Privacy Policy

EQUAL-ARK Singapore Ltd (EQUAL) may collect

(i) the personal details that you submit on the website, including, without limitation your name, email address, phone number, and delivery address;

(ii) information that you communicate to us through email, telephone, or alternative electronic or paper communications; and

(iii) information that we receive automatically when you interact with the Website, e.g. cookies (your “Personal Data”).

EQUAL requires your Personal Data in order to provide its services to you, in particular for the following purposes:

(a) Internal record keeping;

(b) Communication regarding Equal programmes and services, including event registration confirmations, volunteer account registration emails, and notifications related to incorrect details or fully booked/unavailable registrations;

(c) Improving our services, including website security, performance, functionality, operation, and the availability and variety of events;

(d) Periodically sending you updates on volunteer programmes, services, campaigns, and interesting events.

By using our website, creating a volunteer account, or making any donation, you expressly agree and consent to the collection, use, and disclosure of your personal data by Equal for the purposes outlined above.  Equal is committed to putting in place measures with a view to keeping your Personal Data secure. In order to prevent any unauthorised access, collection, use, disclosure, copying, modification, disposal, or other similar acts, we have put in place reasonable security policies and procedures to safeguard the information we collect online. Equal Ark will also cease to retain your Personal Data when you choose to terminate your Volunteer Account, except where required to retain, use, and disclose your Personal Data by law or where EQUAL believes in good faith that such retention, use, and disclosure is reasonably necessary for the purposes for which your Personal Data was collected or for any other legal or organization purposes. EQUAL will conduct regular reviews to determine if such retention, use, and disclosure is reasonably necessary.

If you have any questions about our privacy policy or the treatment of your personal data, please contact our team at (+65) 6904 0422 or info@equal.org.sg.

About This Policy

EQUAL-ARK Singapore Ltd (UEN: 201536378N “EQUAL”, “we”, “us”, “our”) is committed to protecting the personal data of all individuals who interact with us. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) and its subsequent amendments.

This Policy applies to all individuals whose personal data we process, including:

  • Programme participants and their caregivers or next-of-kin
  • Donors and corporate partners
  • Volunteers
  • Staff & Job applicants
  • Website visitors
  • Referral partners, vendors, and other third parties

By engaging with EQUAL, whether through our website, programmes, events, or communications you acknowledge that you have read and understood this Policy

Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this Policy.

The types of personal data we collect depend on your relationship with us:

Programme Participants and Caregivers

  • Full name
  • Contact details of the organisation (address, phone number, email)
  • Health and medical information, including mental health history, diagnoses, medications, and allergies (if need be and explicitly stated)
  • Referral documents and assessment notes from referring organisations
  • Session records, progress notes, and programme outcomes
  • Emergency contact details and next-of-kin information
  • Photographs or videos taken during sessions (where consent is obtained)

Donors

  • Full name, contact details, and correspondence address
  • Donation amount and payment information (processed via secure third-party payment gateways)
  • Tax exemption details (where applicable under the IPC framework)

Volunteers

  • Full name
  • Contact details and emergency contact information
  • Qualifications, skills, and volunteering history
  • Background check results (where required)
  • Health declarations (where relevant to volunteering activities)

Job Applicants

  • Full name & nationality
  • Resume, qualifications, and employment history
  • Performance and disciplinary records

Website Visitors

  • Name and contact details submitted via web forms
  • Communications sent to us via email, phone, or online channels

Why We Collect Your Personal Data

We collect and use personal data only for purposes that are legitimate, clearly defined, and communicated to you at the point of collection. These purposes include:

For Programme Participants

  • Assessing suitability for and delivering equine-assisted programmes
  • Managing referrals and communicating with referring social service agencies
  • Ensuring participant safety, including medical and emergency response protocols
  • Monitoring and evaluating programme outcomes for clinical and organisational purposes
  • Reporting to funders and regulatory bodies as required by grant conditions or law

For Donors and Corporate Partners

  • Processing donations and issuing tax-deductible receipts
  • Communicating about campaigns, fundraising events, and organisational updates
  • Complying with IPC and IRAS reporting obligations

For Volunteers

  • Managing volunteer registration, scheduling, and communications
  • Conducting background checks where required
  • Recognising volunteer contributions and maintaining volunteer records

For Staff and Job Applicants

  • Processing employment applications and conducting pre-employment screening
  • Managing payroll, CPF contributions, and statutory obligations under Singapore employment law
  • Administering HR processes including performance management, leave, and training

For Website Visitors and General Communications

  • Responding to enquiries and feedback
  • Improving the functionality, security, and user experience of our website
  • Sending organisational updates, event notifications, and newsletters (where consent has been given)

Legal Basis for Collection and Processing

We rely on the following legal bases to collect, use, and disclose personal data:

  • In most cases, we will request your explicit consent before collecting your personal data. Consent may be given in writing, verbally, or through your conduct (e.g. submitting a form or registering as a volunteer).
  • We may be required to collect, retain, or disclose personal data to comply with applicable Singapore laws and regulations, including the Employment Act, CPF Act, IRAS requirements, Charities Act, and directions from government agencies such as NCSS or the Commissioner of Charities.
  • Where you have entered into a service agreement, grant arrangement, or employment contract with us, we may process your personal data as necessary to fulfil our obligations under that arrangement.
  • In situations where there is a risk to the life, health, or safety of a participant or any other person, we may collect or disclose personal data without consent toprotect those vital interests.
  • We may process personal data where it is in EQUAL’s legitimate organisational interests such as maintaining accurate records, safeguarding our staff and participants, or fulfilling our obligations as an IPC-registered charity provided that this does not override your fundamental privacy rights.

Disclosure of Personal Data to Third Parties

We do not sell, rent, or trade your personal data. We may disclose your personal data to third parties only in the circumstances described below:

Service Providers and Vendors

We engage third-party service providers who process personal data on our behalf. These include:

  • Cloud storage and IT systems providers
  • Email and communications platforms
  • Payroll and HR management systems
  • Payment gateway operators (for donation processing)
  • Background screening services (for volunteers and staff)

All such providers are required to handle personal data in accordance with PDPA obligations and are bound by data processing agreements with EQUAL.

Referral Partners and Co-Delivery Agencies

Where participants are referred to us by social service agencies, schools, hospitals, or other partner organisations, we may share relevant programme updates or outcome reports with the referring organisation. This will be done only with the participant’s (or guardian’s) knowledge and, where applicable, consent.

Funders and Regulatory Bodies

As an IPC-registered charity receiving government and institutional grants, we may be required to disclose programme data and participant information (in anonymised or aggregated form wherever possible) to funders such as NCSS, SSF, and other grant-making bodies. Where individual-level data is required, we will notify you.

Government and Statutory Agencies

We may disclose personal data to government agencies (including MOM, IRAS, CPF Board, the Commissioner of Charities, and law enforcement) where required by law or in response to a lawful request.

How Long We Retain Your Personal Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general retention periods are:

  • Programme participant records: 5 years from the date of last service, or longer where required by clinical or legal obligations
  • Donor records: 7 years from the date of donation, in line with IRAS requirements
  • Volunteer records: 3 years from the end of the volunteer engagement
  • Staff and employment records: 7 years from the cessation of employment, or as required by MOM and CPF regulations
  • Job application records (unsuccessful candidates): 2 years from the date of application, unless the applicant consents to longer retention for future opportunities
  • Website and communications data: 2 years from the last interaction

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised. Where data is retained in anonymised or aggregated form for research and reporting purposes, it will no longer be identifiable to any individual.

Your Rights Under the PDPA

As an individual whose personal data we hold, you have the following rights:

  • You may request access to the personal data we hold about you, and information about how it has been used or disclosed in the past year.
  • You may request that we correct any inaccuracy or error in your personal data. We will make the correction within a reasonable time and, where applicable, notify any third party to whom the data was disclosed.
  • Where you have given consent for the collection, use, or disclosure of your personal data, you may withdraw that consent at any time. Please note that withdrawal of consent may affect our ability to continue providing services to you. We will inform you of the likely consequences before you withdraw.
  • For certain categories of personal data processed by automated means, you may request that we transmit the data to another organisation in a commonly used format.

How We Exercise Choice: Your Opt-Out Options

We respect your right to make choices about how your personal data is used. Specifically:

  • Marketing: You may unsubscribe from our mailing list at any time by clicking the unsubscribe link in any email we send, or by contacting us directly
  • Photographs and media: If you do not wish to be photographed or filmed during EQUAL programmes or events, please inform us at the point of engagement. We will use reasonable efforts to accommodate your preference.
  • Research and evaluation: Where we use personal data for internal research or impact evaluation, you may request that your data be excluded or used only in anonymised form.
  • Withdrawal of consent: You may withdraw consent at any time. Your withdrawal will be processed promptly and will not affect the lawfulness of any processing carried out prior to withdrawal.

How We Protect Your Personal Data

At EQUAL we take the security of your personal data seriously. We have implemented administrative, technical, and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include:

  • Role-based access controls limiting data access to authorised personnel only
  • Encryption of sensitive data in transit and at rest
  • Regular review of third-party vendor data protection practices
  • Staff training on data protection obligations and handling procedures
  • Incident response procedures for suspected data breaches

Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals, we will:

  • Notify the Personal Data Protection Commission (PDPC) within 3 business days of determining that a notifiable breach has occurred
  • Notify affected individuals as soon as practicable where the breach is likely to result in significant harm to them
  • Take prompt steps to contain the breach and mitigate its impact

Contact Our Data Protection Officer

EQUAL has appointed a Data Protection Officer (DPO) who is responsible for ensuring compliance with the PDPA and overseeing data protection practices within the organisation.

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or wish to make a complaint about how we have handled your personal data, please contact our DPO via email at DPO@equal.org.sg.