In this policy, “we”, “us”, “our” or “Medicfits” means Medicfits Pte Ltd, “you”, “your” or “yours” means the persons to whom this policy applies. “Site” means www.medicfits.com and “App” means Medicfits application downloaded on your phone or any electronic device. “PDPA” means the Singapore Personal Data Protection Act, 2012.
The security of your personal data is important to us. Medicfits has in place safeguards to protect the personal data stored with us. This policy describes how we may collect, use, disclose, process, store, and manage your personal data.
This policy applies to any individual’s personal data which is in our possession or under our control.
1.1 We collect and use your personal data through the Medicfits Sites and other modes of communication such as e-mail, phone or text or otherwise:
to provide our Services to meet your healthcare and/or employee and/or insurance healthcare benefit needs (including verifying your identity, responding to, handling and processing queries, requests, applications, complaints and feedback from you, managing your relationship with us, processing or facilitating the processing of your claims for medical care and/or utilisation of your healthcare and/or employee and/or insurance healthcare benefit needs, processing payment or credit transactions, and notifying you when updates to the Medicfits Sites and/or our Services are available);
to customise and improve our Services to make your experience more secure and convenient (including improving the quality of our Services through the performance of quality reviews and similar activities and creating de-identified or anonymised information which is not used or intended to be used to personally identify an individual for the purposes of data analytics and research);
where you have provided consent, to market and promote our Services to you (including providing you with promotional messages, newsletters, e-mails, products and services);
to comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
for any other purposes for which you have provided the information; and
for any other incidental business purposes relating to or in connection with the above.
1.2 We only collect personal data about you that we consider reasonably necessary for achieving these purposes, such data may be provided to us voluntarily by you directly or via a third party (for example, your employer or insurer if they process or facilitate the processing of your claims for medical care and/or utilisation of your healthcare and/or employee and/or insurance healthcare benefit needs) who has been duly authorised by you to disclose your personal data.
1.3 If you choose to access and/or use the Medicfits Sites and/or our Services, we may require you to provide contact and identity information, medical history and other personal data as indicated on the forms in the relevant Medicfits Site. Some examples of personal data which we may also collect from you include:
your name, identification number such as passport number, NRIC and FIN, residential and delivery address, e-mail address, telephone number, nationality, gender and date of birth;
personally identifiable medical and health-related information which you provide to us such as information or records relating to your medical or health history, health status, laboratory testing results, biometric measurements and diagnostic images;
Billing information that you provide us (e.g. credit card or online payment system account information);
Information about computer, fitness, medical or mobile device you are using;
Geographical location or address; or
personally identifiable medical and health-related information about you prepared by healthcare providers and/or treatment providers who provide our Services to you such as medical records and treatment and examination notes; and
other information which you may input into the Medicfits Sites or provide to us pursuant to our provision of our Services.
1.4 We will maintain a file about you and your use of the Medicfits Sites and/or our Services. We will collect, use and retain the data in your file, and such other data that we may obtain from time to time in connection with your current and past activities on the Medicfits Sites, for as long as the purpose for which the data is collected continues or where otherwise necessary for legal purposes or the purposes of our normal business operations, which includes the purposes as set out in clause 1.1.
1.5 We may also look across multiple users to identify problems, and in particular, we may examine your personal data to identify users using multiple user-IDs or aliases. We may also compare and review your personal data for errors, omissions and/or accuracy.
1.6 Under some circumstances, we may require certain financial information from you. We will use your financial information (including credit card information or online payment system account information) to verify the accuracy of your name, address, and other information, detect any fraud or other criminal activity, and bill you for your use of our Services.
1.7 We may track certain information based upon your behaviour on the Medicfits Sites, such as the content of searches you perform on the sites or services. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users in general and you in particular. This information may include information about the computer or mobile device you are using, and your IP address, site activity, browser type, connection speed, access times and physical real-time location.
1.8 We may use data collection devices such as “cookies” on certain pages of the Medicfits Sites to promote trust and security, help analyse our web page flow and measure promotional effectiveness. “Cookies” are small files placed on your hard drive that assist us in providing the Medicfits Sites and/or our Services. We may offer features that are only available through the use of a “cookie”. We also use “cookies” to reduce the number of times you need to enter your password. “Cookies” can also help us provide you with information that is targeted to your interests. You are always free to decline our “cookies” (if your browser permits you to do so), although in that case you may not be able to use certain features on the Medicfits Sites and you may be required to enter your password more frequently during a session on the Medicfits Sites.
2. Sharing with and Disclosure to Third Parties
2.1 As a matter of policy, your personal data will not be shared or disclosed to third parties (whether for their marketing purposes or otherwise) without your consent. However, we reserve the right to disclose your personal data to:
our subsidiaries, affiliates and/or related corporations;
our third party service providers (including independent contracting doctors and their staff providing the Services to you, any third party service provider which hosts or manages data from the Medicfits Sites, credit, debit and charge card companies, banks or other entities processing payment instructions given by you through the Medicfits Sites, lawyers, auditors, any other agents or subcontractors acting for and on our behalf);
your employer, medical provider(s) and insurer(s) and their respective related companies and/or other relevant parties who may process or facilitate the processing of your claims for medical care and/or utilisation of your healthcare and/or employee and/or insurance healthcare benefit needs; and/or
government or regulatory authorities (including the Ministry of Health of Singapore), whether within or outside of Singapore, to the extent required in the normal course and scope of our business in the provision of our Services (including for the avoidance of doubt, claims tracking and processing of and facilitating the processing of claims for medical care and/or utilisation of healthcare and/or employee and/or insurance healthcare benefit needs), where required by applicable law, statute, stock exchange regulation or by-law, regulatory or governmental order or court order, and/or where we believe in good faith that disclosure is necessary to protect your safety or the safety of others, or our rights, or investigate fraud. We also reserve the right to disclose your personal data to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of Medicfits’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, where personal data maintained on the Medicfits Sites is among the assets transferred and/or any other person or organisation disclosed by us when you provide the information.
The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to your employment contract should you be hired) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
2.2 We may also disclose your anonymised data to data analytic platforms, administration provider, technical support providers, and delivery service providers.
2.5 If you use or agree to the use of our Services pursuant to your healthcare and/or employee and/or insurance healthcare benefit plan, you authorise Medicfits to share basic identification and, where necessary, medical data, including information relating to your diagnosis, referral, management and treatment through the Medicfits Sites with your employer, medical provider(s) and insurer(s) and their respective related companies and/or other relevant parties who may process or facilitate the processing of your claims for medical care and/or utilisation of your healthcare and/or employee and/or insurance healthcare benefit needs and consent to and authorise any of them to share the same with any relevant party for the purposes of processing or facilitating the processing of your claims for medical care and/or utilisation of your healthcare and/or employee and/or insurance healthcare benefit needs. You further acknowledge that you are financially responsible for all charges not covered under your health plan and/or employment and/or insurance policies.
3.1 Your privacy is important to us. We have put in place reasonable security arrangements (which shall at least be equivalent to industry standard practices) to protect your privacy and personal data, in such manner and to such extent as we deem reasonably appropriate in our sole discretion to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, there is no such thing as “perfect security” and we do not guarantee in any way, and you should not expect, that your personal data or private communications will always remain private and/or safe from any abuse or misuse by third parties.
3.2 Your personal data to be used by Medicfits is stored on Medicfits’s servers located within its premises or those of its data service providers. We will use such procedural and technical safeguards as we deem reasonably necessary in our sole discretion to protect your privacy and protect your personal data against loss, theft and unauthorised access, collection, use, disclosure, copying, modification or disposal. We will also employ such security techniques deemed appropriate at our sole discretion, to reasonably protect data against loss, theft, and unauthorised access, collection, use, disclosure, copying, modification or disposal by users inside and outside Medicfits. If we transfer any data outside Singapore, we will take appropriate steps to ascertain whether, and ensure that, the recipient of your transferred personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection at least comparable to the Singapore Personal Data Protection Act 2012 (No. 26 of 2012). We will also transfer your personal data outside Singapore only if such transfer is necessary for the performance of a contractual obligation between Medicfits and you, or where such transfer is necessary to respond to a life-threatening or health-threatening emergency.
3.3 Medicfits’s employees are required, as a condition of their employment, to treat personal data held by Medicfits as confidential, and to maintain the confidentiality of that personal data.
3.4 As “perfect security” does not exist, each of Medicfits and its affiliates, related companies, and third party service providers and their respective officers, directors, employees and agents do not represent or warrant that there will not be, and hereby disclaim any responsibility or liability directly or indirectly arising out of or in connection with, any loss, theft, or unauthorised access, collection, use, disclosure, copying, modification, disposal or similar actions with regard to any data held or maintained by any of the aforesaid entities or persons.
4. Protection of Personal Data
4.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
4.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
5. Withdrawing your consent
5.1 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
5.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
5.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 5.1 above.
5.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws. For the avoidance of doubt, such withdrawal of consent shall not require us to delete any personal data that has already been collected by us from our records. Such retention shall be subject to clauses 20 to 22 below.
6. Accuracy of Personal Data
6.1 We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
7. Retention of Personal Data
7.1 We may allow you to delete some of the records that are stored on the Application by clicking “History” > “Delete”. Such deletion shall only delete your records from the Application but a back-up copy shall be retained in accordance with clauses 7.2 and 7.3 below.
7.2 We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
7.3 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
8. Transfer of Personal Data outside Singapore
8.1 We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
9. Accessing and Updating your Data
You have the right to correct any personal data held about you that is inaccurate. If you wish to access, update or otherwise change or remove any personal data that you provide for Medicfits’s use, please send us an email at firstname.lastname@example.org for assistance. However, if you remove any personal data, which is necessary for us to provide you with Services, our provision of our Services to you may become impossible, impeded or deficient. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure is required under applicable laws.
11. Governing Law
12. Contact Medicfits
Last updated: 14 December 2020