Your privacy is important to us. We are committed to maintaining the confidentiality of your personal information that you submit through this Website or mobile app.
This statement sets out how we, Singapore Paincare Holdings and its subsidiaries, collectively referred to herein as “Singapore Paincare”, “us”, “we” or “our”) manage personal data in connection with the Personal Data Protection Act (No. 26 of 2012) (“The Act”).
By interacting, submitting information, enrolling or signing up for any products or services offered by us, you agree and consent to Singapore Paincare collecting, using, disclosing and sharing amongst ourselves your Personal Data and disclosing such Personal Data to our authorised service providers, partners and relevant third parties in the manner set forth in this Privacy Statement.
This statement describes how we collect, use, disclose, process and protect your personal data. When you visit our website or mobile application or request a service from any entity within Singapore Paincare, your use or continued use of our services shall be deemed as your acceptance and agreement to be bound by the provisions of this Statement.
This statement supplements but does not supersede nor replace any other consents you may have previously provided to us or our partners in respect of your Personal Data and your consents herein are additional to any rights which to any of us may have at law, to collect, use or disclose your Personal Data.
For the purpose of the Act, we are a data intermediary when we process personal data on behalf of and for the purposes of another organisation. At the same time, we also collect, use and disclose personal data in compliance with the Act for purposes that are lawful, reasonable and appropriate.
Singapore Paincare may from time to time, update this Privacy Statement to ensure that this Privacy Statement is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Please check back regularly for updated information on the handling of your Personal Data.
In this Privacy Statement, “Personal Data” refers to any data, whether accurate or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access, including data in our records as may be updated from time to time.
Example of Personal Data you may provide to us include your name, NRIC, passport or other identification number, telephone number, mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us or through other forms of interaction with you.
We may collect Personal Data in the following ways:
a) When you submit any form, including but not limited to application, declaration, proposal or referral forms;
b) When you respond or take part in our surveys, campaigns and other promotional activities;
c) When you interact with our staff or business partners, including call centre personnel, client servicing personnel, and other representatives via email, telephone calls (which is recorded), letters, memos, fax, face-to-face-meetings, digital platforms;
d) When you enter into any agreement or provide other documentation or information in respect of your interactions and transactions with us or when you use our services directly or through our insurance partners whether through our website or mobile applications;
e) When you provide your Personal Data (directly or through your employer or our business partners) to use or access some of our services, whether provided in-person or through our website or mobile application(s), such as medical consultation, teleconsultation or claim administrative support;
f) When we receive references from business partners and third parties regardless if the referral came from you;
g) When you submit an employment application or when you provide documents or information including your resume and/or Curriculum Vitae in connection with any appointment under us;
h) When we are performing finance function, such as preparing for tax filing, processing payments, credit notes and refund, billing, accounting and auditing, and other related activities for the maintenance of proper book-keeping of our operations;
i) When your images are captured by us via CCTV cameras while you are within our premises or via photographs or videos taken by us or our designated partners when you attend events hosted by us;
j) When you submit your personal data to us for any other reason; and
k) When you submit personal data relating to a third party (e.g., information of your spouse, children), for the purpose of us offering our products and/or services to that third party. By submitting such information to us, you warrant that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.
1.1 TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
Depending on the nature of transactions you have with us, the types of personal data we collect about you may include:
a) Your personal information such as name and NRIC;
b) Contact information, such as residential address, email address and mobile phone number;
c) Your medical information when you are using our medical care or claim administrative services, such as medical conditions, prescriptions, medical history and family history;
d) Your financial information such as bank account number, credit card details and other related payment details;
e) Your personal government-issued identification document numbers such as NRIC/FIN/work permit/birth certificate and passport numbers; as required by healthcare sectoral law for purposes of medical treatment or necessary to accurately establish or verify your identity to a high degree of fidelity;
f) Personal background (such as nationality and race), family background (such as marital status and names of family members), personal profile (such as academic qualification and work experience) and other information necessary for hiring process or to other special requests.
g) Singapore Paincare may also collect non-personally identifiable information about you, such as use of our website, internet protocol addresses, browser and computer system information, cookies, invisible pixels, web beacons, and aggregated data related to your use of our platforms.
You are assured that Singapore Paincare will not collect your Personal Data more than necessary to fulfil one or more purposes that the data is collected for. Whilst we will take reasonable precautions and verification checks to ensure that the Personal Data we have collected from you is reasonably accurate, complete and up-to-date, you should ensure that all Personal Data submitted to us is complete, accurate, true and correct. If there is a change to your contact information such as your address, email address, telephone number, do update us to ensure you will continue to receive communications from us without disruption or delay. Failure to do so may result in our inability to provide you with products and/or services that you have requested.
1.2 OBTAINMENT OF CONSENT
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We next obtain written confirmation from you on your expressed consent. As far as possible, we will not collect more personal data than necessary for the stated purposes within this notice.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you request for medical services, whether in-person or through our mobile application.
If you request for medical consultation with us on behalf of another individual, you must first obtain consent or show that you are authorised to act on behalf of that individual in order for us to collect, use or disclose his/her personal data. Where consent can be obtained, that individual must be notified of the purposes for the collection, use or disclosure of his/her personal data.
2. PURPOSE AND USAGE OF DATA
Personal Data may be shared among our subsidiaries, affiliates, partners and third parties to enable us to provide service to you and for our business purposes. We may use the Personal Data in one or more of the following purposes:
2.1 PROVISION AND IMPROVEMENT OF SERVICES
a) Providing you with our services, such as managed healthcare solutions, medical services and claims processing whether through our website, mobile application;
b) Providing customer service and administrative support such as responding to, processing and handling your enquiries, requests, feedback and complaints, issuing letters of guarantee, administrating insurance coverage and processing claims and settlement of bills and other credit-related activities;
c) Providing you with information that may be of your interest, such as publications, events, news and promotional materials relevant to your business, potential needs and purchases;
d) Generating reports and performance of analytics for the purposes of developing or improving our products, services, security, service quality and marketing strategies;
e) Verifying your identity;
f) Requesting feedback or participation in surveys as well as conducting market research;
g) and/or purposes which are related to the aforesaid.
2.2 OTHER BUSINESS AND LEGAL PURPOSES
a) Office management, operations, and administration purposes and for independent and conflict clearance, due diligence and background checks in accordance with legal, regulatory and professional requirements;
b) Performing human resource management, training, and career development;
c) Assessing your or your organisation’s suitability as an employee, external services provider, business partner, or vendor for Singapore Paincare;
d) Managing and preparing reports on incidents or accidents;
e) Managing the safety and security of our premises and services including but not limited to carrying out CCTV surveillance and conducting clearances;
f) Preventing, detecting, and investigating crime, including fraud and money laundering or terrorist financing and analysing and managing commercial risks;
g) Carrying out our obligations arising from any contracts entered into between you and us;
h) Complying with legal obligations and regulatory requirements;
i) Protecting and enforcing our contractual and legal rights and obligations;
j) and/or purposes which are related to the aforesaid.
These purposes may also apply even if you do not maintain an account with us or your account, relationship has been terminated with us. Arrangements are in place to ensure the security of any personal data shared.
Subject to the provisions of the applicable law, we may disclose your Personal Data to parties mentioned below (examples provided are not exhaustive) to achieve one or more purposes listed in section 2.
a) Parties to whom disclosure is necessary to provide our services to you:
– Singapore Paincare Holdings and its subsidiaries
– Clinics, hospitals, medical practitioners, and specialists
– Associated medical service providers such as laboratories, imaging and diagnostics services
– Our business partners such as insurance companies
– Banks, payment card processing companies and other financial institutions
– Providers of goods or services such as IT services and courier services
b) Parties to whom disclosure is necessary for the management, operation and administration of our business:
– Providers of professional services such as auditors, lawyers, consultants
– Commercial service and training providers
c) Parties to whom disclosure is necessary or in our good faith belief that such disclosure is necessary to (i) fulfil our contractual, legal and regulatory obligations, (ii) comply with legal process, (iii) respond to any claim or investigation and protect our rights, property or personal safety:
– Government agencies and regulatory authorities such as court, tribunal, Ministry of Health, Ministry of Manpower, IRAS, Police Force
– Professional advisor such as lawyers
We will use our best endeavours to ensure that your personal data is protected by such third parties or cause them to be bound to hold your data in confidence such as by entering a legally binding instrument with them
3.1 OVERSEA TRANSFERS OF PERSONAL DATA
If there is a need for us to transfer your personal data to an organisation outside of Singapore, whether is within Singapore Paincare or not, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not the case, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
To safeguard your personal information, all electronic storage, hosting, processing, transmission and backup (for the purpose of disaster recover or otherwise) of personal and other information are secured with appropriate administrative, physical and technical security measures.
While we take reasonable efforts to maintain the confidentiality and security of your personal data, we cannot guarantee that any information that is transmitted or stored electronically is completely secure or that no harmful code will enter our website (for example viruses, bugs, trojan horse, spyware, adware).
For users with username and password login, you undertake to keep the username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person and to inform us as soon as reasonably practical if you know or suspect that someone else has access to your username and password or believed that the confidentiality has been compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damage from any security breaches on unauthorised and/or fraudulent use of your username and password.
We will retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required for legal or business purposes. Any personal data which are no longer needed for legal or business purposes will be destroyed or hashed according to our document retention guidelines.
6. USAGE OF COOKIES AND ANALYTICAL TOOLS
We may also include third party links on our website for your convenience and information. These linked sites have separate and independent privacy policies and hence we undertake no responsibility or liability for the content and activities of these link sites and we encourage you to consult the privacy notices of their sites.
7. REVIEW, CORRECTION AND WITHDRAWAL
We may upon written request, allow you to view your stored personal information and how it may have been used and/or disclosed by us in the past one year, subject to legal requirements. We reserve the right to charge a reasonable administrative fee for this service. We will respond to such request within 30 days of receipt of your written request.
Kindly inform us in writing if any personal information which we hold about you needs to be corrected or updated.
You may subject to applicable law, regulations and professional standards at any time, give us reasonable written notice of your withdrawal of consent to collect, use or disclose the personal information. If you choose to withdraw your consent to any or all or the disclosure of your personal data, we will not be in a position to continue providing our services to you. Withdrawal may also result in the termination of any agreement you may have with us.
You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found below. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 30 calendar days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from us.
8. DATA INTERMEDIARY
If we process personal data on your behalf and or your purposes as a data intermediary, we shall:
a) Observe the relevant obligations under the Act in the performance of our services;
b) Process the personal data we receive from you only to the extent necessary for the purposes specified in the engagement and in accordance with our agreement from time to time given in writing and shall not process the personal data for any other purpose;
c) Ensure that access to the personal data is limited to employees who need to access to meet our obligations to you and they shall be bounded by a non-disclosure agreement;
d) In order to perform the services, share the personal data with our subsidiaries and affiliates, whether in Singapore or elsewhere. When doing so, we will require them to ensure that the personal data are kept secure and confidential in accordance with the standard prescribed under the Act;
e) Use reasonable degree of professional care to prevent unauthorised use, dissemination or disclosure of personal data and shall implement any generally applicable physical, technical and administrative measure to protect the personal data from accidental or unauthorised disclosure alteration, loss of destruction;
f) Notify you promptly in writing if we become aware of any accidental or unauthorised disclosure, alteration, destruction or loss of personal data unless prohibited from doing so by law;
g) Take reasonable action within reasonable time and investigate the security incident, and use its best efforts to mitigate the impact and scope of any security incident, and to carry out such recovery or other action we determine necessary in the circumstances to remedy the security incident; and
h) Not hold personal data any longer than required by law for the purpose of performing or having performed the services or for legal or business purposes.
In the same regard, if we process personal data on your behalf and for your purposes, you:
a) Will provide us with specific written instructions with regard to the processing of personal data. Oral instructions given by your authorised representatives will be accepted by us;
b) Undertake and warrant that you have lawfully obtained personal data of your employees and have sufficient legal grounds, including all necessary authorisations, consents, or permissions to provide us with the personal data that is accurate and provided in any form to us in a secured way;
c) Will inform us immediately in writing of any change, including any error or omission, with regards to the lawful processing and use of any of the personal data; and
d) Will inform us as soon as reasonably possible of any access request for correction or blocking or deletion of personal data or any objection made by your employees, representatives or represented, relating to the processing of their personal data.
9. PRIVACY STATEMENT CHANGES
If you require more information relating to this statement or require amendments or withdraw your consent, please contact us at:
Data Protection Officer
Singapore Paincare Holdings Limited
101 Cecil Street, Tong Eng Building #10-01
If your personal data was provided to us by a third party, kindly contact that organisation or your representative to make such a request or query on your behalf.
Effective date : 30 September 2021
Last updated : 30 September 2021