Personal Data Protection Notice

PERSONAL DATA PROTECTION NOTICE

This Personal Data Protection Notice (“Notice”) sets out the basis which CareHealth (“we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act(“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engage to collect, use, disclose or process personal data for our purposes.

CareHealth is not responsible for the Personal Data Protection Notices/Statements or other content on websites outside of the CareHealth Platforms. You should review the Personal Data Protection Notices/Statements of websites you choose to link to from the CareHealth Platforms, so that you understand how those websites collect, use and share your information. If you have any doubts about the security of the information you are providing on another site, CareHealth recommends that you contact that website directly for more information. CareHealth shall not be responsible for the actions of third parties in any manner whatsoever, including but not limited to any violation of such Personal Data Protection Notices/Statements or otherwise.

In this Notice, you will find information on:

1.     Definitions

2.    Type of personal data collected, accessed, used or disclosed

3.    Purposes for which personal data is collected, accessed, used or disclosed

4.    Who may be provided with your personal data

5.    Reliance on Legitimate Interests Exception

6.    Withdrawing Your Consent

7.    Access to and Correction of Personal Data

8.    Protection of Personal Data

9.    Accuracy of Personal Data

10. Retention of Personal Data

11. Public Information

12. Cookies

13. Children under Eighteen (18)

14. Transfer of Personal data

15. Data Protection Officer

16. Effect of Notice and Changes to Notice

Definitions

As used in this Notice:

“customer” means an individual who (a) has contacted us through any means to find out more about any goods and services we provide, or (b) may, or has, entered into a contract with us for the supply of any products or services by us; and

“personal data” means data, whether true or not, about a customer who can be identified: (a) from the data; or (b) from that data and other information to which we have or are likely to have access.

Type of Personal Data Collected, Accessed, Used or Disclosed

The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with or provide services to you. We may request permissions that allows us to access your device data. If you grant any of the permissions listed below, your information may be collected by us.

Location: This permission is used to grant the us access to transmit your device's location. This is done to provide the closest addresses based on your location. At the same time, IP address is also obtained so that we are able to localise the content based on your location.

Bluetooth, camera, microphone and notifications: This permission is needed to allow us to use your camera when taking pictures or video from your device for teleconsultation purposes. Microphone permission is requested so that we can record audio during the teleconsulting process. We do not collect and store audios and videos of you.

Storage: You may upload, download or save your medical records or images to our platform for your record purpose. We may request access to your device’s storage to access medical records or images. There is also an option to upload images from your device instead of having to take the picture from within the platform itself. This permission gives us the ability to access those images – we do not access any other data saved on your device.

Depending on the nature of your interaction with us, we may require some of your personal data or information to provide services to you.   Examples include name, email address, telephone number, GPS location, address, photographs, age, nationality, ethnicity, occupation, gender, height, weight, lifestyle habits, history of appointments, medical records or images and payment information.

We may use automated technology to collect information from your mobile device or computer system when you visit and use our platform services. Automated technology may include cookies, local shared objects, and web beacons.

Our platform services may collect information on the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi or Bluetooth.

For most mobile devices and computer systems, you can disable the collection of this information by using the device or web-browser settings.  If you have any questions on how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider.

Purposes for Which Personal Data is Collected, Accessed, Used or Disclosed

a.     Enabling users and Providers to conduct Services and to enable the content-related functions of the CareHealth Platforms. To facilitate this service, we will need to share your personal data with the healthcare provider who you have chosen or connected with. Your data will only be shared with that individual and only for the purposes of providing the service that you have requested.

b.    Performing obligations in the course of or in connection with our provision of goods and/or services requested by you. For example, we require access to your GPS location to connect you with doctors and clinics near you. To get started with teleconsultation, bluetooth, camera and/or microphone access is required so that your doctor can examine your condition and communicate with you over video call, notification access is required to alert you when the doctor is calling and/or updates pertaining to your appointment/s;

c.    Verifying your identity;

d.    Generating insights such as using information about member statistics, traffic patterns for the purposes of our business activities, including sales, marketing, mergers and acquisitions;

e.    Analyse your health monitoring data, generate health and wellness insight and provide recommendations to improve your health conditions. For example, we may require access to your daily health monitoring data to analyse your BMI, steps, sleep, heart rate, blood oxygen data, breathing data to give recommendations based on your conditions;

f.      Delivering customised content and advertising within the CareHealth Platforms to users whose behaviour indicates that they are interested in a particular subject area;

g.    Notifying you of our marketing events, initiatives and membership programmes;

h.    Providing you with marketing information about our goods and services;

i.      Responding to, handling, and processing queries, requests, applications, complaints, and feedback from you as well as to provide advice and services for purposes of ensuring continuity of care;

j.     Managing your relationship with us;

k.    Processing payment or credit transactions;

l.     Complying with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

m.  Any other purposes for which you have provided the information; and

n.    Transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the purpose of rendering medical care to you.

Who may be Provided with Your Personal Data?

We may access and disclose your personal data:

a.    Where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or

b.    To third-party service providers, agents, and other organisations we have engaged to process data on our behalf such as allowing providers to be able to access medical records from CareHealth’s providers.

The purposes listed in the above clauses may continue to apply even if situations where your relationship with us has been terminated or alternated in any way, for a reasonable period thereafter.

Reliance on Legitimate Interests Exception

The PDPA provides that organisation may rely on the legitimate interests exception to collect, use and disclose personal data without consent where the identified legitimate interests outweigh any adverse effect on the individual.

In line with legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:

a.    Fraud detection and prevention

b.    Credit risk reduction

c.    Detection and prevention of misuse of services

The purposes listed in the above clauses may continue to apply even if situations where your relationship with us has been terminated or alternated in any way, for a reasonable period thereafter.

Withdrawing Your Consent

You may refuse or withdraw your consent for us to collect, use or disclose your Personal Data by giving us reasonable notice. This can be done at any time by emailing support@carehealth.io (as long as there are no legal or operational restrictions preventing you from doing so).

Upon receipt of your written request to withdraw your consent, we shall seek to process your request within fourteen (14) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be unable to collect, use, or disclose your Personal Data meaning that you will no longer be able to use the Services.

Access to and Correction of Personal Data

If you wish to make (a) an access request for the access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data for the last twelve (12) months, or(b) a correction request to correct or update any of your personal data which we hold about you. This can be done at any time by emailing support@carehealth.io.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days.

Protection of Personal Data

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), data anonymisation, and use of one-time password (OTP) for registration to platform to secure access.  If personal information (such as a credit card number) is transmitted to other websites, its transmission is protected through the use of encryption, such as Secure Socket Layer (SSL) protection.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy of Personal Data

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update your details in the App whenever required or necessary to ensure that your personal data is current, complete and accurate.

Retention of Personal Data

We reserve the right to retain any Personal Data collected until your account is terminated or for a period of ten (10) years after you last logged into your account (whichever is the longer period). By following the “profile” link provided on the CareHealth Platforms, you may view, edit and delete Personal Data you have already given us. You may also elect to receive or discontinue receiving any email newsletters we may choose to distribute periodically.

Public Information

Please be reminded that any reviews, personal information, or comments that you voluntarily disclose on public pages (e.g. the questions and answers page) of the CareHealth Platforms may be viewed by the general public. Your account and username may be displayed to other users when you send and/or post messages on public pages. Please note that any comment or other content you post or send on public pages becomes published content and is not considered personally identifiable information (therefore, is not protected by the PDPA or subject to this Notice). Your messages and other information you make available in public pages of the CareHealth Platforms will be seen by people and organizations not related to or controlled by CareHealth and may be used by others to contact you.

The data that you submit or write on the CareHealth Platforms maybe seen by other service providers such as doctors or operations and maintenance team repairing and maintaining our technical systems. CareHealth does not have Non-Disclosure Agreements with these parties who may be able to access your information.

Cookies

CareHealth’s website uses “cookies” to personalize your online experience. The purpose of a cookie is to tell the Web server that you have returned to a specific page. Cookies cannot run programs or deliver viruses to your computer. You have the ability to accept or decline cookies by altering the settings in your web browser.

We may also use cookies to collect information about member statistics, traffic patterns and information which may include personal data such as names, addresses and emails.

Children under Eighteen (18)

The CareHealth Platforms are not directed to children under the age of eighteen (18), and CareHealth will never knowingly collect personally identifiable information from children under the age of eighteen (18). If you are under the age of eighteen (18), you must ask your parent or guardian for permission to visit the CareHealth Platforms.

Transfer of Personal Data

Within Singapore

If CareHealth enters a business transaction, such as a merger or acquisition with/by another company, your Personal Data may be among the assets transferred. You will be notified via email or through the platform or any modes that we pay deemed fit, of any such change in ownership or control of your Personal Data.

Outside of Singapore

For data transmitted out of Singapore, we will take steps to ensure that your personal data is compiled according to the country’s Data Protection Actor at least comparable to that provided under Singapore’s PDPA.

Data Protection Officer

CareHealth welcomes your comments regarding this Notice and its adherence to its obligations under the PDPA. If you believe that CareHealth has not adhered to the PDPA and would like to make a complaint, or have a query, please contact our Data Protection Officer at support@carehealth.io. To process your request, please ensure you state your:

- Full Name

- Contact Number

- Email Address

- Details of the nature of your complaint and/or query

You will then be contacted within 30 days by the Data Protection Officer. Please note that you may be charged an administrative fee depending upon the nature of your request.

Effect of Notice and Changes to Notice

This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective date: 29/12/2022

Last updated: 29/12/2022