1. We, the Fullerton Healthcare Group, are committed to safeguarding your privacy. We treat all personal data provided by you in strict confidence, and will only use your personal data in the manner set out in this Policy. This Policy applies to all personal data that you provide to us and the personal data we hold about you. This Policy describes how we may collect, use, disclose, process and manage your personal data. Please DO NOT provide any personal data to us if you do not accept this Policy. All references to the “Fullerton Healthcare Group”, “we”, “us” and “our” refer collectively to the Fullerton Healthcare Group Pte. Ltd. and all its subsidiaries and related companies.
2. Information provided by organisations or individuals to us for business purposes is not considered personal data. This Policy does not apply to business contact information.
AMENDMENT TO THIS POLICY
3. We may amend this Policy from time to time. The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. The updated Policy will be made available upon request from our Data Protection Officer and on our website at www.fullertonhealth.com. If you do not accept any amendment to the Policy, please contact our Data Protection Officer (see paragraph 21 below).
4.1 What is personal data. “Personal data” is data, whether true or not, about a natural person who can be identified from that data or from that data and other information to which we have or are likely to have access. Examples of personal data include name, address, contact details, NRIC, or other identification number, telephone numbers, email address, photograph, video image, personal data of family members, education background, employment history, references, medical history and results of employment checks.
4.2 Voluntary provision of personal data. Your provision of personal data to us is voluntary. However, if you choose not to provide us with the personal data we require, it may not be possible for us to contact you, or provide products or services which you need from us.
4.3 Providing personal data belonging to others. If you provide the personal data of anyone other than yourself (including your family members, employees – in the case of corporate healthcare arrangements fellow etc), you warrant that you have informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes.
4.4 Accuracy and Completeness or personal data. You confirm that all personal data that you provide to us is true, accurate and complete.
5. Anonymous browsing. Anonymity is maintained when you visit our websites at www.fullertonhealth.com and www.fhn3.com. Our websites are not configured to gather any information from your computer, unless you otherwise personally and intentionally provide us with your information.
7. Links to other websites. Our websites may contain links to other websites which are not owned or maintained by us and over which we have no control. These links are provided only for your convenience. This Policy only applies to our website. When visiting these third party websites, you should read their privacy policies.
COLLECTION OF PERSONAL DATA
8. Generally, we may collect your personal data (at all times in accordance with applicable law) when you:
a. register for or use any services or products we provide;
b. respond to or register for any of our initiatives or events;
c. visit our website;
d. send us an email;
e. request to be included in our mailing list;
f. interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
g. call us to fix an appointment;
h. when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend our events;
i. request that we contact you;
j. and/or submit your personal data to us for any other reason.
PURPOSES FOR COLLECTION, USE OR DISCLOSURE OF YOUR PERSONAL DATA
9. Primary purposes. Our primary purpose in collecting your personal data is to serve you. Generally, we collect, use or disclose your personal data (or, where you are our corporate customer, the personal data of your employees) for the following purposes:
a. to manage your relationship with us;
b. to provide you with the services that you have requested;
c. providing you with customer service and support;
d. verifying your identity;
e. to administer medical care, including dispensing medication and treatment, liaising with third party specialist doctors, clinics, hospitals and/or medical institutions in relation to your medical care (including by providing them with access to your medical records);
f. to assist you with your enquiries;
g. to contact you for feedback after the provision of our services;
h. personalising your experience at our touchpoints and conducting market research, understanding and analysing customer behaviour, location, preferences and demographics in order to improve our service offerings;
i. to keep you updated on our events and services;
j. and/or purposes which are reasonably related to the aforesaid.
10. Business purposes. In addition to the purposes set out above, we may also collect, use and/or disclose your personal data for purposes connected or relevant to our business, such as:
a. complying with our legal obligations and requirements;
b. enforcing obligations owed to us and administering debt recovery and debt management;
c. research into the development of new products and services or improvement of our existing products and services;
d. accounting, risk management and record keeping;
e. carrying out research, planning and statistical analysis;
f. processing and handling of medical and insurance claims and payments; and
g. staff training;
h. monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
i. preventing, detecting and investigating crime and analysing and managing commercial risks;
j. in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
k. managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
l. conducting any form of investigations including but not related to those relating to disputes, billing, fraud, offences, prosecutions etc.;
m. meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);
n. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales); and/or
o. purposes which are reasonably related to the aforesaid
11. Vendors. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by us, in addition to the other purposes set out in this Policy (as may be applicable), we may also collect, use and/or disclose your personal data and/or personal data submitted by you to us for the following purposes:
a. assessing your organisation's suitability as an external service provider or vendor for us;
b. managing project tenders and quotations, processing orders or managing the supply of goods and services;
c. creating and maintaining profiles of our service providers and vendors in our system database;
d. processing and payment of vendor invoices and bills;
e. facilities management (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
f. purposes which are reasonably related to the aforesaid.
12. Marketing purposes. If you have consented, we may collect, use and/or disclose your personal data for the purposes of marketing our products and services and those of our strategic partners and business associates e.g. informing you of our latest events and services. In order for us to market products and services which are of special interest and relevance to you in order to collect, use and/or disclose your personal data for these marketing purposes, we may analyse and rely on your overall interaction with us (such as but not limited to your medical and treatment history as well as your other interactions with us).
13. Withdrawal of consent for marketing purposes. You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found below. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to [30 calendar days] for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from us.
14. Contacting you. When using your personal data to contact you for any of the above purposes, we may contact you via regular mail, fax, e-mail, SMS, telephone or any other means. In relation to the sending of marketing or promotional information, we will only send you such information via regular mail, fax, e-mail, SMS, telephone or any other means where this is permitted under the PDPA.
DISCLOSURE OF PERSONAL DATA
15. We will not sell your personal data to third parties. Subject to the provisions of any applicable law, your personal data may be disclosed, for the purposes listed above (where applicable) to the following entities or parties, whether they are located overseas or in Singapore:
a. amongst Fullerton Healthcare Group and affiliates;
b. where you have consented to our disclosure of your personal data to our strategic partners and business associates, we may disclose your personal data to them for such purposes;
c. service providers and data processors working on our behalf and providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, marketing etc.
d. our consultants and professional advisers (such as accountants, lawyers, auditors);
e. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
f. external banks, credit card companies, other financial institutions and their respective service providers;
g. relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority (including the Ministry of Health), or any other party to whom we are required or permitted to disclose personal data at law; and/or
h. any other party to whom you authorise us to disclose your personal data.
TRANSFER OF PERSONAL DATA OUT OF SINGAPORE
16. Transfer outside Singapore. You fully understand and unambiguously consent that we may transfer your personal data to any location outside of Singapore for the purposes set out above.
17. The personal data collected from you by us is retained for the period of time that the purpose for which the personal data was collected continues.
18. We will destroy the personal data thereafter, unless it is necessary to retain the personal data longer for our satisfaction and compliance of legal, regulatory or accounting requirements, or to protect our interest.
19. While precautions will be taken to ensure that the information you provide is protected against unauthorised or unintended access, we cannot be held responsible for unauthorised or unintended access that is beyond our control.
20. Contact Data Protection Officer. If you wish to withdraw any consent you have given us at any time, or if you wish to correct or have access to your personal data held by us, or if you do not accept any amendment to this Policy, please contact our Data Protection Officer:
Name : Marilyn Choo
Tel : +65-66725668
Email : firstname.lastname@example.org
21. Fee for access. We may charge you a fee for responding to your request for access to your personal data held by us, or for information about the ways in which we have (or may have) used your personal data in the one-year period preceding your request. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.
22. Please note that if your personal data has been provided to us by a third party (e.g. a general practitioner or your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf.
23. Effect of withdrawal of consent. In many circumstances, we need to use your personal data in order for us to provide you with products or services which you require. If you do not provide us with the required personal data, or if you withdraw your consent to our use and/or disclosure of your personal data for these purposes, it may not be possible for us to continue to serve you or provide you with the products and services that you require.
24. This Policy is governed by the laws of Singapore. You consent to submit to the exclusive jurisdiction of the Courts of Singapore in any dispute relating to this Policy.