CelliHealth Pte. Ltd. (“CelliHealth”, “we”, “us”, “our” or “ours”) takes our responsibilities under the Personal Data Protection Act (the “PDPA”) seriously. We recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data. Please read this Personal Data Protection Policy (the “Data Protection Policy”) so that you know and understand how we collect, use and disclose the personal data you have provided to us.
This Data Protection Policy applies to your use of online and mobile services provided by CelliHealth, including but not limited to, the CelliHealth website located at www.cellihealth.com and the content available on or through it (the “Website”), and mobile applications hosted by or on behalf of CelliHealth (collectively, the “Services”).
We are committed to the privacy of our visitors and the protection of your personal data. While using our Services, we will not collect any personal data about you except as set out in this Policy or unless you choose to provide that information to us. By providing your personal data to us, you consent to us collecting, using, disclosing and processing your personal data in accordance with this Data Protection Policy.
By using the Services, you agree and consent to CelliHealth collecting, using and disclosing your personal data, and disclosing such personal data to our authorised service providers and relevant third parties in the manner set out in this Data Protection Policy.
1. Introduction to the PDPA
- Personal data is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organization has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, medical records, photographs and video images.
- We will collect your personal data in accordance with the PDPA. We will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.
2. Non-disclosure of medical information
- We are highly committed to keeping your health information private and protected. This includes the information you provide to determine your CelliHealth Score and other information contained in your CelliHealth profile.
- You are the sole owner of your health records and CelliHealth will not use any information that can identify you as the owner of your records except with your permission or as indicated in this policy.
- CelliHealth will never disclose your health information to any third party without your authorization unless required by law or for provision to certain third parties as stated in this policy.
- We take necessary precautions against use or disclosure of health-related information that is unauthorised or inappropriate. Because our service platform is highly automated, our employees do not have access to personally identifiable healthcare information
3. Collection of personal data
CelliHealth will only collect such personal data if it is necessary for one of our functions or activities and if it is reasonable and practical to do so. Some examples of the types of information which we may collect about our users include:
- Health screening results and user lifestyle data to deliver a personalized chronic disease prevention program
- Contact information such as names, addresses, telephone numbers, and email addresses;
- Unique information such as photograph, contact preferences, and date of birth; and
- Transaction history.
4. How we collect your personal data
Some examples of how personal data can be collected:
- When you subscribe to our Services and register your details;
- When you are using our application;
- When you make purchases or requests for our products or services; and
- When you communicate with us directly in relation to our products and services.
5. Purposes for collecting, using, disclosing and processing your personal data
The personal data which we collect from you may be collected, used, disclosed and processed for various purposes, depending on the circumstances for which we may need to process your personal data, including:
- To communicate with you;
- To personalize your care under our Services, and tailor products and services to match your needs;
- To administer and process any payments related to products and services requested by you;
- To establish your identity and background;
- To respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
- To share any of your Personal Data with our business partners to jointly develop products and/or services or launch marketing campaigns;
- To provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time;
- To monitor, review and improve our products and/or services;
- To process and analyze your Personal Data either individually or collectively with other individuals;
- To conduct market research, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and services;
- To conduct scientific research, analysis of healthcare trends and patterns; and/or
- For other purposes required to operate, maintain and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent .
(collectively, the “Purposes”).
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. However, we will not disclose any health-related personal information about you to any third party.
6. Specific issues for the disclosure of personal data to third parties
- So that we can provide a wide range of products and services to you, third party service providers offering services may be engaged by CelliHealth, including the following:
- We are committed to preserving the confidentiality of the personal data you have provided to us. CelliHealth does not share, sell, rent or release any personal data collected to any individuals, companies or groups. Any information we collect is used for our own purposes as described in this Data Protection Policy.
- Professional advisors, consultants and/or external auditors; and
- Third party service providers who provide operational services such as telecommunications, information technology, postal and courier services, marketing promotions.
- The third parties with whom we conduct business are only authorized to use your information to perform the service for which they were engaged. Where we disclose your personal data to these third parties, we will employ our best efforts to require such third parties to protect your personal data in accordance with this Data Protection Policy.
- While we take our Data Protection Policy seriously, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
- Cases in which the disclosure is required or authorized based on the applicable laws and/or regulations;
- Cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
- Cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- Cases in which the disclosure is necessary for any investigation or proceedings;
- Cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- Cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
- Where such disclosure without your consent is permitted by the PDPA or by law.
- The instances listed above at paragraph 6.4 are not intended to be exhaustive. For more information on the exceptions, you are encouraged to peruse the Second, Third and Fourth Schedules of the PDPA, which are publicly available at http://statutes.agc.gov.sg
7. Sharing your information with persons involved in your care
Upon your written authorization, we may disclose relevant protected health information to a person who is involved with your care. We find that many of our users want to share information regarding their health with their family users, doctors and other third parties to keep these persons up-to-date on their care. We share only the information that has been explicitly authorized by you for disclosure.
8. Cookies and Log Files
We may also employ the use of anonymous identifiers, which are random strings of characters that are used for the same purposes as cookies on mobile devices, where cookie technology is not available.
Due to the communications standards on the Internet, when you visit cellihealth.com, our servers automatically record certain information that your web browser and or device sends whenever you access the website or mobile applications. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, platform type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed and order of those pages, the amount of time spent on particular pages, the date and time of your request, and one or more cookies that may uniquely identify your browser. This information is used to analyze overall trends to help us improve the service, but is not linked to personally identifiable information in any way.
9. Request for access or correction of personal data
- You may request to access, correct or delete the personal data currently in our possession by submitting a request in writing to our Data Protection Officer at DPO@cellihealth.com. If you are a CelliHealth user, you may access your personal data by logging into our Services and viewing or editing your information.
- For a request to access personal data, we will provide you with the relevant personal data within thirty (30) working days from such a request being made.
- Where a request cannot be complied with within the above time frame, we will advise you on how soon we can respond.
- For a request to correct personal data, we will:
- correct your personal data as soon as practicable after the request has been made unless we have reasonable grounds not to do so; and
- subject to paragraph 8.5, we will send the corrected personal data to every other organization to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organization does not need the corrected personal data for any legal or business purpose.
- Notwithstanding paragraph 8.4(b), we may, if you so consent, send the corrected personal data only to specific organizations to which the personal data was disclosed by us within a year before the date the correction was made.
- Depending on the scope and nature of the work required to process your access request, we may be required to impose a fee to recover our administrative costs. This will be assessed on a case-by-case basis by our Data Protection Officer. Where such a fee is to be imposed, we will provide you with a written estimate of the fee for your consideration. Please note that we will only process your request once you have agreed to the payment of the fee.
10. Request to withdraw consent
- You may withdraw your consent for the collection, use or disclosure of your personal data in our possession or under our control by submitting a request in writing to our Data Protection Officer at DPO@cellihealth.com.
- We will process your request within thirty (30) working days from such a request for withdrawal of consent being made, and will thereafter not collect, use or disclose your personal data in the manner stated in your request.
- However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us.
- The collection of your personal data by us may be mandatory or voluntary in nature depending on the Purposes for which your personal data is collected. Where it is obligatory for you to provide us with your personal data, and you fail or choose not to provide us with such data, or do not consent to the above or this Policy, we will not be able to provide products or services or otherwise deal with you.
11. Administration and management of personal data
- We will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organization. However, this means that you must also update us of any changes in your personal data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us of any changes in your personal data that you had initially provided us with.
- We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
- We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
12. Complaint Process
- If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance by writing to our Data Protection Officer at DPO@cellihealth.com.
- We recommend you write “PDPA Complaint” in the subject header of the email to assist us in attending to your complaint speedily.
- We will strive to deal with any complaint or grievance that you may have expeditiously and fairly.
13. Updates on Data Protection Policy
- As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
- We reserve the right to amend, add or remove terms of this Data Protection Policy from time to time at our sole discretion. We may also place a special notice or communicate significant changes by email.
- You are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
- Your continued use of the Services following the posting of changes will mean that you accept and agree to the amended policy.
14. Contact us
If you have any questions about this Data Protection Policy, please do not hesitate to contact our Data Protection Officer at DPO@cellihealth.com.