Personal Data Protection Policy

Updated March 2026

Care Community Services Society (CCSS) is committed to protecting personal data entrusted to us by individuals. This Privacy and Data Protection Notice (“Notice”) sets out CCSS’s privacy policy and the basis upon which CCSS collects, uses and discloses your personal data under the Singapore Personal Data Protection Act 2012  (“PDPA” ). This Notice also explains how you can update us on changes in your personal data or request that we delete your personal data from our records.

Personal Data

  1. As used in this Notice:

Personal data” means any data, whether true or not, about you from which you can be identified, either: (a) from that data; or (b) from that data and other information to which we have or are likely to have access; and

PDPC” means the Singapore Personal Data Protection Commission.

  1. Depending on the nature of your interaction with us, some examples of personal data which we may collect include your name, identification number, contact information such as your address, email or telephone number, nationality, gender, date of birth, marital status, employment information, education background, language proficiency, race, religion, medical history, family background, photographs and other audio-visual information, and information about your usage of and interaction with our website.

 

Collection, Use and Disclosure of Personal Data

Collection

  1. We may collect your personal data in various ways, including but not limited to forms that you fill out and submit to us; your interactions with our staff, interns, volunteers, board or committee members via meetings, email messages, or telephone conversations; your participation in our events and activities when photos and/or video recordings may be taken; or your visit to our premises which may be under CCTV surveillance.
  2. Your personal data may also be disclosed to CCSS by third parties with your consent, or where otherwise permitted by law.
  3. We may also collect your personal data where required or permitted by laws or regulations binding on CCSS,

 

Purposes

We may collect, use and/or disclose your personal data for any or all of the following purposes as well as any other purposes that you may have specifically consented to, or which are permitted by the PDPA or other applicable laws:

  1. to provide our services to you;
  2. in carrying out our operations;
  3. or job application and staff and volunteer recruitment purposes, including but not limited to conducting background or reference checks and evaluations of suitability;
  4. for billing and reporting, such as for invoicing and account management purposes and tax- deductible donation submissions to the Inland Revenue Authority of Singapore;
  5. to manage and administer events or programmes that you have signed up for, including processing registration, payments (where applicable), attendance tracking, and post-event communication;
  6. to process and acknowledge donations, including issuing receipts and providing updates related to your donation and our fundraising efforts;
  7. to provide marketing services, such as newsletters, event invitations, and updates about our events, programmes and campaigns, where you have provided consent to receive such communications;
  8. for follow-up action regarding any complaints, feedback, queries or requests received via our website or any other communication channels; and
  9. to comply with all applicable laws and regulations, including but not limited to assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority.

 

The purposes listed above may continue to apply even where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

  1. We may collect, use and/or disclose your personal data on behalf of government agencies, in which case, we will do so in accordance with the government’s prevailing data management policies.
  2. We may collect, use and/or disclose your personal data pursuant to an exception under the PDPA or other written law such as during the following situations:
    1. to respond to an emergency that threatens your life, health and safety or that of another individual; and
    2. where necessary in the national interest, for any investigation or proceedings.
  3. We may disclose your personal data to third parties for the purposes mentioned above. Such third parties include but are not limited to:
    1. our service providers (for instance, we may disclose your data to contractors who assist us with the services we provide or the operations or activities we conduct, including, merely by way of example, our service providers who assist with or provide our information and data management systems, administrative and finance systems, website infrastructure and our communications and media platforms);
    2. our volunteers and interns (for examples, we may disclose your data to volunteers/interns in connection with the services, operations or activities that may relate to you);
    3. our professional advisers such as lawyers and auditors;
    4. government agencies and regulatory bodies;
    5. law enforcement officials; and
    6. any other party that you may have specifically consented to.

Consent and Notification Obligation

  1. We will seek your consent before collecting your personal data, except where collection, use or disclosure of your personal data without consent is required or permitted by law.
  2. You have the right of choice regarding the collection, usage and/or disclosure of your personal data. However, we may not be able to provide certain services to you or enter into a relationship with you if you are not willing to provide your consent to our collection, use or disclosure of your personal data.
  3. Where you have provided your personal data for an obvious purpose, we will assume that you have consented to our collection, use and disclosure of your personal data for that purpose (e.g., when you provide your personal data to register for an event, we will assume that you have consented to our collection, use and disclosure of your personal data for the purpose of your participation in that event).
  4. Either before or when we collect your personal data, we will inform you of the purpose for which your personal data is collected, except when such personal data is provided by you for an obvious purpose.

In general, providing your personal data is voluntary. However, in certain situations (e.g. compliance with legal requirements or to process a service request), it may be obligatory for you to provide specific types of personal data. Where the provision of data is obligatory, we will inform you of this and explain the consequences of not providing such data (e.g., we may be unable to provide the requested service or proceed with your application).

 

Accuracy of Personal Data

  1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing us.

 

Access to and Correction of Personal Data

  1. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing to us.
  2. We will respond to your request as soon as reasonably possible. Before we accede to your access or correction request, we may need to verify your identity by checking your identification document, and the legitimacy of your request.
  3. Please note that we may refuse your request under certain circumstances as set out in the PDPA. Further, depending on the circumstances, we may only need to provide you with access to your personal data contained in the documents requested, and not to the entire documents themselves. It may also be appropriate for us to simply provide you with confirmation of your personal data that we have on record if the record of your personal data forms a negligible part of the document.
  4. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

 

Withdrawal of Consent

  1. You may withdraw your consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above or any other purposes that you may have specifically consented to by submitting your request in writing to us.
  2. We will try to process your request as soon as possible.
  3. Please note that depending on the nature and scope of your request, we may not be in a position to continue providing our services to you or to continue our relationship with you and we will, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please notify us immediately.
  4. Please note that withdrawing your consent does not affect our right to continue to collect, use and disclose your personal data where such collection, use and disclosure without consent is required or permitted under the PDPA or other applicable laws.

 

Protection of Personal Data

  1. To safeguard your personal data from unauthorised or accidental access, collection, use, disclosure, copying, modification, loss, disposal or destruction or other similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date anti-virus protection and encryption to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to authorised third parties and agents only on a need-to-know basis.

If there is a need to disclose your personal data to third parties in line with the purposes mentioned above, we will ensure that such third parties provide sufficient guarantees to us to have implemented the necessary security measures to protect your personal data.

 

Retention of Personal Data

  1. We will retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws.
  2. You may request that we delete your personal data by contacting us. However, we will not be able to comply with your request if we are required to retain your personal data for business or legal purposes. In such circumstances, you may withdraw your consent to our further use or disclosure of your personal data.

 

Cross-border Transfers of Personal Data

Generally, we will not transfer your personal data to other jurisdictions. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, including entering into an agreement with the receiving party to accord similar levels of data protection as those in Singapore.

 

Data Breach Notification

As no method of transmission over the Internet or method of electronic storage is completely secure, there remains a possibility of data breach. In the event a breach of security leads to unauthorised or accidental access, collection, use, disclosure, copying, modification, loss, disposal or destruction of personal data, we will promptly assess the impact and if appropriate, notify the affected individuals at the same time or after reporting the breach to the PDPC and other relevant regulatory agencies (if any).

 

Data Protection Officer

  1. You may contact our Data Protection Officer if you have any enquiry, feedback or complaint regarding our personal data protection policies and procedures, if you wish to make any request, or if you believe that information we hold about you is incorrect or out-dated.
  2. You may contact our Data Protection Officer via email at dpo@ccsscares.sg

 

Modifications

  1. We may revise this Notice from time to time to ensure that it is consistent with changes in legal or regulatory requirements and is in line with future developments and industry standards. You may determine if any such revision has taken place by referring to the date on which this Notice was last issued. Your continued use of our services or continuation of your relationship with us constitutes your acknowledgement and acceptance of such changes.