This Privacy Notice (“Notice”) sets out the basis upon which Grace Assembly of God (“the Church”) may collect, use, disclose or otherwise process personal data of our members which they have consented to provide, in accordance with the Personal Data Protection Act 2012 (“PDPA”).  

This Notice applies to personal data in our possession or under our control. 

The Church acknowledges both the rights of members to protect their personal data, including rights of access and correction, as well as its need to collect, use, and disclose personal information for reasonable and legitimate purposes. It is our assurance that such data will only be used in accordance with this Notice. 

Your Personal Data 

Your record includes the information you provided as a member or regular attendee of the Church or for application of membership or baptism or other church activities. 

Some examples of personal data which we may collect from you include: 

  1. Name or alias, gender, identification number, date of birth, nationality;
  2. Mailing address, telephone numbers, email address and other contact details;
  3. Details of your next-of-kin, spouse and other family members; and 
  4. Photographs and other audio-visual information. 

Your personal data collected is limited to administrative purposes and what is necessary to facilitate the carrying out of activities by the Church. The information will be kept confidential and used solely for Church purposes. The information will not be disclosed to external parties without your consent, except as otherwise permitted by the PDPA.

In accordance with the law, we retain your personal data only as long as necessary to fulfil the purposes for which they were collected.  

Mode of Collection of Personal Data  

Personal data is collected from : 

  • registration forms for participation in events and activities (eg. talks, seminars, workshops, mission trips, etc); 
  • feedback or response forms from participants of events and activities; and 
  • on a necessary basis for compliance and/or other administrative needs. 

Security 

In order to minimise the risk of unauthorised access, disclosure, and destruction of information, and to ensure its appropriate use, the Church has put in place secure administrative and technical procedures.  

Data Protection Officer (DPO) 

The Church has an appointed Data Protection Officer (DPO) to ensure that we comply with the Personal Data Protection Act 2012 (PDPA) of Singapore. 

The DPO’s duties include: 

  • Ensuring compliance with PDPA when developing and implementing policies and processes for handling personal data; 
  • Fostering a data protection culture among employees and communicating personal data protection policies to stakeholders; 
  • Managing personal data protection-related queries and complaints; 
  • Alerting management to any risks that might arise with regard to personal data; and 
  • Liaising with the PDPC on data protection matters, if necessary. 

The DPO’s contact details are as follows: 

Contact No         :  64100800
Email address    :  dpo@graceaog.org  

Use and Protection of Personal Data 

We shall use personal data for the stated purpose only. 

As a participant, you consent to the Church collecting and updating the Church’s database which includes the Church’s Integrated Church Management System (hereinafter referred to as “the Church Database”) when required, using, disclosing, and sharing your personal information, including that stored in the Church Database with the relevant ministries so that events, programmes, and data required to organise church business meetings for example, can be organised, planned and communicated. Other examples for which your personal information may be collated and used for, include the putting together of volunteer management rosters and Grace discipleship classes, etc.

Data collected will only be shared with the relevant ministry persons for administrative purposes and those that directly involve you. For example, a Grace Group Pastor will only be able to view and use the information of members under his/her care on a need-to-know basis. Where appropriate, we may similarly share necessary data with various ministries within Grace Assembly so as enable the planning, programming and communication to enable the discharge of ministries, such as church wide events.

If required to be used for another purpose, we shall give notification of such intended use and obtain your consent for the use. 

Under certain circumstances, we may assume deemed consent by conduct from you when you had voluntarily provided your personal data for the stated purpose. We will therefore disclose required personal data you provide us to the following entities or organizations outside:

  • Regulatory bodies and other authority agencies (e.g. Ministry of Finance)
  • Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
  • To facilitate administration such as hotel, insurance, and bus booking for church retreats.

If you do not consent to such sharing, you may inform us in writing. We would like to mention that such withdrawal of consent could have an impact to the service level delivery of our ministry to you.

For requests or changes, please email the Data Protection Officer at dpo@graceaog.org.

Protection of the personal data means 

  • to keep the data confidential; 
  • to keep hard copies in locked cupboards or in secure places with limited authorised access; 
  • to keep soft-copy databases password-protected or encrypted;
  • to maintain up-to-date antivirus protection; 
  • to restrict access to authorised persons only, whether internally or to third parties on a need-to-know basis; and 
  • to destroy personal data when no longer required. 

Retention of Personal Data 

Personal data shall be retained only for as long as it is reasonable to fulfil the purposes for which the data was collected or as required or permitted by applicable law.  

Hard copies of personal data no longer required shall be disposed off by shredding or perforation in such manner as will prevent identification of individuals from them.  

Soft copies of personal data no longer required shall be disposed off by deletion in a permanent manner.   

Complaint Procedure 

PDPA complaints should be directed to the DPO. 

You will receive a response within two weeks for general enquiries, feedback, or complaints. If your query requires further investigation or evaluation, expect a response within two to four weeks. 

Access to Personal Data 

In order to access your personal data held by the Church, please write or email our Data Protection Officer and allow us one week to process your request. In the event that we are unable to respond to your access request within the week, we will inform you in writing of the time by which we will be able to respond, which should not exceed thirty (30) days.  

If we are unable to provide you with your personal information, we will generally explain why (unless we are not required to do so under the PDPA). 

Upon verification of your identity card and signed request form, the Church Data Protection Officer will release your personal data record. This is necessary to protect your personal data. 

Withdrawal of Consent 

Any individual may withdraw his/her consent to the use and disclosure of his/her personal data at any time, unless such personal data is necessary for the Church to fulfil its legal obligations. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data by submitting your request via email to our Data Protection Officer at dpo@graceaog.org 

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws. 

We shall comply with the withdrawal request and inform the individual if such withdrawal will affect the services and arrangements between the individual and the Church. In general, we shall seek to process your request within fourteen (14) business days of receiving it. 

Upon withdrawal of consent, we shall cease to use the personal data and delete it from our records or destroy it.  

Video Recording and Photographs 

We may photograph, record audio and video at our events and services. By entering the Church premises, you consent to the Church’s release, publication, exhibition or reproduction of any photographs, audio, or video recordings to be used for publicity and ministry purposes. 

Please inform our hosts or facilitators of the event or service if you do not wish to be photographed or recorded.   

Effect of Notice and Changes to Notice 

The Church will regularly review and update our Personal Data Protection Policy. The latest version will be available from the Church office upon request.
 

Updated on 2 March 2023