Mercylight logo
Privacy Policy & Personal Data Notice
Last Updated: May 2026
Effective Date: 13 September 2025

Mercylight Animal Rescue and Sanctuary Limited (“Mercylight”, “we”, “our” or “us”) is committed to protecting your personal data in line with Singapore’s Personal Data Protection Act (“PDPA”). This policy explains how we collect, use, share and protect the personal data of our donors, adopters, fosterers, volunteers, website visitors and other stakeholders.

1. Personal Data We Collect

We only collect personal data that is needed for our work and operations. This may include:

  • Contact details: Name, telephone number, email address and mailing address.
  • Identification details: NRIC, FIN or passport numbers, only where required by law or for formal purposes, such as tax-deductible donations or adoption and fostering agreements.
  • Financial details: Bank account details or tokenised credit/debit card details used to process one-off or recurring donations and sponsorships.
  • Website data: IP addresses, cookies and basic device information collected when you visit our website.

2. How We Collect Your Personal Data

We may collect your personal data when you:

  • Complete an online or paper form, such as a volunteer, adoption, fostering or donation form.
  • Sign up for our newsletters, event updates or organisational updates.
  • Contact us by email, social media, telephone or in person.

3. Why We Use Your Personal Data

We use your personal data only for the purposes you have agreed to, or where allowed by law. These purposes may include:

  • Adoption and fostering: To assess suitability, manage adoption or fostering arrangements, and keep proper records.
  • Donations and finance: To process donations, manage sponsorships, issue tax-deductible receipts and submit required information to IRAS.
  • Volunteer management: To register volunteers, manage rosters, coordinate shifts and provide safety information.
  • Communications and outreach: To send updates, animal stories, annual reports or fundraising appeals where you have agreed to receive them.
  • Legal and audit requirements: To meet reporting and compliance requirements as a registered charity and Institution of a Public Character.

Mercylight does not sell, rent or trade your personal data to third parties for marketing purposes. We only share relevant data where necessary, such as with IRAS, the Commissioner of Charities, payment service providers or other service providers who help us carry out our work securely.

4. Consent and Withdrawal of Consent

We will seek your consent before collecting, using or sharing your personal data, unless the law allows otherwise.

You may withdraw your consent at any time. To stop receiving newsletters or marketing updates, you may click the “unsubscribe” link in our emails. For other requests, such as removing your records from our volunteer or foster database, please contact our Data Protection Officer.

Please note that withdrawing consent may affect our ability to provide certain services, such as processing future adoptions, fostering arrangements or tax-deductible donations.

5. Access and Correction of Personal Data

You may ask to access the personal data we hold about you, or request corrections if the information is inaccurate or incomplete.

Please contact our Data Protection Officer by email. We may ask for proof of identity before releasing or changing any personal data. We will respond to verified requests within the timelines required under the PDPA.

6. Accuracy and Security

We take reasonable steps to keep your personal data accurate and secure. We also put in place safeguards to protect your data from unauthorised access, loss, misuse or changes.

These safeguards may include encryption, firewalls, multi-factor authentication for authorised personnel, and secure storage of physical records.

7. Data Retention

We keep personal data only for as long as it is needed for the purpose it was collected, or as required for legal, accounting, audit or regulatory purposes.

When the data is no longer needed, we will delete, shred or anonymise it securely.

8. International Data Transfers

Mercylight mainly stores and processes records in secure systems based in Singapore. Where overseas cloud services or storage platforms are used, we will take reasonable steps to ensure that they provide protection comparable to the PDPA.

9. Contacting Our Data Protection Officer

If you have any questions, feedback or complaints about how your personal data is handled, or if you wish to access or correct your personal data, please contact our Data Protection Officer at dpo@mercylight.org.