fbpx

1. Our commitment to privacy

At Singapore Cancer Society (SCS), we take your privacy seriously. When dealing with your personal information we observe our obligations under the Personal Data Protection Act (PDPA), as well other relevant legislation. This policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or otherwise process personal data for our purposes.

 

2. Personal Data

As used in this Notice:

  1. “person” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may enter or has entered into a contract with us for the supply of any products or services by us, or (c) has submitted a job or internship application with us; and
  2. “personal data” means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

 

3. The types of information we collect

The types of information we collect:

  • contact details (name, address, telephone numbers, email, etc);
  • letter and email details;
  • donation history; and
  • credit card and/or bank account details.

The types of sensitive information we collect include records of communication between us, which may include from time to time, information you provide us or we collect from others. This includes, but is not limited to, the following types of information:

  • NRIC / FIN number;
  • personal financial information;
  • personal credit card data;
  • any idiosyncratic or personal information we obtain from you or others about you; and
  • photographs taken at events or posted on Facebook.

Other terms used in this Notice shall have the meanings given to them in the Singapore Personal Data Protection Act (where the context so permits).

 

4. Why we collect private information about you

Singapore Cancer Society is a community-based voluntary welfare organisation dedicated to minimising the impact of cancer through public education, screening, patient services, financial assistance, research and advocacy. We collect information about people so as to allow us to communicate with them, introduce them to our organisation, inform them of the work we do and encourage donations so we can continue to embark on our mission to minimise cancer and maximise lives. In different aspects of the work we do, we will require your information to better serve our beneficiaries, cancer support group members, patients as well as donors. We generally collect the information we need to deliver and improve the services we provide. We do not use the information in any way other than the purpose it is collected for.

We may collect information from you either directly or from third parties. Information we collect from third parties may be by formal or incidental means.

  • for the immediate reason for which you have provided it to us (for example, to enable us to process your request, payment, registration, subscription, etc);
  • to maintain contact with you about our work, to report to you about our work, or to encourage you to learn about what we do; and
  • any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).

In order for us to find new supporters, like-minded organisations may allow us to contact their mailing list. However, please be assured that we don’t rent or sell your information to them in return.

We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations when handling your personal information.

If you don’t want your personal information disclosed to another organisation, please let us know either at the time we collect your information or any later time.

Sometimes we may be legally required to disclose your information, for example, to government departments like IRAS for submission of tax deductions.

We may also sometimes share non-personal, non-sensitive and de-identified information with research organisations.

 

5. How we collect your information

We may collect information from you either directly or from third parties. Information we collect from third parties may be by formal or incidental means.

We collect personal information about our supporters, donors, volunteers, beneficiaries, public forum attendees, cancer-screening participants, patients, cancer-survivors, support-group members or care-givers, members, employees, contractors and visitors to our events. We collect your information in the following ways:

      • face to face contact;
      • electronically including through our website and online surveys;
      • via social media messages or conversation;
      • during phone calls;
      • voice or image recordings;
      • whilst delivering and administering services at our facilities;
      • from forms, coupons and other correspondence (both in writing and electronically); and
      • exchanging information with trusted like-minded organisations

 

6. How we use and disclose your information

We may collect personal data from our patients, donors, volunteers, beneficiaries, contractors, employees and other individuals such as job applicants. We would only collect, use and disclose data that (a) has been provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

We only use your personal and sensitive information for the reason we collect it as set out above and for the purpose(s) for which it was collected, or as otherwise permitted by law.

The personal data collected may be used for any or all of the following purposes:

  • to provide our services;
  • as part of our operations;
  • for job application and recruitment purposes;
  • for billing and reporting, such as for invoicing and account management purposes;
  • for follow-up action regarding any complaints, feedback, queries or requests received via our website or any other communication channels; and
  • assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority.

We may disclose or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations:

  • To respond to an emergency that threatens your life, health and safety or of another individual; and
  • Necessary in the national interest, for any investigation or proceedings.

We may disclose your personal data:

  • with your consent, where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you;
  • to comply with any applicable laws, regulations, codes of practice, guidelines or rules (e.g. in an emergency or when we receive a subpoena to disclose your personal data); or
  • with your consent, to third party service providers, agents and other organisations we have engaged to perform any of the functions listed above. Any third parties engaged by us will be contractually bound to keep all personal data confidential.

You have the right of choice regarding the collection, usage and/or disclosure of your personal data. If you choose not to provide us with the personal data described in this notice, we may not be able to perform our obligations as stated in this notice. You have the right to object to the processing of your personal data and withdraw your consent in the manner described below.

If you choose not to provide us with your personal data for the purposes listed in above, you may submit a request in writing or via email to our Data Protection Officer at the contact details provided below or indicate in the personal data collection form submitted to us (if any). By choosing not to provide us with your personal data, depending on our relationship, we may not be able to provide services to you. Depending on the complexity of the request and its impact to our relationship with you, we will not collect or, within 30 days of our receipt of your request, cease using and/or disclosing your personal data in accordance with your request.

In the case where we receive unsolicited personal data via email or any other communication channels, the unsolicited personal data will not be retained and will be securely disposed of immediately.

We will not disclose the above information that we collect to affiliates or third parties without your consent.

 

7. Withdrawal of Consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw your consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving. Should we require more time to give effect to a withdrawal notice, we will inform you of the time frame by which the withdrawal of consent will take effect.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

 

8. Accuracy of Personal Data

We will make every reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete.

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer at the contact details provided.

 

9. Accessing and correcting your personal information

You can access your information by asking us. Occasionally, we may need to refuse your request to access information, for example, where granting you access would infringe someone else’s privacy.

When you request access, we will ask you to provide some form of identification so that we can ensure that you are the person to whom the information relates.

If you have a question about this privacy policy or want to access your personal information you can contact us at: This email address is being protected from spambots. You need JavaScript enabled to view it. or call us at 1800-727-3333. We are available to answer your calls 8.30 am - 6.00 pm Monday to Friday (except Public Holidays).

Phone: 1800-727-3333

Fax: +65 6221 9575

We will aim to respond to you within 7 working days of receiving your request.

If we’re not able to help with your request, you will receive a written explanation as to why.

 

10. Feedback about a breach of your privacy

If you are concerned about how we have collected or managed your personal information we request you follow the procedure set out below.

  1. Contact us at 1800-727-3333 and ask for our Data Protection Officer.
  2. Submit your feedback to: This email address is being protected from spambots. You need JavaScript enabled to view it. or post to SCS Data Protection Officer, Singapore Cancer Society
    30 Hospital Boulevard, #16-02,  Singapore 168583. In order to effectively address your feedback, we may request further information from you about your feedback and the reasons behind it.
  3. After we receive all the information we need from you, allow us approximately 28 days to address your feedback

If you’re not satisfied with how we have handled your feedback, you may also contact Personal Data Protection Commission (PDPC) office at http://www.pdpc.gov.sg/contact-us 

The PDPC is a government body independent of us. It has the power to investigate complaints about possible interference with your privacy.

 

11. Disclosing your personal information

Occasionally we may use an external vendor to process, data-entry, letter-shopping or back-up information or to provide other services.

As a result, we may disclose your personal information to them for these purposes.

We do not otherwise disclose or transfer your personal information to an external party.

 

 

12. Securing your information

We take reasonable steps to ensure the security of personal and sensitive information we hold and to protect it against loss, misuse or unauthorised access, destruction, use, modification or disclosure.

Our IT systems are protected and comply with applicable security standards.

Only authorised personnel are permitted to access these details.

It is our policy to:

  • destroy personal information once there is no longer a legal or business need for us to retain it.

 

13. Protection of Personal data

If there is a need to disclose your Personal Data to third parties in line with the purposes, we will ensure that they provide sufficient guarantees to us to have implemented the necessary security measures to protect your Personal Data.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your personal data and are constantly reviewing and enhancing our information security measures. In the event of a personal data breach, we will endeavour to notify the affected parties no later than within 3 calendar days from when we become aware of the breach.

 

14. Cross-border Transfers of Personal Data

Unless for service-related needs, we generally do not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, including entering into an agreement with the receiving party to accord similar levels of data protection as those in Singapore.

 

15. Anonymity

It is your right to be dealt with anonymously, provided that is it lawful and practicable.

We will try to accommodate a request for anonymity wherever possible, however we note that in some circumstances, this may prevent us from practically and effectively communicating with you.

If this is the case we will notify you.

 

16. Data Breach Notification

In the event a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and if appropriate, report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required.

 

17. Cookies and links to other websites

Cookies

When you visit our website a record of your visit is logged. The following data is supplied by your browser:

  • Your IP address and/or domain name;
  • Your operating system (type of browser and platform);
  • The date, time and length of your visit to the website; and
  • The resources you accessed and the documents you downloaded.

This information is used to compile statistical information about the use of our website. It is not used for any other purpose. If you do not want ‘cookies’ to be used please adjust your browser settings to disable them.

Links to other websites

Our website may contain links to third party websites, and third party websites may also have links to our website.

Our privacy policy does not apply to external links or other websites.

The operators of other websites may collect your personal information.

We encourage you to read the privacy policies of any website you link to from our website.