Privacy Policy

SBFF Foundation Limited (“SBFF“) respects the privacy and confidentiality of individuals’ personal data. SBFF is committed to implementing policies, practices and processes to comply with the Singapore Personal Data Protection Act (PDPA) 2012. The PDPA sets out rules for governing the collection, use and disclosure of personal data by organisations.

As defined in the PDPA, personal data refers to “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”

 

Scope

This Personal Data Protection Policy covers the collection, usage, disclosure, processing, analysis, protection, storage, retention and disposal of personal data in the possession or under the control of SBFF. It is to be used in conjunction with the Information Security Policy, the Document Retention Policy, and any other related policies which SBFF has in place.

This Policy is applicable to all personnel who are involved in the handling of personal data within SBFF (i.e. Employees, members of the Board of Management) or acting on behalf of SBFF (i.e. Partners, Consultants, Service Providers, Volunteers). If you fall into any of these categories, you are required to abide by the principles, guidance and processes for personal data protection as spelt out in this Policy.

 

Policy Compliance

All Employees of SBFF are responsible for ensuring compliance with the personal data protection requirements as spelt out in this Policy across the full range of their activities. If any Employee is found to have breached this Policy, he/she may be subjected to SBFF’s disciplinary procedure. If a criminal offence is considered to have been committed, further action may be taken to assist in the prosecution of the offender(s).

If you do not understand the implications of this Policy or how it may apply to you, please seek advice from SBFF’s Data Protection Officer (DPO).

If you have knowledge of anyone who may be breaching this Policy, please contact the DPO.

 

Collection, Use and Disclosure of Personal Data: Consent, Purpose Limitation and Notification

This section lists the ways in which personal data are collected, used and disclosed in your course of work or doing business in SBFF. You should identify whose personal data are being collected, why they are collected, how they are collected and who you disclose the personal data to. Knowing what personal data you have to handle in the course of your work is important because you can then focus on applying appropriate safeguards over such data.

Note that the collection of personal data includes photo/video-taking where individuals can be identified.

From 1 September 2019, in accordance with the Personal Data Protection Commission’s Advisory Guidelines On The PDPA For National Registration Identity Card (NRIC) And Other National Identification Numbers, SBFF should refrain from collecting, using or disclosing NRIC numbers (or copies of NRIC) and other national identification numbers, e.g. Birth Certificate numbers, Foreign Identification Numbers (“FIN”), Passport numbers and Work Permit numbers. Collection, use or disclosure of NRIC numbers (or copies of NRIC) and other national identification numbers is still permissible if it is required under the law (or an exception under the PDPA applies); or it is necessary to accurately establish or verify the identities of the individuals to a high degree of fidelity.

In all other instances, SBFF would use other means of identification of individuals such as mobile phone number, email address, organization-issued ID number or limit the collection to last 4 digits of the national identification numbers (last 3 numbers plus 1 character) and ensure an appropriate level of security to protect the numbers collected.

  • Obtaining Consent
    • SBFF shall notify and obtain consent from the Data Subjects (e.g. partners, volunteers, other individuals) before the collection, use or disclosure of their personal Notification requires the purpose for collecting, using or disclosing of the personal data to be made known to the Data Subjects.
    • SBFF shall make it clear which third-parties outside of SBFF their personal data will be disclosed
    • SBFF shall not collect more personal data than necessary for the stated purpose (excessive collection).
    • Similarly, SBFF shall not disclose more personal data than necessary for the stated purpose (excessive disclosure).
    • SBFF shall not use or disclose the personal data for any other purpose beyond the original purpose (secondary use) if the Data Subjects have not given their consent, If the intended purpose for the use or disclosure of the personal data has changed, a fresh consent shall be obtained from the Data Subjects.
    • SBFF shall not ‘force’ (i.e. demand) consent as a pre-condition for providing the service to the Data SBFF shall provide options for them to not sign up for certain services at the point of application or registration (e.g. they want to register for talks/events but they do not want to receive certain promotional materials).
    • For consent to be valid, the Data Subjects must provide expressed written confirmation that they agree to their personal data being collected, used or disclosed for the stated You may use a consent form or have consent clauses incorporated into data collection forms e.g. on the website. If, for some reason, the consent is verbal, SBFF shall follow up with a written acknowledgement via email or letter. This is to ensure that there is hardcopy evidence of expressed consent.
    • Where CCTVs are being used for security monitoring of SBFF’s premises or for other legitimate purposes,notices must be displayed prominently to inform Data Subjects whose images may be captured by CCTV cameras. The notices should be displayed at locations where there is heavy human traffic, e.g. at the entrance to SBFF’s office premises.
    • Where photos/videos are to be taken at a private event (e.g. a private seminar where participation is restricted to invited guests only), consent from Data Subjects shall be sort before taking their photos/videos.
    • [IP address, Cookies] Explicit consent shall be sought (e.g. Data Subject is to click on a button or a box on a website or portal) if IP addresses or ‘cookies’ are used to collect, use or disclose personal data online and can be used to identify a unique individual.

 

  • How we use cookies

Our website does not capture Personal Data about your online use unless you choose to access or use our websites or provide such information to us.

By browsing or using our website, you consent to our use of cookies to collect information on your usage in order to improve your user experience when browsing our website.

A cookie is a small text file placed on your computer’s hard drive that helps to analyse web traffic or remember the websites that you visit, and can include information about the way you use a website, your choice of Internet browser, the type of device you are accessing it from, and where you are accessing from.

Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. However, this may prevent you from taking full advantage of our website.

Subject to the PDPA, SBFF will obtain consent before collecting, using and disclosing your personal data and notify you of such purposes as far as practicable. SBFF also collects the personal data that you knowingly and voluntarily provide, such as when you make a donation to SBFF, when you register to participate in SBFF-related programmes, activities and events, or when you submit employment and volunteer applications, etc. The types of personal data that is collected depends on the nature of the activity.

 

Consent, Purpose Limitation and Notification

There are right ways and wrong ways to collect, use and disclose personal data. This section lists some ground rules and guidelines you should abide by before you collect personal data from the Data Subjects.

While SBFF shall make every reasonable effort to ensure your personal data collected is accurate and complete, please also ensure that all Personal Data submitted to SBFF is accurate and complete.

The purposes for which SBFF collects, uses and discloses your personal data includes but is not limited to the following:

    • verifying your identity;
    • sending you SBFF materials such as announcements, newsletters, annual reports, materials in relation to any of SBFF’s fundraising events and Seasons Greetings;
    • liaising with the relevant vendors, suppliers, third party organisations for the objective of fulfilling and/or enhancing our services;
    • processing donations to claim tax deductions from the Inland Revenue Authority of Singapore (IRAS);
    • substantiating for Government-funded programmes;
    • developing contents of this website and other publicized materials of SBFF;
    • managing or terminating the employment relationship;
    • assessing the suitability and eligibility of a prospective job candidate or a volunteer;
    • processing and responding to inquiries and/or feedback;
    • for service improvement; and
    • complying with a court order or other legal process or other statutory and/or regulatory requirements of any governmental and/or regulatory authorities; and any other purpose permitted by the applicable laws of Singapore.

 

Sharing of Information

SBFF will not sell or rent your personal data to any third parties. SBFF will not disclose your personal data to third parties without your permission, except if required by law or a court order to do so, or for the purposes stated above.

We may sometimes provide links to other websites for your convenience and information. Unless expressly specified, we are not responsible for the content of these websites, any products or services that may be offered through or on them, or their data collection practices.

 

Retention of Data

SBFF will cease to retain your personal data or remove the means by which the personal data may be associated with particular individuals as soon as it is reasonable to assume that the purpose for which the personal data was collected is no longer being served by retention of the personal data, and retention is no longer necessary for legal or business purposes.

 

Data Security

While there is no method of transmission over the Internet or method of electronic storage that is 100% secure, SBFF strives to protect and ensure the security of your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or other similar risks.

 

Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data

If you:

    1. have any questions or feedback relating to your Personal Data or our Notice; or
    2. would like to withdraw your consent to any use of your Personal Data; or
    3. would like to obtain access and make corrections to your Personal Data;

 

Please email us at the address provided below referencing ‘Notice’ and addressing it to the Data Protection Officer (DPO). Kindly provide us your Name, Company Name, Email Address and Contact Number.

Email : contact@sbffoundation.org.sg

To protect your privacy and security, we will also require you to verify your identity before we can respond substantially to your request.