Personal Data Protection Policy

Last updated: June 2026

Hope Church Singapore (“Hope”, “we”, “us”, or “our”) is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore. This Data Protection Notice explains how we collect, use, disclose, and protect personal data about you.

1. Personal Data We Collect

We may collect the following categories of personal data, depending on your relationship with Hope and the services or activities you are involved in:

Name, NRIC/FIN, date of birth, and gender
Contact details — postal address, email address, and telephone number
Photographs and video recordings
Health information (where relevant to pastoral care or activities)
Financial information for donation processing and receipting
Data of minors, collected with parental or guardian consent
Any other personal data you voluntarily provide to us

We collect personal data through registration forms (physical and online), verbal interactions, event sign-ups, donation platforms, and other channels where you provide us with your information.

2. Purposes of Collection, Use, and Disclosure

We collect, use, and disclose your personal data for the following purposes:

Administering your membership, attendance, and participation in Hope’s programmes and activities
Communicating with you about services, events, announcements, and pastoral matters
Processing donations and issuing tax-deductible receipts
Managing volunteer and staff engagement
Providing pastoral care, counselling, and prayer support
Publishing photos and videos of church activities (with consent)
Supporting internal operations and ministry planning using AI-assisted tools, with human review of any AI-generated output affecting individuals
Complying with legal, regulatory, and audit obligations
Any other purpose for which you have given consent

We will not use or disclose your personal data for purposes beyond those stated here without your prior consent, unless an exception under the PDPA applies.

3. Disclosure to Third Parties

We may disclose your personal data to third parties in the following circumstances:

Service providers and vendors engaged to support Hope’s operations (e.g. payment processors, IT platforms, event management services), who are contractually required to protect personal data to a standard comparable to the PDPA
Government authorities or law enforcement agencies where required by law
Partner churches or organisations within the Hope network, where relevant to your participation

Where personal data is transferred overseas — for example, through cloud-hosted platforms or AI tools whose servers are located outside Singapore — we take steps to ensure the data receives a comparable standard of protection, either through contractual arrangements or by obtaining your consent.

4. Data Retention

We retain different categories of personal data for the following periods:

Attendance and participation data — up to 3 years, then anonymised or deleted
Giving and financial data — up to 7 years, in accordance with statutory requirements
Programme feedback and survey responses — up to 2 years, then anonymised or deleted
Communications and engagement data — up to 1 year, then anonymised or deleted

Personal data is deleted or anonymised when it is no longer needed for the purpose for which it was collected, or when you withdraw your consent and no legal or business obligation requires us to retain it.

5. Protection of Personal Data

We implement appropriate administrative, technical, and physical safeguards to protect your personal data against unauthorised access, disclosure, alteration, or loss. Access to personal data is restricted to authorised staff and volunteers on a need-to-know basis.

Personal data is stored only on Hope-approved platforms. The use of personal cloud storage accounts for personal data belonging to Hope’s members, donors, or other individuals is not permitted.

6. Cookies and Website Analytics

When you visit our website, we may use cookies and analytics tools to understand how our site is used and to improve your experience. Non-essential cookies will only be placed with your consent, and you may withdraw or adjust your cookie preferences at any time through our cookie settings.

Essential cookies necessary for the website to function may be placed without consent, but we will inform you of their use through our cookie consent mechanism.

7. Your Rights Under the PDPA

You have the right to:

Access your personal data held by us, including information about how it has been used in the past 12 months
Correct any inaccurate or incomplete personal data
Withdraw consent for any use or disclosure of your personal data, subject to legal or contractual restrictions

To exercise any of these rights, please submit a written request to our Data Protection Officer (details in Section 9). We will acknowledge your request within 3 business days and respond fully within 30 days, extendable to 60 days for complex requests with written notice to you.

Please note that withdrawing consent may affect our ability to provide certain services or maintain your membership or participation.

8. Our Use of AI Tools

Hope uses AI-assisted tools to support administrative, communications, and ministry planning tasks. All AI tools used by Hope are reviewed and approved by our Data Protection Officer before deployment. Staff and volunteers are not permitted to input members’, donors’, or other individuals’ personal data into AI tools without DPO approval. Any AI-generated output that affects an individual is reviewed by a human staff member before being acted upon.

If you have questions about how AI tools are used in relation to your personal data, please contact our Data Protection Officer.

9. Contact Our Data Protection Officer

If you have questions about this notice, or wish to make a data access, correction, or withdrawal request, please contact:

Data Protection Officer

Email: [email protected]

Hope Church Singapore

10. Updates to This Notice

This Data Protection Notice is reviewed at least annually by our Data Protection Officer and updated whenever there is a material change to Hope’s data practices or AI use. Where changes are significant, we will notify members and regular attendees through our usual communication channels.

This notice reflects Hope’s IT Governance and Data Protection Policy v3.0 (June 2026). The most current version is always available on our website at https://www.hopesingapore.org.sg/pdpa/.