top of page

ACES CARE LIMITED

PERSONAL DATA PROTECTION POLICY

1. Introduction

​

ACES Care Limited (“ACES,” “we,” “our,” or “us”) is committed to protecting the personal data of our stakeholders, including donors, beneficiaries, volunteers, employees, and partners, in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore. This policy outlines how we collect, use, disclose, store, and protect personal data to ensure compliance with PDPA and maintain transparency and trust with our stakeholders.

​

 

2. Scope of Policy

​

This policy applies to:

  • All employees, volunteers, and contractors handling personal data on behalf of ACES.

  • Personal data collected from donors, beneficiaries, vendors, business partners, and members of the public who interact with ACES.

  • Personal data collected through our website, mobile applications, physical forms, email communications, and third-party platforms.
     

 

3. Definition of Personal Data

 

Under PDPA, personal data refers to any data that can identify an individual. This includes but is not limited to:

  • Full name, NRIC/FIN/Passport number, date of birth, nationality

  • Contact details (phone number, email, address)

  • Donation history, financial transactions

  • Employment records, volunteer records

  • Photographs, video recordings, biometric data

  • Any other data provided to ACES for the purposes of engagement
     

 

4. Collection of Personal Data

​

ACES collects personal data in the following ways:
 

  • When individuals donate, volunteer, apply for jobs, register for events, or subscribe to our communications.

  • When organizations partner with ACES for fundraising, grants, sponsorships, or program collaborations.

  • When required for compliance with legal, regulatory, or audit purposes.

 

Consent Requirement:
 

  • ACES will obtain explicit consent before collecting, using, or disclosing personal data.

  • Individuals may withdraw consent at any time by contacting our Data Protection Officer (DPO).

 

5. Use of Personal Data

​

ACES may use personal data for the following purposes:
 

  • Fundraising & Donations: Processing donations, issuing tax-deductible receipts, and donor engagement.

  • Volunteer & Employee Management: Assigning duties, processing reimbursements, and evaluating performance.

  • Program & Service Delivery: Providing beneficiaries with support, grants, and other charitable assistance.

  • Regulatory Compliance: Fulfilling audit and reporting obligations to IRAS, COC, NCSS, and other authorities.

  • Marketing & Communication: Sending newsletters, event invitations, and updates about ACES’ work.

  • Security & Safety: Ensuring the safety of our premises and events through surveillance and identity verification.
     

ACES will not sell or rent personal data to third parties.

 

6. Disclosure of Personal Data


ACES may share personal data with:
 

  • Regulatory Authorities (e.g., Commissioner of Charities, IRAS) for compliance purposes.

  • Service Providers & Vendors assisting in fundraising, data management, IT support, and event organization.

  • Partnering Organizations when individuals participate in joint programs.
     

Third-Party Agreements: All third parties handling personal data on behalf of ACES must comply with PDPA and sign Data Protection Agreements.

 

7. Protection of Personal Data

​

ACES implements strict security measures to protect personal data, including:
 

  • Physical Security: Restricted access to confidential records and documents.

  • Digital Security: Data encryption, firewalls, and secure access controls for electronic records.

  • Staff Training: Regular PDPA training for employees handling personal data.

  • Incident Response Plan: A structured response to data breaches, including notification to affected individuals and relevant authorities.

 

8. Retention & Disposal of Personal Data

​

  • Personal data will be retained only as long as necessary for legal and operational purposes.

  • Data no longer required will be securely disposed of through:

    • Shredding physical documents

    • Permanent deletion of digital records

    • Secure overwriting for reusable storage devices

  • For tax-deductible donations, records will be retained for at least 5 years for audit compliance.

 

9. Access, Correction, and Withdrawal of Consent

​

Individuals have the right to:
 

  • Access their personal data held by ACES.

  • Request correction of inaccurate or incomplete data.

  • Withdraw consent for data collection, use, or disclosure.
     

Requests should be made in writing to the Data Protection Officer (DPO):
Email: yeeteck@acescare.sg
Contact: +65 6797 6797
 

ACES will respond to requests within 30 days and may require verification of identity.

 

10. Data Breach Management
 

In the event of a data breach, ACES will:
 

  1. Investigate the breach immediately to assess the extent and impact.

  2. Contain the breach to prevent further loss of data.

  3. Notify affected individuals and relevant authorities (if required under PDPA).

  4. Review and enhance security measures to prevent future breaches.

 

11. Updates to this Policy
 

This PDPA Policy will be reviewed annually and updated when necessary to reflect changes in regulations and operational practices. The latest version will be published on ACES’ website.


Last Updated: 27th February 2025

 

12. Contact Information
 

For any inquiries, concerns, or complaints about this policy, please contact:
 

Data Protection Officer (DPO)
Email: yeeteck@acescare.sg
Contact: +65 6797 6797
Office Address: Block 319 Ang Mo Kio Ave 1 #01-1475 Singapore 560319

ACES Care Limited is an Institution of Public Character (IPC) charity organisation in Singapore and has been a member of the National Council of Social Services since 2023.

ACES Care Logo_White.png
Quick Links

About Us

Contact Us

Volunteer

Privacy Policy

bottom of page