Personal Data Protection Policy
1.2) The personal data collected, during the course of activities undertaken by the Church, enables us to minister to the faithful and to fulfil our canonical and civil law obligations under the Code of Canon Law and under Singapore Law. The Church is bound by the Singapore Personal Data Protection Act (2012) (the “Act” or “PDPA”) that governs how the Church collects, uses and/or discloses any personal data.
1.3) This policy describes ways in which the Church collects, uses, discloses, stores, and disposes of personal information.
1.4) The general data protection policy applies to all agencies, commissions, groups, and parishes of the Church (“Church bodies”) but does not apply to Catholic organisations which are body corporates, registered societies or are otherwise legal entities in their own right.
2. Understanding of personal data
2.1) ‘’Personal data” generally refers to any data, whether true or not, about an individual who is identifiable from the provided data or information to which we have or are likely to have access to. This will include the data from our records which may be updated from time to time.
2.2) The personal data that Church bodies may collect and/or hold of individuals includes the following:
- Personal details, such as name, age, religion, gender
- Personal identification details such as NRIC, FIN or passport number, and applicable via or permits, such as employment pass, work permit etc.
- Personal contact details such as telephone numbers or email addresses
- Sacramental records, such as baptism, confirmation, marriage
- Information relating to employment application such as employment history and academic qualifications
- Information relating to pastoral care needs
- Photographs and video recordings
- Information relating to a person’s enrolment at a Catholic institution such as preschool, school, orphanage, retirement or welfare home.
- The exact data to be collected will be dependent on the purpose and needs of the Church body collecting the data. The Church endeavours to only collect, use or disclose personal data about an individual which it considers reasonably necessary for the purposes underlying such collection, use or disclosure.
3. Purpose of collecting personal data
3.1) Church bodies collect personal data for purposes such as those indicated below:
- To minister to the faithful including the performance of the Sacraments
- To provide pastoral care and services
- For event and activities such as fundraising, concerts & exhibitions
- To register for courses, seminars, talks, workshops, activities and retreats
- To assess the employment applications of prospective employees
- For applications to educational establishments operated by, or affiliated to the Church and management of the students
- For enrolment into Catholic social services such as orphanages or homes
- The dissemination of information and news by way of newsletters, magazines and the like
- Management of the Church (including the preparation and issuance Statement of Suitability for Ministry and Celebret)
3.2) Where Church bodies collect data for purposes other than those listed above, the Church body would disclose such purpose to the individual, by suitable means, when collecting the personal data from the individual.
3.3) Personal data will generally be obtained directly from the individual. In the case of children, personal data will be collected from either their parents or guardians, unless specific and/or unusual circumstances require that the collection be made directly from the child concerned.
4. Use of personal data
4.1) All personal data will be used for the purpose for which it was collected. Church bodies may also use the personal data for purposes which are permitted by law.
4.2) For prospective employees, the Church may collect personal data by speaking with employment referees. The Church may contact applicants’ previous employers who have not been nominated as referees. All personal data given as part of a prospective employment application will be used to assess the applicant’s suitability for the position that has been applied for. Such personal data may also be used to assess the individual’s suitability for a position for which the applicant have not applied, but one which we believe the individual may be suited. Should this be the case, we will seek the consent of the individual before considering the applicant for such other position.
5. Disclosure of personal data
5.1) The Church may from time to time and in compliance with all applicable laws on data privacy, disclose your personal data to third parties, whether located in Singapore or elsewhere, in order to carry out the purposes set out above. Where the Church makes such disclosure, confidentiality agreements would be in place in order to protect the personal data.
5.2) The Church may distribute aggregated statistical information to the Vatican and other Catholic Church agencies for reporting purposes. In most cases, personal data will be anonymised such that no individual will be identified.
5.3) The Church will not disclose any personal data for direct marketing purposes without the individual’s prior consent.
5.4) The Church may transfer, store, process and/or deal with your personal data outside of Singapore. Where the Church does so, the Church will comply with the PDPA and other applicable data protection and privacy laws.
6.1) By providing your personal data to the Church bodies, you consent to the Church’s collection, use and disclosure of your personal data in accordance with this policy statement.
7. Accuracy of information
7.1) The Church strives to ensure the accuracy of the personal data it has. However the individual also plays a part to ensure that the personal data provided is correct. Please see the sections below on how you may correct any errors or omissions of your personal data.
8. Access of personal data
8.1) You may request for access to your personal data.
8.2) The Church is entitled to impose a reasonable charge on the requestor for providing them with the personal information, particularly where photocopying, scanning and/or some form of electronic transfer is required.
8.3) All access requests must be made in person and in writing using the specified form. Access requests are to be directed to the relevant Data Protection Officer (see below). Please bring along proper identification documents to confirm your identity.
8.4) You may request that the Church corrects any error or omission in relation to your personal data using the prescribed form.
8.5) Requests for access to personal data demised individuals (including sacramental records) shall require the prior written permission and consent from the Estate of the deceased. Failing which, reviews and access to personal sacramental records of demised individuals will only be allowed 25 years after the year of death.
9. Withdrawal of Consent
9.1) Any individual who wishes to withdraw his or her consent to any collection, use or disclosure of his or her personal data may do so by contacting the respective Church body’s Data Protection Officer. The Church entity will advise on the exact timeframe required to respond to the notification and effect any change. However all changes to be effected should be implemented no more than one month from the date of notification.
9.2) If any individual withholds or withdraws his / her consent to the collection, use and disclosure of his / her personal data, the Church may not be able to:
- Attend to the individual’s religious or spiritual needs
- Attend to the individual’s welfare needs
- Attend to the child’s educational needs
- Attend to any pastoral care or ministry needs that the individual might have
- Offer any individual employment
- Deal with any enquiries, difficulties or concerns that the individual might have
10. Security, protection and retention of personal information
10.1) The Church will take reasonable security measures to safeguard the personal data collected
10.2) The Church will only retain the personal data collected for as long as it is required for the fulfilment of the purposes or allowed by any applicable law to be retained.
10.3) Any unsolicited personal data that the Church receives from individuals will be assessed to determine whether it is necessary to retain any of this data to provide the individual with any services that they have requested.
11. Questions and feedback
11.1) If there are any queries about this policy or feedback regarding the handling of personal data by any Church body, please contact the Data Protection Officer of the Church body in question directly:
- Data Protection Officer: Ms. Sharon Lee
- Tel: 6203 7405
- Email: [email protected]
11.2) All feedback is taken seriously and will be reviewed accordingly. The Church will endeavour to resolve all raised issues efficiently.
12. Changes to the policy
12.1) The Church may from time to time review this policy statement and amend it to reflect changes in legislation or other operational requirements. The current version of this policy statement may be found at our website at www.catholic.org.sg.