Protecting your privacy is important to us at Resilience Collective. At all times we aim to preserve your privacy and safeguard any personal data you share with us.
This policy explains how we hold and use your personal data and your rights and options in relation to it. Please read it carefully to understand how and why we use your personal data.
In Singapore, the Personal Data Protection Act (Act No. 12 of 2012) (the “PDPA”) regulates the collection, use and disclosure of personal data. “Personal data” under the PDPA is any data, whether true or not, about an individual who can be identified from that data or from that data and other information which we have or are likely to have access to.
The PDPA applies to all organisations and it requires them to put in place both practices and policies to meet data protection standards. This policy aims to inform you about how Resilience Collective complies with the PDPA. It also provides a set of steps that you may take to gain access to or make corrections about the personal data you provide to Resilience Collective.
We may collect, store and use the following types of personal data:
We may also create personal data about you, such as records of your communications and interactions with us, including attendance at events we hold or interviews in the course of applying for a job with us.
We request that the personal data you provide us with is accurate and is kept up to date. From time to time we may ask you to confirm the accuracy of your personal data.
[1] NRIC details are not retained in full unless required by law (e.g. for submitting to IRAS for tax deduction purposes or for details of staff, or for consent and release forms).
Certain categories of personal data are sensitive and we treat these with a greater level of protection.
For example, information about your mental health diagnosis, narratives around your recovery, your mental wellness, your interaction with someone with a mental health condition, your crisis plan and your emergency contacts (including their names and relationships to you) are all more sensitive data. We ask for this information simply so that we can understand more about our community and create meaningful content for our community that is consistent with our goals (set out below). With your consent, we may share your mental health stories and other sensitive personal data on our website or in our publications. If you prefer to remain anonymous on our website or in any of our published materials, you may let our staff members know.
We store your data electronically in the cloud and in physical files at our office.
We have implemented physical and technical measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing.
Your personal data is only accessible by appropriately trained staff and contractors, and stored on secure servers located in Singapore and overseas or locked in physical files.
However, the storage of data cannot always be completely secure. Although we will do our best to protect your personal data, we cannot categorically guarantee the security of the personal data provided to us.
Please ensure that any personal data that you send to us is sent securely. In some instances we may obtain your personal data through payment systems when you make a donation to us.
We will only keep the data as long as is reasonable and necessary for the relevant activity, but in some cases we may need to retain your personal data to fulfil our legal, accounting or reporting requirements (for example relating to donations). The length of time may vary depending on the reasons we are processing the personal data and whether we have a legal or contractual obligation to keep it for a certain time.
Subject to the above, we typically retain personal data for 3 years where your personal data is sensitive personal data. This would often be obtained from a Consent & Release Form or in relation to PhotoStory. Other personal data will typically be retained for us for 6 years after your last donation or interaction with us and we will then to consider whether to retain further or not.
Once the retention period has expired, personal data will be confidentially disposed of or permanently deleted, although we won’t totally delete a record of you (see below).
Everything we do at Resilience Collective is to help break down the stigma associated with mental health issues. We want to create a safe space for mental health stories to be shared and to encourage mental wellness. We will use the personal data provided to us in various ways to help us achieve our goals.
We want to make sure that our communications with you, whether on our website, by email, post, phone or messaging service are the most relevant to you, based on your profile. We want you to receive the best attention when you attend an event, make a donation or want to volunteer.
We may use your personal data for a number of reasons, including:
We will not share your personal data with third parties without your prior consent, unless required by law.
You have a number of rights in relation to our use of your personal data. These rights include:
We may require proof of your identity before we can give effect to these rights.
However, please note that we may refuse your request under certain circumstances as set out in the PDPA.
We review our policy and may update it from time to time, so we recommend that you check it periodically. This policy was last updated on 20 June 2020.
If you have any questions or concerns (including complaints) about this policy or about the way in which your personal data is being used please let us know by contacting us in the following ways:
by post: 176 Orchard Road, #05-05 The Centrepoint, Singapore 238843
by email: contactus@resilience.org.sg
Please ask for or address your communication to the Data Privacy Officers, Nic Lee or Justin Loo.
You are entitled to make a complaint at any time to the Personal Data Protection Commission, the Singapore authority for data privacy. However, we are always grateful for the opportunity to resolve your concerns before you approach the PDPC, so we appreciate if you would contact us in the first instance.