and Correction of Personal Data
   If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, please contact us at dataprotection@smm.salvationarmy.org and submit the relevant application for access to personal data form or the application for correction of personal data form.
   
   Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
   
   We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
   
   There are some circumstances where we are not required to provide you with information, and others where we are not allowed by the PDPA to do so. In some circumstances we may be able to provide you with limited information. You may obtain information about all of these circumstances from our Data Protection Officer.
   
   We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. The fee will reflect our incremental costs associated with responding to your request. You may obtain information about the fee from our Data Protection Officer.


8. Accuracy of Personal Data
   TSA keeps personal data as accurate, complete and up-to-date as possible, by taking into account its use and the interests of our customers. The data provided will be validated by making references to generally accepted practices and guidelines. This includes the requests to see original documentation before using your personal data. In order to ensure that your personal data is current, complete and accurate, if there are changes to your personal data, please update us at dataprotection@smm.salvationarmy.org.


9. Protection of Personal Data
   TSA protects personal data against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security protection measures which are appropriate to the sensitivity of the personal data.
   
   To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
   
   However, with the existing protection measures in place to protect your personal data, you should be aware that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.


10. Retention of Personal Data
    TSA will retain your personal data only for as long as the purposes for which the data is collected or used (as notified to you) continues, or where necessary for our legal or business purposes. Thereafter, TSA will delete or destroy the personal data, or restrict access to data which can be associated with you.


11. Transfer of Personal Data Outside of Singapore
    We have taken steps to ensure that appropriate levels of protection necessary to maintain the security and integrity of your personal data are in place. In addition, any data transferred outside of Singapore is processed only in accordance with the PDPA and any other applicable law.


12. Third Party Links
    We may provide links to third party websites ("Linked Sites") that may be of relevance and interest to you. We have no control over, and are not responsible for the privacy practices or the content of such Linked Sites, and you hereby waive any claim against us with respect to the Linked Sites.


13. Complaints
    Please direct any queries or complaints you have about the way in which we collect, use or disclose personal data about you to our Data Protection Officer. Generally, we are unable to deal with anonymous complaints because we are unable to investigate them. If you raise a complaint anonymously we will nevertheless note the matter raised and, if possible, investigate and resolve it appropriately.
    
    Whenever you make a complaint, our Data Protection Officer will seek to obtain sufficient information from you to enable us to investigate it. Please be prepared to provide our Data Protection Officer with information as to, for example:
    
    1. the type of action, or lack of action, by us that has given rise to your concern;
    2. whether it was an isolated incident or is ongoing and, in the case of an isolated incident, when it occurred;
    3. a copy of any relevant correspondence/ evidence you hold; and
    4. details about what you consider should have happened or should not have happened.
    
    Immediately upon receiving a complaint our Data Protection Officer will investigate it and within ten (10) business days advise you of:
    
    1. the outcome of the complaint and the reasons for that outcome; or
    2. write to you (which may be by email) advising you that the Data Protection Officer needs more time to investigate the complaint and stating when the Data Protection Officer expects to have resolved the complaint for you.
    
    If a complaint is settled to your complete satisfaction, our Data Protection Officer is not required to advise you in writing of the outcome of the complaint, unless you request a written response (which may be by email).
    
    If a complaint is not settled to your complete satisfaction, our Data Protection Officer will advise you of the outcome of the complaint and the reason(s) for that outcome in writing (which may be by email). If you are not satisfied with the outcome, you may take your complaint to the Personal Data Protection Commission.


14. Data Protection Officer
    We have appointed a Data Protection Officer who is contactable as follows:
    Send an email to: dataprotection@smm.salvationarmy.org
    Call: 6555 0188
    Write to us at: 20 Bishan Street 22, Singapore 579768
    Fax us at: 6552 8542


15. Changes to Policy
    We reserve the right to modify or change this Policy at any time. The Effective Date, as stated below, indicates the last time this policy was materially revised. Please refer to this page for any changes and updates to our Policy regarding our handling of your personal data

Effective date: 31 January 2024