CCS is proud to be awarded the Cyber Essentials mark by the Cyber Security Agency (CSA) and implemented the Data Protection Essentials programme by the Infocomm Media Development Authority (IMDA) of Singapore.

Through this certification, it demonstrates CCS commitment to protect the privacy our clients. CCS has implemented basic data protection and security practices to protect our clients’ personal data and recover quickly in the event of a data breach.

Personal Data Protection Policy

1.     Introduction

Credit Counselling Singapore (CCS) respect the privacy and confidentiality of the personal data of our clients, customers, associates, partners, visitors and other individuals whom we interact with in the course of providing our products and services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.

We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.


2.     How We Collect Your Personal Data

Personal data refers to any information that can uniquely identify an individual person either

1.     On its own (e.g. NRIC No., FIN No.), or

2.     When combined with other information (e.g. Full Name + Full Address).


We collect your personal data when you:

1.   Register for and attend our courses on financial and debt management.

2.   Enquire about our debt management services as a help seeker.

3.   Becoming our client for our debt management programme and counselling services.

4.   Visit our website and leave behind your contact information.

5.   Provide feedback to us on our services or quality of service.

6.   Communicate with us via emails or written correspondences.

7.   Become a member of CCS.

8.   Submit your CV and job application form to us to be our counsellor or employee.


3.     Types of Personal Data We Collect About You

The types of personal data we collect about you include:

1.   Personal contact information (Name, Address, Phone No., Email Address).

2.   Personal details (Name, NRIC No./FIN No./Passport No., Gender, Date of Birth, Nationality).

3.   Financial information (Credit/Debit Card Details, Bank Account Details, Creditors’ information).

4.   Job Applicant’s educational and professional qualifications.

5.   Job applicant’s professional and work experience.

We keep records of all calls made to CCS’s mainline for various purposes such as client management, handling of general enquiries and improvement to our services and programmes.


4.     How We Use Your Personal Data

We use the personal data you provide us for one or more of the following purposes:

1.   Send information about our programmes and counselling services.

2.   Manage your creditor issues through our debt management programme and counselling services.

3.   Process payment for our services.

4.   Obtain comments or feedback about our services or quality of service.

5.   Respond to queries and feedback, and provide customer service and support.

6.   Investigate complaints, claims and disputes.

7.   Manage and improve our business and operations to serve you better or enhance client experience.

8.   Process job applications, recruitment, and selection.

9.   Fulfil legal requirements.


5.     Who We Disclose Your Personal Data To

We disclose some of the personal data you provide us to the following entities or organisations outside CCS in order to fulfil our services to you:

1.   Banks and Financial Institutions/Credit Agencies/Moneylenders

2.   IT / technical support vendors and service providers

3.   Social Services Organisations

Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.


6.     How We Manage the Collection, Use and Disclosure of Your Personal Data

6.1   Obtaining Consent

Before we collect, use, or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you submit a job application form or your CV to our HR Department.


6.2   Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of our future talks or courses or follow up with you on our client-related matters.

Your request for withdrawal of consent can take the form of an email or letter to us.


6.3   Use of Cookies

We may use “cookies” to collect information about your online activity on our website or online services. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or when you fill in electronic forms.

Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.

You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.


7 .     How We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.

From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

8.     How We Protect Your Personal Data

We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.

We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.


9.     How We Retain Your Personal Data

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.


10.     How You Can Access and Make Correction to Your Personal Data

You may write to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.


11.     Contacting Us

If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at pdpa@ccs.org.sg.

Any query or complaint should include, at least, the following details:

1.   Your full name and contact information

2.   Brief description of your query or complaint

We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.


12.     Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.

Changes to this Notice take effect when they are posted on our website.


Last updated: 7 September 2023