Privacy Policy

1Who We Are

Dhammakaya Centre Singapore ("DCS", "we", "us", or "our") is a registered religious organisation in Singapore. We operate this website at dhammakaya.sg to share information about our activities, accept online donations, and provide services to our community.

DCS is the data controller responsible for your personal data collected through this website and our services.

2Personal Data We Collect

2.1 Information you provide directly

• Account registration: Name, email address, and profile picture (via Google OAuth)
• Donations: Name, email address, donation amount, and cause
• Course registration: Name, contact number, email address
• Enquiries / Contact forms: Name, email, and message content

2.2 Information collected automatically

• IP address and device/browser information
• Pages visited and navigation patterns (for website analytics only)
• Session cookies required for login functionality

2.3 Information from third-party services

• Google OAuth: Your name, email address, and profile picture when you choose to sign in with Google
• HitPay (payment gateway): Payment status and transaction reference numbers. DCS does not store your full card details — these are handled directly by HitPay

3How We Use Your Data (Purposes)

Under the PDPA, we may only collect, use, or disclose personal data for purposes that a reasonable person would consider appropriate. We use your data for the following purposes:

• Creating and managing your member account
• Processing and recording charitable donations and issuing receipts
• Registering you for courses, events, and activities
• Communicating important updates related to your registrations or donations
• Improving our website and services
• Complying with legal and regulatory obligations
• Fraud prevention and ensuring security of our systems

We will never sell, rent, or trade your personal data to any third party for commercial purposes.

4Consent and Legal Basis

Where required by the PDPA, we obtain your consent before collecting and using your personal data. By using our website and services, you consent to the collection and use of your data as described in this policy.

You may withdraw your consent at any time by contacting us at info@dhammakaya.sg. Please note that withdrawing consent may affect our ability to provide certain services to you.

Under the PDPA 2020 amendments, we may also rely on deemed consent by contractual necessity — for example, sharing your payment information with HitPay is necessary to process your donation.

5Disclosure to Third Parties

We only share your personal data with third parties in the following circumstances:

• Service providers: We work with trusted third-party service providers (e.g., HitPay for payment processing, Google for authentication) who are contractually obligated to protect your data and may only use it for the specific purpose we engaged them
• Legal obligations: We may disclose your data if required by Singapore law, a court order, or a lawful request from a government authority or law enforcement agency
• Protection of rights: We may disclose data where necessary to identify or take action against someone who may be causing harm to the security or integrity of our systems or the rights of DCS

We do not transfer your personal data outside of Singapore except where necessary (e.g., Google and HitPay servers), and we ensure adequate protections are in place in compliance with the PDPA's Transfer Limitation Obligation.

6Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law:

• Donation records: Retained for a minimum of 5 years for accounting and legal compliance purposes
• Account data: Retained until you request deletion of your account
• Course registration: Retained for up to 2 years after the course concludes
• Website logs / analytics: Retained for up to 12 months

When personal data is no longer needed, we will take reasonable steps to destroy or anonymise it securely.

7Data Protection and Security

We take our obligation to protect your personal data seriously. We have implemented reasonable technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, or destruction, including:

• HTTPS encryption for all data transmitted through our website
• Access controls — only authorised personnel can access personal data
• Passwords are stored using one-way hashing and are never stored in plain text
• Payment data is handled by PCI-DSS compliant third-party processors

Despite these measures, no security system is impenetrable. If you believe your account security has been compromised, please contact us immediately at info@dhammakaya.sg.

8Data Breach Notification

Under the PDPA 2020 amendments, DCS is required to notify the Personal Data Protection Commission (PDPC) and affected individuals in the event of a data breach that:

• Involves the personal data of 500 or more individuals, or
• Is likely to result in significant harm to affected individuals

We will notify the PDPC within 3 calendar days of assessing that the breach is notifiable, and will notify affected individuals as soon as is reasonably practicable. We maintain an internal data breach response procedure to ensure we respond swiftly and responsibly.

9Your Rights Under PDPA

As a data subject under the Singapore PDPA, you have the following rights:

To exercise any of these rights, please contact our Data Protection Officer (details in Section 13). We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

10Cookies and Website Analytics

Our website uses the following types of cookies:

• Session cookies: Required to keep you logged in during your visit. These are deleted when you close your browser.
• Analytics: We may use anonymised traffic data to understand how visitors use our site. This data does not identify you personally.

You may configure your browser to refuse cookies; however, certain features of our website (such as logging in) will not function without session cookies.

11Links to Third-Party Websites

Our website may contain links to external websites not operated by DCS. This Privacy Policy applies only to our website. Once you navigate to another site, you should review that site's privacy policy. We are not responsible for the privacy practices or content of third-party websites.

12Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will indicate the Last Updated date at the top of this page.

For material changes that significantly affect how we handle your data, we will notify registered users by email before the changes take effect. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

If you do not agree with the updated policy, please discontinue use of our services and contact us to close your account.

13Contact Us / Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or wish to make a complaint, please contact our Data Protection Officer:

• Organisation: Dhammakaya Centre Singapore
• Email: info@dhammakaya.sg
• Address: 6 Sumang Walk, Punggol, Singapore 828675

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg or by calling 1800-CALL-PDPC (1800-2255-7372).