1. Purpose of Policy
2. Collection of Personal Data
2.1 In general, we receive or collect the personal data of individuals who may include staff, volunteers, members and visitors ("individuals").
2.2 This takes place when an individual does the following (but not limited to the list below), whether within or outside Singapore:
2.2.1 submits a registration form or other forms relating to the Church's activities;
2.2.2 contacts us for enquiries;
2.2.3 visits our office or attends our services or participates in our activities and programmes;
2.2.4 becomes a member of the Church;
2.2.5 makes a financial contribution to the Church (whether by way of offering, tithe, Building Fund or any other form of freewill giving);
2.2.6 requests us to contact him; and
2.2.7 submits his personal data to us for any other purposes (whether for the purpose of employment or for the purpose of volunteering/ministry)
2.3 The type of personal data collected by the Church may include an individual's:
2.3.1 Personal details (such as name, age, date of birth, religion, gender, nationality, marital status);
2.3.2 Personal identification details (such as NRIC, FIN, Passport Number, Birth Certificate Number and applicable permits, such as employment pass, work permit);
2.3.3 Personal contact details (such as telephone numbers or email addresses);
2.3.4 Demographic information (such as address, postal code, preferences and interests);
2.3.5 Educational background (such as educational institution, educational qualification);
2.3.6 Information relating to employment application (such as employment history);
2.3.7 Christian background (such as church, baptism, theological studies, missions);
2.3.8 Information relating to pastoral care needs;
2.3.9 Financial information (such as bank account or credit/debit card numbers);
2.3.11 Photograph, audio/video recording and digital image (including CCTV footage);
2.3.12 IP address, web browser type and version, operating system, a list of URLS starting with a referring site, the individual's activity on this Web Site, and the site he exits to (automatically collected when the individual accesses this Site);
2.3.13 Cookie information; and
2.3.14 Any other personal information that an individual may offer voluntarily.
2.4 The exact data to be collected will depend on the purpose and needs of the specific activity.
3. Purpose Limitation Obligation
3.1 The Church collects, uses and discloses the individual's personal data for the following purposes:
3.1.1 Planning, conducting and organising church activities, including services, events, courses and programmes;
3.1.2 Providing pastoral care and managing members' relationships;
3.1.3 Managing church administration and operations or other internal matters including record keeping and providing security functions to members;
3.1.4 Responding to the individual's queries and requests;
3.1.5 Providing services to the community or the public;
3.1.6 Internal and external communication and publications;
3.1.7 Delivering information regarding news, publications and events;
3.1.8 Management and administration of employment relationships or
3.1.9 Any matters by reason of which the individual is reasonably associated with, affiliated with or connected to the Church or
3.1.10 Any other matters in respect of which it is reasonably necessary for the Church to communicate with the individual
3.1.11 Any other purposes of which the Church may notify individuals from time to time.
3.2 The Church endeavours to only collect, use or disclose personal data about an individual which it considers reasonably necessary for the purposes underlying such collection, use or disclosure.
3.3 The individual's personal data will be retained by the Church as long as necessary according to our internal policy for the fulfillment of the purposes stated above or is required to satisfy legal, regulatory or accounting requirements.
3.4 Where the Church collects data for purposes other than those listed above, the Church would disclose such purpose to the individual, by suitable means, when collecting the personal data from the individual.
3.5 Personal data will generally be obtained directly from the individual. In the case of children who are 12 years old and below, personal data will be collected from either their parents or guardians, unless specific and/or unusual circumstances require that the collection be made directly from the child concerned.
4. Consent Obligation
4.1 By submitting his personal data to the Church, the individual agrees and consents to the collection, use and disclosure of his personal data by the Church for some or all of the purposes mentioned above.
4.2 The Church will not use the personal data for any purpose other than that for which it was collected. Should we require any personal data in its possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought in order to use the data for that new purpose.
4.3 If the individual provides us with personal information relating to a third party (e.g. information of his spouse, children, parents or relatives), he represents to us that he has obtained the consent of the third party to provide us with their personal data for the respective purposes.
4.4 The individual may at any time withdraw any consent given in respect of the collection, use or disclosure of his personal data by giving prior notice in the form of a formal written request addressed to the Data Protection Officer, unless such personal data is necessary for the Church to fulfill its legal obligations. The Church shall comply with the withdrawal request and shall cease to process the individual's personal data. The individual should be aware that that once consent is withdrawn, his request for any of the above purposes may as well be cancelled, and hence the Church may not be able to fulfill our services to him.
5. Accuracy Obligation
5.1 The Church shall make every reasonable effort to ensure that the individual's information it keeps are accurate, up-to-date and complete. The Church relies on the individual's self-notification of any changes to their personal data that is relevant to the Church.
6. Protection Obligation
6.1 The Church will not use the personal data for any purpose other than that for which it was collected. Should we require any personal data in our possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought in order to use the data for that new purpose.
6.2 The Church will take reasonable steps to protect the personal data against unauthorised disclosure. Subject to the provisions of any applicable law, the personal data may be disclosed, for the purposes listed above (where applicable), to the following:
6.2.2 Agents, contractors or third party service providers who provide services to the Church, such as website maintenance services, internet cloud services, courier services, other operational services (relating to collection of financial contributions, printing, training, security, accommodation) and/ or other services to the Church or the Site;
6.2.3 Our professional advisers such as auditors and lawyers;
6.2.4 Relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and
6.2.5 Any other party to whom the individual authorises us to disclose his Personal Data to.
6.3 The Church will take reasonable measures to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. The individual should be aware, however, that no method of transmission over the internet or method of electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of the personal data and will constantly review and enhance our information security measures.
6.4 The Church's staff and volunteers are required to keep personal data confidential and only authorised persons have access to such information.
6.5 The Church may transfer, store, process and/or deal with your personal data outside of Singapore. Where the Church does so, the Church will comply with the PDPA and other applicable data protection and privacy laws.
6.6 The Church will use its reasonable endeavours to ensure that the third parties, whom the personal data is being disclosed to, will provide a comparable standard of protection to the personal data. However, the Church does not provide any warranty or take any responsibility of any misuse undertaken by those third parties.
6.7 Save as set out under this Policy, unless we are obliged or permitted by the Act to do so, the individual's personal data will not be disclosed to any third parties without his/her permission.
7. Access and Correction Obligation
7.1 An individual may apply for a copy of his personal data held by the Church or request for his personal data to be updated or corrected by sending a formal written request to our Data Protection Officer.
7.2 The Data Protection Officer has oversight of all personal data access or correction requests and ensures that they are processed in accordance with this policy.
Request for Personal data access or correction by individuals, including any enquires and complains shall be submitted to the Church in writing to the Data Officer at DPO@heartofgodchurch.org
. Upon receipt of such a request, the Data Protection Officer shall verify the identity of the individual before responding to the request for access or correction and may also request for additional information from the requestor to aid in the investigation.
8. Retention Limitation Obligation
8.1 The Church shall retain the individual's personal data only for as long as it is reasonable to fulfill the purposes for which the information was collected for or as required by law. Once the data in the Church's possession is no longer necessary to serve the purpose for which it was collected, the data will be destroyed or anonymised in a secure manner.
9. Transfer Limitation Obligation
9.1 The Church will transfer personal data to third parties in a country or territory outside Singapore when required for purposes such as missions. Such transfer shall be done in a manner that is secure and appropriately aligned with PDPA requirements.
10. Openness obligation
10.1 HOGC shall develop and publish the relevant Data Protection Policy Statements to inform the relevant individuals declaring the manner that their personal data are collected, used and disclosed. Such statements shall be made available to the relevant individuals upon request, or may be published in an appropriate manner on the appropriate platform that HOGC deems fit.
11. Updating the Policy
11.1 This Policy may be updated from time to time to take account of changes in policy, technology, and/or to ensure compliance with any legislative changes.
12. Contact our Data Protection Officer
If there are any queries about this policy or feedback regarding the handling of personal data by the Church, please contact the Data Protection Officer at:-
Heart of God Church
115 Eunos Ave 3
+65 6332 6086