PRIVACY POLICY
This Privacy Policy (“Policy”) governs the collection, use, disclosure and protection of Personal Data of individuals (“Personal Data”) provided to Grace Lodge (“the Organisation” or “We” or “Us” or “Our”) when You access the Our website and when You use Our services, including the website.
The Organisation are committed to protecting Your Personal Data and complying with all appropriate legislation. We are committed to protecting the privacy and Personal Data of individuals (“You” or “Your”) provided to Us.
This Policy is applicable on You when You access and use Our website, use Our service or visit Us at Our premises. By accessing and/or using the Website and/or facilities in Our premises, You signify Your acceptance of the Policy and expressly consent to Our collection, use, disclosure, and retention of Your Personal Data as described in this Policy. If You do not agree to this Policy and/or to Our processing of Your data/information in the manner outlined in this Policy, please do not use this Website and our Service or submit any Personal Data to Us.
This Policy is effective as of 26 October 2021.
1.1. Collection, use and disclosure
The Organisation is a non-profit voluntary nursing home that provides shelter and care for needy, handicapped persons and the aged sick persons of Singapore (“Services”) to residents/clients. We collect Personal Data from individuals who visit the Organisation’s website and premises (“Visitors”), request to get in touch on the website (“Customers”), use Our nursing home (“Residents”), seek a position with the Organisation (“Job Applicants”), help out in the Organisation (“Volunteers’).
Notwithstanding any other provision in this Policy, You agree that the Organisation shall be entitled to use and disclose any information and feedback arising from Your use of our Services, subject to such information and feedback being anonymised and such use and disclosure being in compliance with applicable privacy laws.
2.1. What Personal Data We collect?
In accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”), “Personal Data” refers to any data or information (whether true or not) about You from which You can be identified, either (i) from that data; or (ii) from that data and other information to which We have or are likely to have access. When You use our Services, We may collect, amongst others, the following personal data:
- Your name, NRIC, passport or other identification number, telephone number(s), residential address, email address, bank account information, credit card information and any other information relating to You which You have provided us in any forms You may have submitted to Us, or in other forms of interaction with You;
- Your next of kin, emergency contact person, employment references, Your spouse and Your dependent Personal Data including but not limited to Name, NRIC, passport or other identification number, telephone number(s), residential address, email address, bank account information and credit card information which You have provided us in any forms You may have submitted to Us, or in other forms of interaction with You;
- Your medical history, employment history, education background and income levels;
Apart from any Personal Data provided by You, We may also collect certain non-personal and/or technical information through third-party sources, platforms (such as social networking websites, databases, online marketing firms, and ad targeting firms) and other channels. This includes, but not limited to, information about Your device used to access the Organisation’s Websites, Your web browser type and language, Your Internet Protocol (IP) address and geographic data associated with the IP address etc.
Where Personal Data is submitted by You on behalf of another individual or concerns another individual other than yourself (or, in situations where You represent Your company or Organisation and submit the Personal Data to Us), You represent and warrant to Us, that all the necessary consents (procured in accordance with all applicable data protection legislation, including but not limited to the PDPA) have been obtained from the relevant individuals and that You have retained proof of these consents, such proof to be provided to Us upon Our request.
2.2. How Personal Data are collected?
We may collect Your Personal Data in one or more of the following ways and situations when You:
- register with us for Our services;
- visit Our websites;
- visit Our premises as surveillance cameras are in use on 24 hours;
- make donation through Our websites;
- attend Our events and activities as photos and/or video recordings may be taken for publicity purposes;
- register with us as volunteers;
- communicate with Our employees, interns, volunteers, board and committee members in meetings or through emails or telephone calls;
- respond to Our request for additional Personal Data;
- participate in Our research and/or survey, that may be conducted by Us or Our partners/vendors;
- apply for employment or internship with Us;
- submit Your Personal Data to Us for any other reasons that are described to You, and
- where your Personal Data is given to Us from third party social networking services when You choose to connect with those services
2.3. Why and how We use the Personal Data?
The Personal Data is collected, used, disclosed and/or processed for the following purposes:
- provide and deliver the Services You have requested;
- submit Your Personal Data to certain regulatory agency of Singapore in order for us to provide You with Our services;
- respond to your queries that You made to the Organisation;
- provide customer service including general correspondence on matters related to Our Services;
- processing and administering payments, receipts, billings and reference checks including but not limited to Your employment, internship, volunteer services with the Organisation;
- compliance monitoring and audit reviews;
- send service-related information associated with Our Services;
- provide updates on promotions, upcoming events, and news about our Services via the Organisation’s news publication or the Organisation’s websites;
- assess the suitability of Your job application for a position with Us;
- provide services to the Organisation as a vendor;
- compile statistics to design and improve Our services to You;
- complying with all applicable regulations, laws and internal policies and procedures;
- investigating and allegation or suspicion of fraud, misconduct, any unlawful action or omission; and
- comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities and agencies
2.4. With whom do We share the Personal Data?
The Organisation may disclose the Personal Data submitted to Us to the following third parties for any of the purposes described in this Policy:
- Service vendors to carry out our Services;
- Our affiliates; where such disclosure is required, We will ensure Our affiliates is in compliance to this Policy
- Banks, credit card and insurance companies;
- Regulatory agencies including but not limited to the CPF Board, IRAS, MOH and AIC;
- Liquidator, receiver, official assignee/trustee, judicial manager or any other person appointed under or pursuant to any applicable law or court order in connection with the bankruptcy, liquidation, winding up, judicial management or any other analogous process in respect of any individual;
- any person or corporate to whom You authorise Us to disclose Your Personal Data; and
- law enforcement agencies, relevant government ministries, regulators, statutory boards or authorities in compliance with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority.
2.5. Your rights relating to the Personal Data
Access Rights:
You are entitled to request for access to a copy of the Personal Data which We hold about You or information about the ways in which Your Personal Data has been or may have been used or disclosed by Us, using the form available at here
Please note that a reasonable fee may be charged for an access request. If so, We will inform You of the estimated fee before processing Your request. We reserve the right not to provide access to the Personal Data until You have paid the access fee.
We will respond to Your request as soon as reasonably possible. Should We not be able to respond to Your request within 30 calendar days of receiving Your request, We will inform You in writing within 30 calendar days of the time by which We will be able to respond to Your request and/or the reasons We are unable to do so.
Correction Rights
You are entitled to request to correct an error or omission in the Personal Data which We hold about You, using the form available at here
We will respond to Your request as soon as practicable. Should We not be able to respond to Your request within 10 working days of receiving Your request, We will inform You in writing within 10 working days of the time by which We will be able to respond to Your request and/or the reasons We are unable to do so.
Withdrawal of consent
The consent that You provide for the collection, use and disclosure of Your Personal Data will remain valid until such time it is being withdrawn by You in writing.
You are entitled to withdraw any consent You have provided to Us previously and to request Us to stop collecting, using and/or disclosing Your Personal Data for any or all of the purposes listed herein, by submitting Your request using the form available at here
Please note that We are generally not obliged to forward any request for withdrawal of consent to any third party to whom We have disclosed Your Personal Data – such request should be made directly with such third party. Upon receipt of Your written request to withdraw Your consent, We may require reasonable time (depending on the complexity of the request and its impact on our relationship with You) for Your request to be processed and for Us to notify You of the consequences of Us acceding to the same.
We will respond to Your request as soon as reasonably possible. In general, We shall seek to process Your request within 10 working days of receiving it. Should We not be able to respond to Your request within [10] working days of receiving Your request, We will inform You in writing within 10 working days of the time by which We will be able to respond to Your request.
Please note that the withdrawal of Your consent does not affect our right to continue to collect, use and disclose Your Personal Data where such collection, use and/or disclosure without consent is permitted or required under applicable laws and regulations. Further, We are generally not obliged to delete or destroy Personal Data after Your withdrawal of consent (but such Personal Data will continue to be protected and retained in accordance with our internal policies and applicable laws and regulations).
2.6. Managing and Retaining Your Personal Data
We store Personal Data for as long as necessary for the purposes identified in this Privacy Policy, including to provide Our Services or for other legitimate purposes, such as complying with legal obligations, enforcing and preventing violations of Our Terms, or protecting or defending Our rights, property, and users. The storage periods are determined on a case-by-case basis that depends on factors like the nature of the Personal Data, why it is collected and processed, relevant legal or operational retention needs, and legal obligations.
2.7. How to contact Us
If You have any queries, feedback or requests, please submit in writing via email to our Data Protection Officer at the contact details below:
Attention : Data Protection Officer
3.1. Website Navigational Information
The Organisation uses commonly-used information-gathering tools, such as cookies and web beacons, to collect information as You navigate the Organisation’s Websites (“Website Navigational Information”). This section describes the types of Website Navigational Information that may be collected on the Organisation’s Websites and how this information may be used.
3.2. IP Addresses
When You visit the Organisation’s Websites, the Organisation collects Your Internet Protocol (“IP”) address(es) to track and aggregate non-Personal Data. For example, the Organisation uses IP addresses to monitor the regions from which Customers and Visitors navigate the Organisation’s Website.
3.3. Links to other websites
Our website may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
4. Security
We are committed to protect Your Personal Data in Our possession and will guard against risks of unauthorised access, collection, use, disclosure through reasonable and appropriate security measure. The Organisation engages professional firms and uses appropriate administrative, technical, and physical security measures to protect Personal Data of Our Visitors, Customers, Residents, Job Applicants, Volunteers and employees of Our Organisation.
Notwithstanding Our security measures for protecting your Personal Data, You acknowledge that no data transmission over the internet is completely secure and by providing Your Personal Data over the internet, You are transmitting information at Your own risk.
5. Changes to this Privacy Policy
As part of Our efforts to ensure that We properly manage, protect and process Your Personal Data, We will be reviewing our policies, procedures and processes from time to time and the Organisation may amend this Policy from time to time. We will provide notification of the material changes to this Policy on the Organisation’s Websites at least thirty (30) business days prior to the change(s) taking effect.