Personal Data Protection Policies and Practices

Data Protection Policy

Credit Counselling Singapore

Credit Counselling Singapore (‘we’, ‘us’, ‘our’, etc.) respects the right of individuals to protect their personal data. This data protection policy:

  • gives you information about how we collect, use and disclose personal data about you and
  • applies to the personal data of all individuals (‘you’, ‘your’, etc.) who are:
    • our clients
    • our employees, including volunteers
    • our Board of Directors, members, members of any committee(s) formed by us (including any committee(s) formed by our Board of Directors and any other similar individuals
    •  online users of our website

If you are not in any of these categories but we collect, use or disclose personal data about you in the course of providing our services this data protection policy will apply to that personal data consistently with the way in which it applies to an individual in these categories.

If you would like further information about the way in which we collect, use or disclose personal data about you, please do not hesitate to contact our Data Protection Officer (see 11 for contact information).

1.      Definitions

client’ means any individual to which we provide our services.

employee’ means any person employed by us on any basis and includes volunteers, Board of Directors, our members and members of any committee(s) formed by our Board of Directors.

online users’ means anyone who accesses our website.

personal data’ means data, whether true or not, about an individual who can be identified:                     

  • from that data or
  • from that data and other information to which we have access or are likely to have access

services’ means helping individuals with unsecured consumer debt problems through credit education and debt management programmes.

our website’ means our website at www.ccs.org.sg.

2.      Purposes for us collecting, using or disclosing personal data

We collect personal data from clients, employees and other individuals and use and/or disclose that personal data so that we are able to provide our services efficiently and effectively and so that we can comply with our legal obligations.

3.       Our collection, use and disclosure personal data

        3.1      How we collect personal data about you

Where possible, we collect personal data directly from you. We do this in various ways, including forms and questionnaires, and telephone and in-person meetings.

If at any time you would prefer not to provide some personal data that we request, either during a discussion or in one of our forms or questionnaires, please let us know. We will explain our purpose for collecting that personal data. If you still do not wish to provide it we will discuss with you whether or not we can proceed without it. We may not be able to do so.

        3.2      Consent to us collecting, using or disclosing personal data about you

   We collect, use, or disclose personal data about you only if:

  • you give, or are deemed to have given, your consent under the Personal Data Protection Act (PDPA) to us collecting, using or disclosing that personal data (see 3.3) or
  • collection, use or disclosure by us of that personal data without your consent is required or authorised under the PDPA (see 3.4) or any other written law

        3.3      Collecting, using or disclosing personal data about you with your consent

Where we ask you to consent to us collecting, using or disclosing personal data about you (see 3.2) we will first inform you of our purpose(s) for collecting, using or disclosing that personal data. We will not use or disclose personal data about you for any other purpose(s) without first informing you of the additional purpose(s) and getting your consent to us using or disclosing it for the additional purpose(s).

You are deemed to have consented to us the collecting, using or disclosing personal data about you for a purpose if without actually giving us express consent, you voluntarily provide the personal data to us for that purpose and it is reasonable that you would voluntarily provide that personal data.

Where you are deemed to have consented to us collecting, using or disclosing personal data about you we will collect, use or disclose that personal data only for the purpose(s) for which you are deemed to have consented to us doing so.

        3.4      Collecting, using or disclosing personal data about you without your consent

We are permitted by the PDPA to collect, use or disclose personal data about you without your consent in the following circumstances:

  • if it is publicly available (for example, bankruptcy information published in The Straits Times)
  • if doing so is in your interests and/or if there is an emergency
  • if we do so for evaluative purposes (such as assessing a job or volunteering application)
  • where the disclosure is related to law enforcement or where the collection, use or disclosure is in connection with certain legal issues

If you would like more information about the circumstances under which we may collect, use or disclose personal data without your consent, please contact our Data Protection Officer (see 11).

        3.5      Collecting personal data from online users

If you browse our website, we do not currently capture any data that allows us to identify you.

4.      Withdrawing your consent to us collecting, using or disclosing personal data about you

        4.1      Your right to withdraw consent to us collecting, using or disclosing personal data about your

On giving reasonable notice to us, you may at any time withdraw any consent you have given, or are deemed to have been given under the PDPA (see 3.3), in respect of us collecting, using or disclosing personal data about you for any purpose. Any such notice should be given in writing (which includes email) sent to our Data Protection Officer (see 11).

        4.2      Our response when we receive your notice of withdrawal of consent

The consequences of you withdrawing consent (see 4.1) to us collecting, using or disclosing personal data about you for any purpose may be onerous for you. Therefore:

  • we may require you to provide proof of your identity to assure ourselves we are dealing with the correct person and
  • we will inform you in writing (which may be by email) of the likely consequences of withdrawing your consent for the specified purpose

        4.3      Our actions when you withdraw your consent

If, after knowing the consequences of withdrawing your consent to us collecting, using or disclosing personal data about you for any purpose (see 4.2), you still wish to withdraw your consent:

  • we will cease (and cause any and all of our data intermediaries to cease) collecting, using or disclosing the personal data, unless doing so without your consent is required or authorised under the PDPA or other written law and
  • we will cease to retain our documents containing that personal data, or remove the means by which the personal data can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes

5.      Access to and correction of personal data

        5.1      Your right to request access and/or information

On request by you, we will as soon as reasonably possible provide you with personal data about you that is in our possession or under our control and information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request. Any such request should be made in writing (which includes email) sent to our Data Protection Officer (see 11).

There are some circumstances where we are not required (see 5.4) or are not allowed to provide you with information (see 5.5), although we may be able to provide you with limited information (see 5.6).

We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. Any such fee will reflect our incremental costs associated with responding to your request, such as the cost of making physical copies of the personal data requested. You may obtain information about the fee from our Data Protection Officer (see 11)

        5.2      Our request for proof of your identity

When we receive your request for access to your personal data and/or for information about its use or disclosure by us (see 5) we may require you to provide proof of your identity. This is intended to ensure that access to personal data about you and/or information about its use or disclosure by us is provided only to the correct individual. This is one of the ways we protect personal data about you.

        5.3      How we provide you with access and/or information

We will provide you with personal data about you that is in our possession or under our control by providing you with a photocopy or a print out of it. If personal data (for example, your name and address details) is duplicated across our databases or files, we will generally provide it once, rather than multiple times.

        5.4      When we are not required to provide access or information

In some circumstances, the PDPA does not require us to give you access to your personal data or information about how we have, or may have, used it in within the year before your request (see 5). This includes the following circumstances:

  • if the request would unreasonably interfere with our operations because of the repetitious or systematic nature of requests from you
  • if the burden on, or expense to, us of providing access would be unreasonable or disproportionate to your interests
  • if the information does not exist or we cannot find it
  • if the information is trivial
  • if the request is otherwise vexatious or trivial
  • if we keep or may use the personal data in relation to an investigation or legal proceeding or for purposes otherwise related to legal issues – if you would like more information about this exception, please contact our Data Protection Officer (see 11)
  • if the personal data is opinion data that we keep solely for evaluative purposes – if you would like more information about this exception, please contact our Data Protection Officer (see 11)

        5.5      When we are not allowed to provide access or information

The PDPA does not allow us to give you access to your personal data or information about how we have, or may have, used it in within the year before your request (see 5) in a range of circumstances. These include where our doing so could reasonably be expected to:

  • threaten the safety or physical or mental health of an individual other than you
  • cause immediate or grave harm to your safety or to your physical or mental health
  • reveal personal data about another individual
  • reveal the identity of an individual who has provided personal data about you and the individual providing the personal data does not consent to the disclosure of their identity

If we have disclosed your personal data to a prescribed law enforcement agency under certain circumstances the PDPA does not allow us to disclose to you that we have done so. If you would like information about the circumstances in which this prohibition applies, please contact our Data Protection Officer (see 11).

        5.6      When we may provide limited information only

If we are able to provide you with access to your personal data and information about how we have, or may have, used it within the year before your request (see 5) without the personal data or other information that we are not required to provide to you (see 5.4) and/or we are not permitted to provide to you (see 5.5) we will provide you with access to your personal data and other information without the information that we are not required and/or permitted to provide to you.

6.       Correction of errors in, or omissions from, personal data about you

        6.1      Your right to request us to correct personal data

You may request us to correct an error or omission in the personal data about you that we hold or that is under our control. However, there are some circumstances where we do not make a correction (see 6.4) and other circumstances where we are not required to act on such a request (see 6.5). Any such request should be made in writing (which includes email) sent to our Data Protection Officer (see 11).

        6.2      Our request for proof of your identity

When we receive your request for us to correct an error or omission in personal data about you (see 6.1), we may require you provide proof of your identity and/or documents or other evidence supporting your request.

        6.3      When we will correct your personal data

If you request us to correct personal data about you (see 6.1), unless we are satisfied on reasonable grounds that a correction should not be made, we will:

  • correct the personal data as soon as practicable and
  • send the corrected personal data to every other organisation to which we have disclosed the personal data within a year before the date we made the correction

However, we do not have to send the corrected personal data to every other organisation if that other organisation does not need the corrected personal data for any legal or business purpose. In addition, we do not have to send the corrected personal data to every other organisation if you consent to us sending it only to specific organisations.

        6.4      Where we do not correct personal data about you

In any case where we are not satisfied that we should correct your personal data (see 6.3) we will:

  • write to you (which may be by email) to tell you why we have not made the correction and
  • annotate your personal data in our possession or under our control with the correction that was requested but not made

        6.5      When we are not required to correct personal data

The PDPA sets out certain circumstances in which we are not required to correct your personal data – for example, where we keep opinion data for an evaluative purpose. If you would like information about this exception or the other circumstances where correction is not required, please contact our Data Protection Officer (see 11).

7.      Accuracy of personal data

We make reasonable efforts to ensure that personal data that we collect about you or that is collected our behalf is accurate and complete if we are likely to use that personal data to make a decision that affects you or we are likely to disclose that personal data to another organisation.

8.      Protection of personal data

We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure. Only authorised personnel are permitted to have access to personal data about you.

9.      Retention of personal data

We cease to retain documents containing personal data about you, or we remove the means by which the personal data can be associated with you, as soon as it is reasonable to assume that:

  • the purpose for which we collected that personal data is no longer being served by retention of the personal data and
  • retention is no longer necessary for legal or business purposes

10.      Complaints procedure

        10.1      Our commitment to handling complaints

We strive for excellence in providing services to our clients and in all our interactions with donors, and with our employees, as well as with the community generally. This includes our compliance with the PDPA.

        10.2      How to make a complaint to us about our collection, use or disclosure of personal data about you

Please direct any queries or complaints you have about the way in which we collect, use or disclose personal data about you to our Data Protection Officer (see 11).

Generally, we are unable to deal with anonymous complaints because we are unable to investigate them. If you raise a complaint anonymously we will nevertheless note the matter raised and, if possible, try and investigate and resolve it appropriately.

        10.3       Providing details of the complaint

Whenever you make a complaint (see 10.2) our Data Protection Officer will seek to obtain sufficient information from you to enable us to investigate it. Please be prepared to provide our Data Protection Officer with information as to, for example:

  • the type of action, or lack of action, by us that has given rise to your concern
  • whether it was an isolated incident or is ongoing and, in the case of an isolated incident, when it occurred
  • a copy of any relevant correspondence you hold and
  • details about what you consider should have happened or should not have happened

        10.4      Resolution of the complaint

Immediately upon receiving a complaint (see 10.2) our Data Protection Officer must investigate it and within two business days advise you of:

  • the outcome of the complaint and the reasons for that outcome or
  • write to you (which may be by email) advising you that the Data Protection Officer needs more time to investigate the complaint and stating when the Data Protection Officer expects to have resolved the complaint for you

The Data Protection Officer must in any event complete the investigation of your complaint within 10 business days.

        10.5      Communicating the outcome of a complaint to you

If a complaint (see 10.2) is settled to your complete satisfaction, our Data Protection Officer is not required to advise you in writing of the outcome of the complaint, unless you request a written response (which may be by email).

If a complaint is not settled to your complete satisfaction, our Data Protection Officer will advise you of the outcome of the complaint and the reason(s) for that outcome in writing (which may be by email). If you are not satisfied with the outcome, you may take your complaint to the Personal Data Protection Commission.

11.      Data Protection Officer

We have appointed a Data Protection Officer. To raise any questions or comments you may have about the way we collect, use or disclose personal data and/or about any aspect of this data protection policy and/or to make a complaint about how we have collected, used or disclosed personal data about you, please contact our Data Protection Officer.

To contact our Data Protection Officer:

  • send an email to pdpa@ccs.org.sg
  • call 6225 5227
  • write to us at 210 Middle Road,
    #05-04 Singapore Pools Building
    Singapore 188994

12.      Changes to this data protection policy

We reserve the right to review, amend and/or update this data protection policy at any time and from time to time.

If we decide to make any changes to this data protection policy, we will post them on our website. If the changes are significant, we may also decide to email them to registered users on our website.