1. Policy Statement
We at Montfort Care respect the privacy and confidentiality of the personal data of our Clients, Volunteers, Donors, Sponsors, Visitors and others whom we interact with in the course of providing our services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012. We have developed this policy to assist you in understanding how we collect, use, disclose, process and retain your personal data with us.
2. How We Collect Your Personal Data
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
We collect personal data in one or more of the following situations (non-exhaustive) when you:
• Establishing or managing your relationship with us. This includes:
⚬ Where you are a donor/sponsors,
▪ Make a donation to our charitable causes
▪ Sponsor our fund-raising or other events
▪ Respond to our fund-raising campaigns
⚬ Where you are a beneficiary,
▪ Register as a participant at one of our centres for Montfort Care’s programme(s)
⚬ Where you are a volunteer
▪ Register as a volunteer in one or more of our programmes
• Provide feedback to us on our quality of service or your user experience
• Communicate with us via emails or written correspondences
• Evaluative purposes (e.g. means testing, applying for financial assistance etc)
• Providing you with information on our upcoming events or activities, where you have specifically requested to receive such information
• Verifying your identity and the accuracy of your personal details and other information provided
• Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority; and
• Transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.
We may collect, disclose or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations:
3. Types of Personal Data We Collect About You
The types of personal data we collect the following individuals are generally as follows:
• Clients (Beneficiary)
⚬ Basic personal information: Name, NRIC, date of birth, race, gender, marital status, citizenship, country of birth, address, email, contact details;
⚬ Medical/Health information (Height, Weight, Blood pressure, Heart rate, Allergies, Disabilities, Current medical condition, Medical history)
⚬ Special categories of personal information: religious or other beliefs, racial or ethnic origin, photo and health or medical history;
⚬ Customer service data: personal data received from partners or donors in respect of employees, volunteers, or other individuals affiliated with Montfort Care known to our partners, invoicing details and payment history, and other feedback from our partners or donors
• Donors
⚬ Basic personal information: Name, NRIC and contact number;
⚬ Customer service data: personal data received from partners or donors in respect of employees, volunteers, or other individuals affiliated with Montfort Care known to our partners, invoicing details and payment history, and other feedback from our partners;
• Board Member
⚬ Basic personal information: Name, NRIC, email address, gender, residential address, date of birth and contact number;
⚬ Customer service data: personal data received from partners or donors in respect of employees, volunteers, or other individuals affiliated with Montfort Care known to our partners, invoicing details and payment history, and other feedback from our partners;
• Volunteer
⚬ Basic personal information: Name, NRIC, date of birth, race, gender, marital status, address, email, contact details;
⚬ Special categories of personal information: religious or other beliefs, racial or ethnic origin, photo;
⚬ Customer service data: personal data received from partners or donors in respect of employees, volunteers, or other individuals affiliated with Montfort Care known to our partners, invoicing details and payment history, and other feedback from our partners;
4. How We Use Your Personal Data
We use the personal data you provide us for one or more of the following purposes:
• Provide information about social services support programmes
• Process referrals or enquiries relating to our services
• Process applications for registration at our events and/or services
• Process volunteer registrations
• Organise campaigns to raise funds
• Process and administer donations received
• Process applications for rebates, subsidies or financial assistance relating to our events and/or services
• Provide information on events, conferences, seminars or workshops
• Communicate with customers, members and website visitors
• Respond to inquiries and feedback to improve our quality of service
• Investigate complaints, claims and disputes
• Process billing, payment and other credit-related activities
• Process job applications, recruitment and selection
• Monitor movement of visitors around / in our premises
• Carry out our obligations arising from any contracts entered into between you and us
• Comply with legal obligations and regulatory requirements
If you choose not to provide us with your personal data for the purposes listed in paragraphs 4, you may submit a request in writing or via email to our Data Protection Officer at the contact details provided below or indicate in the personal data collection form submitted to us (if any). Whilst we respect your decision, please note that depending on the nature and extent of your request, we may not be in a position to continue our relationship with you (as the case may be).
The purposes listed in Paragraph 4 may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
5. Who We Disclose Your Personal Data To
We disclose some of your personal data to the following parties or organisations outside Montfort Care in order to fulfil our services to you:
• Clinics / Hospitals, Convalescent Homes / Nursing Homes, Hospices
• Medical practitioners
• Social services agencies
• Regulatory authorities and government agencies
• Religious organisations
• Freight/courier services
• Conference organisers
• Banks, Insurance companies, Payment card processing companies
• Recruitment Agencies
• Call/Contact Centres
• Survey Firms
• Travel Agencies
• Electronic Direct Mail (EDM)/Email service vendors
• Webhosting companies, Cloud service providers
• Security company
Where required to do so by law, we will disclose your personal data to the relevant authorities or agencies.
We may also disclose your personal data:
• with your consent, where such disclosure is required for performing obligations in the course of or in connection with our provision of the services requested by you;
• to comply with any applicable laws, regulations, codes of practice, guidelines, rules or requests by public agencies, or to assist in law enforcement and investigations;
• with your consent, to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in Paragraph 4 above for us. Any third parties engaged by us will be contractually bound to keep all personal data confidential; or
• any other party to whom you authorised us to disclose your personal data to, or where necessary, to undertake any action requested by you.
6. How We Manage the Collection, Use and Disclosure of Your Personal Data
6.1 Obtaining Consent
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation of your expressed consent. We will not collect more personal data than is necessary for the stated purpose.
Under certain circumstances, we may assume deemed consent is given by you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for a job with us using our employment application forms.
6.2 Withdrawal of Consent
The consent that you provide for the collection, use, and disclosure of your Personal Data will remain valid until such time as withdrawn by you in writing. You may withdraw consent and request us to cease using and/or disclosing your Personal Data for any or all of the purposes above by submitting your request in writing or via email to our Data Protection Officer.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.
Please note that depending on the nature and scope of your request to withdraw your consent, we may not be in a position to continue providing our services to you and we shall, in such circumstances, notify you before completing the processing of your request.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose your Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.
6.3 Use of Cookies
We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in the user’s computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website.
You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web application.
7. How We Ensure the Accuracy of Your Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data you provide us is accurate, complete and up-to-date. From time to time, we do a data verification exercise with you to update us on any changes to your personal data.
8. How You Can Access and Make Correction to Your Personal Data
You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request as soon as possible, or within 30 days, as stipulated in the PDPA. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much time we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
You may also ask us to correct an error or omission in the personal data we hold about you. We will correct the personal data as soon as practicable, unless we are satisfied on reasonable grounds that a correction should not be made.
9. How We Protect Your Personal Data
We have implemented appropriate information security measures to protect the personal data you provide us against unauthorised access, use, disclosure, or similar risks. We will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised agencies / people on a ‘need to know’ basis.
When we disclose your personal data to third parties in line with the purposes mentioned in paragraph 4 we will ensure that they provide sufficient guarantees to us to have implemented the necessary security measures to protect your personal data.
However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your personal data and are constantly reviewing and enhancing our information security measures. In the event of a personal data breach, we will endeavour to notify the affected parties no later than within 3 calendar days from when we become aware of the breach.
10. How We Retain Your Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes. We will dispose of or destroy such documents containing your personal data in a proper and secure manner.
11. Cross-Border Transfer of Personal Data
Unless for business-related needs, we generally do not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, including entering into an agreement with the receiving party to accord similar levels of data protection as those in Singapore.
12. Data Breach Notification
In the event a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and if appropriate, report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required. If we are a Data Intermediary, we shall inform the Data Controller immediately of any data breach so they can promptly assess the impact and comply with their data breach notification obligation.
13. Contacting Us
If you have any query or feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: dpo@montfortcare.org.sg or send a letter to Montfort Care | 624 Upper Bukit Timah Road Singapore 678212 (Attention to: Data Protection Officer).
To assist us look into your query or complaint, please include the following details:
• Your full name and contact information
• Brief description of your query or complaint
We value your queries and feedback seriously and will handle them confidentially, and respond to you within reasonable time or within 30 days. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much time we require.