YOUR PRIVACY MATTERS TO US
1, Purpose of Policy
1.1. Impact Life Church (The Church) recognizes the need to respect and treat personal data in a manner that is appropriate and compliant with the law.
1.3. The Church reserves the right to amend the contents of this Policy to ensure alignment with current legal and regulatory requirements.
2. Collection of Personal Data
2.1. In general, we receive or collect the personal data of individuals including staff, volunteers, members and visitors.
2.2. The personal data collected by the Church may include (but is not limited to):
2.2.1. Personal details (e.g. full name, age, date of birth, gender, religion, race,
nationality, marital status);
2.2.2. Personal identification details (e.g. NRIC, FIN, passport number);
2.2.3. Personal contact details (e.g. telephone numbers, email addresses);
2.2.4. Demographic information (e.g. address, postal code);
2.2.5. Educational background (e.g. educational institution, educational
2.2.6. Information relating to pastoral care needs (e.g. date of salvation, baptism
details, courses within the Church, discipleship, missions);
2.2.7. Financial information (e.g. bank account details);
2.2.9. Photograph, audio/video recording and digital image (including CCTV footage);
2.2.10. Social media account information;
2.2.11. Any other personal information that an individual may offer voluntarily.
2.3. Collection of personal data occurs when an individual does the following (but not
limited to the list below):
2.3.1. Becomes a member of the Church;
2.3.2. Submits a registration form or other forms pertaining to the Church’s activities
2.3.3. Contacts the Church for enquiries via emails or phone calls;
2.3.4. Requests the Church to contact him/her;
2.3.5. Visits our office or attends our services;
2.3.6. Submits his personal data to us for any other purposes (such as for
employment or for volunteering/ministry).
3. Purpose Limitation Obligation
3.1. The Church collects, uses and discloses the individual’s personal data for the following purposes (including, but not limited to):
3.1.1. Planning and conducting church activities, including services, events, courses and programs;
3.1.2. Providing pastoral care;
3.1.3. Managing church administration and operations or other internal matters including record keeping;
3.1.4. Responding to an individual’s queries and requests;
3.1.5. Internal and external communication and publication;
3.1.6. Delivering information regarding news, publications and events;
3.1.7. Management and administration of employment relationships.
3.2. The Church will seek to only collect, use or disclose personal data about an individual which it considers reasonably necessary for the purposes underlying such collection, use or disclosure.
3.3. Personal data will generally be obtained directly from the individual. For children who are 12 years old and below, personal data will be collected from either their parents or guardians, unless specific and/or unusual circumstances require that the collection be made directly from the child concerned.
4. Consent Obligation
4.1. By submitting his personal data to the Church, the individual consents to the collection, use and disclosure of his personal data by the Church for the purposes specified in the course of collection of the individual’s personal data.
4.2. The Church will not use the personal data for any purpose other than that for which it was collected. Should the Church require any personal data in its possession to be used for a purpose other than that which consent was originally given, the Church will request for fresh consent from individuals in order to use the data for that new purpose.
4.3. If the individual provides us with personal information relating to a third party (e.g. information of his spouse, children, parents or relatives), he is deemed to have obtained the consent of the third party in providing the Church with their personal data for the respective purposes.
4.4. The individual may at any time withdraw any consent given in respect of the collection, use or disclosure of his personal data. A formal request may be addressed to the Data Protection Officer (DPO), unless such personal data is necessary for the church to fulfill its legal obligations. Upon receiving the request, The Church shall comply with the withdrawal request. Depending on the extent of the withdrawal of consent, the Church may no longer be able to continue providing the services it had been providing to the individual on the basis of such consent.
5. Accuracy Obligation
5.1. The Church shall make every reasonable effort to ensure that an individual’s personal data is accurate, up-to-date and complete.
5.2. The Church relies on the individual’s self-notification of any changes to their personal data that is relevant to the Church.
6. Protection Obligation
6.1. The Church will take reasonable steps to protect the personal data against unauthorized disclosure. Subject to the provisions of any applicable law, the personal data may be disclosed, for the purposes listed above (where applicable), to the following:
6.1.1. Staff and volunteers within the Church;
6.1.2. Agents, contractors or third party service providers who provide services to the Church, such as website maintenance services, internet cloud services, courier services, other operational services (relating to collection of financial contributions, printing, training, security, accommodation) and/or other services to the Church or the Site;
6.1.3. Our professional advisors such as auditors and lawyers;
6.1.4. Relevant government regulators, statutory boards, or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and
6.1.5. Any other party to whom the individual authorizes us to disclose his Personal Data to.
6.2. The Church will take reasonable measures to protect an individual’s personal data from unauthorized access, improper use or disclosure, unauthorized modification, unlawful destruction or accidental loss. However, the individual should be aware that no method of transmission over the internet or method of electronic storage is 100% secure. While security cannot be guaranteed, the Church will strive to protect the security of the personal data and will constantly review and enhance our information security measures.
6.3. The Church’s staff and volunteers are required to keep personal data confidential and only authorized persons have access to such information.
6.4. The Church may transfer, store, and process your personal data outside of Singapore. Where the Church does so, the Church will comply with the PDPA and other applicable data protection and privacy laws.
6.5. The Church will endeavour to ensure that the third parties, to whom the personal data is disclosed, will provide a comparable standard of protection to the personal data. However, the Church does not provide any warranty or take any responsibility of any misuse undertaken by those third parties.
6.6. Save as set out under this Policy, unless the Church is obliged or permitted by the Act to do so, an individual’s personal data will not be disclosed to any third parties without his/her permission.
7. Access and Correction Obligation
7.1. An individual may request for his personal data, or request for it to be updated or corrected by sending a formal request to the Data Protection Officer (DPO).
7.2. The DPO has oversight of all personal data access or correction requests and ensures that they are processed in accordance with this policy.
7.3. Request for personal data access or correction by individuals, including any enquiries and complaints, shall be submitted to the Church in writing to the DPO at firstname.lastname@example.org . Upon receiving such a request, the DPO shall verify the identity or the individual before responding to the request for access or correction and may also request for additional information from the requestor to aid in the investigation.
8. Retention Limitation Obligation
8.1. The Church shall retain the individual’s personal data only for as long as it is reasonable to fulfill the purposes for which the information was collected for as
required by law. Once the data in the Church’s possession is no longer necessary to serve the purpose for which it was collected, the data will be destroyed or anonymized in a secure manner.
9. Transfer Limitation Obligation
9.1. The Church will transfer personal data to a country or territory outside Singapore when required for purposes such as storage on third-party databases or for missions. Such transfer shall be done in a manner that is secure and appropriately aligned with PDPA requirements.
10. Openness Obligation
10.1. The Church shall develop and publish the relevant Data Protection Policy statements to inform the relevant individuals declaring the manner that their personal data are collected, used and disclosed. Such statements shall be made available to the relevant individuals upon request, or may be published in an appropriate manner on the appropriate platform that the Church deems fit.
11. Updating the Policy
11.1. This Policy may be updated regularly to take into account changes in policy, technology, and/or to ensure compliance with any legislative changes.
12. Contact our Data Protection Officer
12.1. The DPO can be contacted via our email (email@example.com) for any queries regarding the policy, or feedback regarding the handling of personal data by the Church.