Asiamedic Health Screening

Personal Data Protection Act 2012 (the ā€œPDPAā€)

1 IntroductionĀ 

We at AsiaMedic Limited and our subsidiaries (ā€œAMLā€) respect the privacy and confidentiality of the personal data of AMLā€™s shareholders, patients, associates, partners, visitors and other individuals whom we interact with in the course of providing our medical services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal
Data Protection Act (PDPA) 2012.

We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.

2 How We Collect Your Personal Data

Personal data refers to any information that can uniquely identify an individual person either (a) on its own (e.g. NRIC No., FIN No.), or (b) when combined with other information (e.g. Full Name + Full Address).

We collect your personal data when you:

  • When you register and receive our medical services
  • Subscribe to our shares as a retail shareholder
  • Book for a medical appointment at our clinics over the counter, through calls or via our website portal
  • Enter our physical premises and your contact information is required for registration, safety and security purposes
  • Are within our premises and your images are being captured via CCTV
  • Provide us with goods and services as our service providers
  • Provide feedback to us on our products and services or quality of service
  • Communicate with us via calls, emails or written correspondences
  • Submit your CV and job application form to us in response to our recruitment advertisements, through recruitment firms or job portals

3 Types of Personal Data We Collect About You

The types of personal data we collect about you include:

  • Medical information (such as allergies, medical conditions, prescriptions, medical and family history)
  • Personal information (such as name, NRIC, gender, nationality)
  • Contact information (such as address, phone number, email address)
  • Financial information (such as credit card details, bank account details)
  • Photos and Images (such as those captured on our CCTV cameras and those required for medical purposes)
  • Transactional data (such as name, company/organisation, designation, address)
  • Job Applicant data (such as educational and professional qualifications as well as work experience)
  • Shareholding data (such information necessary to manage your shareholding with us and to fulfil your other requests)

4 How We Use Your Personal Data

We use the personal data you provide us for one or more of the following purposes:

  • Provide patient care and patient relationship management
  • Provide medical services and meeting healthcare needs
  • Process and administer health records
  • Process payment for services
  • Conduct marketing and promotion activities
  • Monitor the movement of visitors to our physical premises for safety and/or security purposes
  • Respond to booking of appointments, enquiries, update requests and feedback on user experience
  • Facilitate your attendance at our General Meetings and all other shareholder-related matters
  • Process job application and selection
  • Carry out our obligations arising from any contracts entered into between you and us
  • Comply with legal obligations and regulatory requirements

5 Who We Disclose Your Personal Data To

We disclose some of the personal data you provide us to the following entities or organisations outside AML in order to fulfil our services to you:

  • Clinics / Hospitals / Medical Practitioners / Specialists
  • Medical Service Providers such as Laboratories, Radiology and Diagnostic Imaging Centres
  • Government Agencies & Regulatory Authorities such as Ministry of Health, Ministry of Manpower
  • Providers of Professional Services such as Share Registrars, Auditors, Lawyers, Consultants
  • Insurance Companies
  • Banks, Payment Card Processing Companies and other Financial Institutions
  • Data Processing and Hosting Companies such as IT Service Providers, Webhosting Companies and Cloud Service Providers
  • Recruitment Agencies / Headhunters
  • Providers of Goods or Services such as Freight and Courier Services, Warehouse Services

Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.

6 How We Manage the Collection, Use and Disclosure of Your Personal Data

6.1 Obtaining Consent

Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

6.2 Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of our future events and product launches.

Your request for withdrawal of consent can take the form of an email or letter to us.

7 How We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.

From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

8 How We Protect Your Personal Data

We have implemented appropriate information security and technical measures (such as firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.

We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ā€˜need to knowā€™ basis.

9 How We Retain Your Personal Data

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms (including via cloud services). We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

10 How You Can Access and Make Correction to Your Personal Data

You may write to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.

11 How We Transfer Your Personal Data

If there is a need for us to transfer your personal data to another organisation outside of Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singaporeā€™s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.

12 Use of Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

How do we use cookies?

We use cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website

What types of cookies we use?

There are several different types of cookies which our website uses:

FunctionalityĀ ā€“ We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

Google AnalyticsĀ ā€“ We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://policies.google.com/privacy

How to Manage Cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

13 Contacting Us

If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at:Ā [email protected].

Any query or complaint should include, at least, the following details:

  • Your full name and contact information
  • Brief description of your query or complaint

We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

14 Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.Ā 

Changes to this Notice take effect when they are posted on our website.