The Singapore Association for the Deaf (SADeaf) respects the right of individuals to protect one’s own personal data. This data protection policy gives individuals information about how the organisation collect, use and disclose personal data while recognising people’s right to protect personal data and the organisation’s need to collect, use or disclose it for purposes believed to be reasonable and appropriate in the circumstances of the programmes that are provided to clients.
It applies to the personal data of all individuals who are clients (or parents or guardians of clients), donors, employees, including volunteers, and online users of the website at https://sadeaf.org.sg
Personal data is information which can be used to identify a person.
Examples of such Personal Data provided include (depending on the nature of interaction) name, NRIC, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which have provided in any forms submitted to SADeaf, or via other forms of interaction.
We obtain consent from an individual before collecting, using or disclosing their personal data.The individual’s consent is only valid when:
Personal data is collected from or about clients, donors, employees and other individuals. Personal data is utilized so that the organization is able to provide programmes (which are described on the website) efficiently and effectively and also for SADeaf’s mandatory compliance with legal obligations.
If at any time anyone would prefer not to provide some personal data that is requested, please inform SADeaf. SAdeaf will then explain the purposes for collecting that personal data. If one still does not wish to provide it will be discussed whether or not the organization can proceed without it.
One may in writing withdraw personal consent given for any or all purposes set out in this Privacy Statement by emailing to firstname.lastname@example.org. If consent is withdrawn for any or all of the purposes, SADeaf may not be in a position to continue to provide services to individuals and their family members. SADeaf has the right to consider withdrawal, a termination by individuals of any contractual relationship which one may have with SADeaf, and a breach of one’s contractual obligations or undertakings, as the case may be.
SADeaf ceases to retain documents containing personal data about individuals, or remove the means by which it can be associated, as soon as it is reasonable to assume that the purpose for which it is collected is no longer necessary for legal or business purposes.
Reasonable efforts are made to ensure that personal data that is collected are accurate and complete if SADeaf is likely to use it to make a decision that affects individuals or we are likely to disclose it to another organisation.
Reasonable steps are taken to ensure the security of personal data that is in individuals’ possession or under SAdeaf’s control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure. Only authorised personnel are permitted to have access to personal data. In the event of data breaches, SADeaf is obligated to respond as follows:
However, SADeaf cannot completely guarantee the security of any Personal Data that may have been collected from or about individuals, or that for example no harmful code will enter websites (for example viruses, bugs, trojan horses, spyware or adware). One should be aware of the risks associated with using websites. While SADeaf strives to protect everyone’s Personal Data, SADeaf cannot ensure the security of the information you transmit to via the Internet or when individuals use the online portals, and everyone is urged to take every precaution to protect their own Personal Data when one is on the Internet.
An appointed Data Protection Officer is contactable as follows:
His/Her responsibilities and activities include, but not limited to:
A. Working with management to develop policies and processes for handling personal data
B. Providing internal training on data protection compliance
C. Monitoring and reporting data protection risks
If a data breach occurs and the breach is assessed to be “notifiable”, we must notify the Personal Data Protection Commission of the breach as soon as possible, no later than 3 calendar days after we make the assessment.
We reserve the right to review, amend and/or update this data protection policy at any time and from time to time.