Personal Data Protection Policy

  1. PERSONAL DATA

Personal Data means any information about an individual who can be identified from that data or in combination with other information (e.g., name, contact details, identification numbers). As a volunteer of SDP, you may handle personal data related to members, employees, assistants, volunteers, changemakers, donors, individuals involved in or engaged for SDP’s activities, and those of members of the public. 

  1. COLLECTION OF PERSONAL DATA
    1. Consent - Before collecting, using, or sharing Personal Data on behalf of SDP, SDP Personnel must obtain clear and informed consent from the individual. 
    2. Notification - SDP Personnel shall notify the individual of the purpose(s) for which SDP intends to collect, use, or disclose their Personal Data. For example, any forms created for volunteer sign up must include an explanation on why Personal Data is being collected and how it will be used. 
    3. Purpose Limitation - SDP Personnel must limit the amount of Personal Data collected to only that which is required for the purpose(s) and must not collect excessive or irrelevant information.
  1. PURPOSE

SDP may collect, use and/or disclose Personal Data for the purposes listed below (individually a “Purpose” and collectively, “the Purposes”). SDP Personnel must not use Personal Data collected or to which they have access to in the course of their volunteering activities or any other engagement with SDP for any purpose unrelated to those listed below or for any personal reasons. 

If SDP Personnel needs to use the Personal Data of an individual for purposes for which consent has not been obtained, that SDP Personnel must first ensure that consent for such use is obtained from that individual.

  • Membership Management: To register, communicate with, and manage party members.
  • Volunteer Coordination: To organize, instruct, and communicate with volunteers for campaign and party activities.
  • Event Management: To invite, register, and manage attendees for party events, rallies, and meetings.
  • Campaign Communications: To send election-related updates, newsletters, invitations, and campaign materials to supporters and voters.
  • Public Engagement: To build and maintain relationships with members of the public and supporters.
  • Fundraising: To process donations and communicate with donors regarding contributions and events.
  • Candidate Selection and Election Activities: To manage candidate details and comply with election regulations, including voter outreach.
  • Compliance with Legal Obligations: To fulfill statutory requirements such as submitting reports or disclosures under election laws.
  • Security and Safety: To ensure the security of party personnel, events, and digital assets, including access control and cybersecurity.
  • Internal Administration: To manage employment or volunteer records and other internal administrative purposes.
  1. MANAGING PERSONAL DATA 
  1. Protection: SDP Personnel shall treat Personal Data confidentially and protect it from unauthorized access, disclosure, loss, or damage. SDP Personnel must follow SDP guidelines on storing records securely, using password protection, and avoiding sharing data with unauthorized persons. SDP Personnel shall refrain from disclosing the Personal Data to third parties. Third parties may include family members and/or friends.
  2.  Accuracy: Ensure that the Personal Data you handle is accurate and current. If you notice errors, report them promptly for correction.
  3. Retention Limitation: SDP shall store or maintain Personal Data for as long as is necessary to fulfil the Purposes for which such Personal Data is collected, or for legal purposes.
  4. Transfer Limitation: SDP Personnel shall not transfer any Personal Data outside Singapore, unless such transfer is necessary to fulfil a specific Purpose. In that event, SDP personnel must obtain consent from the relevant individual for such transfer. Further, the transfer shall be done with acknowledgement from the receiving party that such receiving party will safeguard the data to a standard that is comparable to that provided under the PDPA.
  5. Report Data Breaches and Concerns 
    • Immediately inform SDP’s Data Protection Officer if you suspect a data breach, loss, or misuse of personal data.
    • The DPO shall undertake an assessment of the scale of the data breach and the likely harm to individuals that may arise from the data breach.
    • If the DPO assesses that the scale of the data breach is significant, and/or that the likely harm to individuals as a result of the data breach is significant, the SDP shall notify affected individuals and the Personal Data Protection Commission as soon as practicable.
    • This Personal Data Protection Policy (“Policy”) applies to all SDP members, employees, assistants, volunteers, changemakers (“SDP Personnel”). This Policy provides the framework for how Personal Data must be managed by the Singapore Democratic Party (“SDP”/ “us”) in compliance with the Personal Data Protection Act 2012 (“PDPA”). 
  1. INDIVIDUALS’ RIGHTS
    • Correction requests: If individuals request correction of their Personal Data, forward the request to the DPO, who shall comply with the request.
    • Access requests: SDP shall be obliged to release information to an individual only where that individual has submitted a reasonable request. The determination of what information is to be made accessible to the individual shall be made by the DPO. Hence, SDP Personnel are to forward all such requests to the DPO. The DPO may then consult with the SDP’s leadership and/or legal advisors in such matters. If SDP has determined that it shall not provide the access requested, SDP shall generally inform the individual of the reasons why it is unable to do so (except where SDP is not required to do so under the PDPA).
    • Withdrawal of consent: An individual can withdraw consent for the collection, use and/or disclosure of their Personal Data. Notify the DPO of any such requests. In cases of withdrawal of consent, SDP may not be in a position to continue engaging with that individual for the Purposes contemplated and should inform the individual accordingly. For clarity, SDP need not destroy Personal Data immediately upon a withdrawal of consent.
  1. Training and Compliance

SDP Personnel shall attend any training provided on personal data protection to become familiar with this Policy and their responsibilities. Any SDP Personnel supervising a particular group of SDP Personnel shall brief such SDP Personnel on the guidelines set out in this Policy, and assist SDP’s Data Protection Officer to ensure that all SDP Personnel comply with this Policy. 

By signing up to be an SDP Personnel, you are deemed to have read, understood and accepted the obligations under this Policy. If an SDP Personnel breaches this Policy, they may face disciplinary action, including disqualification as an SDP Personnel.

  1. DATA PROTECTION OFFICER

SDP’s Data Protection Officer can be contacted through sdp@yoursdp.org.