General information
Your privacy is of utmost importance to Changi Airport Group (Singapore) Pte Ltd. (“CAG”).
This privacy policy (the “Policy”) describes the Personal Data which CAG and its subsidiaries (“CAG Companies”) may collect from you in the course of its Corporate Social Responsibility (“CSR”) efforts, which includes but is not limited to, volunteerism, cash and in-kind donations and grantmaking. It also sets out how CAG Companies use, disclose and protect this data.
In this Policy “We”, “our” and “us” refer to CAG Companies.
1. Definitions
For the purposes of this Policy:
“Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access; and
“process”, “processed” and “processing” means the carrying out of any operation or set of operations in relation to Personal Data and includes recording, holding, organization, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.
2. Your Personal Data
We will collect Personal Data from an individual when it considers the Personal Data reasonably necessary for the relevant CSR purposes underlying such processing.
Examples of your Personal Data which may be collected by us include the following:
- Identity and Contact Data, such as your name, address, telephone number, date of birth, country of nationality or residence, national identification number, employment history, educational background, personal background, personal preferences, health data, professional qualifications and job title and function;
- Physical data, such as photographs and video recordings taken of you;
- Financial and Payment Data, such as your bank account information, and other related billing or payment information which you have provided us in any forms you may have submitted to us, or in other forms of interaction with you;
- Business Information, such as information provided in the course of our contractual relationship with you or your organisation, or otherwise voluntarily provided by you or your organisation.
3. How we collect your Personal Data
We use different methods to collect data about you, including the following:
- Direct interactions. You may give us your Personal Data by filling in forms or by corresponding with us by post, phone, email or otherwise. We may also directly collect Personal Data in other ways, including when:
- You give us feedback;
- You provide us with your details at events, meetings and during participation at CSR activities;
- You request that we contact you in response to CSR related appeals and queries
- You submit your resume or an application, or participate in interviews or testing, for employment or contracting opportunities with us;
- You volunteer for a CSR programme;
- You submit grant proposals to apply for funding from us;
- You submit programme reports and other relevant information as part of your obligation as a grantee;
- You make a donation to our charitable foundation; or
- Your image (including video recordings) is recorded by our official photographers/videographers at our events and programmes as photos and/ or video recordings may take place for publicity purposes.
- Third parties or publicly available sources. We may receive Personal Data about you from various third parties (e.g. your school, company, social service agency or other organisation) and public sources, including financial and transaction data from providers of technical, payment and delivery services.
- Closed Circuit Television systems or other surveillance devices. Circuit television systems and other surveillance devices are installed at our Changi Airport premises which may record your image for the purposes of: (i) monitoring the security and safety of persons; (ii) assisting in investigations of crime and other incidents; and (iii) managing the services provided at our Changi Airport premises.
- Parental Consent. You shall consult your parent or guardian before providing us with your Personal Data if you are under the age of sixteen 16.
4. Purposes for the Collection, Use and Disclosure of your Personal Data
Your Personal Data is generally processed by us as necessary for purposes directly related to our CSR functions and activities. This includes any one or more of the following purposes:
- To administer and conduct CSR programmes and events;
- To assess your suitability for participation in our CSR programmes and/or work schemes.
- To administer, monitor and assess programmes funded by grants from us;
- To monitor our CSR performance (e.g. volunteerism rate, volunteer hours)
- To award volunteer incentives
- To contact you regarding programmes and events that you have signed up for;
- To respond to queries, requests complaints and/or feedback;
- To prevent, detect and investigate security incidents or breaches, crime, including fraud, and analysing and managing other risks;
- To conduct surveys, questionnaires and requests for feedback;
- For promotional and publicity purposes, including to record or take photographs of participants at events or functions organised, hosted or participated in by us;
- To meet the requirements of any applicable laws/regulations, enforceable governmental request or court order;
- To fulfil such other purpose as may be specified in a data protection and privacy notice given to you at the time that your Personal Data is collected
5. Disclosure and Transfer of your Personal Data
In carrying out one or more of the purposes set out in section 4 of this Policy, we may disclose your Personal Data to one or more of the following third parties:
- Our employees, volunteers, interns, board and committee members;
- Our related organisations
- Our agents;
- Our authorised third party service providers (e.g. financial institutions, courier services, data processing, data storage, information technology, insurance)
- Our auditors and professional advisors;
- Our business partners;
- Our underwriters and insurers;
6. Consent
Unless the applicable laws or regulations allow otherwise, we will obtain consent from you for our processing of your Personal Data by methods or means such as making you sign a form or check a box. When you do so, you represent that you are over 16 years of age and can give valid consent.
Where Personal Data is submitted by you on behalf of another individual or concerns another individual other than yourself (or, in the case of situations where you, as a representative of your company or organisation are submitting the personal data of individuals as part of the disclosures by the company or organisation to us), you represent and warrant to us, that you have obtained all the necessary consents (procured in accordance with all applicable data protection legislation, including without limitation the PDPA) from the individual(s) concerned to (i) disclose the Personal Data of the individual(s) to us and to (ii) consent on behalf of the individual(s) to our collection, use and disclosure of the Personal Data for such purposes stated in the relevant sections of this Data Protection Policy). You represent and warrant that you have retained proof of these consents, such proof to be provided to us upon our request.
You can withdraw such consent at any time by contacting our data protection officer at the contact details set out at section 14 of this Policy.
Depending on the extent to which you withdraw consent, such withdrawal of consent may result in our inability to provide the relevant CSR services to you or perform our contractual obligations to you, and may be considered as a termination by you of any agreement between us and you. Our legal rights and remedies are expressly reserved in such an event.
7. Links to third-party websites
We may provide links to third-party websites on our site. Your use of such third-party websites will be subject to their privacy policies and we do not accept any responsibility or liability for these policies. We encourage you to read the privacy policies on the other websites you visit. As we cannot control or be responsible for the policies of other sites we may link to, or the use of any data you may share with them, you access these third-party websites at your own risk.
8. Keeping your Personal Data secure
We have put in place reasonable technical and procedural measures to safeguard your Personal Data, for example, by:
- Storing your Personal Data on secured servers; and
- Restricting access to Personal Data on a ‘need to know’ basis.
Please note that the use of the Internet cannot be made entirely secure and we therefore are unable to guarantee the security or integrity of any Personal Data which is transmitted over the Internet. You undertake to bear the risks of any transmission over the Internet.
9. Access to Personal Data
The accuracy of our data collection begins with you – you undertake that you will provide accurate and complete Personal Data.
You may request access to—and correction of—your Personal Data held by us by contacting us at the contact details set out in section 13of this Policy. All requests for access and/or correction will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations. Please note that we will need to verify your identity before proceeding with your request. We may charge you a reasonable fee for the handling and processing of your request.
10. Data retention
We will cease to retain your Personal Data when the purposes for which we collected your Personal Data have ceased and/or when we are no longer required to continue retaining your Personal Data for any legal or business purposes.
11. Unsolicited information
Where you have provided us with unsolicited Personal Data, for example in unsolicited emails or public posts on message boards, you will be regarded as having given us consent to use the unsolicited Personal Data as we see fit, on a non-confidential basis, and we shall be free to use, disclose, distribute and exploit such unsolicited Personal Data without limitation or attribution. We will strive to take reasonable steps to destroy or de-identify unsolicited Personal Data that we has no purpose for, but it cannot guarantee that all unsolicited Personal Data will be disposed of given system and operational limitations. You bear responsibility for not providing us with Personal Data beyond what we have requested from you, should you not consent to how we intend to treat unsolicited Personal Data provided by yourself.
12. Cookies
As you visit our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. Please refer to our Cookies Policy for further details. If you prefer not to allow certain cookies, you can manage them in accordance with our Cookies Policy.
13. Changes to this Policy
We may amend this Policy from time to time to reflect any changes to the way in which we process your Personal Data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page.
14. How to contact us
We welcome your feedback, comments and any questions that you may have.
If you wish to contact us, please write to us at the address below, referencing ‘Privacy Policy’:
Data Protection Officer
Changi Foundation Limited
60 Airport Boulevard, #046-037
Singapore Changi Airport
Singapore 819643
Email:csr@changiairport.com
To access Changi Airport Group's Privacy Policy, please click here.
Updated as of 13 December 2021.