This Privacy Notice (“Notice”) sets out the basis on which Singapore Medical Group Limited and its related corporations (as defined in Section 4(1) of the Companies Act 1967 of Singapore) (collectively referred to as “SMG” or “us” or “our” or “we”), may collect, store, use, disclose or otherwise process Personal Data (defined in Paragraph 1 below) of persons interacting or dealing with us (such persons hereon referred to as “you” or “yours”, which include any minor on whose behalf you are acting for the purpose of this Notice) including without limitation through the use of any of our websites, mobile applications (“Apps”), products, and services (including without limitation digital services). This Notice applies to any individual’s Personal Data which is in our possession or under our control.
- What is Personal Data?
Personal Data is defined in the Personal Data Protection Act 2012 of Singapore (“PDPA”) to mean any data, whether true or not, about an individual who can be identified from that data or from that data and other information to which we have or are likely to have access, and this may include name, age, gender, date of birth, telephone number, address, e-mail address and credit card details.
- Consent for the collection of Personal Data
2.1 When you provide your Personal Data to us, interact or deal with us, you agree and consent by your action to the collection, storage, use and disclosure of your Personal Data by SMG and its respective agents, authorised service providers and relevant third parties in accordance with this Notice.
2.2 If you provide Personal Data relating to a third party (e.g. information of your child, dependent, spouse, parent, ward or employees) to us, by submitting such information to us, you represent that the consent of that third party has been obtained for the collection, storage, use and disclosure of the Personal Data by SMG and its respective agents, authorised service providers and relevant third parties in accordance with this Notice and you hereby indemnify us against any liability arising from such representation being false. Where you act as an intermediary or are supplying us with Personal Data and information relating to a third party, please note that it is your obligation to ensure that such Personal Data is collected in compliance with the PDPA.
2.3 Where collection of children’s Personal Data is made through persons claiming to be parents or guardians, we may (but are not obliged to) require proof to verify such claims.
- Collection of Personal Data
3.1 We generally do not collect your Personal Data unless:
(a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”) after:
(i) you (or your authorised representative) have been notified of the purposes for which data is collected; and
(ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes; or
(b) collection and use of personal data without consent is permitted or required by the PDPA or other laws.
3.2 We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law). If you are unable to provide your consent, we may not be able to provide the intended services or information you are requesting for, if any).
3.3 The Personal Data that we collect depend on the circumstances of collection and on the nature of your interaction or dealing with us. The Personal Data that we may request or collect about you includes but is not limited to:
(a) your personal identification information, including your name, identification and passport numbers, gender, date of birth, address, email address and any other information relating to you which you have provided to us in any forms you may have submitted to us, or in other forms of interaction with you;
(b) your medical information, history, records, and reports, or clinical or non-clinical information about you;
(c) [images and biometrics (e.g. photographs, voice and video recordings of you, including our conversations with you, using fingerprint mapping and facial recognition for verification or other purposes);]
(d) Information or electronic data about your use of our website, Apps, products and services, including cookies, IP address, browser type, domain names, access times, activity logs and referring website addresses, account and membership details;
(e) your personal opinions made known to us (e.g. through feedbacks or surveys);
(f) (if you are an applicant for employment with us) past employment information and/or curriculum vitae and any other information relating to you which you have provided us.
3.4 Personal Data may be collected by us via any form of interaction with you, including:
(a) by entering into a transaction with us;
(b) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
(c) by using any services provided by us through offline and online platforms, including our centres, websites, Apps, digital services or social networking sites (including any social media platforms);
(d) by making enquiries, requests, applications and feedback to us;
(e) by participating in any events related to us, including marketing and promotions, corporate social responsibility programmes, contests, interviews and market researches;
(f) through closed circuit television cameras or other photography and videography while you are in our premises;
(g) by applying for a job with us; and
(h) when you submit or voluntarily provide your Personal Data to us for any other reason.
3.5 We will rely on you and will assume that you have ensured that all Personal Data submitted to us is complete, accurate, true and correct. If consents are not procured or if you fail to provide us with complete and accurate information or withhold information, we may be unable to proceed with a particular transaction, agreement or interaction with you. We will take the approach that best safeguards us, you and other from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.
- Refusal to provide Personal Data or withdrawal of consent
4.1 All Personal Data is provided voluntarily. You may refuse to do so or withdraw your consent in respect of our collection, storage, use or disclosure of your Personal Data at any time. However, if you limit, withdraw, or do not provide, the requested Personal Data, it may result in us being unable to:
(a) process the relevant enquiry, request or application;
(b) provide the products or services to you in a continuous manner;
(c) provide the products or services to the extent stated in our promotional materials; or
(d) provide new products or services that may be offered by us from time to time.
4.2 SMG may also not be in a position to administer any contractual relationship in place, which in turn may also result in the termination of any agreements with SMG, and your being in breach of your contractual obligations or undertakings. SMG’s legal rights and remedies in such event are expressly reserved.
4.3 Please note that the consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. Please note that withdrawing your consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws.
- Use of Personal Data
5.1 Subject to the provisions of the PDPA and any applicable laws, your Personal Data may be used by us independently, or together with our industry partners, for the following purposes:
(a) for identification and verification;
(b) to process your transactions, with us or any applications, instructions or requests from you;
(c) facilitating your use of our online and mobile services;
(d) to manage the safety and security of our centres;
(e) to provide the products and services you have requested;
(f) to administer promotions and contests, including joint promotions and contests with our industry partners, or your participation in any events or interviews;
(g) to communicate with you on our products and services or those of our industry partners;
(h) to respond to your enquiries, requests, applications and feedback or to obtain your feedback or participation in market research;
(i) to communicate with you via SMS, telephone, e-mail, facsimile, mail, our Apps, digital platforms or any other appropriate communication channels which you have approved;
(j) to process and analyse your Personal Data either individually or collectively with other individuals;
(k) for internal functions, such as evaluating the effectiveness of marketing, statistical analysis and modelling, reporting, audit and risk management;
(l) to comply with all applicable law, codes of practice or guidelines and to assist in investigations by the relevant authorities;
(m) to manage potential or ongoing dispute resolution;
(n) processing and payment of vendor invoices and bills;
(o) facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
(p) facilitating and maintaining risk and security management, including any enterprise-wide risk management exercise such as close-circuit television (CCTV), protection against unauthorised leakage, access or usage of our physical or IT platforms, investigating any fraudulent activities and conducting checks and audits;
(q) preventing, detecting and investigating crime and analysing and managing commercial risks including conducting investigations relating to disputes, billing or fraud;
(r) in connection with any claims, actions or proceedings (including but not limited to seeking consultancy or professional services, obtaining legal advice and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(s) any other purpose relating to any of the above.
5.2 In order to conduct our business operations more smoothly, we may also be disclosing your Personal Data to our service providers, agents and/or other third parties (including our third party service providers and agents, and relevant governmental and/or regulatory authorities) whether sited in Singapore or outside of Singapore, in connection with one or more of the above-stated purposes. Where we disclose your Personal Data to third parties in connection with one or more of the above-stated purposes, we will use best efforts to require such third parties to protect your Personal Data.
5.3 The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
- Accuracy of Personal Data
6.1 We generally rely on Personal Data provided by you (or your authorised representative) We will take appropriate and reasonable steps (as required under the law) to ensure the accuracy and correctness of the Personal Data that we collect, use, and/or disclose. To ensure the currency, completeness and accuracy of your Personal Data, you have an obligation to provide accurate and up-to-date information to us.
6.2 If you wish to make a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
6.3 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
- Management of Personal Data
7.1 Reasonable security arrangements including the use of various hardware and software technologies have been put in place by us to ensure that your Personal Data are protected against unauthorised access, use, disclosure, copying, modification and disposal.
7.2 You should be aware however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your Personal Data and are constantly reviewing and enhancing our information security measures.
- Request for Access, Corrections and Withdrawal of Consent
8.1 If you, at any time, have any enquiries, requests and feedback relating to your Personal Data or this Notice, please email our Data Protection Officer at firstname.lastname@example.org. This includes any request:
(a) for a copy of your Personal Data in our possession or control (in which case we may charge an administrative fee);
(b) to withdraw your consent for the collection, storage, use and disclosure of your Personal Data by us; or
(c) to correct your Personal Data in our possession or control.
8.2 In respect of your right to access or correct your Personal Data, we have the right to take steps to verify your identity before fulfilling your request.
8.3 Please be aware that it may take up to 30 days from the date which your request was sent for any change to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Do also note that upon your withdrawal of consent, we may not be in a position to continue to provide our products or services to you.
- Retention of Personal Data
9.1 We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
9.2 We will cease to retain your Personal Data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that the purpose for which your Personal Data was collected is no longer being served by the retention thereof, and/or that retention thereof is no longer necessary for any other legal or business purposes.
- Transfer of Personal Data Outside Singapore
10.1 Your Personal Data may be accessed by or transferred to our affiliates and/or authorised third parties located outside of Singapore.
10.2 If we transfer your Personal Data to entities located outside Singapore, we will do so in accordance with the PDPA and applicable laws and we will take reasonable steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
10.3 Personal Data may be transferred to an authorised third party, located internationally if we believe it necessary or appropriate to:
(a) ensure compliance with applicable data protection related laws which may include responding to requests from public and government authorities, cooperation with law enforcement agencies or other legal reasons; and/or
(b) satisfy purposes for which Personal Data has been collected by us or to enforce our terms and conditions.
- Third Party Sites
Our website, Apps, and services may contain links to sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to check the privacy notices of these other websites to determine how they will handle any information they collect from you.
12.1 Updates: We may update this Notice from time to time and we will post any changes we make to this Notice on our website. Unless otherwise stated, any revision or update to this Notice takes effect immediately and your continued access and/or use of our services and continued interaction with us constitutes your acknowledgement and acceptance of such changes This Notice supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights to which we may have at law to collect, store, use and/or disclose your Personal Data.
12.2 Governing Law: This Notice shall be construed and governed under the laws of Singapore.
12.3 Cookies: A cookie is a text file created on your device when your web browser loads a website or web application. Cookies may contain unique identifiers and are stored or used in, including but not limited to, your computer or mobile device, emails we send to you, and our web pages. Cookies may transmit personal data about you and your use of our websites and services, such as your browser type, search preferences, IP address, data relating to advertisements that have been displayed to you or that you have clicked on, and the date and time of your use. Cookies may be persistent or stored only during an individual session. However the cookies do not give us access to your device or any information about you, other than the data you choose to share with us. All web-browsers offer the option to refuse any cookie, and if you refuse our cookies then we will not gather any information on you. Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website and you may lose any information that enables you to access our websites more quickly and efficiently, including but not limited to personalisation settings.