As used in this Notice:

“Personal Data” means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information, and education background.

Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

We collect personal data from or about our clients and our potential clients and from our donors, employees, including volunteers and applicants, and other individuals. We collect, use and/or disclose that personal data so that we are able to provide our services (which are described on our website) efficiently and effectively and so that we can comply with our legal obligations.

The personal data collected may be used for any or all of the following purposes:

• to provide our services to you;
• as part of our operations;
• for job application and recruitment purposes;
• for follow-up action regarding any complaints, feedback, queries or requests received via our website or any other communication channels; and
• in compliance with our legal obligations or to assist in law enforcement / investigations conducted by any governmental and/or regulatory authority.

Where possible, we collect personal data directly from you. We do this if you donate to us or if you apply for a job, including a volunteer role, with us. We usually collect this personal data from you by asking you to fill up a form and sometimes we supplement that by an interview with you in person or over the phone. These data would be collected only for the purpose(s) stated by us when we gather the personal data from you.

However, if you are a student at a government school and your school thinks you would find one of our programmes helpful the school may first disclose personal data about you to us to see if we are able to help you. If you join one of our programmes we will usually seek additional information directly from you and your parent(s)/guardian.

If your school thinks that you may find the youth mentoring scheme that we coordinate for the Singapore Police Force (‘SPF’) helpful, the school may provide personal data about you to us. In that case, we may provide some or all of the personal data disclosed to us by your school to the Singapore Police Force for the purpose of enabling you to participate in that mentoring programme.

Similarly, if you are a parent the Ministry of Social and Family Development (‘MSF’) may provide personal data about you to us to see if we can help you in our Parenting Power Programme.

If at any time you would prefer not to provide some personal data that we request, please let us know. We will then explain our purpose for collecting that personal data. If you still do not wish to provide it we will discuss with you whether or not we can proceed without it. We may not be able to do so.

We collect, use, or disclose personal about you only if:

• you give, or are deemed to have given, your consent under the PDPA to us collecting, using or disclosing that personal data or where such disclosure is required for performing obligations in the course of or in connection with our provisions of services to you;
• collection, use or disclosure by us of that personal data without your consent is required or authorised under the PDPA or any other applicable written law – personal data disclosed to us by or to a government school, the SPF or MSF falls into this category; or
• with your consent, to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in Paragraph 2 above for us. Any third parties engaged by us will be contractually bound to keep all personal data confidential.

Where we ask you to consent to us collecting, using or disclosing personal data about you we will first inform you of our purposes for doing so. We will not use or disclose personal data about you for any other purposes without first informing you of the additional purposes and getting your consent to us doing so for the additional purpose(s).

In some circumstances, you are deemed to have consented to us collecting, using or disclosing personal data about you for a purpose. For example, if you register online for one of our conferences or if you fill up a job application form and send it to us you are deemed to consent to us collecting, using or disclosing the personal data about you that is in the registration or the job application form.

We are permitted by the PDPA to collect, use or disclose personal data about you without your consent in various circumstances that include the following:

• if it is publicly available or if it is business contact information;
• if there is an emergency;
• if we do so for evaluative purposes (such as assessing a job or volunteering application); and
• where the disclosure is related to law enforcement or where the collection, use or disclosure is in connection with certain legal issues.

If you choose not to provide us with your personal data for the purposes listed in this Notice, or would like more information about the circumstances under which we may collect, use or disclose personal data without your consent, please contact our Data Protection Officer at the contact details provided below or indicate in the personal data collection form submitted to us (if any).

The purposes listed in this Notice may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

If you browse our website, we do not capture any data that allows us to identify you.

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. On giving us reasonable notice, you may at any time withdraw any consent you have given, or are deemed to have given, to us collecting, using or disclosing personal data about you for any purpose. Any such notice of withdrawal should be given in writing/email sent to our Data Protection Officer at the contact details provided below.

The consequences of you withdrawing consent to us collecting, using or disclosing personal data about you for any purpose may be onerous for you. Therefore:

• we may require you to provide proof of your identity; and
• we will inform you in writing/email of the likely consequences of withdrawing your consent for the specified purpose.

If you still wish to withdraw your consent we will act on your request within 10 business days of our receipt of your request and cease collecting, using or disclosing the personal data, unless doing so without your consent is required or authorised under the PDPA or other written law. We will also instruct any and all of our data intermediaries to cease collecting, using or disclosing the personal data.

In addition, we will cease to retain our documents containing that personal data, or remove the means by which it can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes.

If you wish to make a request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, you may submit your request to our Data Protection Officer at the contact details provided below. Your request to us should be made in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity.

On request by you, we will as soon as reasonably possible provide you with:

• personal data about you that is in our possession or under our control; and
• information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request.

Should we not be able to respond to your request within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

There are some circumstances where we are not required to provide you with information, and others where we are not allowed by the PDPA to do so. In some circumstances we may be able to provide you with limited information. You may obtain information about all of these circumstances from our Data Protection Officer.

If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. If so, we will inform you of the fee before processing your request. The fee will reflect our incremental costs associated with responding to your request. You may obtain information about the fee from our Data Protection Officer.

If you wish to make a request to correct or update any of your personal data which we hold about you, you may submit your request to our Data Protection Officer at the contact details provided below. Your request to us should be made in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity.

Should we not be able to respond to your request within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

There are some circumstances where we do not make a correction and other circumstances where we are not required to act on such a request. You may obtain information about these circumstances from our Data Protection Officer.

Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable. We will also send the corrected personal data to every other organisation to which we have disclosed it within a year before the date we made the correction (unless that other organisation does not need the corrected personal data for any legal or business purpose). Alternatively, with your consent, we will send the corrected personal data only to specific organisations as agreed with you.

Another organisation that has disclosed your personal data to us might notify us that it has corrected it. If this happens, unless we are satisfied on reasonable grounds that we should not make the correction, we will correct your personal data that is in our possession or under our control.

If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

We make reasonable efforts to ensure that personal data that we collect about you or that is collected on our behalf is accurate and complete if we are likely to use it to make a decision that affects you or we are likely to disclose it to another organisation.

We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure. We have introduced appropriate administrative, physical and technical measures to secure all storage and transmission of personal data by us. Only authorised personnel are permitted to have access to personal data about you.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your personal data.

We cease to retain documents containing personal data about you, or we remove the means by which it can be associated with you, as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by its retention and retention is no longer necessary for legal or business purposes.

Unless for operations-related needs, we generally do not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

We strive for excellence in providing services to our clients/beneficiaries and in all our interactions with donors, and with our employees (which includes our volunteers and applicants), as well as with the community generally. This includes our compliance with the PDPA.

Please direct any queries or complaints you have about the way in which we collect, use or disclose personal data about you to our Data Protection Officer. Generally, we are unable to deal with anonymous complaints because we are unable to investigate them. If you raise a complaint anonymously we will nevertheless note the matter raised and, if possible, try and investigate and resolve it appropriately.

Whenever you make a complaint our Data Protection Officer will seek to obtain sufficient information from you to enable us to investigate it. Please be prepared to provide our Data Protection Officer with information as to, for example:

• the type of action, or lack of action, by us that has given rise to your concern;
• whether it was an isolated incident or is ongoing and, in the case of an isolated incident, when it occurred;
• a copy of any relevant correspondence you hold; and
• details about what you consider should have happened or should not have happened.

Immediately upon receiving a complaint our Data Protection Officer must investigate it and within two business days advise you of:

• the outcome of the complaint and the reasons for that outcome or
• write to you (which may be by email) advising you that the Data Protection Officer needs more time to investigate the complaint and stating when the Data Protection Officer expects to have resolved the complaint for you

If a complaint is settled to your complete satisfaction, our Data Protection Officer is not required to advise you in writing of the outcome of the complaint, unless you request a written/email response.

If a complaint is not settled to your complete satisfaction, our Data Protection Officer will advise you of the outcome of the complaint and the reason(s) for that outcome in writing/email. If you are not satisfied with the outcome, you may take your complaint to the Personal Data Protection Commission.

We have appointed a Data Protection Officer who is contactable as follows:

• send an email to dpo@care.sg

• call 6583 3481

• write to us at Blk 428 Pasir Ris Dr 6 #01-21 Singapore 510428

We reserve the right to review, amend and/or update this Notice at any time and from time to time. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective: 1 September 2015

Last Updated: 16 September 2022

We collect personal data from or about our clients and our potential clients and from our donors, employees, including volunteers and applicants, and other individuals.

We collect, use and/or disclose that personal data so that we are able to provide our services (which are described on our website) efficiently and effectively and so that we can comply with our legal obligations.

The personal data collected may be used for any or all of the following purposes:

• to provide our services to you;
• as part of our operations;
• for job application and recruitment purposes;
• for follow-up action regarding any complaints, feedback, queries or requests received via our website or any other communication channels; and
• in compliance with our legal obligations or to assist in law enforcement / investigations conducted by any governmental and/or regulatory authority.

Where possible, we collect personal data directly from you. We do this if you donate to us or if you apply for a job, including a volunteer role, with us. We usually collect this personal data from you by asking you to fill up a form and sometimes we supplement that by an interview with you in person or over the phone. These data would be collected only for the purpose(s) stated by us when we gather the personal data from you.

However, if you are a student at a government school and your school thinks you would find one of our programmes helpful the school may first disclose personal data about you to us to see if we are able to help you. If you join one of our programmes we will usually seek additional information directly from you and your parent(s)/guardian.

If your school thinks that you may find the youth mentoring scheme that we coordinate for the Singapore Police Force (‘SPF’) helpful, the school may provide personal data about you to us. In that case, we may provide some or all of the personal data disclosed to us by your school to the Singapore Police Force for the purpose of enabling you to participate in that mentoring programme.

Similarly, if you are a parent the Ministry of Social and Family Development (‘MSF’) may provide personal data about you to us to see if we can help you in our Parenting Power Programme.

If at any time you would prefer not to provide some personal data that we request, please let us know. We will then explain our purpose for collecting that personal data. If you still do not wish to provide it we will discuss with you whether or not we can proceed without it. We may not be able to do so.

We collect, use, or disclose personal about you only if:

• you give, or are deemed to have given, your consent under the PDPA to us collecting, using or disclosing that personal data or where such disclosure is required for performing obligations in the course of or in connection with our provisions of services to you;
• 
  collection, use or disclosure by us of that personal data without your consent is required or authorised under the PDPA or any other applicable written law – personal data disclosed to us by or to a government school, the SPF or MSF falls into this category; or
• 
  with your consent, to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in Paragraph 2 above for us. Any third parties engaged by us will be contractually bound to keep all personal data confidential.

inform you of our purposes for doing so. We will not use or disclose personal data about you for any

other purposes without first informing you of the additional purposes and getting your consent to us

doing so for the additional purpose(s).In some circumstances, you are deemed to have consented to us collecting, using or disclosing

personal data about you for a purpose. For example, if you register online for one of our conferences

or if you fill up a job application form and send it to us you are deemed to consent to us collecting, using

or disclosing the personal data about you that is in the registration or the job application form.We are permitted by the PDPA to collect, use or disclose personal data about you without your consent

in various circumstances that include the following:

• if it is publicly available or if it is business contact information;
• if there is an emergency;
• if we do so for evaluative purposes (such as assessing a job or volunteering application); and
• where the disclosure is related to law enforcement or where the collection, use or disclosure is in connection with certain legal issues.

If you choose not to provide us with your personal data for the purposes listed in this Notice, or would like more information about the circumstances under which we may collect, use or disclose personal data without your consent, please contact our Data Protection Officer at the contact details provided below or indicate in the personal data collection form submitted to us (if any).

The purposes listed in this Notice may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

If you browse our website, we do not capture any data that allows us to identify you.

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. On giving us reasonable notice, you may at any time withdraw any consent you have given, or are deemed to have given, to us collecting, using or disclosing personal data about you for any purpose. Any such notice of withdrawal should be given in writing/email sent to our Data Protection Officer at the contact details provided below.

The consequences of you withdrawing consent to us collecting, using or disclosing personal data about you for any purpose may be onerous for you. Therefore:

• we may require you to provide proof of your identity; and
• we will inform you in writing/email of the likely consequences of withdrawing your consent for the specified purpose.

If you still wish to withdraw your consent we will act on your request within 10 business days of our receipt of your request and cease collecting, using or disclosing the personal data, unless doing so without your consent is required or authorised under the PDPA or other written law. We will also instruct any and all of our data intermediaries to cease collecting, using or disclosing the personal data.

In addition, we will cease to retain our documents containing that personal data, or remove the means by which it can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes.

If you wish to make a request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, you may submit your request to our Data Protection Officer at the contact details provided below. Your request to us should be made in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity.

On request by you, we will as soon as reasonably possible provide you with:

• personal data about you that is in our possession or under our control; and
• information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request.

Should we not be able to respond to your request within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

There are some circumstances where we are not required to provide you with information, and others where we are not allowed by the PDPA to do so. In some circumstances we may be able to provide you with limited information. You may obtain information about all of these circumstances from our Data Protection Officer.

If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. If so, we will inform you of the fee before processing your request. The fee will reflect our incremental costs associated with responding to your request. You may obtain information about the fee from our Data Protection Officer.

If you wish to make a request to correct or update any of your personal data which we hold about you, you may submit your request to our Data Protection Officer at the contact details provided below. Your request to us should be made in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity.

Should we not be able to respond to your request within thirty (30) days after receiving your request in writing (including both electronic and non-electronic methods), we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

There are some circumstances where we do not make a correction and other circumstances where we are not required to act on such a request. You may obtain information about these circumstances from our Data Protection Officer.

Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable. We will also send the corrected personal data to every other organisation to which we have disclosed it within a year before the date we made the correction (unless that other organisation does not need the corrected personal data for any legal or business purpose). Alternatively, with your consent, we will send the corrected personal data only to specific organisations as agreed with you.

Another organisation that has disclosed your personal data to us might notify us that it has corrected it. If this happens, unless we are satisfied on reasonable grounds that we should not make the correction, we will correct your personal data that is in our possession or under our control.

If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.

We make reasonable efforts to ensure that personal data that we collect about you or that is collected on our behalf is accurate and complete if we are likely to use it to make a decision that affects you or we are likely to disclose it to another organisation.

We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure. We have introduced appropriate administrative, physical and technical measures to secure all storage and transmission of personal data by us. Only authorised personnel are permitted to have access to personal data about you.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your personal data.

We cease to retain documents containing personal data about you, or we remove the means by which it can be associated with you, as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by its retention and retention is no longer necessary for legal or business purposes.

Unless for operations-related needs, we generally do not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

We strive for excellence in providing services to our clients/beneficiaries and in all our interactions with donors, and with our employees (which includes our volunteers and applicants), as well as with the community generally. This includes our compliance with the PDPA.

Please direct any queries or complaints you have about the way in which we collect, use or disclose personal data about you to our Data Protection Officer. Generally, we are unable to deal with anonymous complaints because we are unable to investigate them. If you raise a complaint anonymously we will nevertheless note the matter raised and, if possible, try and investigate and resolve it appropriately.

Whenever you make a complaint our Data Protection Officer will seek to obtain sufficient information from you to enable us to investigate it. Please be prepared to provide our Data Protection Officer with information as to, for example:

• the type of action, or lack of action, by us that has given rise to your concern;
• whether it was an isolated incident or is ongoing and, in the case of an isolated incident, when it occurred;
• a copy of any relevant correspondence you hold; and
• details about what you consider should have happened or should not have happened.

Immediately upon receiving a complaint our Data Protection Officer must investigate it and within two business days advise you of:

• the outcome of the complaint and the reasons for that outcome or
• write to you (which may be by email) advising you that the Data Protection Officer needs more time to investigate the complaint and stating when the Data Protection Officer expects to have resolved the complaint for you

If a complaint is settled to your complete satisfaction, our Data Protection Officer is not required to advise you in writing of the outcome of the complaint, unless you request a written/email response.

If a complaint is not settled to your complete satisfaction, our Data Protection Officer will advise you of the outcome of the complaint and the reason(s) for that outcome in writing/email. If you are not satisfied with the outcome, you may take your complaint to the Personal Data Protection Commission.

We have appointed a Data Protection Officer who is contactable as follows:

• send an email to dpo@care.sg

• call 6583 3481

• write to us at Blk 428 Pasir Ris Dr 6 #01-21 Singapore 510428

We reserve the right to review, amend and/or update this Notice at any time and from time to time. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective: 1 September 2015

Last Updated: 16 September 2022