Data Protection Notice

1. Introduction

We at Viriya Community Services (“VCS”) respect the privacy and confidentiality of the personal data of our VCS’ employees, beneficiaries, clients, parents/guardians, donors, volunteers, interns, job seekers, visitors, third-party service providers and other individuals whom we interact with in the course of providing our products and services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012, and the advisory guidelines for the Social Services developed by the National Council of Social Service and the Personal Data Protection Commission.

We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.

2. How We Collect Your Personal Data

Personal data refers to any information that can uniquely identify an individual person either (a) on its own (e.g. NRIC No., FIN No.), or (b) when combined with other information (e.g. Full Name + Full Address).

We collect your personal data when you:

Attend our programmes, events, roadshows or seminars
Engage our case workers, agents or associates
Enquire about our programmes or services
Make donations to us
Sign up as a beneficiary or client for our programmes or services
Visit our website and leave behind your contact information
Provide feedback to us on our programmes and services or quality of service
Communicate with us via emails or written correspondences
Submit your CV and job application form to us in response to our recruitment advertisements
Submit your CV to recruitment firms or job portals, which are in turn forwarded to or retrieved by us
Submit your interest and application to volunteer with us

3. Types of Personal Data We Collect About You

The types of personal data we collect about you include:

Personal contact information (Name, Address, Phone No., Email Address)
Personal details (Name, NRIC No./FIN No./Passport No., Gender, Date of Birth, Nationality, Marital Status)
Financial information (Credit/Debit Card Details, Bank Account Details)
Transactional data (Name, Company/Organisation, Designation, Residential Address, Preferences, Credit Transactions)
Job Applicant’s / volunteer’s educational and professional qualifications, work experience
Others e.g. medical

4. How We Use Your Personal Data

We use the personal data you provide us for one or more of the following purposes:

Send information, updates and promotional materials on our services

Managing your account with us (including processing of payment)

Process contract renewals and upgrades
Obtain opinions, comments or feedback about our services or quality of service
Respond to queries and feedback, and provide customer service and support
Investigate complaints, claims and disputes
Manage and improve our business and operations to serve you better or enhance customer experience

Analyse website visits
Process job applications, recruitment and selection
Fulfil legal requirements

5. Who We Disclose Your Personal Data To

We disclose some of the personal data you provide us to the following entities or organisations outside VCS in order to fulfil our services to you:

IT / technical support vendors and service providers
Software suppliers
Regulatory bodies and other public agencies

Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.

For the transfer of personal data to another organisation or data intermediaries within Singapore, VCS shall ensure that the process complies with the provisions of the Personal Data Protection Act. VCS shall also include the use of agreements to ensure comparable levels of protection of the personal data in the transfer process. The other local organisation shall ensure its compliance to the Personal Data Protection Act. For the transfer of personal data overseas, VCS shall include the use of contractual agreements with the organisations involved in the transfer to provide a comparable standard of protection overseas.

6. How We Manage the Collection, Use and Disclosure of Your Personal Data

6.1 Obtaining Consent

Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

Deemed Consent by Conduct: Under certain circumstances, we may assume deemed consent by conduct from you when you voluntarily provide your personal data for the stated purpose, e.g. when you submit a job application form to our HR Department.

Deemed Consent by Contractual Necessity: We rely on deemed consent by contractual necessity in circumstances which are reasonably necessary for us to disclose to another organisation for the necessary conclusion or performance of the transaction between you and us

Deemed Consent by Notification: We rely on deemed consent by notification where we have notified you of the purpose and you have not taken any action to opt out of the collection, use or disclosure of personal data. When relying on this, we will conduct an assessment to eliminate or mitigate the adverse effects and will be required to produce such assessment to our regulator upon their request.

Legitimate Interests: We may rely on the legitimate interests exception to consent in the following circumstances which are our organisation’s lawful interests. When we rely on this exception, we conduct an assessment as required under law and will provide such documented assessments to PDPC upon their request.

6.2 Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable advance notice, with at least 30 days processing period. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of our future events. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document.

Your request for withdrawal of consent can take the form of an email or letter to us, and should include the following information:

Name and identification number of the person requesting for withdrawal of consent; and
The purpose(s) that has previously been consented to, for which you wish to now withdraw your consent for.

6.3 Use of Cookies

We may use “cookies” to collect information about your online activity on our website or online services. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or when you fill in electronic forms.

Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.

You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.

7. How We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.

From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

8. How We Protect Your Personal Data

VCS shall make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We have implemented appropriate information security and technical measures to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.

We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.

9. How We Retain Your Personal Data

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

10. How You Can Access and Make Correction to Your Personal Data

You may write in to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request. Under the PDPA, VCS is not required to provide you with certain categories of the information listed in the Fifth schedule of the Personal Data Protection Act.

If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request. VCS will correct an error or omission and send the corrected personal data to every other organisation to which the personal data was disclosed by VCS within a year before the correction, unless the other organisation does not need the corrected personal data for any legal or business purpose. The corrected data may be sent only to specific organisations to which the data was disclosed by VCS, if the individual consents to it.
Where it is satisfied on reasonable grounds that a correction should not be made, VCS shall not make the correction but will annotate the personal data in its possession or under its control with the correction that is requested but not made.
VCS shall also not alter an opinion, including a professional or expert opinion, and exceptions from correction as listed in the Sixth Schedule of the PDPA.

11. Contacting Us

If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: DPO@viriya.org.sg

Any query or complaint should include, at least, the following details:

Your full name and contact information
Brief description of your query or complaint

We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

12. Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.

Changes to this Notice take effect when they are posted on our website.