Privacy Policy

1          Introduction

1.1 We at Indigo & Co (“Indigo”) respect the privacy and confidentiality of the personal data of our Indigo’s employees, clients, job applicants, donors, volunteers, visitors, third-party service providers and other individuals whom we interact with in the course of providing our services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.

 

1.2   We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.

 

1.3    Examples of such personal data you may provide to us include personal particulars, medical records, educational records, financial records, pictures and videos, whether such data is stored in electronic or non-electronic form.

 

2        Purposes for Collection, Use & Disclosure of Personal Data

 

2.1   Indigo & Co. will collect your personal data in accordance with the PDPA. In general, before Indigo & Co. collects any personal data from you, Indigo & Co. will notify you of the purposes for which your personal data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your personal data for the intended purposes.

 

2.2   Written parental/guardian consent will be required for the collection of personal data of persons (below the age of 16) or those with certified medical/mental conditions.

 

2.3    By providing personal data relating to a third party (e.g. information of your dependent, spouse, children and/or parents) to Indigo & Co., you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of the personal data for the purposes listed in paragraph 2.4 below.

 

2.4    The personal data which Indigo & Co. collects may be collected and/or used for the following purposes:

(a) processing your application for clinical and/or social services;

(b) evaluating your suitability or eligibility for clinical and/or social services, e.g. the grant of financial or social assistance;

(c) seeking aids from governmental bodies or other voluntary welfare organisations such as financial subsidies or other social assistance;

(d) administering the provision of clinical and/or social services to you by Indigo & Co. and/or managing your relationship with Indigo & Co,;

(e) administering your donations and/or communications pertaining to your donations to Indigo & Co.;

(f) administering your volunteer services and/or communications pertaining to your volunteer services with Indigo & Co.;

(g) communicating and updating you on other charity initiatives or related activities including soliciting donations and volunteers for activities or programmes organised by Indigo & Co. or other charitable organisations;

(h) Indigo & Co.’ publications and materials including but not limited to Indigo & Co.’s Annual Report, eNews and brochures, posters, and banners;

(i) Indigo & Co.’ publicity and fundraising initiatives including but not limited to disclosures in/on Indigo &Co.’s letters, electronic mailers(EDM), website, and events; and/or

(j) as required by laws and regulations.

 

2.5   In connection with the purposes set out in paragraph 2.4 above, your personal data may/will be disclosed by Indigo & Co. to persons including social workers, governmental bodies and/or other voluntary welfare organisations.

 

2.6   Please note that Indigo & Co. may collect, use, or disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

(a) it is necessary for any purpose that is clearly in your interest and consent cannot be obtained in a timely way;

(b) it is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;

(c) it is necessary in the national interest;

(d) the personal data is publicly available;

(e) it is necessary for any investigation or proceedings; and

(f) it is required based on the applicable laws and/or regulations.

 

2.7   The instances listed above at paragraph 2.6 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the PDPA Act 2012 which is publicly available at https://sso.agc.gov.sg/Act/PDPA2012.

 

2.8   Where a free decision to opt in to a process or situation where the collection or use of personal data can be reasonably expected, then implied permission can be assumed. Situations where implied consent may be applied:

  • Online applications (if applicable when applications or admissions are submitted for services provided by Indigo)

  • Course/Conference/Webinar sign-up (including recordings of the Course/ Conference/ Webinar)

  • Events sign-up (either displayed at entrance or event confirmation emails to cover the taking and use of photos and videos of the event)

  • Centres – CCTV recordings

 

3        Request for Access, Correction and/or Withdrawal of Data

 

3.1   You may request to access and/or correct your personal data currently in Indigo & Co.’s possession or withdraw your consent for the collection, use and/or disclosure of your personal data at any time by submitting your request through the following methods:

Email: DPO@indigo-co.org

 

3.2   Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

 

3.3   You may write in to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within thirty (30) business days from the date we receive your request. If we are unable to do so within the thirty (30) business days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

 

3.4   If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within thirty (30) business days from the date we receive your request.

4        How We Ensure the Accuracy of Your Personal Data

4.1   You shall always ensure that the information provided by you to Indigo & Co. is correct, accurate and complete. Please inform Indigo & Co. as soon as possible of any changes in your personal data. Indigo & Co. will ensure that the personal data is updated and amended when requested.

 

4.2   From time to time, we may conduct a data verification exercise for you to update us on any changes to the personal data we hold about you. If we have an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

5        How We Protect Your Personal Data

 

5.1   We have implemented appropriate information security and technical measures (such as data encryption, firewalls, multi factor authentication and secure network protocol(s) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.

 

5.2   We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.

6        How We Retain Your Personal Data

 

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

 

We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

7        Contacting Us

 

If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at DPO@Indigo-co.org

 

Any query or complaint should include, at least, the following details:

●    Your full name and contact information; and

●    Brief description of your query or complaint

 We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

8        Right to Amend Personal Data Protection Policy

Indigo reserves the right to amend this Personal Data Protection Policy at any time. Any amendments will be posted on our website. Please visit our website periodically to note any changes.

 Changes to this Notice take effect when they are posted on our website.