Personal Data Protection Policy 

Your personal data and privacy is important to us and it is our commitment to respect the confidentiality of information and the privacy of individuals.

We, Kingdomgarten Preschool Services Ltd. (‘the Company’), may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, sector developments and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your Personal Data.

1.      INTRODUCTION

This policy states the Company’s commitment to safeguard personal data (as defined in the Personal Data Protection Act 2012 or “PDPA”) provided to it in the course of its work and lays out the principles and guidelines in managing and securing such data.

  

2.          COMMITMENT TO DATA PROTECTION

a.      The Company will strive to comply with the PDPA and where the Company does not, its primary objective is to ensure compliance as soon as practicable.

b.      Personal data and privacy are important to the Company and the Company is committed to respect the confidentiality of information and the privacy of individuals.

c.       The Company’s primary commitment with reference to the PDPA is to ensure individuals’ personal data are not misused. This is done by ensuring that personal data are:

  • Obtained for specified and/or lawful purposes and not further processed in a manner incompatible with that purpose

  • Relevant and not excessive

  • Accurate

  • Kept for no longer than necessary

  • Stored in a responsible manner

  • Appropriately protected according to the nature of personal data that the Company collects.

  

3.      DATA TYPES, COLLECTION AND SOURCES

a.      Types of Information Collected

For the purposes of this Policy document, the types of information collected or captured by the Company, for professional purposes, include but are not limited to the following:

  • Full name

  • Residential Address

  • Contact number(s)

  • Email Address

  • Medical situation/ history

  • Name(s) of relative(s) / Next of Kin (NOK)

  • Contact details of relative(s) or NOK

  • NRIC/ passport/ work permit number

  • Bank account details

  • Information in resumes

  • Directorships

  • Preschool related statistics

  • Photos or video footage(s) of any kind, pertaining to individuals (in the course of work), including CCTV footage

b.      Methods of Collecting Information or Data

The methods of collecting the above information, include, but are not limited to the following:

  • Email

  • Electronic forms

  • Verbal/ Interviews

  • Physical forms

  • Official documents or forms by the government authorities

  • Any other means where information is passed to the Company

  • Photo and/ or video capturing devices

  • Through the internet

c.       Sources/ Providers of Data

The Providers of the data can include, but are not limited to the following:

  • Members of the Company and their representatives

  • Individual persons or bodies corporate

  • Staff

  • Subscribing Members

  • Preschools

  • Counterparties / stakeholders / service providers

  • Funders, Donors and Volunteers (whether individual persons or bodies corporate)

 

4.      APPOINTMENT OF DATA PROTECTION OFFICER

The Chairman will appoint the Data Protection Officer of the Company.

 

5       CONSENT AND USAGE OF DATA

a.      The Company is committed to seek consent from individual(s) to collect and use the individual’s personal data where possible, for the conduct and appropriate purposes of the Company’s business where the Company deems necessary, including to contact the person(s) involved, part of the human resource management and administration, donor administration as well as membership purposes..

b.      Except in specific circumstances where collection, use or disclosure without consent is authorised or required by law, law enforcement officers and/or authorised representatives of the Government, all other disclosure of personal data shall be in accordance with the PDPA.

c.       In situations where consent is not possible, the Company is committed to inform the individual about the collection or use about the individual’s personal data.

d.      Consent may be collected through written documentations (e.g. consent form, written note) or electronically (email consent, electronic forms). In situations that consent cannot be conveniently obtain in written form or electronically, the Company may also opt to obtain verbal consent and/or deemed consent, and such process shall be approved by the Data Protection Officer.

 

6.      UPDATING OF PERSONAL INFORMATION AND WITHDRAWAL OF CONSENT

a.      The Company shall consider requests from individuals to update or correct their personal information and make the necessary updates to the kept records.

b.      Any individual may request to withdraw their consent to the use and disclosure of their personal data at any time.  [Placeholder for deletion].

c.       The Company shall consider and evaluate withdrawal requests and thereafter, strive to deploy the necessary recovery actions, unless such personal data is critical or necessary for the Company to function or fulfil its corporate or legal obligations. The Company shall inform the requestor about the outcome of the withdrawal request and the status.

d.      If such withdrawal will affect the services and arrangements between any individual and the Company, the Company may therefore inform the requester and be allowed to cease such services or arrangements as a result of the withdrawal and the Company shall not be made liable for the cessation of services.

 

7.      STORAGE AND SECURITY 

a.      The Company shall adopt security arrangements that are reasonable and appropriate while taking into consideration the nature of the personal data, the form in which the personal data is collected (physical or electronic) and the possible impact to the individual concerned if an unauthorized person were to obtain, modify or dispose of the personal data. Each staff and job function should determine such arrangements appropriate for their operating function/unit. The Data Protection Officer shall review and examine such arrangements and provide necessary recommendations to ensure safe storage. 

b.      The Company shall take reasonable and appropriate security measures to protect the storage of personal data, such as: 

  • Marking the necessary document classification (e.g. confidential, staff-in-confidence) on documents with personal records clearly and prominently

  • Storing hardcopies of documents with confidential personal records in locked file cabinet systems

  • Storing electronic files that contain confidential personal data in secured folders

  • Personal computers and other computing devices that may access to personal data are password-protected as well as installed with anti-virus software

c.       The Data Protection Officer will work with the pertinent functions, stakeholders and staff to ensure that: 

  • Personal computers and other computing devices that may access to personal data are password-protected as well as installed with anti-virus software

  • Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorised access

  • The IT service providers’ services and/or provisions comply with security standards in line with industry practices 

d.       In the event of a security breach, the Data Protection Officer shall be notified. The Data Protection Officer shall investigate if such breach is a malicious act and shall take appropriate action after consulting with the Chairman and/or Ex-Officio Advisor (for Governance).

9.      REVIEW OF POLICY

From time to time, the Data Protection Officer may make use of assessment tools such as those issued by the Personal Data Protection Commission of Singapore (for example, see https://apps.pdpc.gov.sg/resources/pato), to perform a check on the state of data protection in the Company. Findings shall be presented to the Chairman and/or the Management Committee of the Company.

 

10.    CONTACTING THE COMPANY

If any affected person(s) or stakeholder(s) involved have any questions about this Policy, or would like to request to obtain access, make updates to personal data records and/or withdraw the use and disclosure of any specific set of personal data, they can contact our Data Protection Officer at: 

a.      Email: DPO@kingdomgarten.org 

b.      Write in to:

The Data Protection Officer
Kingdomgarten Preschool Services Ltd.
312, Balestier Road #02-01,
S(329743)