Data Protection Notice
Bartley Christian Church Data Protection Notice (Release 1.0)
This Data Protection Notice (“Notice”) sets out how Bartley Christian Church (“BCC”) collects, uses, discloses and protects or otherwise processes personal data in accordance with the Personal Data Protection Act (“PDPA”) of Singapore. This document contains information about how and why we collect, use and disclose your Personal Data and the assurance that it will only be used in accordance with this Notice.
2. Terms & Definitions
a) An “Individual” is defined under the PDPA as a natural person, whether living or deceased. In BCC, an individual refers to a person from (but not limited to) the following groups:
I. Elders, pastors, staff and interns.
ii. Church members and non-church members who participate in church activities.
iii. Cell group members, inclusive of those who are not our church members.
iv. Visitors to BCC (e.g., speakers, guests, and contractors).
v. Church volunteers.
b) “Personal Data” is defined as data, whether true or not, about an individual who can be identified from the data, or from that data and other information to which we have or are likely to have access. This data is used to facilitate the carrying out of church functions and activities by BCC. Some examples of “Personal Data” that may be collected include (but not limited to), the following information:
i. An individual’s biodata (e.g. name, gender, date of birth, nationality, marital status, marriage date, occupation).
ii. Personal identification number and/or passport number.
iii. Contact information (e.g. residential address, email address, home and mobile numbers).
iv. Family information.
v. Medical history.
vi. Spiritual development-related information (e.g. baptism date, giftings, interests, Christian trainings and workshops attended,
ministries involved and membership information).
vii. Financial information such as credit card and bank account numbers.
viii. Photos, video footage, CCTV footage and other audio-visual information.
3. Purpose of Collection, Use and Disclosure
a) BCC may collect Personal Data via the following ways, including but not limited to:
i. hardcopy forms.
ii. electronics forms (e.g. Google Forms or Microsoft Forms).
iii. text messaging platforms (e.g. SMS, WhatsApp, Telegram and emails).
iv. verbal communication (e.g. over the telephone and face-to-face).
v. contact tracing devices/software.
b) The Personal Data collected is used generally for the following purposes:
i. To provide services and handling of queries requested by the individual;
ii. For conducting and managing church activities and events, and ministry organisation which cover planning, management,
communication and post-event analysis. These events include (not limited to) Cell Ministry, Missions Ministry, Children’s
Ministry, Church services, classes, fundraising activities, and retreats or outings;
iii. For pastoral care such as counselling of individuals who seek support and/or guidance, hospital visitation, members home
visitation, funeral wake services, house blessings, marriages and others;
iv. Church operations purposes like Human Resource, Finance and Tenancy management;
v. To process donations or collections meant for other charitable and non-profit organisations supported by BCC;
vi. Church administration and managing relationship with members;
vii. Internal and external communication and publications;
viii. Delivering information regarding news, publications and events;
ix. Internal record keeping; and
x. Any other reasons for which you may have submitted your Personal Data to us.
c) Such Personal Data may be disclosed by BCC to:
i. External third parties (whether in Singapore or elsewhere in the world) for one or more of the above purposes in section 3(b). These third parties may include data intermediaries who would be processing your Personal Data for BCC or third-party service providers who provide services, such as telecommunications, mailing, information technology, payment, payroll, insurance, to BCC.
These third parties will treat Personal Data as confidential, in accordance with the PDPA, and will process such Personal Data only for the intended purposes and according to their agreement with BCC.
ii. Internal Parties, such as BCC’s Elders, Pastors, staff, appointed laypersons, ministry personnel, agents or volunteers, as authorised by Data Protection Officer (“DPO”).
These persons will treat Personal Data as confidential, in accordance with the PDPA, and will process such Personal Data only for the intended purposes and according to their agreement with BCC.
iii. Relevant government regulators, statutory boards or authorities or law enforcement agencies in order to comply with any laws, rules, guidelines and regulations or schemes imposed by the government.
d) Photos and Videos - BCC captures church events in the form of photographs and/or videos. Event attendees are deemed to have consented to the taking of photographs and/or videos of themselves, for corporate communication, publicity, ministry use & other purposes as appropriate, as notices are put up on BCC premises stating the same. Individuals may write to the DPO to withdraw their consent.
When photographs and videos of certain individuals are used for corporate communication or publicity purposes, BCC will exercise discretion and utmost care to protect the dignity of those individuals.
4. National Registration Identification Card (NRIC) Policy
In compliance with PDPA Advisory Guidelines for NRIC and other National Identification Numbers (published on 31 August 2018), BCC will not collect, use or disclose the NRIC number or photocopy the NRIC of an individual except as required by the law or the authorities of the Government or where an exception under the law applies.
5. Consent and Consent Withdrawal
a) By submitting your Personal Data to BCC, you agree and consent to the collection, use and disclosure of your Personal Data by BCC for some or all of the purposes mentioned herein.
b) If you provide us with personal information relating to a third party (e.g. information of your spouse, children, parents or relatives), you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
c) You may at any time withdraw any consent given in respect of the collection, use or disclosure of your Personal Data by giving prior notice in the form of a formal written request addressed to the DPO.
d) In the event you withdraw your consent to BCC for the processing of your Personal Data for the purposes mentioned above, BCC shall cease to process your Personal Data within twenty (20) working days upon receiving your withdrawal request. Please note that once consent is withdrawn, your request for any of the above purposes may be cancelled, and hence BCC may not be able to fulfil the list of services to you.
6. Access, Correction and Accuracy Obligation
a) BCC shall make reasonable effort to ensure that every individual’s Personal Data is accurate and updated. However, we also rely on the diligence of the individual to notify our staff of any changes to his/her Personal Data. Failure to do so may result in our inability to provide members with information or services the members have requested.
b) If an individual would like to know about his/her Personal Data in BCC’s possession, or how the data has been used or to whom it may have been disclosed, or to correct any Personal Data in BCC’s possession, he/she may write to BCC’s DPO. The DPO will respond to the individual’s request within twenty (20) working days.
c) The Personal Data of the individual is maintained and updated via:
i. Notification sent to members prior to BCC Annual General Meeting to request members to update their particulars via email or by submitting a Personal Data Correction Request Form.
ii. By the individual personally through the submission of a Personal Data Correction Request Form (available via BCC website) or a physical Personal Data Correction Request Form (available at BCC information counter).
7. Security of Personal Data
a) BCC has reasonable security arrangements in place to protect the Personal Data that it possesses to prevent unauthorized access, collection, use, disclosure or similar risks. Please take note that no computer, electronic or data storage system is immune from intrusion and we cannot guarantee the absolute security of any Personal Data we may have collected from you - you are advised to take note of the risks and implement the necessary precautions against viruses, bugs, trojan horses, spyware or adware.
b) In the event of a breach in data security, the DPO shall be notified. The DPO will initiate an investigation and take actions in accordance with the Data Security Breach Management Plan, including (and not limited to) assessing whether the breach is notifiable to the affected individual and/or the Personal Data Protection Commission (“PDPC”).
8. Transfer of Personal Data
BCC has in place reasonable measures to ensure that transfer of Personal Data out of the jurisdiction is protected and in compliance with the Personal Data Protection Act.
9. Retention of Personal Data
BCC will retain your Personal Data for a reasonable period for the purposes for which it was processed or until you request BCC to delete the Personal Data, or as required by law.
10. Enquiry / Feedback on Notice
Any enquiry, feedback or request relating to this Notice shall be directed to BCC’s DPO via postal mail or email:
Data Protection Officer
Bartley Christian Church 4 How Sun Drive Singapore 538526