- Introduction
- This PERSONAL DATA PRIVACY POLICY ("POLICY") IS PUBLISHED ON 1st NOVEMBER 2024 ("EFFECTIVE DATE").
- This Notice addresses how IHH Healthcare Singapore . (“we”, “us”, “our” or “company”) Process personal data of Data Subject’s (“your”, “you” and “yours”) with respect to the MyHealth360 mobile application and the MyHealth360 website, responsibly and in compliance with applicable data protection related laws.
- This Notice must be read and construed in conjunction with the User Terms and Conditions User Terms and Conditions. Android phone users are further advised to refer to Google Play Store Data Safety Section for more information on how personal data is Processed by MyHealth360 mobile application.
- The MyHealth360 application and the MyHealth360 website (together with any of the services made available on them (collectively referred to as the "App") serves as general information and self-management tools for you to manage and consolidate your health data and medical records as well as to interact and share your personal data with a wide range of healthcare service providers. It enables you to have a comprehensive view of your health information in one centralised place and to easily look for and connect with a healthcare service provider of your choice.
- Please refer to our Users Terms & Conditions for more information of the App and the conditions and restrictions that apply to your use and access of the App.
- This Notice may, however, be replaced or supplemented due to local requirements or to provide you additional information. We strongly encourage you to read this Notice.
- Your Personal Data
- For purposes of this Notice, Personal Data means any information or combination of information, relating, directly or indirectly to an identified or identifiable natural person.
- Depending on the nature of your interaction with us, Personal Data may include your name, identification number, passport number, telephone number(s), mailing address, email address, network traffic data, online identifiers and/or any other information which have been provided to us or we may have access to, in the course of your interaction with us.
- We may Process certain Personal Data about your Relatives but only when there is a legitimate business purpose related to your relationship with us and/or you have obtained the consent from your Relatives, for instance, to administer employee benefits or in case of an emergency.
- For certain reasons, it may be necessary for us to Process special categories of Personal Data (including “sensitive” Personal Data) (“Sensitive Personal Data”). We only Process Sensitive Personal Data where it is required or authorised under law (employment, social security, social protection or other applicable data protection related laws), or in case of legal claims. Sensitive Personal Data may include religious or philosophical beliefs, information about disabilities, medical history, racial or ethnic data and/or criminal data (behavior, records or proceedings regarding criminal or unlawful behavior).
- What Personal Data do we collect?
We collect Personal Data from you in the following ways:- Directly:
- when you create an account, register with us and/or submit any form to provide us, transmit any information to us or benefit from our services including our mobile app-based services;
- when you disclose Personal Data in face-to-face meetings, email messages, telephone conversations with our teams such as marketing or customer service officers;
- when you volunteer and consent to participate in any research conducted by us;
- when you sign up for our marketing and promotional communications or any initiatives;
- when you give your feedback, comments, questions, ratings and reviews on our website, mobile apps, social media or to our customer service officers;
- when you interact or communicate with us via our websites, mobile apps or on social media channels, pages, promotions and/or blogs;
- when you contact us and/or enter into an agreement to provide us services;
- when you visit and/or are within our premises and your images are captured by us via CCTV cameras, photographs or videos taken by us or our representatives when you attend any of our events;
- when you disclose Personal Data to any Affiliate to benefit from our services including our mobile app-based services; and/or
- when you make available your Personal Data to us for any other reason.
- Indirectly, from other data sources:
- when we seek and receive your Personal Data in connection with your relationship with us (including for our product and services). Example: business partners, public agencies;
- when you request third parties to share with us your Personal Data in connection with your relationship with us (including for our product and services). Example: when other medical services providers in connection with your use of our mobile apps send your medical records to us;
- if you act as an intermediary or are supplying us with information regarding a third-party or other individual (such as a Relative, friend, a colleague, an employee etc.), you undertake that you have obtained all necessary consents from such third-party or other individual for Processing of their Personal Data by us;
- as we are collecting third-party or other individual's Personal Data from you, you undertake to make such third-party or other individual aware of all matters listed in this Notice by referring them to our website or informing them of the contents of this Notice; and/or
- any other information which we may collect from other sources.
- Personal Data of Vulnerable Persons5
- It is, our intention and policy to comply with law when it requires parent, guardian or legal representative’s permission before collecting, using or disclosing Personal Data of Vulnerable Persons
- If a parent, guardian or legal representative becomes aware that Personal Data of a child or ward has been provided by that child or ward without the consent of the relevant parent, guardian or legal representative, please contact us (contact details provided below). Such Personal Data will be disposed of from our records.
- Directly:
- What are the purposes for which Personal Data is collected and Processed?
Personal Data shall be collected, used, transferred or otherwise Processed for one or more of the following purposes:- Business Purposes: These are legitimate purposes as appropriate to conduct and develop our business. These purposes address Processing of Personal Data necessary for activities such as:
- conclusion, execution and performance of agreements with Data Subjects, including the provision of our mobile app-based services to Data Subjects under such agreements;
- marketing, sales, and promotions;
- account management of Data Subjects;
- customer service and support;
- finance and accounting;
- research and development, for instance, analytics to provide better products and services;
- purchasing/availing of our services;
- internal management, communications and controls;
- management of investor relations;
- external communications, interactions with authorised service providers. Our authorised service providers may use cookies, web beacons, and other similar technologies for collecting and storing information to help provide you with a better, faster, and safer web experience;
- government and legal affairs;
- alliances, ventures, mergers, acquisitions, and divestitures;
- Intellectual property and standards management; and/or
- any other activity that is reasonably connected to the foregoing.
- Business process execution and internal management: This includes Processing necessary for activities such as scheduling work, recording time, managing company assets, conducting internal audits and investigations, implementing business controls, managing and using customer database/employee directories;
- Health, safety and security: Activities such as those involving occupational safety and health, the protection of our assets, your verification and your access rights and its status;
- Organisational analysis and development and management reporting: Conducting surveys, managing mergers, acquisitions and divestitures, and Processing data for management reporting and analysis;
- Compliance with legal obligations: For Processing necessary for compliance with a legal obligation to which we are subject;
- Vital interests: For Processing necessary to protect your vital interests, for instance, situations that require us to protect your life or you from harm;
- Sensitive Personal Data: Sensitive Personal Data may be Processed under one or more of the following circumstances:
- where you have explicitly consented to the Processing;
- where Sensitive Personal Data are Processed in connection with the purchase of our products and services;
- where you voluntarily participate in a research project or product test;
- as required by or allowed under applicable data protection related laws;
- to establish, exercise or defend a legal claim;
- with regard to racial or ethnic data: to safeguard our assets, for site access and security reasons, and for the authentication or verification of your access rights, we may Process photos and video images (in some countries photo and video images of individuals qualify as racial or ethnic data);
- to prevent, detect or prosecute (including cooperating with public authorities) suspected fraud, contract breaches, violations of law, or other breaches of the terms of access to our sites or assets;
- to protect your vital interest, but only where it is impossible to obtain your consent first; and/or
- where necessary to comply with an obligation of international public law (e.g. Treaties).
- Direct Marketing:
We may, when Processing Personal Data for making direct marketing communications, either:- obtain your consent; and/or
- offer you opportunity to choose not to receive such communications.
- If you object to receiving marketing communications from us, or withdraw consent to receive such materials, we will take steps to refrain from sending further marketing materials as specifically requested you. We will do so within the time-period required by applicable data protection related laws.
- Secondary Purposes: Processing of Personal Data for secondary purposes such as:
- maintaining the security of the Personal Data Processed;
- transferring the Personal Data to an Archive;
- conducting internal audits or investigations;
- implementing business controls;
- conducting statistical, historical or scientific research as required for our business operations;
- preparing or engaging in dispute resolution;
- using legal or business consulting services;
- managing insurance or other benefits related issues; and/or
- creating de-identified, aggregated and/or anonymised data from Personal Data from which relevant Data Subjects would not be identifiable, through removal of identifiable components, obfuscation, pseudonymisation, anonymisation, or any other means, for purposes of (a) enhanced security; and/or (b) for further processing, aggregation, and analysis (of the anonymized data that no longer contains your Personal Data only), for optimization of patient care and improvement of healthcare services, products and research and development which may include transferring such anonymized data to members of the IHH Healthcare Singapore and their agents, service providers, affiliates and/or business partners, in Singapore or abroad, for such purposes.
- Any other purpose necessary to fulfil or achieve any other purposes stated in this Notice.
For more details on purposes for which Personal Data is Processed, please refer to Appendix 2. - Exceptions: Some of our obligations under this Notice may be overridden if, under the specific circumstances at issue, a pressing legitimate need exists that outweighs your interest. Such a situation exists if there is a need to:
- protect our Business Interests including:
- the health, security or safety of individuals;
- our intellectual property rights, trade secrets or reputation;
- the continuity of our business operations;
- the preservation of confidentiality in a proposed sale;
- merger or acquisition of a business; and/or
- the involvement of authorised advisors or consultants for business, legal, tax, or insurance purposes.
- prevent or investigate suspected or actual violations of:
- law (including cooperating with law enforcement);
- contracts; and/or
- or our policies.
- otherwise protect or defend us, our personnel’s or other individual’s rights or freedoms.
- protect our Business Interests including:
- Business Purposes: These are legitimate purposes as appropriate to conduct and develop our business. These purposes address Processing of Personal Data necessary for activities such as:
- Automated decision-making
- Automated tools may be used by us to Process your Personal Data and/or make decisions about you. Some extent of human intervention may be involved in the automated decision-making.
- Where permissible under law, we may undertake automated decision-making if:
- the decision is made by us for purposes of entering or performing a contract provided that the underlying request leading to a decision by us was made by you;
- you have provided explicit consent; and/or
- the use of automated tools is otherwise required.
- We are mindful of safeguarding your rights and legitimate interests. To request a manual decision-making process, express your opinion or contest our decision based on automated processing, including profiling, please contact us (contact details provided below).
- Sharing your Personal Data with others
- Your Personal Data may be shared with our Affiliates , for purposes including partnering with our Affiliates in the provision of our mobile app-based services to you. Our Affiliates may provide services to you in turn in connection with our mobile app-based services and process your Personal Data as set out in this Notice.
- Access to Personal Data, will be limited to those who have a need to know the information for the purposes described in this Notice.
- From time to time, we may need to share your Personal Data with authorised external parties, which may include the following:
- service providers, vendors, suppliers and other business partners: we contract with authorised external parties or companies that provide products and services to us such as information technology security and support and benefits and rewards administration. We may also partner with third parties in the provision of our services to you including that via our mobile apps and may share your Personal Data with them, in order for you to receive the benefits of our services;
- public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your Personal Data to public and governmental authorities that regulate or have jurisdiction over us;
- professional advisors and others: we work with and receive support from certain professional advisors such as banks, insurance companies, auditors, lawyers and accountants; and/or
- As appropriate, we will contractually protect and safeguard your interests at a similar level of protection as provided by us.
- Cross-border transfer of Personal Data
- Due to our international presence, your Personal Data may be transferred to or accessed by our Affiliates and authorised external parties from various countries around the world in order for us fulfil the purposes described in this Notice.
- As a result, we may transfer your Personal Data to countries located outside of your country of residence, which may have data protection related laws and rules that are different from those of your country of residence.
- Personal Data may be transferred to an authorised external party, located internationally only if, we believe it is necessary or appropriate to:
- ensure compliance with applicable data protection related laws which may include responding to requests from public and government authorities, cooperation with law enforcement agencies or other legal reasons; and/or
- satisfy purposes for which Personal Data has been collected by us or to enforce our terms and conditions.
- When do we retain your Personal Data?
- We keep your Personal Data as long as we need to fulfil the purposes for which it has been collected. We retain Personal Data only:
- for the period required to serve applicable Business Purpose;
- to the extent necessary to comply with an applicable legal requirement; and/or
- as advised by local laws.
- Promptly after applicable retention period has ended, your Personal Data will be appropriately:
- disposed;
- de-identified (through removal of identifiable components, obfuscation, pseudonymisation, anonymisation, or any other means); and/or
- transferred to an archive (unless this is prohibited by applicable data protection related laws).
- We keep your Personal Data as long as we need to fulfil the purposes for which it has been collected. We retain Personal Data only:
- How do we protect your Personal Data?
- We are committed to maintaining the security of the Personal Data Processed and restrict the Processing of Personal Data to those data/information that are reasonable, adequate for, and/or relevant to applicable Business Purpose.
- To protect your Personal Data, we take appropriate measures, and we also require our external parties to protect the confidentiality and security of your Personal Data. Depending on the state of the art, the costs of implementation and the nature of the data/information to be protected, we have put in place physical, technical and organisational measures to prevent risks such as destruction, loss, misuse, alteration, and unauthorised disclosure of or access to your Personal Data.
- If you have any reason to believe that your interaction with us is no longer secure, please contact us (contact details provided below).
- Third party services
Our service may contain references to third party services – we strongly advise you to review the data protection/privacy Policy/policy of such referenced third parties to understand their data protection/privacy policy/practices, which may be different from this Notice and our practices. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. - How can you contact us for choices available to you?
- We strive to maintain your Personal Data in a manner that is accurate, complete and up-to-date. Personal Data you provide us with must be accurate, complete and up-to-date, and you must inform us of any significant changes to your Personal Data.
- Furthermore, if you share Personal Data of other people with us (including your Relatives), please note that you need to ensure that this Personal Data is collected in compliance with applicable data protection related laws. For example, you should inform such other people about contents of this Notice.
- With respect to Processing of your Personal Data, you may, in addition to other rights under applicable law:
- obtain information on the Processing of your Personal Data;
- ask questions about how we handle Personal Data;
- request to review, correct, update, supress, or restrict the use of your Personal Data;
- request your Personal Data to be removed;
- withdraw your consent to use of your Personal Data;
- object to the use of Personal Data for our legitimate business interests; and/or
- request to receive an electronic copy of your Personal Data for purposes of transferring it to another company.
- If you have any inquiries, requests or comments in relation to this Notice, please contact the IHH Healthcare Singapore Data Protection Office via the following channels:
- Call: (+65) 6307 7880
- Email: [email protected]
- Written communication mailed to:
Data Protection Office, IHH Healthcare Singapore, HarbourFront Tower One,
1 HarbourFront Place, #03-02,
Singapore 098633
- We will do our best to address your requests and concerns within reasonable time. Upon receipt of your request, we may ask you to verify your identity before we can act on your request.
- Updates to Notice
- We may revise this Notice from time to time. Any changes will become effective as on the Effective Date, when we post the revised Notice on our website. You are strongly advised to review this Notice periodically for any changes.
APPENDIX 1: PERSONAL DATA WHICH MAY BE COLLECTED
Categories of Personal Data | Examples of types of Personal Data we collect |
---|---|
Personal identification, demographic, and contact information | Name, surname, title, gender, country, date and place of birth, nationality, marital status, domestic partners, dependents, email address, phone number, mobile number, home address, emergency contact information. |
Medical history and information | Medical history and information about you including disabilities and Covid-19 exposure to the extent relevant to provide services, benefits and/or perform a contract. |
Network traffic and other related data | Identification numbers, location data (including GPS location data), online identifiers, IP address, cookies, web beacons, device identification details, language settings, calendar data and SSID/BSSID. |
Usage Information | Browsing activity while on websites or mobile applications, information on pages visited and clicked, forms completed or start to complete, search terms used, access times, error logs and similar information. |
Account creation and login information | Login details (including password), contractor or supplier identification details, other information used to access and/or secure our systems and applications. |
Images, photos from which you may be identified. Images captured on security systems, including CCTV and key card entry systems | Pictures uploaded into our app, accounts, social media or services otherwise provided to us by you, CCTV images, log files. |
Payment or transaction data | Billing address, payment method information, invoice and other details of transactions in relation to the services provided to you. |
Data resulting from internal or external communications | Contents of email, records of communication through bots, messaging tools, mobile communications. |
Tax Data | Tax number, contribution rates, tax preferences, social security number. |
Information that you decide to voluntarily share with us | This may include:
|
APPENDIX 2: PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED
Purposes for Processing Personal Data | Examples |
---|---|
Administration and management | Management of relationship with you including the setting up and management of your account with us |
Business process execution and internal operations management | Internal communications, performing internal surveys, ensuring business continuity and crisis management, managing courses and/or trainings, managing projects and costs, managing mergers, acquisitions, divestitures, re-organisations or disposals and integration with purchaser, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting. |
Employee / Customer support | Providing support via internal tools and communication channels. |
Commercial communications | Communications about discounts for our products and services. |
Security and protection of assets and employees | Deploying and maintaining technical and organisational security measures, conducting internal audits and investigations, conducting assessments to verify conflict of interests, identifying and authenticating employees, managing network security and preventing data loss using automated technologies to identify malicious data on equipment or networks and to detect confidential information from leaving our perimeters or from unauthorised access to that information. Recording of your Personal Data through video or other digital, electronic, or wireless surveillance system or device to secure and maintain IT infrastructure, office equipment, facilities and other property. |
Compliance with legal and regulatory obligations | Disclosing Personal Data to government institutions or supervisory authorities as required by law or judicial authorisation for complying with tax and national insurance deductions, record-keeping and reporting obligations, conducting audits and investigations to prevent or detect fraud or corruption, compliance with government inspections and other requests from government or other public authorities, responding to legal process conducting investigations including employee reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns, complying with internal policies and procedures. Please also keep in mind that we may also use your data for security reasons and/or to protect our legitimate business interests or to prevent or investigate suspected or actual violations of law, breaches of the terms of employment or non-compliance with our policies. |
Defence of legal claims | Establishment, exercise or defence of legal claims to which we are subject, such as responding to legal processes such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims (including any whistle-blower/ethics hotlines). |
Health and safety | Protecting your and others’ health and safety, facilitating communication with you and your designated contacts in an emergency or during your business travel. |
Management of Appointments and Bookings | To book appointments for specialist, GP, teleconsult, Covid 19 test, health screening and maternity tour. |
Medical Treatment and related Services | To provide you with medical treatment and related services including teleconsultation and providing your documents digitally available to you. |
Enable functionalities of the app | GPS location data: Displaying a list of nearby clinics according to user’s GPS location data, to detect the current location and only enable the feature relevant to the location. SSID/BSSID: To provide feedback on network connectivity in order to deliver a good teleconsult experience. Bluetooth/BLE: To allow app to find, connect to and determine the relative position of nearby devices. Calendar data: adding confirmed appointment to the calendar. Camera and microphone: We access your camera and microphone to enable the doctor to examine your conditions and for you to submit your photos and discuss regarding your conditions for the purpose of teleconsulting. We also access your camera for uploading of your photo for your profile picture in your account settings. Photo: We access your photos that you have uploaded to the app for below purposes
Access Phone state: Read your phone state for us to know the current cellular network information and the status of any ongoing calls to enable the teleconsult feature Battery optimization: Before a teleconsult session, we will send a prompt for you to turn off the battery optimisation feature in your device to ensure your connectivity trough the teleconsult session |
Marketing and Promotional Communications | For users who have opted in, we may engage with you through push notifications in the mobile application, email, telephone number and other channels to provide you with the latest information regarding our services and offerings. |
1 IHH Healthcare Singapore is a network of healthcare companies including without limitation Parkway Hospitals Singapore Pte Ltd, Parkway Shenton Pte Ltd, Medi-Rad Associates Ltd, Parkway Laboratory Services Ltd, Parkway College of Nursing and Allied Health Pte Ltd, iXchange Pte Ltd and their respective Affiliates. “Affiliates” shall mean any entity that controls, is controlled by, or is under common control, in each case either directly or indirectly with either a subsidiary or related corporation of IHH Healthcare Singapore, where “control” means the ownership of or the power to vote representing more than 50% of voting stock, shares or interests of the entity.
2 “Process” (including references to “Processing” and “Processed”) is any operation or set of operations performed on the Personal Data including, but not limited to, collection, storage, use, disclosure, transfer or destruction.
3 “Data Subjects” are entities and individuals including our employees, job applicants, clients, customers, business partners, personnel, contractors, suppliers and other individuals.
4 “Relatives” include spouses, next of kin, dependents, children, and partners.
5 “Vulnerable Persons” are persons deemed more vulnerable by applicable laws and regulations, and includes, but is not limited to, minors, elderly, persons with disabilities, and persons with diminished mental capacity
6 “Affiliates” are entities that control, are controlled by, or are under common control, in each case either directly or indirectly with either a subsidiary or related corporation of the Group, where “control” means the ownership of or the power to vote representing more than 50% of voting stock, shares or interests of such entities