The PDPA aims to safeguard individuals’ personal data against misuse by regulating the proper management of personal data. Generally, individuals have the right to be informed of the purposes for which organisations are collecting, using or disclosing their personal data, giving them more control over how their personal data is used.
i. Personal data includes but is not limited to the following:-
a. Unique identifiers (e.g. NRIC number, passport number); photographs or video images of an individual (e.g. CCTV images);
b. Any set of data (e.g. name, age, address, telephone number, occupation, etc), which when taken together would be able to identify the individual, including images captured by CCTV Cameras within SOS premises.
PDPA does not apply to company or organisation data. Business contact information provided by individuals for business purposes are excluded from data protection requirements of PDPA.
CONSENT, PURPOSE LIMITATION AND NOTIFICATION OBLIGATIONS
i. SOS would notify individuals of collection, use and disclosure purposes of Personal data.
ii. Consent must be obtained unless the following exceptions apply (non-exclusive):-
a. The collection, use or disclosure is necessary for any purpose that is clearly in the interest of the individual, if consent for it cannot be obtained in a timely way or the individual would not reasonably be expected to withhold consent.
b. The collection, use or disclosure is necessary to respond to an emergency that threatens the life, health or safety of the individual or another individual.
c. The collection, use or disclosure is necessary in the national interest.
iii. For additional exemptions, please find the following PDPA Schedules:-
d. In forms used to collect personal data, it is stated that SOS assumes individuals give deemed consent to collection, use or disclosure of personal data if they voluntarily provide such data to them or when they represent and disclose personal data about relevant third parties (e.g. dependents or immediate family members).
iv. The purpose for collection of personal data for SOS include but are not limited to the following:-
a. Admission to SOS; b. Assessment and management of volunteers as part of on boarding volunteers operations; c. Collection of donations; d. Employment; e. Communications with stakeholders and partners on the happenings of SOS as well as donation solicitation via appeal letter or other donation mediums; f. Regulatory and legal requirements.
v. The extent of collection of required personal data is dependent on the need to use the information for onward submission to relevant government agency for compliance purpose.
ACCESS AND CORRECTION OBLIGATIONS
Individuals can place their requests inwriting either through post or email to the Data Protection Officer (DPO) in order to access, correct or withdraw consent for the collection, use and disclosure of personal data. SOS would respond accordingly based on the type and reasonableness of the request:
SOS would provide an individual with his/her personal data under the control of SOS and ways in which the personal data was used and discussed during the past 12 calendar months. However, SOS would not accede to the request if it:
a. Threatens the physical/mental health of other individuals or the requestor; b. Reveals personal data about other individuals or others who provided personal data about other individuals; and c. Has reasonable grounds that such request is contrary to national interest.
SOS would amend errors or omissions in reported personal data within its collection if aware of the error/omission.
withdrawal of consent
SOS would advise the individual that its ability to provide assistance may be impeded as a result of withdrawing consent given or deemed to have been given in respect to the collection, use and disclosure of personal data. Request to remove personal data from SOS may be denied if required by law and/or relevant authorities for retention. Users may exercise the option of withdrawal by notifying SOS of their intentions either by mail:
Attention: Data Protection Officer Samaritans of Singapore 10 Cantonment Close, #01-01 Singapore 080010
SOS would ensure that the personal data collected is accurate and complete through requests stated in all forms collecting personal data and publication materials. SOS would, where appropriate take steps to authenticate the personal information collected.
i. SOS would protect personal data by making reasonable security arrangements to prevent unauthorised access,collection, use, disclosure, copying, modification, disposal or similar risks.
ii. In determining what security arrangements are reasonable and appropriate in the circumstances, SOS would take into account the following factors:-
a. Nature of the personal data; b. Form in which the personal data is collected (e.g. physical or electronic); and c. Possible impact to the individual concerned if an unauthorised person collected, modified or disposed such personal data.
RETENTION OBLIGATION LIMITATION
SOS would determine the appropriate retention period/s of all documents (including electronic storage) and would dispose, delete or remove appropriately such documents when it reaches its retention time limit or when such retention no longer serve the purpose for its collection or when such retention is no longer necessary for legal or business purposes.