Resilience Collective Privacy Policy
Protecting your privacy is important to us at Resilience Collective. At all times we aim to preserve your privacy and safeguard any personal data you share with us.
This policy explains how we hold and use your personal data and your rights and options in relation to it. Please read it carefully to understand how and why we use your personal data.
What is personal data?
In Singapore, the Personal Data Protection Act (Act No. 12 of 2012) (the “PDPA”) regulates the collection, use and disclosure of personal data. “Personal data” under the PDPA is any data, whether true or not, about an individual who can be identified from that data or from that data and other information which we have or are likely to have access to.
What is the legal basis for this policy?
The PDPA applies to all organisations and it requires them to put in place both practices and policies to meet data protection standards. This policy aims to inform you about how Resilience Collective complies with the PDPA. It also provides a set of steps that you may take to gain access to or make corrections about the personal data you provide to Resilience Collective.
When do we collect your personal data?
We collect personal data from you in a number of ways including:
- when you join our community: by filling in our community membership form, contacting us on our website or filling in our volunteer application form
- when you attend our workshops: by filling in a registration form or filling in an evaluation or feedback form
- when you attend our outreach events: by filling in a registration form or an evaluation or feedback form
- when we conduct surveys: these may be for new programmes (where we gather data on behalf of the National Council of Social Service (“NCSS”) or a Peer Support Survey), for pre-workshop surveys or when we collect data from Peer Support Specialists and learners to facilitate matching
- when you create content with us: at our workshops or at our human library events; when you share your story with us
- when we take photographs: at our outreach events, workshops and co-production meetings
- when we hold lucky draws: where you sign an acknowledgment form
- when you want to work with us: when you submit your CV during the recruitment stage and when we complete your onboarding
- when you visit our website: where we collect data from cookies and retain your IP address
- when you make a donation: where you complete a donor form or provide your details on a platform such as Giving.Sg and provide us with payment details
- when you engage with us on social media: where you communicate with us through Facebook or Instagram
- when a third party provides us with your personal data: where a public agency or authority provides us with your personal data, or where you engage with us through a platform, such as Peatix
- when you contact us directly: where you interact with us directly by telephone, email, post or otherwise to enquire about our activities, donations to our organisation or ask a question about mental health or otherwise provide us with your personal data.
What personal data do we collect from you?
We may collect, store and use the following types of personal data:
- Name, NRIC[1], passport or other unique identification data
- Date of birth
- Gender
- Contact details: phone number, email address, mailing address
- Education or occupation details
- Images, videos and voice recordings
- Content created by you at our events
- Bank account details (for our employees and volunteers) or credit / debit card details of our donors
We may also create personal data about you, such as records of your communications and interactions with us, including attendance at events we hold or interviews in the course of applying for a job with us.
We request that the personal data you provide us with is accurate and is kept up to date. From time to time we may ask you to confirm the accuracy of your personal data.
[1] NRIC details are not retained in full unless required by law (e.g. for submitting to IRAS for tax deduction purposes or for details of staff, or for consent and release forms).
What about sensitive personal data?
Certain categories of personal data are sensitive and we treat these with a greater level of protection.
For example, information about your mental health diagnosis, narratives around your recovery, your mental wellness, your interaction with someone with a mental health condition, your crisis plan and your emergency contacts (including their names and relationships to you) are all more sensitive data. We ask for this information simply so that we can understand more about our community and create meaningful content for our community that is consistent with our goals (set out below). With your consent, we may share your mental health stories and other sensitive personal data on our website or in our publications. If you prefer to remain anonymous on our website or in any of our published materials, you may let our staff members know.
How do we retain your personal data?
We store your data electronically in the cloud and in physical files at our office.
We have implemented physical and technical measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing.
Your personal data is only accessible by appropriately trained staff and contractors, and stored on secure servers located in Singapore and overseas or locked in physical files.
However, the storage of data cannot always be completely secure. Although we will do our best to protect your personal data, we cannot categorically guarantee the security of the personal data provided to us.
Please ensure that any personal data that you send to us is sent securely. In some instances we may obtain your personal data through payment systems when you make a donation to us.
How long do we retain your personal data?
We will only keep the data as long as is reasonable and necessary for the relevant activity, but in some cases we may need to retain your personal data to fulfil our legal, accounting or reporting requirements (for example relating to donations). The length of time may vary depending on the reasons we are processing the personal data and whether we have a legal or contractual obligation to keep it for a certain time.
Subject to the above, we typically retain personal data for 3 years where your personal data is sensitive personal data. This would often be obtained from a Consent & Release Form or in relation to PhotoStory. Other personal data will typically be retained for us for 6 years after your last donation or interaction with us and we will then to consider whether to retain further or not.
Once the retention period has expired, personal data will be confidentially disposed of or permanently deleted, although we won’t totally delete a record of you (see below).
How will we use your personal data?
Everything we do at Resilience Collective is to help break down the stigma associated with mental health issues. We want to create a safe space for mental health stories to be shared and to encourage mental wellness. We will use the personal data provided to us in various ways to help us achieve our goals.
We want to make sure that our communications with you, whether on our website, by email, post, phone or messaging service are the most relevant to you, based on your profile. We want you to receive the best attention when you attend an event, make a donation or want to volunteer.
We may use your personal data for a number of reasons, including:
- Community information: to understand our community better. We want to target our programmes more effectively to the interests of our community. We want to engage with our community by providing information and holding events that might be of interest
- Volunteer information: we want to make sure we screen our volunteers appropriately and to match them to the right roles
- Administrative matters: we will communicate with you from time to time about administrative tasks. For example, we may reach out to you about an event you have signed up for to check that you will still be able to participate or attend
- Emergency contact information and crisis plan information: we may need to activate this information if a participant or volunteer is unwell or in distress
- Health condition and recovery: we will use your health information to consider your suitability to participate in our programmes and workshops
- Photographs, Videos and Audio Materials: we will use these in our marketing materials to promote our activities. This could be on our website, on social media or in print or in media
- Content creation: we may use information provided in your narratives or photos taken at our events which we may modify, publish, exhibit or sell
- Reporting: from time to time we need to provide reports to our board, and to the organisations that fund us (including the NCSS, the Institute of Mental Health, Caregivers Alliance and Binjaitree)
Will we share your personal data?
We will not share your personal data with third parties without your prior consent, unless required by law.
Your rights
You have a number of rights in relation to our use of your personal data. These rights include:
- Objection: you have the right to object to our use of your personal data
- Withdraw consent: you have the right to withdraw your consent to our use of your personal data at any time
- Access: you can ask for details of the personal data that we hold about you and can request a copy of that information
- Erasure: in some cases, you can ask us to delete your personal data from our records or to anonymise it. However, we may need to retain some limited personal data in order to ensure you are not contacted by us in the future.
- Rectification: if you believe our records about you are inaccurate, you have the right to ask us to update our records.
We may require proof of your identity before we can give effect to these rights.
However, please note that we may refuse your request under certain circumstances as set out in the PDPA.
Changes to our Policy
We review our policy and may update it from time to time, so we recommend that you check it periodically. This policy was last updated on 20 June 2020.
Contact us (including complaints)
If you have any questions or concerns (including complaints) about this policy or about the way in which your personal data is being used please let us know by contacting us in the following ways:
by post: 176 Orchard Road, #05-05 The Centrepoint, Singapore 238843
by email: contactus@resilience.org.sg
Please ask for or address your communication to the Data Privacy Officers, Nic Lee or Justin Loo.
You are entitled to make a complaint at any time to the Personal Data Protection Commission, the Singapore authority for data privacy. However, we are always grateful for the opportunity to resolve your concerns before you approach the PDPC, so we appreciate if you would contact us in the first instance.