DATA PROTECTION POLICY
1. Introduction
1.1
We at AsiaMedic Limited and our subsidiaries (collectively referred to as herein as “AML”, “we”, “us” or “our”) respect the privacy and confidentiality of the personal data of AML’s shareholders, patients, associates, partners, visitors and other individuals whom we may interact with in the course of providing our medical services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012 (“PDPA”).
1.2
We have developed this Data Protection Notice (“Notice”) to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.
1.3
This Notice supplements but does not supersede nor replace any other consents which may have been previously provided to us in respect of your personal data, and your consents herein are additional to any rights which we may have under applicable law to collect and handle your personal data.
2. Personal Data
2.1
As used in this Notice and in line with the PDPA, personal data refers to any data, whether true or not, about an individual who can be identified from that data; or (b) from that data and other information to which we have or are likely to have access to.
2.2
Depending on the nature of your interaction with us, some examples of personal data that we may collect about you includes, without limitation, your:
- medical information (such as allergies, medical conditions, prescriptions, medical and family history);
- personal information (such as name, NRIC, gender, nationality);
- details of your next-of-kin, spouse and other family members;
- contact information (such as address, phone number, email address);
- financial information (such as credit card details, bank account details);
- photos and Images (such as those captured on our CCTV cameras and those required for medical purposes);
- transactional data (such as name, company/organisation, designation, address);
- job applicant data (such as educational and professional qualifications as well as work experience); and
- shareholding data (such information necessary to manage your shareholding with us and to fulfil your other requests).
2.3
If you are a non-resident of Singapore, the provisions below will apply:
(a) we will only collect the following personal data from you whilst you are physically located outside of Singapore:
- name; and
- contact information.
(b) you consent to and accept that the personal data stated in Clause 2.3(a) will be used for the purposes of contacting you and making arrangements for a medical appointment at our premises in Singapore; and
(c) any other types of personal data will be obtained from you when you are at our premises in Singapore.
2.4
Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
3. Collection of Personal Data
3.1
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (I) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
3.2
Generally, we may collect your personal data in the following ways:
- when you register for or use any of our medical services or products;
- when you submit any form or online query;
- when you become a shareholder of AML or in the process of you being a shareholder of AML;
- when you book a medical appointment at our clinics over the counter, through telephone calls or via our website portal;
- when you enter our physical premises and your contact information is required for registration, safety and security purposes;
- when you are within our premises and your images are being captured by us via CCTV, or via photographs or videos taken by us or our representatives when you attend events at our premises;
- when you provide us with goods and/or services as our service provider or vendor;
- when you provide feedback to us on our products and services or quality of service;
- when you interact with our customer service officers, any of our staff or other representatives, for example, via face-to-face meetings, telephone calls, emails, social media platforms and written correspondences;
- when you submit your resume/CV and job application form or any other documents or information to us in response to our recruitment advertisements, through recruitment firms or job portals;
- when you use our services supplied through online and other technology platforms (including cloud computing platforms), such as websites and applications;
- when you create or administer any online accounts with us;
- when you request that we contact you or ask to be included in an email or other mailing list;
- when you respond to our request for additional personal data;
- when you respond to our promotions and other initiatives;
- when we receive your personal data from referral intermediaries, business partners, public agencies, your representatives and your ex-employers or other third parties;
- when we seek information from third parties about you in connection with your relationship with us;
- when you browse our website (you generally do so anonymously but please refer to clause 12 below on the use of cookies); and
- when you submit your personal data to us for any other reason.
3.3
If you provide us with any personal data relating to a third party (e.g. information on your spouse, next-of-kin, children, parents, and/or employees), you represent and warrant that you have informed the third party of the purposes for which we are collecting their personal data and that you have obtained the consent of the third party to provide us with their personal data for those purposes.
4. Use and Disclosure of Personal Data
4.1
In general, we may collect, use and/or disclose the personal data you provide to us for one or more of the following purposes:
- verify your identity;
- establish and maintain account profiles and information;
- collate, compile and analyze such data in order to generate personalised health reports which will be uploaded to a cloud database and made available for patients to download;
- build a consolidated electronic patient database;
- provide patient care ;
- manage your relationship with us;
- provide medical services, treatment and advice, products and meeting healthcare needs;
- process and administer health records;
- process payments or credit transactions;
- manage business and administrative operations and processes and comply with our internal procedures and policies;
- conduct marketing and promotional activities and communicate with you about relevant services, products and offerings;
- personalise your experience with our content and to generate insights to improve and develop our services, products and offerings;
- monitor the movement of visitors to our physical premises for safety and/or security purposes;
- respond to, handle and process booking of appointments, enquiries, requests and feedback on user experience;
- carry out our obligations arising from any contracts entered into between you and us and in the course of or in connection with our provision of the services and/or products requested by you;
- comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
- conduct audits and manage commercial risks;
- protect and enforce our contractual and legal rights and obligations;
- facilitate business asset transactions involving AML;
- transmit to any unaffiliated third parties including our third party service providers and agents, and relevant government and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes (provided that we will ensure these third parties (a) are subject to the relevant confidentiality obligations in respect of your personal data, (b) undertake to comply with the PDPA and (c) take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA, if your personal data is transferred to a recipient in a country or territory outside Singapore); and
- any other incidental purposes related to or in connection with the above.
4.2
In addition, we may collect, use and/or disclose your personal data for the following purposes, depending on your relationship with us and the circumstances:
For shareholders
- administer our relationship with you, including the verification of your identity and/or your proxies and maintenance of statutory registers;
- communication purposes, including sending notices of general meetings, shareholder circulars and annual reports;
- facilitate your attendance at our general meetings; and
- facilitate all other shareholder-related matters.
For service providers or vendors
- perform evaluations to assess the suitability of your proposals;
- conduct background checks;
- manage the supply of goods and services; and
- any other purpose related to any of the above.
For job applicants
- process your application;
- assess and evaluate your suitability for employment in any current or prospective position within the organisation; and
- verify your identity and the accuracy of your personal details and other information provided.
4.3
The above purposes are not intended to be exhaustive. We will notify you of any other purposes for which we may collect, use and/or disclose your personal data at the time of obtaining your consent.
4.4
If you have provided your Singapore telephone number(s),and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, AML may continue to contact you using such Singapore telephone number(s) (including via voice calls, text, fax, or other means) with information about our products and services, unless you have withdrawn your consent.
4.5
Subject to the provisions of any applicable law, we may disclose your personal data to third parties set out below, whether they are located in Singapore or overseas:
- any member of AML, our affiliates and associated companies;
- our agents, contractors and third party service providers who provide administrative, financial, operational or other services;
- clinics / hospitals / medical practitioners / specialists;
- medical service providers such as laboratories, radiology and diagnostic imaging centres;
- Relevant government agencies & regulatory authorities such as the Ministry of Health, the Ministry of Manpower to comply with any laws, rules and regulations imposed by any governmental authority;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving AML;
- providers of professional services such as share registrars, auditors, lawyers, consultants;
- insurance companies;
- banks, payment card processing companies and other financial institutions;
- data processing and hosting companies such as IT service providers, webhosting companies and cloud service providers;
- recruitment agencies / headhunters;
- providers of goods or services such as freight and courier services, warehouse services; and
- any other party to whom you consent for us to disclose your personal data.
Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
5. Reliance on the Legitimate Interests Exception
5.1
In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of AML or another person. In relying on the legitimate interests exception of the PDPA, AML will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
5.2
In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
- fraud detection and prevention;
- detection and prevention of misuse of services;
- network analysis to prevent fraud and financial crime, and perform credit analysis; and
- collection and use of personal data on company-issued devices to prevent data loss.
5.3
The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
6. Withdrawing Consent
6.1
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
6.2
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) business days of receiving it.
6.3
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and this may also impact our ability to proceed with your transactions or interactions with us and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 13 below.
6.4
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
7. How We Ensure the Accuracy of Your Personal Data
7.1
We generally rely on personal data provided by you (or your authorised representative).
7.2
In order to ensure that your personal data is current, complete and accurate, please update us if there are any changes to your personal data (such as a change in your mailing address) by informing our Data Protection Officer at the contact details provided below.
8. How We Protect Your Personal Data
8.1
We have implemented appropriate information security and technical measures (such as firewalls,, secure network protocols, premises security measures, security measures to safeguard physical documents and records, authentication and access controls (such as good password practices), up-to-date antivirus protection, regular patching of operating system and other software, web security measures against risks, usage of one time password (OTP) /2 factor authentication (2FA) to secure access) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
8.2
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
8.3
You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
9. How We Retain Your Personal Data
9.1
We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required by applicable laws.
9.2
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms (including via cloud services).
9.3
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for business or legal purposes.
9.4
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
10. How You Can Access and Make Correction to Your Personal Data
10.1
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
10.2
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
10.3
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
10.4
Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.
11. How We Transfer Your Personal Data
11.1
If there is a need for us to transfer your personal data to another organisation outside of Singapore, we will comply with the PDPA provisions in respect of the transferred personal data and take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
12. Use of Cookies
12.1
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
12.2
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
12.3
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
How do we Use Cookies?
12.4
We use cookies in a range of ways to improve your experience on our website, including:
- keeping you signed in; and
- understanding how you use our website.
What Types of Cookies Do We Use?
12.5
There are several different types of cookies which our website uses:
- Functionality – We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Google Analytics – We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://policies.google.com/privacy.
How to manage Cookies
12.6
You can set your browser not to accept cookies by changing the settings of your browser. However, in a few cases, some of our website features may not function as a result.
Third-Party Sites
12.7
Our website may contain links to other websites which are operated by third parties. We are not responsible for the privacy practices of any such linked external websites. We encourage you to check the applicable privacy policies of such third-party websites to learn about their data practices.
13. Contacting Us
13.1
If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, or if you wish to make a request, you may contact our Data Protection Officer (DPO) at: dpo@asiamedic.com.sg.
13.2
Any query, complaint or request should include, at least, the following details:
- your full name and contact information; and
- brief description of your query, complaint or request.
13.3
We treat such queries, feedback and requests seriously and will deal with them confidentially and within reasonable time.
13.4
Please note that if your personal data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and requests to AML on your behalf.
14. Effect of Notice and Changes to Notice
14.1
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
14.2
We may update this Notice from time to time without prior notice. Any amended Notice will be posted on our website and you are encouraged to visit our website periodically to note any changes.
15. Governing Law
15.1
This Notice shall be governed in all respects by the laws of Singapore.