Contact Centre Association of Singapore (CCAS) Data Protection Policy

1. Introduction

The Contact Centre Association for Singapore (CCAS) recognizes the importance of safeguarding personal data and is committed to protecting the privacy of individuals whose personal information is collected and processed by our organization. This Data Protection Policy outlines our commitment to data protection and compliance with the Personal Data Protection Act (PDPA) and other relevant data protection laws and regulations in Singapore.

2. Scope

This policy applies to all employees, contractors, volunteers, and third parties who collect, process, or handle personal data on behalf of CCAS.

3. Collection, Use and Disclosure of Personal Data

3.1 Purpose for Data Collection: CCAS will collect and process personal data only for legitimate and specific purposes, and will ensure that individuals are aware of the purposes for which their data is being collected.

3.2 Consent: When required by the PDPA, CCAS will obtain the informed and unambiguous consent of individuals before collecting, using, or disclosing their personal data.

3.3 Data Minimization: CCAS will only collect and process personal data that is necessary for the purposes identified and will not retain data for longer than necessary.

4. Data Security

4.1 Data Protection Measures: CCAS will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction.

4.2 Access Control: Access to personal data will be restricted to authorized personnel based on the principle of least privilege, and access logs will be maintained.

4.3 Data Encryption: CCAS will use encryption techniques to protect sensitive personal data during transmission and storage.

5. Data Retention and Disposal

5.1 Data Retention Period: Personal data will be retained only for as long as it is necessary to fulfill the purposes for which it was collected or as required by law.

5.2 Data Disposal: Personal data that is no longer required will be securely disposed of using appropriate methods.

6. Data Access and Correction

6.1 Data Subject Rights: CCAS will respect individuals’ rights to access their personal data and request corrections, in accordance with the PDPA.

6.2 Verification of Identity: CCAS may request verification of the identity of individuals making data access or correction requests.

7. Data Disclosure and Sharing

7.1 Third-Party Disclosure: CCAS will not disclose personal data to third parties without consent, except where permitted by law or for legitimate purposes.

7.2 Data Sharing Agreements: When personal data is shared with third parties, CCAS will establish appropriate data sharing agreements and ensure data protection compliance.

8. Data Breach Response

8.1 Data Breach Notification: In the event of a data breach, CCAS will promptly assess and report the breach to the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA.

9. Training and Awareness

9.1 Training: CCAS will provide training and awareness programs to staff and stakeholders to ensure understanding and compliance with this Data Protection Policy.

10. Policy Review and Updates

10.1 Policy Review: This Data Protection Policy will be reviewed periodically to ensure its relevance and effectiveness.

11. Contact Information

For inquiries or concerns related to data protection, please contact the CCAS Secretariat Team at +65 6266 8228 or email at secretariat@ccas.org.sg.

12. Compliance with PDPA

This policy is desigend to comply with the PDPA and other relevant data protection laws and regulations in Singapore.