It applies to the personal data of all individuals (‘you’, ‘your’, etc.) who are service users of REACH Community Services Society, donors, volunteers, participants, stakeholders, partners and our employees.
When service user or potential service user is below 18 (i.e. are a minor), REACH Community Services Society will rely on consent from another individual. The individual will include the parent and legal guardian of the service user/ potential service user.
1. Purposes of collecting, using or disclosing personal data
REACH collects, uses or discloses your personal data for the following purposes to the extent applicable to you:
(a) Enable REACH to deliver and manage social services and programmes;
(b) Manage and evaluate all social work and counselling cases;
(c) Produce reports required by relevant public and social service agencies;
(d) Develop, design and promote new services and programmes;
(e) Publicise and communicate programmes and events organized by REACH and/or it’s partners;
(f) Comply with any applicable rules and regulations or requests issued by any court, legal or regulatory bodies (both national and international);
(g) Help REACH to raise funds;
(h) Manage volunteering opportunities;
(i) Feedback and survey to assist in service/ programme/ event evaluation and improvement design
REACH will provide and notify additional specific purpose, if the need arises; so that you can make informed consent to disclose your personal data.
2. Collection, use and disclosure of personal data
Collection of personal data is done through following ways (not exhaustive):
If at any time you prefer not to provide some personal data, please let us know. We will explain the purpose for collecting that personal data. If you still do not wish to provide it, we will assess the impact on the service delivery/continuity and communicate the outcome to you.
We collect, use, or disclose personal data about you only if:
Where we ask you to consent to us collecting, using or disclosing personal data about you, we will first inform you of our purposes for doing so. We will not use or disclose personal data about you for any other purposes without first informing you of the additional purposes and getting your consent to us doing so for the additional purpose(s).
In some circumstances, you are deemed to have consented to us collecting, using or disclosing personal data about you for a purpose. For example, if you pose for a photograph by our photographer at one of our events or if you send us your CV when you apply for a job with us, you are deemed to have consented to us collecting, using or disclosing the personal data about you that is in the photograph (that is, your image) or the CV.
We are permitted by the PDPA to collect, use or disclose personal data about you without your consent in various circumstances that include the following:
3. Withdrawing your consent
On giving us reasonable notice, you may at any time withdraw any consent you have given, or are deemed to have been given, to us collecting, using or disclosing personal data about you for any purpose. Any notice of withdrawal of consent should be given in writing (which includes email) sent to our Data Protection Officer.
When given the notification of the withdrawal of consent, we will act on your request and cease collecting, using or disclosing the personal data, unless doing so without your consent is required or authorised under the PDPA or other written law. We will also cause any and all of our data intermediaries to cease collecting, using or disclosing the personal data.
In addition, we will cease to retain our documents containing that personal data, or remove the means by which it can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes.
4. Access to personal data and information about use
On request by you, we will, as soon as reasonably possible, provide you with:
Your request to us should be made in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity.
There are some circumstances where we are not required to provide you with information, and others where we are not allowed by the PDPA to do so. In some circumstances we may only be able to provide you with limited information. You may obtain information about all of these circumstances from our Data Protection Officer.
5. Correction of errors in, or omissions from, personal data about you
You may request to correct an error or omission in the personal data about you that we hold or that is under our control. Your request to us should be made in writing (which includes email) and sent to our Data Protection Officer. We may require you to provide proof of your identity and/or documents or other evidence supporting your request.
There are some circumstances where we do not make a correction and other circumstances where we are not required to act on such a request. You may obtain information about these circumstances from our Data Protection Officer.
Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable. We will also send the corrected personal data to every other organisation to which we have disclosed it within a year before the date we made the correction (unless that other organisation does not need the corrected personal data for any legal or business purpose). Alternatively, with your consent, we will send the corrected personal data only to specific organisations as agreed with you.
6. Accuracy of personal data
We make reasonable efforts to ensure that personal data that we collect about you is accurate and complete if we are likely to use it to make a decision that affects you or we are likely to disclose it to another organisation.
7. Protection of personal data
We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure. Only authorised personnel are permitted to have access to personal data about you.
8. Retention of personal data
We cease to retain documents containing personal data about you as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by its retention and retention is no longer necessary for legal or business purposes.
9. Data Breach
In the case of a data breach, when deemed necessary in accordance with Part VIA of the Personal Data Protection Act, information on the data breach will be made known to those affected. Information will include, but is not limited to, facts of the data breach including personal data affected, data breach handling and remediation plan, as well as contact details for further information.
10. Data Portability
You may request us to transmit applicable data to another organization. Your request to us should be made in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity and/or documents or other evidence supporting your request.
Unless we are satisfied on reasonable grounds that a correction should not be made, we will transmit the personal data as soon as practicable. The reasonable grounds as outlined by Part VIB of the Personal Data Protection Act includes, but is not limited to, when transmission will threaten the safety or physical/ mental health, or the receiving organization is excluded by further regulations, or by further instruction by the Commission.
11. Data Protection Officer
We have appointed a Data Protection Officer who is contactable as follows. Please attention to “The Data Protection Officer” and,
We may, from time to time, update this Policy to ensure that it is consistent with any legal or regulatory requirements.