This Policy sets out the scope in which CSC (“as defined below) subscribes to objectives, guidelines and requirements in compliance with the Provisions and Obligations of the PDPA (“as defined below”). This Policy supplements but does not supersede nor replace any other consents you may have previously provided to CSC and your consent contained herein pursuant to the collection, use of disclosure of your Personal Data (“as defined below”) is additional to any rights which CSC may have at law in connection with the same.
CSC is committed to protect the privacy and confidentiality of the Personal Data of our members, employees, affiliates and those with whom we have an ongoing business relationship (the “Applicable Parties”). We shall endeavour to comply with the PDPA. For the avoidance of doubt, the provisions of this Policy shall apply to all Applicable Parties unless agreed between CSC and the relevant Applicable Party in writing.
For the purpose of this Policy, the following capitalized terms, unless otherwise specified in the Policy, shall have the follow meanings:
“DI”
means Data Intermediaries
“DPO”
means Data Protection Officer or Officers appointed by CSC pursuant to the PDPA
“Individual(s)”
means natural person(s), whether living or deceased
“CSC”, “The Club”
means Civil Service Club
“Members”
means the members of CSC
“PDPA”
means the Personal Data Protection Act 2012.
“PDPC”
means the Personal Data Protection Commission.
“Personal Data”
means data about an individual from which he can be identified.
“Policy”
means this Data Protection / Privacy Policy, as may be amended or supplemented as necessary from time to time.
The scope and applicability of this Policy is as follows:
4.1.
This Policy applies to all individuals who provide CSC with Personal Data or whose Personal data is collected, used and/or disclosed by CSC in relation to its business operations.
4.2.
This Policy covers all practices pertaining to Personal Data.
4.3.
References to the male gender may include reference to the female gender.
4.4.
References to the singular may include reference to the plural as required in context, unless otherwise specified.
5.1.
Personal data refers to data from which an individual can be identified, regardless of its veracity. Examples of personal data include but are not limited to your name, NRIC number, address, photograph, telephone or mobile numbers, e-mail address, and payment-related information such as bank account or credit card history etc. Personal Data may include that of your family members, guests or visitors.
5.2.
This is not an exhaustive list and we may collect other types of Personal Data as required for our business purposes, as permitted under applicable laws and regulations.
Personal Data may be collected in the following ways:
6.1.
When an individual applies for enrolment to the Club to become a member.
6.2.
When an individual registers as a guest or visitor to the Club to make use of our services or facilities.
6.3.
When an individual interacts with our customer service officers, Membership, Sports and Recreation Officers, and any other employees of CSC in relation to any matters relating to CSC and its services and activities.
6.4.
When an individual registers for our activities or events, or participates in contests, surveys, promotions conducted by us or our business associates.
6.5.
When an individual provides feedback, or files a complaint or enquiry.
6.6.
When an individual’s image is captured by our appointed videographers or photographers during club events.
6.7.
When an individual’s image is recorded by our CCTV during visits to our premises.
6.8.
When a candidate applies for employment with the Club.
6.9.
When an individual visits our website, using technologies such as cookies.
6.10.
When you request that we contact you.
6.11.
When you respond to our request for additional Personal Data.
6.12.
When you respond to be included in an E-Mail or for Electronic Mailing List.
Generally, Personal Data is collected, used or disclosed for the following purposes:
7.1.
To maintain a register of Members as required under the Club Constitution
7.2.
To facilitate the general administration of membership services and member relationships with the Club.
7.3.
To facilitate the use of the Club facilities and services; and to verify payment for the use of our facilities or services.
7.4.
To communicate with you with regards to your membership; or respond to your enquiries, feedback, complaints.
7.5.
To inform Members about activities, events or promotions at the Club.
7.6.
For surveillance and security purposes.
7.7.
To facilitate employment.
7.8.
For legal compliance under applicable laws, upon request by law enforcement and regulatory officials or by Court orders.
7.9.
Any other purposes as reasonably necessary, or consequential to the abovementioned purposes.
8.1.
We will endeavour to obtain consent or to notify you of the collection and use or your Personal Data. Generally, there is implied consent when your Personal Data is required in the course of providing a service or product. For more information on such exclusions, please refer the Second, Third and Four Schedules of the PDPA pertaining to the Collection, Use and Disclosure of Personal Data without consent.
8.2.
You may withdraw your consent the collection, use and disclosure of your Personal Data at any time, by providing reasonable written notice to the DPO (see section 17.1). We will process your request within a reasonable timeframe. The withdrawal of consent may, however, impact your privileges as a member and/or our ability to continue to service your membership and this may result in the termination of any agreements with CSC and your being in breach of your contractual obligations or undertakings, in which case CSC’s legal rights and remedies in such event are expressly reserved. In such circumstances we will inform you of the consequences of the withdrawal of your consent.
8.3.
We will not sell, rent or otherwise disclose your Personal Data to any third-party without your express consent, except in the follow circumstances:
8.3.1
We may disclose selected Personal Data to our Data intermediaries (“DI”) for the sole business purpose of providing third party services on behalf of the Club. For example, audit firms, insurers, mailing houses or printers contracted for the Club magazine publications, in such circumstance, the DI has a contractual obligation to the Club, and they too are bound by the Provisions and Obligations of the PDPA;
8.3.2
We may share non-personal or non-individual data in aggregate form with our business partners, affiliates, agents or third parties for business purposes. This is likely to be for statistical analysis; and
8.3.3
As required under section 7.8.
9.1.
The Club will make reasonable efforts to ensure Personal Data held by us is sufficiently accurate. In order to ensure that your Personal Data is current, complete and accurate, please update us by contacting our Membership Services Unit (see section 17.2) whenever there are changes to your Personal Data.
9.2.
If you provide us with any Personal Data relating to a third party (e.g. Information of spouse, children, parents, employees, and/or authorised representative), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for their respective purposes.
10.1.
You have a right to access and correct your Personal Data held by us.
10.2.
Your right to your Personal Data is limited to your own Personal Data only. In exceptional circumstances, we reserve the right to reject your request and an explanation will be provided as required by applicable laws.
Personal Data will be retained for as long as the purpose for which it was collected is still being served. We will cease to retain Personal Data when it is no longer required to be legal or business purposes. Such data will then be disposed under appropriate recommended practices.
12.1.
The Club has in place appropriate measures as necessary to safeguard your Personal Data against the risks of unauthorised access, collection, use or disclosure. Examples of such measures include the use of firewalls, passwords, limited access, etc. these measures are constantly reviewed and revised to deal with emerging threats and potential breaches.
12.2.
We have also implemented the following internal policies and procedures:
12.2.1
Appointment of a DPO and making the contact information of the DPO publicly available (refer to section 17.1).
12.2.2
Establishing procedures to review, align and comply with the PDPA; including procedures to receive and respond to enquiries or complaints with regards to Personal Data issues; procedures to access and/or correct Personal Data and to facilitate withdrawal of consent.
12.2.3
Training and communicating with employees with regards to this Policy confidentiality and good practices.
12.2.4
Establishing a Data Protection / Privacy Policy to inform members and/or the public about our policies, procedures and compliance.
13.1.
Generally, the Club does not transfer Personal Data out of Singapore. However, under limited circumstances, we may be required to disclose some of your Personal Data. Such an instance would include when your wish to make use of reciprocal arrangements with our overseas reciprocal or affiliate clubs.
13.2.
In these limited circumstances, the recipients will be obliged contractually to take appropriate measure to ensure your Personal Data is protected.
14.1.
DNC is applicable to voice calls, text (SMS) or fax messages to Singapore registered telephone numbers.
14.2.
Due to the ongoing relationship with members, the Club may, from time to time, send you information about our services, events, activities, promotions, offered by us or our business associates. You have the right to request us to not use your data to send messages to you. Our messages will contain information on how to “unsubscribe”. If you do not wish to receive such messages from us, you may contact our Membership Department (section 17.2).
14.3.
Please note that despite opting out, you may, from time to time, still receive messages from the Club. These are non-marking in nature, such as important announcements or news pertaining to your membership or Club facilities, or membership services related alerts or notifications, which are permissible under the PDPA.
CSC will continue to review and update this Policy from time to time to ensure the Policy is consistent with our future developments, industry trends and/or any changes in legal and regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Privacy Policy as updated from time to time.
This policy shall be governed by and construed in accordance with the laws of Singapore.
17.1.
If you have any clarifications, corrections, issues, enquires, access to information requests about your data held by CSC, or, if you have any concerns relating to Data Privacy or Data Protection, please contact us at:
Data Protection Officer
60 Tessensohn Road, Singapore 217664
Or email to: dpo@csc.sg
17.2.
For updates or changes to your Personal Data, opt-outs or to unsubscribe, please contact us at:
Membership Department
60 Tessensohn Road, Singapore 217664
Tel: 6514 6396
Or email to: membership@csc.sg
17.3.
For more information on PDPA or related matters, please refer to the Personal Data Protection Commission website at https://www.pdpc.gov.sg