GRACE INDEPENDENT BAPTIST CHURCH
Personal Data Protection Policy (PDPA)
1. PURPOSE OF POLICY
Grace Independent Baptist Church (“GIBC”, “we” or “us”) is committed to safeguarding the personal data entrusted to it by individuals (“you”).
This policy applies to GIBC and outlines the responsibility of each of its members relating to the collection, processing, use and disclosure of your personal data (as defined below).
2. PERSONAL DATA
2.1. Personal Data (“Personal Data”), is personal information that is linked to and can be used to identify an individual.
This includes but is not limited to:
(a) Name (Including: Photographs, videos, CCTV footage or voice recordings)
(b) Contact Information (e.g. Phone numbers, emails or home addresses)
(c) Payment Information (e.g. any credit or debit card information or billing address)
(d) Health Information (e.g. Medical records or declaration of allergies)
2.2. The types of data GIBC collects depend on the circumstances of the collection.
3. HOW AND WHY WE COLLECT PERSONAL DATA
GIBC typically collects Personal Data either directly from you or through authorised representatives in the following ways:
When you submit forms;
Interact with our Leadership Team or Administrative personnel;
When you request that we contact you or to be included in email or mailing lists
When you respond to our request for additional Personal Data; and
When you submit your Personal Data to use for any other reasons.
We collect, use, disclose your Personal Data for the following purposes:
To communicate with you on any queries you may have;
Education and Training records;
Event organisation and management;
Missions organisation and management;
Administrative operations; and
Ministry matters and member services (e.g. visits, prayer and following up)
GIBC will seek consent from an individual to collect, use or disclose an individual’s Personal Data. Exceptions will be made in specific circumstances where the collection, use or disclosure without consent is required by law.
Consent may be collected through written documentations (e.g. consent form, written note) or electronically (email consent or electronic forms). Where such consent cannot be obtained, GIBC may opt to obtain verbal consent and such process will be monitored and approved by the Data Protection Officer (“DPO”).
GIBC may deem the individual has consented to collection, usage and disclosure of their Personal Data in the following situations.
1. When they have provided Personal Data for obvious purposes unless consent for such use is withdrawn by you;
2. Is officially affiliated with the Organisation (i.e. Full-time staff, Part-Time Workers & Volunteers) for purposes related to the staff’s work in GIBC. Consent will only be obtained should the purpose be unrelated to their work.
4. WITHDRAWAL OF CONSENT
Should you wish to withdraw your consent for the use of your Personal Data you may submit your request to email@example.com.
GIBC will retain your provided Personal Data only for as long as it is reasonable to fulfill the purposes for which the information collected for or as required by any written law.
We shall also ensure that disposal of Personal Data will be performed appropriately with little possibility to recover the information from the disposal process. Such methods include shredding paper records and permanent deletion of electronic records.
6. ACCESS & CORRECTION
GIBC’s DPO has oversight on all Personal Data access and/or correction requests and ensures actions are performed in compliance with this policy.
Requests for Personal Data access or correction by individuals, including any enquiries or complaints shall be submitted to GIBC in writing to the DPO at the following address and contact information:
547 Upper Changi Road
6. POLICY REVIEW
This policy shall be maintained and updated by the DPO and reviewed by leadership on an annual basis to ensure compliance.