1.2) The personal data collected, during the course of activities undertaken by the Church, enables us to minister to the faithful and to fulfil our canonical and civil law obligations under the Code of Canon Law and under Singapore Law. The Church is bound by the Singapore Personal Data Protection Act (2012) (the “Act” or “PDPA”) that governs how the Church collects, uses and/or discloses any personal data.
1.3) This policy describes ways in which the Church collects, uses, discloses, stores, and disposes of personal information.
1.4) The general data protection policy applies to all agencies, commissions, groups, and parishes of the Church (“Church bodies”) but does not apply to Catholic organisations which are body corporates, registered societies or are otherwise legal entities in their own right.
2.1) ‘’Personal data” generally refers to any data, whether true or not, about an individual who is identifiable from the provided data or information to which we have or are likely to have access to. This will include the data from our records which may be updated from time to time.
2.2) The personal data that Church bodies may collect and/or hold of individuals includes the following:
3.1) Church bodies collect personal data for purposes such as those indicated below:
3.2) Where Church bodies collect data for purposes other than those listed above, the Church body would disclose such purpose to the individual, by suitable means, when collecting the personal data from the individual.
3.3) Personal data will generally be obtained directly from the individual. In the case of children, personal data will be collected from either their parents or guardians, unless specific and/or unusual circumstances require that the collection be made directly from the child concerned.
4.1) All personal data will be used for the purpose for which it was collected. Church bodies may also use the personal data for purposes which are permitted by law.
4.2) For prospective employees, the Church may collect personal data by speaking with employment referees. The Church may contact applicants’ previous employers who have not been nominated as referees. All personal data given as part of a prospective employment application will be used to assess the applicant’s suitability for the position that has been applied for. Such personal data may also be used to assess the individual’s suitability for a position for which the applicant have not applied, but one which we believe the individual may be suited. Should this be the case, we will seek the consent of the individual before considering the applicant for such other position.
5.1) The Church may from time to time and in compliance with all applicable laws on data privacy, disclose your personal data to third parties, whether located in Singapore or elsewhere, in order to carry out the purposes set out above. Where the Church makes such disclosure, confidentiality agreements would be in place in order to protect the personal data.
5.2) The Church may distribute aggregated statistical information to the Vatican and other Catholic Church agencies for reporting purposes. In most cases, personal data will be anonymised such that no individual will be identified.
5.3) The Church will not disclose any personal data for direct marketing purposes without the individual’s prior consent.
5.4) The Church may transfer, store, process and/or deal with your personal data outside of Singapore. Where the Church does so, the Church will comply with the PDPA and other applicable data protection and privacy laws.
6.1) By providing your personal data to the Church bodies, you consent to the Church’s collection, use and disclosure of your personal data in accordance with this policy statement.
7.1) The Church strives to ensure the accuracy of the personal data it has. However the individual also plays a part to ensure that the personal data provided is correct. Please see the sections below on how you may correct any errors or omissions of your personal data.
8.1) You may request for access to your personal data.
8.2) The Church is entitled to impose a reasonable charge on the requestor for providing them with the personal information, particularly where photocopying, scanning and/or some form of electronic transfer is required.
8.3) All access requests must be made in person and in writing using the specified form. Access requests are to be directed to the relevant Data Protection Officer (see below). Please bring along proper identification documents to confirm your identity.
8.4) You may request that the Church corrects any error or omission in relation to your personal data using the prescribed form.
8.5) Requests for access to personal data demised individuals (including sacramental records) shall require the prior written permission and consent from the Estate of the deceased. Failing which, reviews and access to personal sacramental records of demised individuals will only be allowed 25 years after the year of death.
9.1) Any individual who wishes to withdraw his or her consent to any collection, use or disclosure of his or her personal data may do so by contacting the respective Church body’s Data Protection Officer. The Church entity will advise on the exact timeframe required to respond to the notification and effect any change. However all changes to be effected should be implemented no more than one month from the date of notification.
9.2) If any individual withholds or withdraws his / her consent to the collection, use and disclosure of his / her personal data, the Church may not be able to:
10.1) The Church will take reasonable security measures to safeguard the personal data collected
10.2) The Church will only retain the personal data collected for as long as it is required for the fulfilment of the purposes or allowed by any applicable law to be retained.
10.3) Any unsolicited personal data that the Church receives from individuals will be assessed to determine whether it is necessary to retain any of this data to provide the individual with any services that they have requested.
11.1) If there are any queries about this policy or feedback regarding the handling of personal data by any Church body, please contact the Data Protection Officer of the Church body in question directly:
Data Protection Officer: Mr. Andrew Teo
Tel: 63440046 x 1002
11.2) All feedback is taken seriously and will be reviewed accordingly. The Church will endeavour to resolve all raised issues efficiently.
12.1) The Church may from time to time review this policy statement and amend it to reflect changes in legislation or other operational requirements. The current version of this policy statement may be found on the Roman Catholic Archdiocese of Singapore website at www.catholic.org.sg.