Personal Data Protection Notice

PERSONAL DATA PROTECTION NOTICE

This Personal Data Protection Notice (“Notice”) sets out the basis which CareHealth(“we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act(“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engage to collect, use, disclose or process personal data for our purposes.

CareHealth is not responsible for the Personal Data Protection Notices/Statements or other content on websites outside of the CareHealth Platforms. You should review the Personal Data Protection Notices/Statements of websites you choose to link to from the CareHealth Platforms, so that you understand how those websites collect, use and share your information. If you have any doubts about the security of the information you are providing on another site, CareHealth recommends that you contact that website directly for more information. CareHealth shall not be responsible for the actions of third parties in any manner whatsoever, including but not limited to any violation of such Personal Data Protection Notices/Statements or otherwise.

In this Notice, you will find information on:

1.    Personal Data

2.    Collection, use and disclosure of personal data

3.    Reliance on legitimate interests exception

4.    Withdrawing your consent

5.    Access to and correction of personal data

6.    Protection of personal data

7.    Accuracy of personal data

8.    Retention of Personal Data

9.    Cookies

10.  Children under eighteen

11.  Third Party Analytics

12.  Transfer of Personal Data within and outside of Singapore

13.  Data protection officer

14.  Effect of notice and changes to notice

Personal Data

As used in this Notice:

“customer” means an individual who (a) has contacted us through any means to find out more about any goods and services we provide, or (b) may, or has, entered into a contract with us for the supply of any products or services by us; and

“personal data” means data, whether true or not, about a customer who can be identified: (a) from the data; or (b) from that data and other information to which we have or are likely to have access.

Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include name, email address, telephone number, GPS location, address, age, nationality, ethnicity, occupation, gender, height, weight, lifestyle habits, history of appointments, medical records and payment information. To get started with teleconsultation, mobile devices and computer systems settings must be enabled for access to bluetooth, camera, microphone and notifications.

Collection, Use and Disclosure of Personal Data

We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

We may collect and use your personal data for any or all the following purposes:

a.    Enabling users and Providers to conduct Services and to enable the content-related functions of the CareHealth Platforms. To facilitate this service, we will need to share your personal data with the healthcare provider who you have chosen or connected with. Your data will only be shared with that individual and only for the purposes of providing the service that you have requested.

b.    Performing obligations in the course of or in connection with our provision of goods and/or services requested by you. For example, we require access to your GPS location to connect you with doctors and clinics near you. To get started with teleconsultation, bluetooth, camera and/or microphone access is required so that your doctor can examine your condition and communicate with you over video call, notification access is required to alert you when the doctor is calling and/or updates pertaining to your appointment/s;

c.     Verifying your identity;

d.    Generating insights such as using information about member statistics, traffic patterns for the purposes of our business activities, including sales, marketing, mergers and acquisitions;

e.    Delivering customised content and advertising within the CareHealth Platforms to users whose behaviour indicates that they are interested in a particular subject area;

f.     Notifying you of our marketing events, initiatives and membership programmes;

g.    Providing you with marketing information about our goods and services;

h.    Responding to, handling, and processing queries, requests, applications, complaints, and feedback from you as well as to provide advice and services for purposes of ensuring continuity of care;

i.      Managing your relationship with us;

j.      Processing payment or credit transactions;

k.    Complying with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

l.      Any other purposes for which you have provided the information; and

m.  Transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the purpose of rendering medical care to you.

We may use automated technology to collect information from your mobile device or computer system when you visit and use our platform services. Automated technology may include cookies, local shared objects, and web beacons.

Our platform services may collect information on the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi or Bluetooth.

For most mobile devices and computer systems, you can disable the collection of this information by using the device or web-browser settings.  If you have any questions on how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider.

We do not collect and store files, images, audios and videos of you.

In order to achieve the purpose stated above, we may disclose your personal data:

a.    Where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or

b.    To third-party service providers, agents, and other organisations we have engaged to process data on our behalf.

The purposes listed in the above clauses may continue to apply even if situations where your relationship with us has been terminated or alternated in any way, for a reasonable period thereafter.

Reliance on Legitimate Interests Exception

In compliance with PDPA, we may collect, use, or disclose your personal data without your consent for the legitimate interests of CareHealth or another person. In relying on the legitimate interests exception of the PDPA, CareHealth will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.

In line with legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:

a.    Fraud detection and prevention

b.    Credit risk reduction

c.    Detection and prevention of misuse of services

The purposes listed in the above clauses may continue to apply even if situations where your relationship with us has been terminated or alternated in any way, for a reasonable period thereafter.

Withdrawing Your Consent

You may refuse or withdraw your consent for us to collect, use or disclose your Personal Data by giving us reasonable notice. This can be done at any time by emailing support@carehealth.io (as long as there are no legal or operational restrictions preventing you from doing so).

Upon receipt of your written request to withdraw your consent, we shall seek to process your request within fourteen (14) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be unable to collect, use, or disclose your Personal Data meaning that you will no longer be able to use the Services.

Access to and Correction of Personal Data

If you wish to make (a) an access request for the access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data for the last twelve (12) months, or(b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days after receiving your request in writing.

Protection of Personal Data

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), data anonymisation, and use of one-time password (OTP) for registration to platform to secure access.  If personal information (such as a credit card number) is transmitted to other websites, its transmission is protected through the use of encryption, such as Secure Socket Layer (SSL) protection.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy of Personal Data

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update your details in the app accordingly.

Retention of Personal Data

We reserve the right to retain any Personal Data collected until your account is terminated or for a period of ten (10) years after you last logged into your account (whichever is the longer period). By following the “profile” link provided on the CareHealth Platforms, you may view, edit and delete Personal Data you have already given us. You may also elect to receive or discontinue receiving any email newsletters we may choose to distribute periodically.

Public Information

Keep in mind that any reviews, personal information, or comments that you voluntarily disclose on public pages (e.g. the questions and answers page) of the CareHealth Platforms may be viewed by the general public. Your account and username may be displayed to other users when you send and/or post messages on public pages. Please note that any comment or other content you post or send on public pages becomes published content and is not considered personally identifiable information (therefore, is not protected by the PDPA or subject to this Notice). Your messages and other information you make available in public pages of the CareHealth Platforms will be seen by people and organizations not related to or controlled by CareHealth and may be used by others to contact you.

The data that you submit or write on the CareHealth Platforms maybe seen by other service providers such as doctors or operations and maintenance team repairing and maintaining our technical systems. CareHealth does not have Non-Disclosure Agreements with these parties who may be able to access your information.

Cookies

CareHealth’s website uses “cookies” to personalize your online experience. The purpose of a cookie is to tell the Web server that you have returned to a specific page. Cookies cannot run programs or deliver viruses to your computer. You have the ability to accept or decline cookies by altering the settings in your web browser.

We may also use cookies to collect information about member statistics, traffic patterns and information which may include personal data such as names, addresses and emails.

Children under Eighteen (18)

The CareHealth Platforms are not directed to children under the age of eighteen (18), and CareHealth will never knowingly collect personally identifiable information from children under the age of eighteen (18). If you are under the age of eighteen (18), you must ask your parent or guardian for permission to visit the CareHealth Platforms.

Transfer of Personal Data

Within Singapore

If CareHealth enters a business transaction, such as a merger or acquisition with/by another company, your Personal Data may be among the assets transferred. You will be notified via email or through the platform or any modes that we pay deemed fit, of any such change in ownership or control of your Personal Data.

Outside of Singapore

For data transmitted out of Singapore, we will take steps to ensure that your personal data is compiled according to the country’s Data Protection Actor at least comparable to that provided under Singapore’s PDPA.

Data Protection Officer

CareHealth welcomes your comments regarding this Notice and its adherence to its obligations under the PDPA. If you believe that CareHealth has not adhered to the PDPA and would like to make a complaint, or have a query, please contact our Data Protection Officer at support@carehealth.io. To process your request, please ensure you state your:

- Full Name

- Contact Number

- Email Address

- Details of the nature of your complaint and/or query

You will then be contacted within 30 days by the Data Protection Officer. Please note that you may be charged an administrative fee depending upon the nature of your request.

Effect of Notice and Changes to Notice

This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective date: 28/10/2022

Last updated: 28/10/2022