Data Protection Policy

Data Protection Policy

The Singapore Association for the Deaf (SADeaf) respects the right of individuals to protect one’s own personal data.  This data protection policy gives individuals information about how the organisation collect, use and disclose personal data while recognising people’s right to protect personal data and the organisation’s need to collect, use or disclose it for purposes believed to be reasonable and appropriate in the circumstances of the programmes that are provided to clients.

It applies to the personal data of all individuals who are clients (or parents or guardians of clients), donors, employees, including volunteers, and online users of the website at https://sadeaf.org.sg

What Counts as Personal Data?

Personal data is information which can be used to identify a person.

Examples of such Personal Data provided include (depending on the nature of interaction) name, NRIC, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which have provided in any forms submitted to SADeaf, or via other forms of interaction.

Consent Obligation

We obtain consent from an individual before collecting, using or disclosing their personal data.The individual’s consent is only valid when:

  • They are notified of the purposes for which their personal data will be collected, used or disclosed
  • They provided consent to those purposes

Objectives for collection, usage and disclosing of personal data

Personal data is collected from or about clients, donors, employees and other individuals.  Personal data is utilized so that the organization is able to provide programmes (which are described on the website) efficiently and effectively and also for SADeaf’s mandatory compliance with legal obligations.

Collection, use and disclosure of personal data

  1. When persons submit application form or registration form, or other forms relating to any of SADeaf’s services or events
  2. When one enters into any agreement or provides other documentation or information with respect to interactions with SADeaf, or when one uses services or participates in events.
  3. When SADeaf receives references from partners and third parties, for example, where one has been referred by them.
  4. When SADeaf seeks information from third parties about persons in connection with the services one has applied for.
  5. Communication in regards to enquiries, and/or sending marketing, and promotional information and materials relating to products; events; and/or services.
  6. Administrative matters on purchases of SADeaf’s products and services, managing your membership and/or processing your sign-ups/registrations/booking/reservation
  7. Conducting market research and customer satisfaction surveys; and
  8. Any other purposes that we notify individuals of at the time of obtaining your consent.

If at any time anyone would prefer not to provide some personal data that is requested, please inform SADeaf. SAdeaf will then explain the purposes for collecting that personal data.  If one still does not wish to provide it will be discussed whether or not the organization can proceed without it.

SADeaf is permitted by the PDPA to collect, use or disclose personal data about individuals without consent in various circumstances that include the following:

  1. In times of emergency
  2. For evaluative purposes such as, and not limited to assessing a job or volunteering application
  3. Where the disclosure is related to law enforcement or where the collection, use or disclosure is in connection with certain legal issues
  4. Relevant government authorities, ministries, statutory boards and agencies

One may in writing withdraw personal consent given for any or all purposes set out in this Privacy Statement by emailing to dpo@sadeaf.org.sg. If consent is withdrawn for any or all of the purposes, SADeaf may not be in a position to continue to provide services to individuals and their family members. SADeaf has the right to consider withdrawal, a termination by individuals of any contractual relationship which one may have with SADeaf, and a breach of one’s contractual obligations or undertakings, as the case may be.

Retention of personal data

SADeaf ceases to retain documents containing personal data about individuals, or remove the means by which it can be associated, as soon as it is reasonable to assume that the purpose for which it is collected is no longer necessary for legal or business purposes.

Accuracy of personal data

Reasonable efforts are made to ensure that personal data that is collected are accurate and complete if SADeaf is likely to use it to make a decision that affects individuals or we are likely to disclose it to another organisation.

Protection of personal data

Reasonable steps are taken to ensure the security of personal data that is in individuals’ possession or under SAdeaf’s control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure.  Only authorised personnel are permitted to have access to personal data. In the event of data breaches, SADeaf is obligated to respond as follows: 

  1. Contain data breach, take immediate action to stop further damage;
  2. Assess risk and impact;
  3. Report incident to relevant authorities;
  4. Inform relevant stakeholders such as clients, staff, members and/or any group linked to the incident; wherever applicable.

However, SADeaf cannot completely guarantee the security of any Personal Data that may have been collected from or about individuals, or that for example no harmful code will enter websites (for example viruses, bugs, trojan horses, spyware or adware). One should be aware of the risks associated with using websites. While SADeaf strives to protect everyone’s Personal Data, SADeaf cannot ensure the security of the information you transmit to via the Internet or when individuals use the online portals, and everyone is urged to take every precaution to protect their own Personal Data when one is on the Internet.

Data Protection Officer

An appointed Data Protection Officer is contactable as follows: 

  • Send an email to dpo@sadeaf.org.sg
  • Call 6344 8274
  • Write to us at The Singapore Association for the Deaf, 227 Mountbatten Road, Singapore 397998

What does the Data Protection Officer do?

His/Her responsibilities and activities include, but not limited to:

A. Working with management to develop policies and processes for handling personal data

B. Providing internal training on data protection compliance

C. Monitoring and reporting data protection risks

Data Breach Reporting

If a data breach occurs and the breach is assessed to be notifiable, we must notify the Personal Data Protection Commission of the breach as soon as possible, no later than 3 calendar days after we make the assessment.

Changes to this data protection policy

We reserve the right to review, amend and/or update this data protection policy at any time and from time to time.

'