Privacy policy
Last updated 14 May 2026 · Draft pending PAP HQ review before public launch.
This Privacy Policy explains how the PAP Kampong Glam Branch (“we”, “us”) collects, uses, discloses, and retains personal data when you apply for membership through this portal. We operate in accordance with the Personal Data Protection Act 2012 (Singapore) and the membership application requirements of the People’s Action Party.
1. What we collect
The membership form (MF_V1.0) requires the following information:
- Identity: full name (including underlined surname), Chinese name if applicable, NRIC number, date and place of birth, race, gender, marital status.
- Contact: home address (postal code, block, street, building, unit number), telephone numbers (home, office, mobile), email, social media handles.
- Address coordinates:when you enter your postal code, we look up the corresponding street address via the Singapore Land Authority’s OneMap service. This returns approximate latitude / longitude for your block which we store alongside the address. We use the coordinates only to tag your application with the correct electoral constituency (GRC/SMC) for branch reporting. They are never published or shared outside the parties listed in section 3.
- Background: housing type, highest education, written and spoken languages, occupation and employer, monthly income bracket, hobbies, memberships in trade unions, associations, clubs, community organisations.
- Photograph: a colour passport-style photo for the printed form.
- Signatures: handwritten e-signatures from you, your referral, and the Branch Chairman, captured with timestamp and IP address.
- NRIC scans: only when your place of birth is outside Singapore. Front and back scans are captured for HQ verification and auto-deleted within 24 hours of being sent to HQ.
2. Why we collect it
- To process your membership application end-to-end.
- To produce and send the completed MF_V1.0 form to PAP HQ for approval, including the three required signatures.
- To maintain an audit trail of who acted on your application and when, in line with PAP’s internal accountability requirements.
- To communicate with you about the status of your application — invites, reminders, outcome notifications.
3. Who sees your data
- Your Branch Admin Team (Master Admin, Admins, Team Members) — for verification and processing within the branch.
- Your assigned Referral — sees only the basic context needed to sign in support of your application.
- The Branch Chairman — reviews the completed form before HQ submission.
- PAP HQ — receives the completed PDF form by email when the branch sends it. Outcome (approval or rejection) is recorded back into the system.
- Taylab — the platform operator. Limited access for technical support; governed by a data-processing agreement with the branch.
We do not sell or rent your personal data, and we do not disclose it to any party outside the list above except where required by law.
4. How long we keep it
- NRIC scans (image files): auto-purged within 24 hours of the application being sent to HQ. The scan images are deleted from storage; no copy is retained.
- NRIC number: retained in encrypted-at-rest form as part of the application record. PAP HQ requires the number for membership verification and ongoing record-keeping. Access is restricted to the same parties listed in section 3.
- All other application data: retained for seven (7) years from the completion date, in line with audit and recordkeeping practice.
- Audit logs: retained for the same seven-year period and never include NRIC numbers in plain text.
5. How we protect it
- All data is stored encrypted at rest in Supabase (AWS Singapore region) with tenant-level row-level security so one branch’s data is never visible to another.
- Access by the Branch Admin Team is gated by individual login, multi-factor capable, with full audit trail of every read and write.
- Magic-link invitations are time-bounded and single-use; once consumed they cannot be re-opened.
- All transport is TLS 1.2+. Storage URLs are short-lived presigned links, not public.
6. Your rights
Under the PDPA you have the right to:
- Ask us what personal data we hold about you and how it has been used.
- Request correction of inaccurate data.
- Withdraw consent and request deletion (subject to legal retention obligations — see section 4).
- Lodge a complaint with the Personal Data Protection Commission (Singapore) if you believe we have not complied.
To exercise any of these rights, contact the branch coordinator via the contact page.
7. Cookies and analytics
This portal uses only the strictly necessary cookies needed to keep you signed in. We do not run third-party analytics, advertising, or tracking pixels.
8. Changes to this policy
We will update this page if the form, retention periods, or data handling changes. Substantive changes will be notified to active applicants by email.
Last reviewed by the Branch Admin Team on 14 May 2026. Pending sign-off by PAP HQ before general public release.