Volunteer

Website Privacy Policy | PDPA Notice

1. Website Privacy Policy / PDPA Notice

Personal Data Protection Policy

Impactworks Community Services Ltd. respects your privacy and is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 of Singapore.

This policy explains how we collect, use, disclose, store and protect your personal data when you visit our website, contact us, register for our programmes, volunteer with us, donate to us, partner with us, or participate in our activities.

1.1 Personal Data We May Collect

We may collect personal data including, but not limited to:

  • Name;
  • Contact number;
  • Email address;
  • Mailing address;
  • Organisation, school, church or company name;
  • Age group or date of birth, where relevant for programme participation;
  • Parent, guardian or emergency contact details;
  • Volunteer, donor, sponsor or partner information;
  • Programme registration details;
  • Photographs, videos, testimonials or feedback;
  • Donation, sponsorship or payment-related information;
  • Any other information you voluntarily provide to us.

Where we collect personal data relating to children or youths, we may require consent from a parent, guardian, school, organisation or authorised representative, where appropriate.

1.2 Purposes for Collection, Use and Disclosure

We may collect, use and disclose your personal data for the following purposes:

  • To respond to your enquiries, requests or feedback;
  • To process registrations for programmes, events, workshops or activities;
  • To manage participation in our youth, family, senior, wellness, mentoring, volunteer or community programmes;
  • To contact parents, guardians or emergency contacts where necessary;
  • To manage volunteer applications, deployment, training and communications;
  • To process donations, sponsorships, partnerships or funding-related matters;
  • To issue receipts, acknowledgements, updates or reports;
  • To communicate programme information, event updates and service announcements;
  • To maintain safety, security, attendance and administrative records;
  • To evaluate, improve and report on our programmes and community impact;
  • To comply with legal, regulatory, governance, audit or reporting obligations;
  • To take photographs, videos or testimonials for documentation, reporting, publicity, social media, website, newsletters, grant reports or stakeholder updates, where consent has been obtained or where permitted by law;
  • For any other purpose that is reasonably related to the above.

The PDPA requires organisations to notify individuals of the purposes for which their personal data is collected, used or disclosed, unless an exception applies.

1.3 Consent

By submitting your personal data to us, registering for our programmes, participating in our activities, donating, volunteering, or using our website, you consent to Impactworks Community Services Ltd. collecting, using and disclosing your personal data for the purposes stated in this policy.

Where you provide personal data on behalf of another person, including a child, youth, family member, volunteer, beneficiary or participant, you confirm that you have obtained the necessary consent or authority to do so.

1.4 Withdrawal of Consent

You may withdraw your consent for the collection, use or disclosure of your personal data by contacting our Data Protection Officer.

Upon receiving your request, we will process it within a reasonable time. Please note that withdrawing consent may affect our ability to provide certain services, process registrations, communicate with you, or allow participation in certain programmes.

1.5 Disclosure to Third Parties

We may disclose personal data to third parties where necessary for our work, including:

  • Programme partners;
  • Schools, churches, community organisations or referring agencies;
  • Trainers, facilitators, volunteers or mentors;
  • Payment processors, donation platforms or service providers;
  • IT, website, cloud storage, email, marketing or administrative service providers;
  • Auditors, professional advisers or governance bodies;
  • Government agencies, regulators or law enforcement authorities where required by law;
  • Grantmakers, sponsors or funders for reporting purposes, where appropriate and where personal data is necessary.

We will take reasonable steps to ensure that third parties who process personal data on our behalf provide appropriate protection for such data. Under the PDPA, an organisation remains responsible for personal data processed on its behalf by a data intermediary.

1.6 Photographs, Videos and Media Consent

During our programmes, events or activities, photographs, videos, audio recordings or written testimonials may be taken for documentation, reporting, publicity, website, social media, newsletters, stakeholder updates and grant reporting.

Where required, we will seek consent from participants, parents, guardians or authorised representatives before using identifiable images, videos or testimonials, especially where children or youths are involved.

If you do not wish to be photographed, recorded or featured, please inform us before or during the event.

1.7 Cookies and Website Analytics

Our website may use cookies, analytics tools or similar technologies to understand visitor behaviour, improve website performance and enhance user experience.

You may adjust your browser settings to disable cookies. However, some parts of the website may not function properly if cookies are disabled.

1.8 Marketing, Updates and Do Not Call Provisions

We may send you updates about our programmes, events, volunteer opportunities, fundraising campaigns or community initiatives where you have consented to receive such communications or where permitted by law.

You may unsubscribe or opt out at any time by following the instructions in our communications or by contacting us.

If we send marketing messages to Singapore telephone numbers, we will comply with applicable Do Not Call provisions under the PDPA. The PDPC states that the DNC provisions form part of the PDPA and apply to marketing messages sent to Singapore telephone numbers.

1.9 Protection of Personal Data

We will take reasonable security arrangements to protect personal data in our possession or under our control from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

These measures may include access controls, password protection, secure storage, restricted access, staff and volunteer training, confidentiality requirements and secure disposal practices.

1.10 Retention of Personal Data

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required for legal, accounting, audit, governance, reporting or operational purposes.

When personal data is no longer required, we will take reasonable steps to securely destroy, delete or anonymise it.

1.11 Access and Correction

You may request access to your personal data or ask us to correct inaccurate or incomplete personal data in our records.
To make such a request, please contact our Data Protection Officer. We may require reasonable information to verify your identity before processing your request.

1.12 Transfer of Personal Data Outside Singapore

Where personal data is transferred outside Singapore, we will take reasonable steps to ensure that the overseas recipient provides a standard of protection comparable to the protection under the PDPA, where required by law.

1.13 Data Breach Notification

In the event of a data breach, we will assess the situation and take appropriate steps to contain, investigate and remediate the breach. Where required by law, we will notify affected individuals and/or the Personal Data Protection Commission.
PDPC guidance states that notification to the PDPC must be made no later than three calendar days after determining that a breach is notifiable.

1.14 Contacting Our Data Protection Officer

For questions, requests or complaints relating to your personal data, please contact:
Data Protection Officer
Impactworks Community Services Ltd.
Email: [insert DPO email]
Contact Number: [insert contact number]
Address: [insert registered / correspondence address]

1.15 Updates to This Policy

We may update this Personal Data Protection Policy from time to time. The latest version will be posted on our website.

Last updated: [insert date]