Data Protection Policy

This document sets out the Data Protection Policy for Oogachaga, in accordance with the advisory guidelines issued by the Personal Data Protection Commission (PDPC), Singapore.

1.         Data Protection Officer

1.1    The organisation’s Data Protection Officer (DPO) is the Executive Director, or a senior staff appointed by the Executive Director. 

1.2    The DPO is responsible for developing personal data policies and oversee compliance with the PDPA.

1.3    The DPO’s role includes the following:

  • Developing good policies for handling personal data in electronic and/or manual form, that suit the organisation’s needs and comply with the PDPA;

  • Communicating the internal personal data protection policies and processes to service-users, volunteers, employees and other stakeholders;

  • Handling queries or complaints about personal data from service-users, volunteers, employees and other stakeholders;

  • Alerting the organisation to any risks that might arise with personal data; and

  • Liaising with the PDPC, if necessary.


2.         Personal Data Inventory

2.1       Oogachaga is responsible for collecting and storing personal data from the following groups of people:

  • Service-users (including counselling clients, workshop and event participants)

  • ·Volunteers (including former, current, active and inactive volunteers)

  • Employees (past and present)

2.3     Data Collection, Use and Disclosure

Whenever personal data is being collected, explicit consent is obtained for Oogachaga to collect, use and disclose the data in a confidential manner, and subjected to the Personal Data Protection Act 2012.

2.4     Data Access & Correction

  • Only the Executive Director and the staff in charge of the relevant programme may have access to the personal data access. 

  • On a case-by-case basis, and where necessary, the Executive Director may grant key volunteers individual and time-specific access to personal data.

 2.5       Care for Personal Data

  • All personal data in physical form is secured inside locked metal cupboards.

  • All personal data in online form is secured through account and password access.

3          Implement Data Protection Processes

3.1       In implementing all data protection processes, the following Main Data Protection Obligations will be adhered to, in accordance with the Personal Data Protection Act:

a. Consent Obligation 

  • Oogachaga will only collect, use or disclose personal data for purposes for which an individual has given his or her consent.

  • Individuals will be allowed to withdraw consent, with reasonable notice, and be informed of the likely consequences of withdrawal. Upon withdrawal of consent to the collection, use or disclosure for any purpose, the organisation will cease such collection, use or disclosure of the personal data.

b. Purpose Limitation Obligation

  • Oogachaga may collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent.

  • Oogachaga may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.

c. Notification Obligation

  • Oogachaga will notify individuals of the purposes for which the organisation is intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data.

d. Access and Correction Obligation

  • Upon request, the personal data of an individual and information about the ways in which his or her personal data has been or may have been used or disclosed within a year before the request should be provided by Oogachaga.

  • However, Oogachaga will not provide an individual access if the provision of the personal data or other information could reasonably be expected to:

-         cause immediate or grave harm to the individual’s safety or physical or mental health;

-         threaten the safety or physical or mental health of another individual;

-         reveal personal data about another individual;

-         reveal the identity of another individual who has provided the personal data, and the individual has not consented to the disclosure of his or her identity; or

-         be contrary to national interest.

  • Oogachaga will correct any error or omission in an individual’s personal data upon his or her request.

e. Accuracy Obligation

  • Oogachaga will make reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete, if it is likely to be used to make a decision that affects the individual, or if it is likely to be disclosed to another organisation.

f. Protection Obligation

  • Oogachaga will make reasonable security arrangements to protect the personal data that we possess or control to prevent unauthorised access, collection, use, disclosure or similar risks.

g. Retention Limitation Obligation

  • Oogachaga will cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.

h. Transfer Limitation Obligation

  • Oogachaga may transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the PDPC.

i. Openness Obligation

  • Oogachaga will make information about our data protection policies, practices and complaints process available on request.