Privacy Policy

EQUAL-ARK Singapore Ltd (EQUAL) may collect

(i) the personal details that you submit on the website, including, without limitation your name, email address, phone number, and delivery address;

(ii) information that you communicate to us through email, telephone, or alternative electronic or paper communications; and

(iii) information that we receive automatically when you interact with the Website, e.g. cookies (your “Personal Data”).

EQUAL requires your Personal Data in order to provide its services to you, in particular for the following purposes:

(a) Internal record keeping;

(b) Communication regarding Equal programmes and services, including event registration confirmations, volunteer account registration emails, and notifications related to incorrect details or fully booked/unavailable registrations;

(c) Improving our services, including website security, performance, functionality, operation, and the availability and variety of events;

(d) Periodically sending you updates on volunteer programmes, services, campaigns, and interesting events.

By using our website, creating a volunteer account, or making any donation, you expressly agree and consent to the collection, use, and disclosure of your personal data by Equal for the purposes outlined above.  Equal is committed to putting in place measures with a view to keeping your Personal Data secure. In order to prevent any unauthorised access, collection, use, disclosure, copying, modification, disposal, or other similar acts, we have put in place reasonable security policies and procedures to safeguard the information we collect online. Equal Ark will also cease to retain your Personal Data when you choose to terminate your Volunteer Account, except where required to retain, use, and disclose your Personal Data by law or where EQUAL believes in good faith that such retention, use, and disclosure is reasonably necessary for the purposes for which your Personal Data was collected or for any other legal or organization purposes. EQUAL will conduct regular reviews to determine if such retention, use, and disclosure is reasonably necessary.

If you have any questions about our privacy policy or the treatment of your personal data, please contact our team at (+65) 6904 0422 or info@equal.org.sg.

About This Policy

EQUAL-ARK Singapore Ltd (UEN: 201536378N  “EQUAL”, “we”, “us”, “our”) is committed to protecting the personal data of all individuals who interact with us. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) and its subsequent amendments.

This Policy applies to all individuals whose personal data we process, including:

  • Programme participants and their caregivers or next-of-kin
  • Donors and corporate partners
  • Volunteers
  • Staff & Job applicants
  • Website visitors
  • Referral partners, vendors, and other third parties

By engaging with EQUAL, whether through our website, programmes, events, or communications you acknowledge that you have read and understood this Policy

Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this Policy. The types of personal data we collect depend on your relationship with us:

Programme Participants and Caregivers

  • Full name
  • Contact details of the organisation (address, phone number, email)
  • Health and medical information, including mental health history, diagnoses, medications, and allergies (if need be and explicitly stated)
  • Referral documents and assessment notes from referring organisations
  • Session records, progress notes, and programme outcomes
  • Emergency contact details and next-of-kin information
  • Photographs or videos taken during sessions (where consent is obtained)

Donors

  • Full name, contact details, and correspondence address
  • Donation amount and payment information (processed via secure third-party payment gateways)
  • Tax exemption details (where applicable under the IPC framework)

Volunteers

  • Full name
  • Contact details and emergency contact information
  • Qualifications, skills, and volunteering history
  • Background check results (where required)
  • Health declarations (where relevant to volunteering activities)

Job Applicants

  • Full name & nationality
  • Resume, qualifications, and employment history
  • Performance and disciplinary records

Website Visitors

  • Name and contact details submitted via web forms
  • Communications sent to us via email, phone, or online channels

Why We Collect Your Personal Data

We generally collect personal data that;

  • you knowingly and voluntarily provide in the course of or in connection with your employment or job application with us, or via a third party who has been duly authorized by you to disclose your personal data to us (your “authorized representative”, which may include your job placement agent), after
    • you (or your authorized representative) have been notified of the purposes for which the data is collected, and
    • you (or your authorized representative) have provided written consent to the collection and usage of your personal data for those purposes, or

(b). collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorized by law).

Your personal data will be collected and used by us for the following purposes and we may disclose your personal data to third parties where necessary for the following purposes:

For Programme Participants & Applicants

  • Assessing suitability for and delivering equine-assisted programmes
  • Managing referrals and communicating with referring social service agencies
  • Ensuring participant safety, including medical and emergency response protocols
  • Monitoring and evaluating programme outcomes for clinical and organisational purposes
  • Reporting to funders and regulatory bodies as required by grant conditions or law

For Donors

  • Processing donations and issuing tax-deductible receipts
  • Communicating about campaigns, fundraising events, and organisational updates
  • Complying with IPC and IRAS reporting obligations

For Volunteers

  • Managing volunteer registration, scheduling, and communications
  • Conducting background checks where required
  • Recognising volunteer contributions and maintaining volunteer records

For Staff and Job Applicants

  • Processing employment applications and conducting pre-employment screening
  • Managing payroll, CPF contributions, and statutory obligations under Singapore employment law
  • Administering HR processes including performance management, leave, and training

For Website Visitors and General Communications

  • Responding to enquiries and feedback
  • Improving the functionality, security, and user experience of our website
  • Sending organisational updates, event notifications, and newsletters (where consent has been given)

Legal Basis for Collection and Processing

You have choices regarding our collection, use or disclosure of your personal data. If you choose not to provide us with the personal data described in this notice, we may not be in a position to process and facilitate your job application. We may also collect, disclose or use your personal data pursuant to an exception under the PDPA or other written law such as during the following situations:

  • to respond to an emergency that threatens your life, health and safety or of another individual; and
  • necessary in the national interest, for any investigation or proceeding

Disclosure of Personal Data to Third Parties

We do not sell, rent, or trade your personal data. We may disclose your personal data to third parties only in the circumstances described below:

Service Providers and Vendors

We engage third-party service providers who process personal data on our behalf. These include:

  • Cloud storage and IT systems providers
  • Email and communications platforms
  • Payroll and HR management systems
  • Payment gateway operators (for donation processing)
  • Background screening services (for volunteers and staff)

All such providers are required to handle personal data in accordance with PDPA obligations and are bound by data processing agreements with EQUAL.

Referral Partners and Co-Delivery Agencies

Where participants are referred to us by social service agencies, schools, hospitals, or other partner organisations, we may share relevant programme updates or outcome reports with the referring organisation. This will be done only with the participant’s (or guardian’s) knowledge and, where applicable, consent.

Funders and Regulatory Bodies

As an IPC-registered charity receiving government and institutional grants, we may be required to disclose programme data and participant information (in anonymised or aggregated form wherever possible) to funders such as NCSS, SSF, and other grant-making bodies. Where individual-level data is required, we will notify you.

Government and Statutory Agencies

We may disclose personal data to government agencies (including MOM, IRAS, CPF Board, the Commissioner of Charities, and law enforcement) where required by law or in response to a lawful request.

How Long We Retain Your Personal Data

We may disclose personal data to government agencies (including MOM, IRAS, CPF Board, the Commissioner of Charities, and law enforcement) where required by law or in response to a lawful request.

  • Programme participant records: 5 years from the date of last service, or longer where required by clinical or legal obligations
  • Donor records: 7 years from the date of donation, in line with IRAS requirements
  • Volunteer records: 3 years from the end of the volunteer engagement
  • Staff and employment records: 7 years from the cessation of employment, or as required by MOM and CPF regulations
  • Job application records (unsuccessful candidates): 2 years from the date of application, unless the applicant consents to longer retention for future opportunities
  • Website and communications data: 2 years from the last interaction

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised. Where data is retained in anonymised or aggregated form for research and reporting purposes, it will no longer be identifiable to any individual.

Your Rights Under the PDPA

WITHDRAWING YOUR CONSENT

  • The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
  • Upon receipt of your written request to withdraw your consent, we may require reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within ten (10) business days of receiving it.
  • Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extend of your respect, we may not be in a position to provide you with the relevant goods and services (as teh case may be). We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in the above clause.
  • Please note that withdrawinign consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

ACCESS TO AND CORRECTION OF PERSONAL DATA

  • If you wish to make
    • an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
    • a correction request to correct or update any of your personal data which we hold, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
  • Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
  • We will respond to your request as soon as reasonably possible. Should we not be able to respond to your access request within thirty (30) business days after receiving your access request, we will inform you in writing within thirty (30) business days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
  • Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organization has on record, if the record of your personal data forms a negligible part of the document.

How We Exercise Choice: Your Opt-Out Options

We respect your right to make choices about how your personal data is used. Specifically:

  • Marketing: You may unsubscribe from our mailing list at any time by clicking the unsubscribe link in any email we send, or by contacting us directly
  • Photographs and media: If you do not wish to be photographed or filmed during EQUAL programmes or events, please inform us at the point of engagement. We will use reasonable efforts to accommodate your preference.
  • Research and evaluation: Where we use personal data for internal research or impact evaluation, you may request that your data be excluded or used only in anonymised form.
  • Withdrawal of consent: You may withdraw consent at any time. Your withdrawal will be processed promptly and will not affect the lawfulness of any processing carried out prior to withdrawal.

How We Protect Your Personal Data

At EQUAL we take the security of your personal data seriously. We have implemented administrative, technical, and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include:

  • Role-based access controls limiting data access to authorised personnel only
  • Encryption of sensitive data in transit and at rest
  • Regular review of third-party vendor data protection practices
  • Staff training on data protection obligations and handling procedures
  • Incident response procedures for suspected data breaches

Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals, we will:

  • Notify the Personal Data Protection Commission (PDPC) within 3 business days of determining that a notifiable breach has occurred
  • Notify affected individuals as soon as practicable where the breach is likely to result in significant harm to them
  • Take prompt steps to contain the breach and mitigate its impact

Accuracy Of Personal Data

We generally rely on personal data provided by you (or your authorized representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

Contact Our Data Protection Officer

EQUAL has appointed a Data Protection Officer (DPO) who is responsible for ensuring compliance with the PDPA and overseeing data protection practices within the organisation.

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or wish to make a complaint about how we have handled your personal data, please contact our DPO via email at DPO@equal.org.sg.