Global Cultural Alliance Ltd (GCA) – a registered charity in Singapore (registration no. 201428805R) recognises its obligations under the Personal Data Protection Act 2012 (“PDPA”) and this Privacy Statement is to help you understand how GCA and its entities and brands, (“GCA“, “we“, “us”, or “our”) collect, use, disclose and care for the personal data you have provided to GCA, as well as to assist you in making an informed decision before providing us with any of your personal data.
GCA recognises the importance of the personal data you have entrusted to us and are committed to properly manage and protect your personal data.
Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information.
Collection, Use and Disclosure of Personal Data
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws.
We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
The purposes (“purposes”) for which GCA processes Personal Data include the following as may be applicable to you:
a) to process, administer, facilitate, maintain and manage your relationship with GCA as a member, volunteer, programme participant, beneficiary, customer, donor and/or employee;
b) to provide you with and administer the services you have requested and maintain our relationship with you;
c) to provide you with information and materials on GCA’s activities, products, programmes and services and those of third parties with whom GCA may collaborate;
d) for communications pertaining to needs, donations and sale of products and services;
e) to conduct research, surveys and for statistical analysis with the aim of reviewing, developing and improving our products, programmes and services;
f) to process your application to GCA for services, employment and other opportunities; and
g) carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations (whether Singapore or foreign country) applicable to us or our affiliates/associated companies, the requirements or guidelines of governmental authorities (whether Singapore or foreign country) which we determine are applicable to us or our affiliates/associated companies, and/or our risk management procedures that may be required by law (whether Singapore or foreign country) or that may have been put in place by us or our affiliates/associated companies;
h) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests; or dealing with and/or investigating complaints;
If you provide Personal Data relating to a third party (e.g. information of your dependent, spouse, children and/or parents) to us, you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of the Personal Data for the purposes listed above.
To Whom We May Disclose Your Personal Data
GCA will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to any applicable law, we may disclose Personal Data for any of the purposes specified above to:
• our trusted partners, third party service providers, collaborating entities, agents, independent contractors or providers of professional services who work with us to or on our behalf provide and deliver services to support GCA’s programmes, services, and operations and stipulate their compliance with data protection laws;
• any person to whom disclosure is allowed or required by law, regulation or any other applicable instrument;
• any court, tribunal, regulator (including national and/or international regulator), enforcement agency, exchange body, tax or other authority where we are required to do so by applicable law and/or regulation; any authority or regulator; any directive, order or request of any authority or regulator; or any agreement with a regulator or an authority;
• relevant government authorities, ministries, statutory boards and agencies; and
• any other party to whom you authorise us to disclose your Personal Data to.
Withdrawing your consent
You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by emailing us at email@example.com. We will process your request 10 working days from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request, unless an exception under the law or a provision in the law permits us to. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal, including us being unable to perform the transactions requested by you or result in the termination of our relationship.
We may collect, use, disclose or process your personal data for other purposes that do not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
To the extent permitted by law, we may/will also be collecting from sources other than yourself, personal data about you, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes. We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the Purposes set out above (depending on the types of information we receive).
Accuracy of Data
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email firstname.lastname@example.org.
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection and encryption to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We may retain your Personal Data for so long as it is necessary for us to do so, having regard to the uses described in this Privacy Statement or as required or permitted by applicable laws.
If we were already in possession of your Personal Data prior to 2 July 2014, we may have been using your Personal Data to provide information of GCA’s services and appeals for support in GCA activities and donation drives, sale and promotion of products.
Contacting Us and Opt-Out Information
• have questions or comments about our Privacy Statement;
• wish to make corrections to any personal identifiable information you have provided;
• wish to request a copy of the Personal Data processed in relation to you;
• want to opt out from receiving future updates, newsletters, information on training from GCA and/or third parties which we are associated with, please email the Data Protection Officer – email@example.com.
• GCA is allowed by law to charge you a fee for a copy of your Personal Data. Please make all requests in writing and provide us with evidence of your identity. For opt out, please send a clearly worded email.
• We will respond to your request as soon as reasonably possible. In general, our response will be within 30 working days. Should we not be able to respond within 30 working days after receiving your request, we will inform you in writing within 30 working days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under PDPA)
Updates to This Privacy Statement
GCA may amend this Privacy Statement at any time to ensure that it is consistent with any developments to the way GCA uses Personal Data or any changes to the laws and regulations applicable to GCA. We will make available the updated Privacy Statement on our website. All communications, transactions and dealings with GCA shall be subject to the latest version of this Privacy Statement in force at the time.