fbpx

Privacy Policy

Home Privacy Policy

Privacy Policy

 

1. INTRODUCTION 

1.1 This privacy policy sets out how we comply with the provisions of the Personal Data Protection Act 2012 of Singapore (“PDPA”) as follows:

(a) our policies on how we manage your Personal Data;

(b) the types of Personal Data we collect, use, disclose and/ or retain;

(c) how we collect, use, disclose and/ or retain your Personal Data; and

(d) the purpose(s) for which we collect, use, disclose and/ or retain your Personal Data.

(e) describe the steps we take in managing Data as Data Controllers i.e. we control the use of the personal data collected) or as Data Processor i.e. we process the Data on behalf of the Data Controller

To describe the ways in which we will process and use the Data only to the extent strictly necessary to perform our obligations or as otherwise provided under the License Agreement. 

1.2 We will collect, use or disclose Personal Data for reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified.

1.3 We may also collect, use or disclose Personal Data if it is required or authorized under applicable laws.

1.4 You agree and consent to us, our authorized service providers and third parties to collect, use and disclose and/ or retain your Personal Data in accordance with this privacy policy.

1.5 This privacy policy supplements but does not supersede nor replace any other consent which you may have previously provided to us nor does it affect any right that we may have at law in connection with the collection, use, disclosure and/ or retention of your Personal Data.

1.6 From time to time, we may update this privacy policy to ensure that our policy is consistent with any regulatory changes. However, subject to your legal rights in Singapore or in the local jurisdiction for International Business, the prevailing terms of the privacy policy shall apply.

 

2. USE BY MINORS

2.1 We do not collect Personal Data from individuals under the age of 18 and we request that these individuals do not provide Personal Data through our websites. If we become aware that individuals under the age of 18 has been registered, we will expunge any related Personal Data from our records.

 

3. PERSONAL DATA

3.1 In this privacy policy, “Personal Data” refers to any data and/or information about you from which you can be identified, and which we may have legitimate access to:

(a) Your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, and any other personal information you have provided to us in forms submitted or through other interactions

(b) your photos;

(c) your employment history, education background, and income levels;

(d) Personal Data of your family members, such as next of kin, spouses, and children; and

(e) information about your usage of and interaction with our website and/or services.

 

SECTION A. OUR RESPONSIBILITIES AS DATA CONTROLLER 

For Users of CARES, CARES4CAREGIVERS and CARES4WOUNDS, please refer to Section B. 

 

4. COLLECTION OF PERSONAL DATA

4.1 We collect Personal Data from clients, customers, partners, personnel, contractors and other individuals.

4.2 We collect Personal Data only when necessary, or when it is required to fulfill the purposes for which the individual has provided the information.

4.3 Such Personal Data may be provided to us in forms filled out by individuals, face to face meetings, email messages, telephone conversations, through our websites or provided by third parties.

4.4 If any individuals contact us, we may keep a record of that contact.

4.5 We will only collect, hold, process, use, communicate and/or disclose such Personal Data, in accordance with this privacy policy.

4.6 If a party acts as an intermediary or on behalf of a third-party individual, or provides us with information about a third-party individual (e.g., a friend, colleague, or employee), we will take reasonable steps to ensure that the intermediary is an authorized representative or agent who has obtained the necessary consents from the individual for the collection, processing, use, and disclosure of their Personal Data to us.

4.7 Since we are collecting the third-party individual’s Data from you, you agree to ensure that the third-party individual is informed of all matters outlined in this privacy policy, preferably by providing them with a copy or directing them to our website.

 

5. USE OF PERSONAL DATA AS DATA CONTROLLER (This does not apply to Users of CARES, CARES4CAREGIVERS and CARES4WOUNDS)

5.1 In general, we may use your Personal Data for the following purposes:

(a) to provide our services;

(b) to respond to the individual’s request or for the purposes for which it was provided to us as stated at the time of the collection;

(c) to maintain contact with clients, contractors and other contacts;

(d) for general management and reporting purposes;

(e) for recruitment purposes;

(f) for purposes related to the employment of our personnel and providing internal services to our personnel;

(g) all other purposes related to our business; and

(h) to comply with applicable laws and regulations.

If you want to exercise your rights, you can get in touch with our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com. We will respond to you within one month.

 

6. DISCLOSURE OF PERSONAL DATA (This does not apply to Users of CARES, CARES4CAREGIVERS and CARES4WOUNDS)

6.1 We do not disclose Personal Data to third parties, except when required by law, when we have the individual’s consent or deemed consent, or when we engage third parties, such as Data Processor or subcontractors, specifically to assist with our company’s activities.

6.2 We may also disclose your Personal Data to the following group of external organizations, subject to the requirements of applicable laws:

(a) our affiliated companies;

(b) agents, contractors, Data Processor or third-party service providers who provide services, such as telecommunications, mailing, information technology, payment, payroll, data processing, storage and archival;

(c) external banks, financial institutions, and their respective service providers;

(d) our professional advisers;

(e) relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any government authority; and

(f) any other person in connection with the purposes set forth above.

 

7. THIRD-PARTY SITES

7.1 Our marketing website may contain links to third-party websites that are independent of us. We are not responsible for the privacy practices of these third-party websites, even though they are linked to our website.

7.2 We encourage you to review the privacy policies of these third-party websites by checking the policy of each site you visit. If you have any concerns or questions, please contact the owner or operator of that site.

 

8. PROTECTION OF YOUR PERSONAL DATA

8.1 We maintain appropriate security safeguards and practices to protect your Personal Data unauthorised access, collection, use, disclosure, copying, modification disposal or similar risks, in accordance with applicable laws.

 

9. ACCESS AND CORRECTION OF YOUR PERSONAL DATA

9.1 We take all reasonable measures to ensure that your Personal Data remains accurate, complete and up-to-date.

9.2 You may also keep us informed when there are any updates to your Personal Data by contacting us directly.

9.3 You may request access to or make corrections to your Personal Data records, but we have the right to charge a reasonable fee for processing your request.

9.4 Please submit your request to us by writing to our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com. We will respond to you within one month.

 

10. RETENTION OF PERSONAL DATA

10.1 We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted under applicable laws.

10.2 We will cease to retain your Personal Data, or remove the means by which the Data can be associated with you, as soon as it is reasonable to determine that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

 

11. WITHDRAWAL OF CONSENT

11.1 If you wish to withdraw your consent to any use or disclosure of your Personal Data, you may contact our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com.

11.2 If you have any questions or complaints relating to the use or disclosure of your Personal Data, or if you wish to know more about our data protection policies and practices, please contact our Data Protection Officer via email at globalprivacy@tetsuyuhealthcare.com. We will respond to you within one month.

 

SECTION B: OUR RESPONSIBILITIES AS DATA PROCESSOR 

Patient Personal Data is stored in software products (CARES, CARES4CAREGIVER, and CARES4WOUNDS) that we have designed, developed, and distributed as SaaS or hosted in databases provided by us. Hence, we take proactive steps to fulfil our responsibilities as a Data Processor under the Personal Data Protection Act (PDPA).

 

12. COLLECTIONS, USE, PROCESS AND DISCLOSURE OF PERSONAL DATA

12.1 Licensees of our products collect and store users’ or patients’ Personal Data (the “Data”) in our software. They are considered Data Controllers of this Data, and their collection of the Data is deemed to be with the consent of the users and patients.

12.2 We, as a Data Processor, will fulfil our responsibilities as follows:  

(a) we will only perform data processing as agreed in the contract or standard contractual clause.

(b) we will take the necessary technical and operational precautions including data encryption, data masking and access controls to protect the Personal Data and comply to PDPA and GDPR.

(c) Only authorized Tetsuyu staff supporting the Data Controller in the use of the software e.g. maintenance or bug fix shall have access to the Data Controller’s software instance, 

(d) The Data Controller should be also responsible to take the necessary precautions.

12.3 Additionally, we shall:

(a) comply with the requirements of the License Agreement/ Standard Contractual Clause in the provision of services to the Data Controller;

(b) process and use the Data only to the extent strictly necessary to perform its obligations or as otherwise provided under License Agreement;

(c) Only disclose the Data to our employees and personnel that have a need to access the Data for the sole purpose of supporting Data Controller’s use of the solution. We shall ensure that all such employees and personnel are bound by confidentiality agreement;

(d) ensure that appropriate controls are in place to prevent the unauthorized access to special categories of Data,

(e) implement, maintain, and consistently operate adequate and appropriate technical and organizational measures to protect the security, confidentiality, integrity, and availability of the Data. These measures shall safeguard against unauthorized or unlawful processing, as well as accidental loss, destruction, damage, or vulnerability of the Data. At a minimum, these measures shall comply with the requirements of Data Protection Law;

(f) comply with the Data Processor’s obligations under Data Protection Law and take such steps as requested by the Data Controller to enable the Data Controller to fulfil its obligations under Data Protection Law;

(g) provide evidence to the Data Controller, upon request, of the technical and organizational measures we have implemented to meet the Data Processor’s obligations under Data Protection Law.

12.4. If we are required to release Data belonging to the Data Controller to government agencies during an investigation or litigation, we will inform the Data Controller prior to the release of the Data. 

 

13. DATA PROTECTION

13.1 We incorporate Data Protection by Design as an approach when designing the software and its mobile applications.

13.2 Data is encrypted at rest with Transparent Data Encryption (TDE) while data during transit is encrypted by Transport Layer Security (TLS). Apart from that, our web application is secured with SSL (HTTPS).

13.3 We will not disclose any Data belonging to the Data Controller to any person without the Data Controller’s prior written consent, and such disclosure will only occur under conditions of confidentiality approved in writing by the Data Controller.

13.4 Where required, we may disclose the Data belonging to the Data Controller to our employees and subcontractors who need access to the information based on the principle of least privilege. Such data will be released solely for the performance of their work in relation to the permitted purpose, and those individuals will be bound by a Confidentiality Agreement or a professional obligation to protect the confidentiality of the Data belonging to the Data Controller.

13.5 We will ensure that appropriate controls are in place to restrict our employees’ access to Personal Data, except in circumstances where access is necessary for technical support or compliance purposes.  

 

14. INTERNATIONAL DATA TRANSFER (For International User)

14.1 The international transfer of data from the designated local jurisdiction to Singapore will be conducted securely, utilizing encrypted channels where appropriate. The duration of the transfer will depend on the specific purpose, such as providing assistance to the Data Controller, as agreed upon by both parties. International transfers will occur only upon a written request from the Data Controller. In the absence of such a request, the Data will remain stored locally in our provided databases. Once the purpose of the transfer is no longer applicable, the Data will be returned to its original location.

 

15. DATA SUB-PROCESSOR

15.1 We will not sub-contract Data to Data Sub-Processor without written permission from Data Controller. 

15.2 If written permission is provided, we will ensure that all third parties engaged to store or process Data on our behalf (i.e. Data Sub-Processor) are aware of and comply with the contents of this policy and Data Protection Law. Assurance of such compliance is obtained from all Sub-Processor whether companies or individuals, prior to granting them access to Personal Data controlled by us.

 

16. DATA RETENTION AND RETURNING DATA

16.1 We will cease to retain any Data belonging to the Data Controller upon the termination of the contract.

16.2 Upon the request of the Data Controller or on termination of the Licensing Agreement, we will return the Data to the Data Controller and securely destroy any Data belonging to the Data Controller.

 

17. BREACH OR COMPLIANCE FAILURE

17.1 Should we discover or suspect compliance failure, security incident, suspected incident or breach, we will inform the Data Controller as soon as possible.

17.2 We will investigate the compliance failure, security incident, suspected incident or breach as per Data Breach Response Plan.

 

18. DATA SUBJECT REQUEST REFUSALS

18.1 We will not respond to any Data Subject’s requests, including withdrawal of the Data, access and correction of the Data entrusted to us by Data Controller.

 

SECTION C: CONTACT US

If you have any questions or suggestions about our Privacy Policy, you can get in touch with our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com. We will respond to you within one month.

 

 

Effective date : [03 September 2022]
Last updated : [24 October 2024]

 


Contact Us

Book A Demo