Personal Data Protection Policy

Personal Data Protection Policy


This website is intended for use in Singapore and is subject to the laws of Singapore.

Organizations today collect, use and disclose personal data about individuals – whether they are customers, employees or members. These individuals trust organizations like us to use or disclose their personal data as it is intended for and to keep their personal data safe. Practising good personal data management can increase business efficiency and effectiveness, boost customer confidence, and enhance the organization’s public image. Organizations in general are required to comply with the Personal Data Protection Act 2012 (PDPA).

Organizations may continue to use personal data that has been collected before the data protection provisions of the PDPA come into effect on 2 July 2014 for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a different purpose for the use of the personal data, consent has to be obtained anew. For personal data collected after 2 July 2014, organizations will have to notify and obtain the individual’s consent to the collection, use and disclosure of his or her personal data.

1. Data Protection Policy

This document spells out the data protection policy of St. John’s Home For Elderly Persons. The key features of this policy are published here, on line via the Home’s webpage. The business contact information of the Home’s data protection officer is also provided on this webpage should members of the public require more information on our data protection policies and practices. Information regarding how to withdraw consent, access, update or correct personal data are available on this webpage.

2. Data Protection Officer/s

The roles of the Data Protection Officer/s:

  • Developing good policies for handling personal data in electronic and/or manual form, that suit the Home’s needs and comply with the PDPA;
  • Communicating the internal personal data protection policies and processes to customers, members and employees;
  • Handling queries or complaints about personal data from customers, members and employees;
  • Alerting the Home to any risks that may arise with personal data; and
  • Liaising with the Personal Data Protection Commission, if necessary.

The data protection officers of the Home are:

  • The General Manager, Mr Goh Beng Hoe
    Phone number: 62854446

  • Designated member of Management Committee, Mr Lester Lee Keng Kok
    Phone number: 62854446

3. Home’s Personal Data Inventory

This section deals with the personal data in the care of the Home.

4. Data Protection Processes

a. Personal Data Collected for the Provision of Care Services and from Staff

  • Personal particulars of residents and their sponsors and contact persons are collected at the point of application and admission for the purpose of provision of care services. Applicants and sponsors will be notified of the collection of this information, the use or disclosure of their personal data for the provision of care and services and asked to sign a consent form.
  • The Home collects personal particulars of staff for the purpose of administration and meeting the requirements of various Government authorities and submissions. Staff are to treat all official documents and information which they prepare or receive in the course of duty, as confidential. The staff must not, either during or after his service, copy, extract or translate them for unofficial use or allow others to do so. If a staff receives information that is wrongly forwarded to him, he must promptly inform the issuing party of the error and return the documents or destroy the information promptly, whichever is applicable. This above is specified in the Terms and Conditions of employment with the Home.
  • CCTV, Video Recording and Photography.

CCTV, video footage and photos may constitute personal data if an identifiable individual is captured.

  • Appropriate notices are put up at the gate, office entrance, counselling room and clinic to clearly state the use and purpose of CCTV video surveillance.
  • Notices are put up at the office entrance, dining hall and lounge to inform visitors and volunteers that photographs and videos taken may be used by the Home for publicity purpose in print or electronic media.
  • For outings organized by volunteers, the organizer and volunteers should be notified via email that photographs of attendees will be taken at the event for publicity on print and electronic media.
  • For special event, it should be stated in the invitation that photographs of attendees will be taken at the function for publicity on print and electronic media. Appropriate notice should also be put up at the reception or entrance to inform the attendees on the event day.
  • If photos and videos are taken out of the context of the above, the Home must obtain individual’s consent before using them.

Only authorized personnel of the Home, as listed in Section 3, are allowed to access these personal data. Where in doubt, seek the advice of the Data Protection Officer.

b. Personal Data Collected from Donors, Volunteers and Visitors

This section deals with personal data of Donors and Volunteers where consent from the individual is required. The Home will only collect, use or disclose personal data for purposes for which an individual has given his or her consent. Individuals are allowed to withdraw consent with reasonable notice. In this case the Home will inform them of the likely consequences of withdrawal. Upon withdrawal of consent to the collection, use or disclosure for any purpose, the Home must cease such collection, use or disclosure of the personal data of the individual

i. Notification
  • Donors

Donors who wish to obtain tax benefits are required to provide their tax reference number (e.g. NRIC/FIN/UEN) to enable the Home to provide the Inland Revenue Authority of Singapore (IRAS) details of their donations so that the tax benefit can be automatically reflected in their tax bill.

The Home would also request for donor particulars such as address, email, telephone number and other details to allow us to maintain contacts with our Donors.

In our donation response options via print or online or other media, the Home will clearly advise donors about personal data to be collected and the purpose and ask for consent - donor will be asked to opt out if they do not wish to have their personal data collected by the Home. Once consent is obtained, donor’s personal data will be updated unto the Home’s donor’s database. The Home will follow the donor’s preferred mode of communication which will be recorded in the donor’s database.

  • Volunteers

The Home collects personal data of volunteers to allow it to assess, select, recruit and mobilize suitable volunteers. The contact details of volunteers allow the Home to communicate with volunteers regarding the needs of the Home as well as update them about developments at the Home. The Home will clearly advise volunteers about personal data to be collected and the purpose and ask for consent in the Application Form for Volunteers.

  • Members of the Home

The Home keeps a membership list consisting of the personal data of all the members of the Home. The contact details of members allow the Home to communicate with members regarding the needs of the Home as well as update them about developments at the Home. The Home will clearly advise members about personal data to be collected and the purpose and ask for consent in the Application Form for Membership.

  • Visitors

Visitors are requested to provide their name, contact number and NRIC (NRIC is only required when a situation requiring contact tracing is required) at the reception when visiting the Home. The reception staff (NOT the visitor) will record the personal data in the visitor registers. Visitors are not allowed to peruse the visitor registers. The registers are to be kept in locked drawer when not in use.

Withdrawal of Consent

Individuals are allowed to withdraw consent at any time by writing to the Home’s Data Protection Officer. The Home will acknowledge the request and inform them of the likely consequences of withdrawal. Upon withdrawal of consent to the collection, use or disclosure for any purpose, the Home must cease such collection, use or disclosure of the personal data.

Access & Correction

  • Individuals may write to the Home, via email or write to the Data Protection Officer at any time to request for the content of personal data collected by the Home or request for update or correction to their personal data.
  • Upon receiving the request, the Data Protection Officer shall file the request and perform the update or correction accordingly. After this is completed, the person concerned will be informed.
  • Any other staff of the Home who receives request or enquiry regarding personal data protection are required to forward the request to the Data Protection Officer.
  • If the request for access or correction is for personal information other than personal particulars, for example medical report or CCVT footage, it will be reviewed by the Data Protection Officer and appropriate action will be taken to act on the request and a response provided to the requestor after consultation with the Management of the Home.

Personal Data Update Process

All requests for withdrawal of consent, update and correction of personal data are to be channeled to the Data Protection Officer (DPO) who will then instruct the Admin/Accounts Exec (AAE) to update the record. The AAE will inform the DPO once the record is updated. DPO will verify and confirm that the request has been acted on by signing the Personal Data Change Request Form. A Personal Data Access/Update/Mailing Preference Change Form will need to be completed for the above mentioned process.

Request to Access Personal Data

All requests by individuals to access personal data must be made in writing. Such requests will be channeled to the DPO. The DPO will make necessary clarification on the purpose of the request and seek advise from the Management Committee before replying the requester and taking action.

5. Care of Personal Data Collected by the Home
  • Personal data collected and kept by the Home are documented in Section 3.
  • The data are kept in databases such as Charms, HubSpot or in electronics forms in computers. Some are kept in the form of hard copies.
  • Data in electronic forms must be stored in computers with passwords. Only authorized personnel are allowed to access the data.
  • Personal data in hardcopies must be kept in locked cabinets and access allowed only to authorized personnel.
  • Personal data retention period for each type of data is stated in Section 3. Personal data which has reached the retention period will be destroyed.
  • Staff who are required to transmit personal data to third parties in the course of work are to consult and obtain consent from the Data Protection Officer before doing so. Files containing personal data transmitted via electronics means are to be encrypted with password protection.
  • Third party data intermediaries that the Home engages, namely LanWorks Pte Ltd (Charms donor management system) and HubSpot (marketing system) have security systems in place to safeguard the database the Home host with them and have policy in compliance with the PDPA.
6. Do Not Call Registry & Your Business

a. Background

Starting from 2 January 2014, the Do Not Call (DNC) provisions under the Personal Data Protection Act 2012 (PDPA) generally prohibit organizations from sending certain marketing messages (in the form of voice calls, text or fax messages) to Singapore telephone numbers, including mobile, fixed-line, residential and business numbers, registered with the DNC Registry.

Such marketing messages generally have one or more of the following purposes:

  • Offer to supply, advertise or promote goods or services;
  • Advertise/promote suppliers or prospective suppliers of goods or services; or
  • Supply/advertise/promote land, interests in land or business/investment opportunities.

Whether an organization is directly sending such marketing messages, causing the message to be sent or authorizing another organization to do so, it has to ensure that such messages are not sent to Singapore telephone numbers registered with the DNC Registry.

The DNC Registry, however, does not cover messages sent for other purposes, such as service calls or reminder messages sent by organizations to render services bought by the individual. Messages for pure market survey or research and those that promote charitable or religious causes are also not covered under the DNC provisions. Telemarketing calls or messages of a commercial nature that target businesses are also excluded from the DNC Registry rules.

b. If the Home intends to send marketing messages to Singapore telephone numbers, the following procedures must be adhered to:

  • Check with the DNC Registry, unless the Home has the recipients’ clear and unambiguous consent in written or other accessible form for sending the marketing message to the Singapore telephone number.
  • If the Home is sending a text or fax message, clear and accurate information identifying the Home as well as contact details must be included within the message. This allows the recipient to contact us for clarifications, if necessary.
  • If the Home is making a sales voice call, the calling identity, or phone number from which the message is sent out from, must not be concealed.

Contact Us

Email Us
additional criteria
Admission Form (Additional Criteria)

Admission Form

Make a Donation
Photo Gallery