Privacy – Bedok Methodist Church

Bedok Methodist Church, (“the church”) recognises both the rights of members to protect their personal data, including rights of access and correction, and the needs of the church to collect, use or disclose personal data for legitimate and reasonable purposes.

The church is committed to the Personal Data Protection Act of Singapore to governs the collection, use and disclosure of personal data that you have consented to provide.

This Policy Statement contains useful information about how and why we collect, use and disclose your personal data. You can have our assurance that it will only be used in accordance with this statement.

Your Personal Data

Your record includes the information you provided as a member or regular worshipper of the Church or for application of membership or baptism or other church activities. Any information submitted by you may be used to update your record. When providing your data to us, please ensure that it is complete and accurate in order for the Church to maintain data accuracy.
Your personal data collected is limited to administrative purposes and what is necessary to facilitate the carrying out of activities by the Church. It will be kept confidential and will be used strictly for Church related programs only. It will not be disclosed to external parties without your due consent.
Your personal data is retained only for as long as it is reasonable to fulfill the purposes for which it was collected for or as required by the law.

Mode of Collection of Personal Data

Personal data is collected from :

registration forms for participation in events and activities (eg. talks, seminars, workshops, mission trips, etc).
response forms from participants of events and activities; and
on a necessary basis for compliance with regulatory and other administrative needs.

Security

The Church has put in place necessary security measures and administrative, physical and technical procedures to minimize the risk of unauthorized access or disclosure and unlawful destruction or alteration, and to ensure the appropriate use of information.

Opting Out

To opt out of receiving communication on the Church’s news and information, please fill in the Opt-out form available on request from the Church office. Your request will be processed within 2 weeks
Please note that your data will still be held on the Church database for administrative purposes.

Data Protection Officer (DPO)

The Church has an appointed Data Protection Officer (DPO) to ensure that we comply with the Personal Data Protection Act (PDPA) of Singapore.

The DPO’s duties include :

(a) reviewing regularly the policy and practice for handling personal data so as to be compliant with legal requirements and facilitative of the advancement of the purpose of BMC;

(b) upon review and, where updating is necessary, proposing to and seeking approval from the Local Church Executive Committee of BMC, to do so;

(c) disseminating data protection policy and practice to members so that they are made aware of their responsibility to comply ; and

(d) handling queries or complaints relating to the Personal Data Protection Act (PDPA).

(e) The DPO’s contact details shall be given upon request.

Use and Protection of Personal Data

We shall use personal data for the stated purpose only.
If required to be used for another purpose, we shall give notification of such intended use and get consent for the use.
For every event being organized, one or two persons shall be appointed to take charge of collection, use, management and protection of the personal data collected for such event.
Protection of the personal data means
- to keep the data confidential;
- to keep hard copies in locked cupboards or in secure places;
- to keep soft-copy databases password-protected;
- to restrict access to authorized persons only; and
- to destroy personal data when no longer required.

Retention of Personal Data

Personal data shall be retained only for as long as it is reasonable to fulfill the purposes for which the data was collected or as required by any written law.
Hard copies of personal data no longer required shall be disposed off by shredding or perforation in such manner as will prevent identification of individuals from them.
Soft copies of personal data no longer required shall be disposed off by deletion in a permanent manner.

Transfer Limitation

The church will not transfer any personal data to a country or territory outside Singapore except in accordance with requirements under the Personal Data Protection Act (PDPA) (section 26(1), PDPA). Appropriate steps to be taken by the church are:

It complies with the data protection provisions set out in Parts III to VI of the PDPA in respect of the transferred personal data, if the personal data remains in its possession or under its control.
If the personal data is transferred to a third party recipient in a country or territory outside Singapore, the recipient is bound by legally enforceable obligations to provide a standard of protection that is comparable to that under the PDPA.

Legally enforceable obligations include obligations imposed on a recipient of personal data under:

Any law.
Any contract in accordance with Regulation 10(2) of the Personal Data Protection Regulations 2014 (PDPR).
Any binding corporate rules in accordance with Regulation 10(3) of the PDPR.
Any other legally binding instrument.

Complaint Procedure

Any complaint relating to the PDPA shall be referred to the DPO.
For general queries, feedback or complaint, you will get a reply within 2 week. For queries that require further investigation or evaluation, do expect a reply in 2 to 4 weeks.
The DPO shall investigate the complaint and report her finding to the Local Church Executive Committee so that a timely and appropriate response is given to the complainant.
Where remedial action is required, the DPO shall ensure it is taken and reported to the Local Church Executive Committee.

Rights of Providers of Personal Data

Access to Personal Data

If you wish to access your personal data being held by the Church, please fill in the Request form available from Church office. You may email the completed form and allow us one week to process your request to access your personal data.
Personal data record will only be released to you by the Church Data Protection Officer upon verification of your identity card and the signed request form. This is necessary to protect your personal data. Failing to do so, your request will not be acceded.

Correction of Personal Data/Update

If you believe that your personal information in the Church database is incorrect or incomplete, you may write to the Church Data Protection Officer stating your full name, NRIC no, contact information and the details of your requested correction/update.
Alternatively, you may update your personal information by filling in the Member Personal Data form available from the Church office and submit to the Church Data Protection Officer.
We will update any information found to be incorrect within 2 weeks.

Withdrawal of Consent

Any individual may withdraw his/her consent to the use and disclosure of his/her personal data at any time, unless such personal data is necessary for BMC to fulfill its legal obligations.
We shall comply with the withdrawal request and inform the individual if such withdrawal will affect the services and arrangements between the individual and BMC
Upon withdrawal of consent, we shall cease to use the personal data and delete it from our records or destroy it.

Video Recording and Photographs

Video footage and photographs may constitute personal data if an identifiable individual is captured.
We shall notify participants of events that photographs and videos taken may be used by BMC for communication and publicity purposes in print or electronic media.

If you have any queries on the Church’s policies relating to the PDPA of Singapore, please email (office@bmc.org.sg).

The Church will regularly review and update our Personal Data Protection Policy. The latest version will be available from the Church office upon request.