YONG EN CARE CENTRE DATA PROTECTION POLICY

The Personal Data Protection Act 2012 (the “PDPA”) establishes a general data protection law in Singapore which governs and regulates an organisation’s activities relating to the collection, use and disclosure of individuals’ personal data. The PDPA is intended to set the minimum standards that all organisations in Singapore must observe.

Yong-en Care Centre (“Yong-en”) takes its responsibility under the PDPA seriously. This Data Protection Policy outlines how Yong-en collects, uses, discloses and manages the personal data you have provided to it, as well as to assist you in making an informed decision before providing Yong-en with any of your personal data.

1. INTRODUCTION TO THE PDPA

1.1 Personal data is defined widely under the PDPA to include “any data about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.”

1.2 Examples of such personal data you may provide to us include personal particulars, medical records, family records, educational records, financial records, pictures and videos, CCTV footage, voice recordings, whether such data is stored in electronic or non-electronic form.

2. PURPOSES FOR COLLECTION, USE & DISCLOSURE OF PERSONAL DATA

2.1 Yong-en will collect your personal data in accordance with the PDPA. In general, before Yong-en collects any personal data from you, Yong-en will notify you of the purposes for which your personal data may be collected, used and/or disclosed and/or obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes.

2.2 Written parental/guardian consent will be required for the collection of personal data of persons (below the age of 16) or those with certified medical/mental conditions.

2.3 By providing personal data relating to a third party (e.g. information of your dependent, spouse, children and/or parents) to Yong-en, you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of the personal data for the purposes listed in paragraph 2.4 below.

2.4 The personal data which Yong-en collects may be collected and/or used for the following purposes:

(a) processing your application for clinical and/or social services and/or any other services (including events);

(b) evaluating your suitability or eligibility for clinical and/or social services and/or any other services (including events), e.g. the grant of financial or social assistance;

(c) seeking aids from governmental bodies or other voluntary welfare organisations such as financial subsidies or other social assistance and/or communicating with such bodies or organisations in relation to services provided by Yong-en;

(d) planning, administering and delivering the provision of clinical and/or social services and/or any other services (including events) to you by Yong-en and/or managing your relationship with Yong-en;

(e) administering your donations and/or communications pertaining to your donations to Yong-en;

(f) administering your volunteer services and/or communications pertaining to your volunteer services with Yong-en;

(g) communicating and/or updating you on other charity initiatives or related activities including soliciting donations and volunteers for activities or programmes organised by Yong-en or other charitable organisations or generally for publicity purpose;

(h) maintaining and updating Yong-en’s records including relating to you or Yong-en’s members, clients, beneficiaries, volunteers or donors;

(j) maintaining and administering an employment or membership relationship;

(j) administering or maintaining security, or crime prevention, detection or investigation;

(k) enforcing or defending Yong-en’s rights, contractual or otherwise;

(l) complying with Yong-en’s obligations, contractual or otherwise;

(m) administering Yong-en’s internal management, control, preparation of financial statements, audit and/or corporate governance;

(n) administering Yong-en’s publications and materials including but not limited to Yong-en’s annual report, magazine, newsletter, website, Facebook, brochures, posters and banners;

(o) administering Yong-en’s publicity and fundraising initiatives including but not limited to disclosures in/on Yong-en’s letters, electronic mailers, Facebook, website and events;

(p) as required by laws and/or regulations;

(q) any other purposes that may be incidental or related to any of the above or any services provided by Yong-en; and/or

(r) any purpose that you may agree from time to time.

2.5 In connection with the purposes set out in paragraph 2.4 above, your personal data may/will be disclosed by Yong-en to any persons or third parties including social workers, counsellors, hospitals, governmental bodies or entities, ministries, volunteers, donors, management, members, service providers, and/or other voluntary welfare organisations.

2.6 Please note that Yong-en may collect, use or disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

(a) it is necessary for any purpose that is clearly in your interest and consent cannot be obtained in a timely way;

(b) it is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;

(c) it is necessary in the national interest;

(d) the personal data is publicly available;

(e) it is necessary for any investigation or proceedings; and

(f) it is required based on the applicable laws and/or regulations.

2.7 The instances listed above at paragraph 2.6 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the PDPA which is publicly available at http://statutes.agc.gov.sg.

3. Request for Access, Correction and/or Withdrawal of Personal Data

3.1 You may request to access and/or correct your personal data currently in Yong-en’s possession or withdraw your consent for the collection, use and/or disclosure of your personal data at any time by submitting your request through the following methods:

(a) written request by electronic email to: mail@yong-en.org.sg

(b) verbal request by contacting Yong-en DPO at : 63090573

(c) written letter delivered to: Yong-en Care Centre, Blk 335A Smith Street, #03-57, Singapore 051335

3.2 Where a request to access personal data has been received by Yong-en, Yong-en will, as soon as reasonably possible and to the extent reasonable and practical, provide you with your personal data which is in the possession or control of Yong-en and information about the ways in which your personal data has been used or disclosed by Yong-en.

3.3 Where a request to correct personal data has been received by Yong-en, Yong-en will correct the error or omission in your personal data as soon as practicable after the request has been made. Yong-en will send the corrected personal data to every other organisation to which the personal data was disclosed by Yong-en within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose, or if you so consent, only to specific organisations to which the personal data was disclosed by Yong-en within a year before the date the correction was made.

3.4 Where a request to withdraw consent has been received by Yong-en, Yong-en will process your request within a reasonable time (7 working days) from such a request. Yong-en will inform you of the likely consequences of withdrawal of your consent.

4. Accuracy Obligation

4.1 You shall ensure that at all times the information provided by you to Yong-en is correct, accurate and complete. Please inform Yong-en as soon as possible of any changes in the personal data. Yong-en will ensure that personal data is updated and amended when requested.

5. Protection Obligation

5.1 Yong-en will protect your personal data by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risk.

5.2 Yong-en will adopt the following measures to fulfill this obligation:

(a) staff working areas must be secure. Access to work areas must be limited by appropriate security measures. Access to office equipment containing personal data must be password protected;

(b) requiring employees to be bound by confidentiality obligations in their employment agreements;

(c) providing training for staff on the PDPA to equip them with the knowledge and basic skills to ensure PDPA compliance; and conducting regular training sessions for staff to impart good practices in handling personal data.

6. Retention limitation obligation

Yong-en will not retain any documents containing personal data if it is reasonable to assume that the purpose for which that data was collected is no longer relevant and needed or that retention is no longer needed for legal or business purposes.

7. Transfer Limitation Obligation

Where personal data is transferred overseas, Yong-en will ensure that such transfer is in compliance with the PDPA.

8. Openness Obligation

8.1 Yong-en has appointed a Data Protection Officer (the “DPO”) to oversee management of personal data in accordance with the PDPA. If you, at any time, have any queries on this policy or any other queries in relation to how Yong-en may manage, protect and/or process your personal data, please do not hesitate to contact the DPO at dpo@yong-en.org.sg

8.2 Yong-en may from time to time update this Data Protection Policy at its discretion to ensure that this Data Protection Policy is consistent with any future developments and/or any changes in legal or regulatory requirements.