AL-KHAIR MOSQUE MANAGEMENT BOARD
PERSONAL DATA PROTECTION POLICY
A. Introduction
- The Al-Khair Mosque Management Board (“Al-Khair Mosque”) takes our responsibilities under the Personal Data Protection Act 2012 (PDPA) seriously. We also recognise the importance of the personal data our stakeholders have entrusted to us and believe that it is our responsibility to properly manage, protect and process these personal data. Al-Khair Mosque is therefore committed to comply with the Personal Data Protection Act (the “PDPA”)
2. This document contains the Policy and Practices (“P&Ps”) adopted by Al-Khair Mosque in the collection, use, disclosure and update of personal data that is in its possession or will come into its possession.
B. Data Protection Officer
3. Al-Khair Mosque is to appoint a Data Protection Officer (“DPO”) who will be responsible for ensuring mosque’s compliance and implementation of PDPA.
C. Collection of Personal Data
4. Al-Khair Mosque is to only collect personal data that are reasonably necessary to fulfil the purposes for which the personal data are collected. See Annex A list the information that we collect from you, where we collect these information and how we use and disclose your personal information.
5. Personal data collected before 2 July 2014 (the “Appointed Day”)
a. Al-Khair Mosque is not required to obtain consent for the collection of personal data before the Appointed Day.
b. If an individual does not want Al-Khair Mosque to retain his or her personal data collected before the Appointed Day, the individual must give reasonable notice to Al-Khair Mosque to withdraw his or her consent to Al-Khair Mosque’s retention of that personal data.
6. Personal data collected after the Appointed Day
a. After the Appointed Day, Al-Khair Mosque is to obtain the consent of an individual before collecting personal data about that individual. This includes the collection of additional personal data about an individual whom Al-Khair Mosque has collected personal data before the Appointed Day.
D. Use of personal data
7. Al-Khair Mosque may use personal data collected before the Appointed Day for the purposes for which the personal data was collected, whether such use occurs before or after the Appointed Day.
8. Al-Khair Mosque is to obtain consent to use personal data that has been collected after the Appointed Day.
9. Where an individual withdraws his or her consent of this Policy, Al-Khair Mosque must cease to use that individual’s personal data within a reasonable time, whether that personal data was collected before or after the Appointed Day.
E. Disclosure of personal data
10. Al-Khair Mosque may disclose personal data collected for the purposes for which that personal data was collected.
11. Al-Khair Mosque is to obtain consent to disclose personal data that has been collected after the Appointed Day.
12. Where an individual withdraws his or her consent, Al-Khair Mosque must cease to disclose that individual’s personal data.
F. Consent of individuals below 18 years old
13. In respect for individuals who have not attained the age of 18 years, Al-Khair Mosque is to obtain the consent of a parent or guardian of the individual before collecting, using or disclosing personal data about that individual.
G. Protecting and Storing of Personal Data
14. Al-Khair Mosque is to protect personal data in its possession or control by making reasonable arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks related to personal data in its possession or control.
15. Al-Khair Mosque may implement protection measures, as follows:
a. physical measures such as locked filing cabinets and restriction of access to offices;
b. restriction of personnel access to personal data, for example, security clearance and limiting of access to a “need-to-know” basis; and
c. technological measures such as the password protection and encryption of information stored in an electronic medium. There should be IT policy of changing passwords twice a year.
16. Where necessary, more sensitive personal data are to be under a higher standard of protection.
17. Al-Khair Mosque is to ensure that all employees and volunteers are aware of the importance of protecting the confidentiality of personal data.
18. Al-Khair Mosque is to ensure that care is taken when personal data are to be disposed of or destroyed to prevent unauthorised parties from gaining access to that personal data.
H. Retention of Personal Data
19. Al-Khair Mosque is to ensure that any personal data that are no longer serving the purpose(s) for which they are collected, or that are no longer necessary to be retained for any legal or business purpose, are removed or made anonymous.
I. Withdrawal of Consent and Making a Complaint
20. An individual may withdraw his or her consent to the collection, use or disclosure of his or her personal data by giving reasonable notice to Al-Khair Mosque to do so.
21. An individual who wishes to make a request, or to lodge a complaint to Al-Khair Mosque pertaining to any failure to comply with the provisions of the PDPA, may lodge the request / complaint to the DPO using the mosque office account at info@alkhair.mosque.org.sg or submitting a letter of request / complaint to the DPO of Al-Khair Mosque.
22. The DPO is to investigate the complaint within a reasonable time and contact the complainant within a reasonable time, in order to address any concerns relating to compliance with the PDPA.
J. Availability and Review of P&P
23. The document shall be made available upon request. This document may be found at Al-Khair Mosque’s website www.alkhair-mosque.org.sg or at Al-Khair Mosque’s office located at 1 Teck Whye Crescent Singapore 688847.
24. The Al-Khair Mosque Management Board will, from time to time, monitor, review and amend this document in its absolute discretion where it deems necessary or appropriate in accordance with the PDPA.
Updated April 2015