Personal Data Protection Policy

Updated as of Friday, 26 March 2021

Welcome to EHA Clinic. We have two branches and this policy shall encompass both

  1. EHA Clinic,  Shaw Centre Singapore at 1 Scotts Road, #15-01, S228208
  2. EHA Clinic Jurong,Blk 492 Jurong West St 41, #01-40, Singapore 640492

For this Policy, references to “EHA Clinic”; “EHA Clinic Jurong”; “us”; “we” or “our”, shall include the clinics listed above, and all of them collectively.

Your privacy is important to us. The purpose of this Policy is to inform you of how EHA Clinic manages personal data in accordance with the Personal Data Protection Act 2012 (the “Act”). Please take a moment to read this Policy so that you know and understand how we collect, use and disclose your Personal Data. 

By interacting with any of the practices under EHA Clinic; using any part of our services; submitting information to us; or signing up for any promotions or services offered by us, you agree and consent to any of the constituent members of EHA Clinic; our related corporations and affiliates; (collectively referred to hereinafter as “EHA Clinic”, “us”, “we” or “our”), as well as our respective representatives collecting; using; and sharing amongst themselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth in this Policy.

This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us nor does it affect any rights which we may have at law in connection with the collection, use or disclosure of your Personal Data. We reserve the right to make changes to any part of this Policy at any time at our sole and entire discretion. All changes are effective immediately when we post them, and apply to all access to and use of the services thereafter. By continuing to use any part of the services after such notice, you agree to this Policy, as modified. Please check this page from time to time so you are aware of any changes, as they are binding to you. 

For the avoidance of doubt, and unless otherwise stated by us in other arrangements for which we may enter into in writing with you, this Policy and our Standard Terms of Trade constitute the agreement between you and us in relation to your use of any part of our services (the “Agreement”).

In the event of any conflict, inconsistency or conflict between this Policy and the rest of the Agreement in relation to our collection, use and disclosure of your Personal Data, this Policy shall prevail. All defined terms contained elsewhere in the Agreement shall apply to this Policy unless otherwise specifically stated.

YOUR PERSONAL DATA

For this Policy, “Personal Data” refers to any data or information about you from which you can be identified either (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Examples of such Personal Data which you may provide to us include (depending on the nature of your interaction with us):

your name; NRIC, passport or other identification number; telephone number(s); mailing address; email address; and any other information relating to you which you have provided us in any forms you may have submitted to us, or in other forms of interaction with you;

your medical and dental history;

X-rays, clinical photographs and study models;

information about proposed treatments; options; consents to treatments; treatments provided and their cost;

notes of conversations or incidents that might occur for which a record needs to be kept;

any correspondence with other healthcare professionals relating to you including agreed referrals to other healthcare professionals;

information about your use of EHA Clinic’s website and services, including cookies; IP addresses, but only to the extent that EHA Clinic may identify you from such information;

your payment related information, such as your bank account or credit card information, and your credit history with us; and 

information about your usage of and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website.

COLLECTION OF PERSONAL DATA

Generally, we collect your Personal Data in the following ways: 

  • when you submit your registration form or other forms relating to any of our products or services;
  • when you enquire about; contact us; register for or use any of our services on websites or mobile applications owned or operated by us or when you register as a member of websites owned and/or operated by us, or use services on such websites;
  • when you enquire about; contact us; register for or use any of our services on third party websites or mobile applications, such as Facebook; Instagram and other social media platforms (“Third Party Sites”);
  • when you interact with our staff;
  • when you use any of our services or products;
  • when you establish any online accounts with us;
  • when you request that we contact you;
  • when you are contacted by, and respond to, our marketing representatives and agents;
  • when you respond to our request for additional Personal Data;
  • when your Personal Data is transferred to us by your employer or a third party;
  • when you ask to be included in an email or other mailing list;
  • when you respond to our promotions and other initiatives;
  • when we receive references from business partners and third parties, for example, where you have been referred by them;
  • when you enter into any transaction with us; 
  • when we collect photographs of you for purposes of establishing the “before” and “after” effects of a treatment; and/or
  • when you submit your Personal Data to us for any other reason.

 When you browse our website, you generally do so anonymously, but please see the section below on cookies below.

 If you provide us with any Personal Data relating to a third party (for e.g. information of spouse, children, parents, employees and/or authorised representatives), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.

You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested; and/or to contact you for the same.

PURPOSES FOR COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA

 Generally, we collect, use and disclose your Personal Data for the following purposes:

  • to prepare for and to complete your medical care services;
  • to identify and print prescriptions;
  • to generate work certificates and notes;
  • to type and print a referral letter to another healthcare professional where requested or where necessary or beneficial;
  • to open correspondence or any other documents from other healthcare professionals;
  • to print/photocopy your records if you instruct us to forward them to another
  • healthcare professional;
  • to collate, print, photocopy and post insurance or medico-legal reports;
  • to contact you in regard to incomplete treatment plans;
  • responding to your queries and requests and responding to complaints;
  • managing the infrastructure and business operations of EHA Clinic and complying with internal policies and procedures;
  • facilitating business asset transactions (which may extend to any merger, acquisition or asset sale);
  • matching any Personal Data held which relates to you for any of the purposes listed herein;
  • verifying your identity;
  • preventing, detecting and investigating crime, including fraud and money-laundering, and analyzing and managing other commercial risks;
  • protecting and enforcing our contractual and legal rights and obligations;
  • managing commercial risks, conducting audits, reviews and analysis of our internal processes, action planning and;
  • engaging in marketing and promotional activities to which we may agree to in writing with you;
  • compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities; and/or
  • any other purpose relating to any of the above.

 In addition, we may collect, use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:

(a)  If you have a patient record with us:

  • to process your application as a new patient;
  • to maintain your record with us;
  • to verify and process your personal particulars and payments in relation to provision of services to you;
  • communicating with you to inform you of changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
  • resolving complaints and handling requests and enquiries;
  • conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you; and/or
  • processing of your Personal Data in relation to any of the purposes stated above.

(b) If you use download or use any part of our services (including our website and any of our social media Third Party Sites):

  • to verify and process your personal particulars and payments in relation to provision of goods and services to you;
  • to provide you with the goods and services which you have signed up for and to push messages to you which may be relevant to you;
  • communicating with you to inform you of changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
  • resolving complaints and handling requests and enquiries;
  • conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you; and
  • the processing of your Personal Data in relation to any of the purposes stated above.

 In addition, where permitted under the Act, we may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as “Additional Purposes” for the handling of Personal Data):

  • providing services, products and benefits to you, including promotions, loyalty and reward programs;
  • matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of products and services, whether by EHA Clinic or other third parties;
  • sending you details of products, services and promotions, either to our patients generally, or of particular products and services which may be of interest to you; and
  • conducting market research, understanding and determining customer location, preferences and demographics for us to review, develop and improve our products, services and also develop special offers and marketing programs.

If you have provided your telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, we may contact you using such telephone number(s) (including via voice calls, text messages, whatsapp messages or other means) with information about our products and services (including discounts and special promotions).

In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, then we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

You also consent to the collection, use and disclosure of your Personal Data by EHA Clinic in connection with any transaction relating to the acquisition, divestment, securisation, amalgamation, listing or other transaction relating to any interest in EHA Clinic, the shares or assets of EHA Clinic, and any other corporate transaction involving EHA Clinic, including any evaluation or due diligence relating thereto, as well as to the collection, use and disclosure of such information by the counterpart(ies) thereto for the same purposes, and the provision of goods and services by such counterpart(ies) following such transaction, as may be relevant.

DISCLOSURE OF PERSONAL DATA

We shall take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, this Personal Data may be disclosed, for the purposes listed above (where applicable), to the following third parties, whether they are located overseas or in Singapore:

  • the EHA Clinic companies and other companies associated with EHA Clinic;
  • agents, contractors or third party service providers who provide operational services to EHA Clinic, such as telecommunications, information technology, payment, payroll, processing, training, market research, newspaper vendor services, newspaper delivery services, storage, archival or other services to EHA Clinic;
  • vendors or any third party business partners who offer goods and services or sponsor contests or other promotional programs on EHA Clinic sites, whether in conjunction with us or not;
  • external business and charity partners in relation to corporate promotional events;
  • the Credit Bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
  • any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale;
  • anyone to whom we transfer or may transfer our rights and duties;
  • banks, credit card companies and their respective service providers;
  • our professional advisors such as our auditors and lawyers;
  • relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority; and
  • any other party to whom you authorise us to disclose your personal data

USE OF COOKIES 

When you interact with us on our websites, we may collect or analyse anonymised information from which individuals cannot be identified (“Aggregate Information”), such as number of users and their frequency of use, the number of page views (or page impressions) that occur on the website and common entry and exit points into website.

EHA Clinic uses “cookies”, where a small data file is sent to your browser to store and track Aggregate Information about you when you enter our websites. The cookie is used to track information such as the number of users and their frequency of use, profiles of users and their preferred sites. 

 EHA Clinic may use an independent company (the “Third Party Market Research Company”) to measure and analyse the Internet usage across EHA Clinic web sites. EHA Clinic uses the Third Party Market Research Company’s services to collect the following core information on the usage of our websites, including:

  • The number of page views (or page impressions) that occur on EHA Clinic websites;
  • The number of unique visitors;
  • How long these unique visitors (on average) spend on EHA Clinic web sites when they do visit; and
  • Common entry and exit points into EHA Clinic websites.

This information is aggregated by the Third Party Market Research Company and provided to EHA Clinic to assist in analysing the usage of our websites. Such data is also accessible by media organizations and research companies, for the purpose of conducting industry comparisons with other Internet portals

Pages on EHA Clinic websites may be coded with software which enables the Third Party Market Research Company to track visitors to our websites.

Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.

THIRD-PARTY SITES

Our websites may contain links to other websites operated by third parties, such as our business partners. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our websites, you should check the applicable terms, conditions and policies of the third party website to determine how they will handle any information they collect from you.

WITHDRAWAL OF YOUR CONSENT 

Should you wish to withdraw consent to use of your Personal Data or obtain access to or make corrections to your Personal Data records, please log in to the relevant account through which the Personal Data was provided, if any, failing which please contact the relevant Personal Data Protection Officer, who may be contacted at [email protected]

Please note that if your Personal Data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests to EHA Clinic on your behalf.

Please note that if you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, EHA Clinic may not be in a position to continue to provide at least some of its products or services to you or administer any contractual relationship in place, and this may also result in the termination of any agreements with EHA Clinic and your being in breach of your contractual obligations or undertakings, and EHA Clinic’s legal rights and remedies in such event are expressly reserved.

WHEN VISITING OUR PREMISES OR COMMUNICATING WITH US

 You hereby acknowledge and agree that:

  • you shall have no expectation of privacy with respect to your use of EHA Clinic’s telecommunications, networking or information processing systems (including, without limitation, stored company files, e-mail messages, voice messages and text messages), even if you are allowed to secure any of them by way of personally-selected passwords, and that your activities and any files or messages on or using any of those systems may be monitored at any time by the EHA Clinic without notifying you;
  • EHA Clinic’s premises, and any property situated on EHA Clinic’s premises; and any items of personal property that you may bring onto EHA Clinic’s premises, even if you are allowed to secure them by a personally provided lock or personally selected code, are subject to search and inspection by EHA Clinic’s personnel for legitimate businesses reasons and subject to applicable law; and
  • EHA Clinic’s premises, including non-public areas, may be monitored regularly by closed circuit surveillance cameras (“CCTV”) for monitoring and security purposes. You agree and understand that some of your activities during your visits may be collected in such manner.  

You shall immediately inform us of any change in your Personal Data – including, without limitation, your marital status, education, home address, home telephone number, mobile telephone number, emergency contact details, next of kin, – to such detail so as to allow us to remain in compliance with the Act.  We shall endeavour to use reasonable efforts but shall not be obliged to procure Personal Data updates from you on a regular periodic basis. For the avoidance of doubt, we shall not be liable to you for any damage, claim and/or harm suffered by you as a result of your failure to update the Company of any change of your Personal Data.

Should you fail to inform us of your new home address, any correspondence sent by us to your last home address shall be deemed to have been duly received by you.

You hereby agree and confirm that we and/or any third parties acting on our behalf may contact you, for the purposes listed in the Personal Data Protection Policy, using all of your communication means in our possession, including, but not limited to, voice calls, Short Messaging Service, Multimedia Message Service, Whatsapp, Facebook Messenger, WeChat, Line, Telegram, Instagram DM, email, fax or other similar communications applications or methods.

GOVERNING LAW

This Personal Data Protection Policy shall be governed in all respects by the laws of Singapore.

DATA RETENTION

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the retention period for your Personal Data, we (amongst other things) consider the nature of the Personal Data, the risk of unauthorised use or disclosure of your Personal Data, the purposes for which we process it and the applicable legal requirements.

Details of retention periods for different aspects of your Personal Data are available on request, by contacting us.

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

ACCESS AND CORRECTION OF YOUR PERSONAL DATA

Should you wish to access; correct; or update your Personal Data in our records, please contact the relevant Personal Data Protection Officer, who may be contacted at [email protected]

You will, generally, not have to pay a fee to access your Personal Data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

 We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one (1)week. Occasionally it may take us longer than a week if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

HOW TO CONTACT US 

Please contact our Data Protection Officer (“DPO”) by email if you have any questions about this Personal Data Protection Policy or the information we hold about you using the details are shown below:

EHA Clinic, [email protected]