This Policy is based on the Singapore Personal Data Protection Act 2012 (“PDPA”) and the “Proposed Advisory Guideline for the Social Services Sector” by the Personal Data Protection Commission (PDPC). By providing your Personal Data to REACH, you agree to the terms of this Policy.

We generally do not collect your Personal Data unless (i) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us; or (ii) collection and use of the Personal Data is permitted or required by law.

Depending on the nature of your interaction with us, Personal Data collected may include (but are not limited to) your name and identification information such as your NRIC number, contact information (such as your address, email address or telephone number), nationality, gender, date of birth, marital status, photographs, and other audio-visual information, medical, financial, educational or employment information.

Depending on your relationship with us (whether as a client, partners, donors, volunteers, current and potential employees, etc.), we may use your personal data for the following purposes:

1. Performing obligations in the course of or in connection with our provision of services requested by you;
2. Responding to, handling, and processing queries, requests, applications, complaints and feedback from you;
3. Maintaining contact with you;
4. Managing your relationship with us;
5. Employment matters;
6. Managing donations, sponsorship & volunteerism;
7. Facilitate service development via feedback, data analysis, and market research
8. Complying with any applicable laws, codes of practice, or to assist in law enforcement and investigations conducted by any regulatory authorities, whether in Singapore or abroad;
9. Any reasonable purposes permitted by applicable law; and/or
10. Any other purposes which we may inform you in writing from time to time, but for which we will seek your separate consent.

We may disclose or share your personal data to third party service providers, agents, government agencies and other organisations we have engaged to perform any of the functions listed in clause 3 where such disclosure is required for performing obligations during or in connection with our provision of the services requested by you.

On giving us reasonable notice, you may withdraw your consent by contacting us at [email protected]. Otherwise, you are deemed to have given us your consent in collecting, using, and disclosing your personal data. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required by law.

If you wish to access, update, or otherwise change or remove any information that you have provided to us, please contact us at [email protected].

We reserve the right to verify your identity before handing over the data or correcting the data as requested.

We generally rely on personal data provided by you. To ensure that your personal data is current, complete and accurate, please update us as soon as possible if there are changes to your personal data.

We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification, or disclosure. Only authorised personnel are permitted to have access to personal data about you.

We cease to retain documents containing personal data about you as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by its retention and retention is no longer necessary for legal or business purposes or as required by law.

In the case of a data breach, when deemed necessary in accordance with Part VIA of PDPA, information on the data breach will be made known to those affected. Information will include, but is not limited to, facts of the data breach including personal data affected, data breach handling and remediation plan, as well as contact details for further information.

You may request us to transmit applicable data to another organization. Your request to us can be made via email or in writing to our Data Protection Officer at [email protected]. We may require you to provide proof of your identity and/or documents or other evidence supporting your request.

Unless we are satisfied on reasonable grounds that a correction should not be made, we will transmit the personal data as soon as practicable. The reasonable grounds as outlined by Part VIB of PDPA includes, but is not limited to, when transmission will threaten the safety or physical/ mental health, or the receiving organization is excluded by further regulations, or by further instruction by the Commission.

We reserve the right to modify or change this Policy at any time. The amended Policy will be uploaded on our website accordingly. Please refer to our website from time to time for any changes and/or updates to our Policy.

If you have further questions about this Privacy Policy or wish to contact us regarding this policy, please do not hesitate to contact us at [email protected].