Girl Guides Singapore (GGS) respects the rights of the individuals to protect their personal data. This data protection policy provides information about how GGS (‘we’, ‘us’, ‘our’) collects, uses and/or discloses personal data while recognising both your right to protect your personal data and our need to collect, use and/or disclose it for purposes that GGS believes are reasonable and appropriate in the course of GGS’s work and not limited to organising, coordinating, promoting and providing training and programmes.
This data protection policy applies to the personal data of all individuals (‘you’, ‘your’) who are GGS’s employees, members, community partners, volunteers and members of the public including sponsors and donors.
If you are not in any of above categories but GGS collects, uses and/or discloses your personal data for the purpose of our work, this data protection policy will apply to that personal data consistently with the way in which it applies to the above individuals.
1. Purposes for Collection, Use or Disclosure of Personal Data
We collect personal data from and about GGS’s employees, members, community partners, volunteers, sponsors, donors and other individuals. We may use or disclose the personal data for purposes such as for providing service(s), interviews, mailing list subscription, administering sponsorships and donations and compliance with our legal obligations.
2. Collection, Use or Disclosure of Personal DataGGS collects personal data in various ways, including in-person meetings and interviews and through information and data collected through completed forms or questionnaires and other means.
We collect, use, or disclose personal data only if:
- You voluntarily give, or are deemed to have given, your consent under the Personal Data Protection Act (PDPA) to us collecting, using or disclosing that personal data; or
- Collection, use or disclosure of the personal data without your consent is required or permitted under the PDPA or any other written law
We will notify you of the purpose for which personal data is collected, used and disclosed on or before such collection, of its usage or disclosure of personal data.
We are permitted by the PDPA to collect, use or disclose your personal data without your consent where:
- There is an emergency that threatens the life, health or safety of the individual or another individual
- There is any investigation or proceedings
- Data is publicly available
- It is for evaluative purpose (such as assessing a job or volunteering application)
Video-Recording and Photography
Appropriate, clear and obvious notices need to be made and displayed to inform about the use and purpose of such personal data. This is only applicable for private events, i.e. outdoor public events are excluded.
3. Disclosure of Personal Data to Third Parties
We do not disclose personal data to third parties except when required by law, when we have consent or deemed consent from the party involved – to provide necessary services to us, such as:
- Service providers e.g. hosting and maintenance services, delivery services, payment transactions etc
- Consultants and professional advisers e.g. accountants, lawyers, auditors
4. Withdrawal of Consent
Upon giving a reasonable notice for withdrawal, you may at any time withdraw any consent you have given, or are deemed to have been given, to us collecting, using or disclosing your personal data for any purpose. Any notice of withdrawal of consent should be given in writing (which includes email) to our Data Protection Officer (DPO) at firstname.lastname@example.org.
Once withdrawal of consent is notified, we will, within five working days, cease collecting, using and/or disclosing the personal data.
In addition, we will cease to retain our documents containing that personal data or remove the means by which it can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes. Depending on the nature and extent of withdrawal, GGS shall not be liable for unable to continue fulfilling services to you.
5. Access and Correction of Personal Data
You may, at any time, request for details of your personal data collected by GGS or request for an update or correction of your personal data. On request by you, we will as soon as reasonably possible provide you with:
- Personal data about you that is in our possession or under our control
- Information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request
All requests must be made in writing to our DPO at email@example.com. We may require you to provide proof of your identity and/or documents or other evidence supporting your request.
There are some circumstances where we are not required to provide you with information, and others where we are not allowed by the PDPA to do so. In some circumstances we may be able to provide you with limited information. You may refer to the PDPA or contact our DPO for more information.
Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicably possible. We will also send the corrected personal data to organisations with which we have shared the original data twelve months prior to the correction being made (unless that other organisation does not need the corrected personal data for any legal or business purpose). Alternatively, with your consent, we will send the corrected personal data only to specific organisations as agreed with you.
Another organisation that has disclosed your personal data to us might notify us that it has corrected it. If this happens, unless we are satisfied on reasonable grounds that we should not make the correction, we will correct your personal data that is in our possession or under our control.
We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. The fee will reflect our incremental costs associated with responding to your request. You may obtain information about the fee from our Data Protection Officer.
6. Accuracy of Personal Data
We make reasonable efforts to ensure that personal data that we collect is accurate and complete. Should there be any updates and to ensure that your personal data is accurate and complete, please inform GGS as soon as possible.
7. Protection and Retention of Personal Data
We make reasonable security arrangements to ensure protection of personal data that is in our possession or under our control. We endeavour to protect it against risks such as loss or unauthorised access, destruction, use, copying, modification, or disclosure. Only authorised personnel are permitted to have access to personal data.
We cease to retain documents containing personal data as soon as it is reasonable to assume that the purpose for which the personal data has been collected is no longer served by its retention and if the retention of such data is no longer required for legal and business purpose.
8. Do-Not-Call Provision
The Do-Not-Call (DNC) provisions under the PDPA prohibit organisations from sending specified messages to Singapore telephone numbers registered with the DNC Registry e.g. advertising or promoting services. However, non-marketing messages are excluded from the scope of DNC e.g. personal calls and SMSes, surveys, market research, messages by non-commercial programmes.
9. Data Protection Officer
The DPO is responsible for ensuring GGS’s compliance with the PDPA in respect of the personal data in GGS’s possession or under GGS’s control. If you have any queries about your personal data or PDPA, you may contact the DPO through:
Email to: firstname.lastname@example.org
Call 6259 9391
Girl Guides Singapore
9 Bishan Street 14
10. Changes to GGS’s Data Protection Policy
We reserve the right to review, amend and/or update this data protection policy at any time and from time to time.