fbpx
  1. INTRODUCTION

1.1  This privacy policy sets out how we comply with the provisions of the Personal Data Protection Act 2012 of Singapore (“PDPA”) as follows:

(a) our policies on how we manage your Personal Data;

(b) the types of Personal Data we collect, use, disclose and/ or retain;

(c) how we collect, use, disclose and/ or retain your Personal Data; and

(d) the purpose(s) for which we collect, use, disclose and/ or retain your Personal Data.

(e) describe the steps we take in managing data as data controllers i.e. we control the use of the personal data collected) or as data intermediary i.e. we process the data on behalf of the data controller.

To describe the ways in which we will process and use the Data only to the extent strictly necessary to perform our obligations or as otherwise provided under the License Agreement. 

1.2 We will collect, use or disclose Personal Data for reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified.

1.3 We may also collect, use or disclose Personal Data if it is required or authorized under applicable laws.

1.4 You agree and consent to us, our authorized service providers and third parties to collect, use and disclose and/ or retain your Personal Data in accordance with this privacy policy.

1.5 This privacy policy supplements but does not supersede nor replace any other consent which you may have previously provided to us nor does it affect any right that we may have at law in connection with the collection, use, disclosure and/ or retention of your Personal Data.

1.6 From time to time, we may update this privacy policy to ensure that our policy is consistent with any regulatory changes, however, subject to your legal rights in Singapore, the prevailing terms of the privacy policy shall apply.

 

2. USE BY MINORS

2.1 We do not knowingly collect personal data from individuals under the age of 18 and we request that these individuals do not provide personal data through our websites. If we become aware that individuals under the age of 18 has been registered, we will expunge any related personal data from our records.

 

3. PERSONAL DATA

3.1 In this privacy policy, “Personal Data” refers to any data and/or information about you from which you can be identified by, either from that data; or from that data and other information to which we may have legitimate access to.

3.2 Examples of such Personal Data include but are not limited to:

(a) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to you which you have provided in any forms you may have submitted to use, or in other forms of interaction with you;

(b) your photos;

(c) your employment history, education background, and income levels;

(d) Personal Data of your family members, such as next of kin, spouses, and children; and

(e) information about your usage of and interaction with our website and/or services.

 

SECTION A. OUR RESPONSIBILITIES AS DATA CONTROLLER 

For Users of CARES, CARES4CAREGIVERS and CARES4WOUNDS, please refer to Section B. 

4. COLLECTION OF PERSONAL DATA

4.1 We collect Personal Data from clients, customers, business contacts, partners, personnel, contractors and other individuals.

4.2 We collect such Personal Data when it is necessary for business purposes or to meet the purposes for which the individuals have submitted the information.

4.3 Such Personal Data may be provided to us in forms filled out by individuals, face to face meetings, email messages, telephone conversations, through our websites or provided by third parties.

4.4 If any individuals contact us, we may keep a record of that contact.

4.5 We will only collect, hold, process, use, communicate and/or disclose such Personal Data, in accordance with this privacy policy.

4.6 If any party is acting as an intermediary or otherwise on behalf of a third-party individual or supplying us with information regarding a third- party individual (such as a friend, a colleague, an employee etc), we will take reasonable steps to ensure that the intermediary is an authorized representative or agent who has obtained all necessary consents from such third party individual for the collection, processing, use and disclosure of the Personal Data to us.

4.7 As we are collecting the third-party individual’s data from you, you undertake to ensure that the third- party individual is aware of all matters listed in this privacy policy, preferably by distributing a copy of this privacy policy to them or by referring them to our website.

 

5. USE OF PERSONAL DATA AS DATA CONTROLLER (This does not apply to Users of CARES, CARES4CAREGIVERS and CARES4WOUNDS)

5.1 In general, we may use your Personal Data for the following purposes:

(a) to provide our services;

(b) to respond to the individual’s request or for the purposes for which it was provided to us as stated at the time of the collection (or as is obvious from the context of collection);

(c) to maintain contact with clients, contractors and other contacts;

(d) for general management and reporting purposes;

(e) for recruitment purposes;

(f) for purposes related to the employment of our personnel and providing internal services to our personnel;

(g) all other purposes related to our business; and

(h) to comply with applicable laws and regulations.

 

If you currently reside in an EU jurisdiction, additional rights under General Data Protection Regulation (GDPR) may apply. As such, you may:

(i) ask us to delete your personal data if it is no longer needed for the purposes set out in Section 3. Personal Data or if there is no other legal basis for the processing;

(j) object to us using your personal data for direct marketing (including related profiling) or other processing based on legitimate interests;

(k) request that provides a copy of your personal data in a structured and commonly used format in certain circumstances; and

(l) limit how we use your personal data or withdraw your consents (including automated decision making) you have given for the processing of your personal data.

If you want to exercise your rights, you can get in touch with our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com.

 

6. DISCLOSURE OF PERSONAL DATA (This does not apply to Users of CARES, CARES4CAREGIVERS and CARES4WOUNDS)

6.1 We do not disclose Personal Data to third parties except when required by law, when we have the individual’s consent or deemed consent or in cases where we have engaged third parties such as data intermediaries or subcontractors specifically to assist with our company’s activities.

6.2 We may also disclose your Personal Data to the following group of external organizations, subject to the requirements of applicable laws:

(a) our affiliated companies;

(b) agents, contractors, data intermediaries or third-party service providers who provide services, such as telecommunications, mailing, information technology, payment, payroll, data processing, storage and archival, to us;

(c) external banks, financial institutions and their respective service providers;

(d) our professional advisers;

(e) relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any government authority; and

(f) any other person in connection with the purposes set forth above.

 

7. THIRD-PARTY SITES

7.1 Our marketing website may contain links to other websites operated by third parties independent of us, but we are not responsible for the privacy practices of such websites operated by third parties even though it is linked to our website(s).

7.2 We encourage you to learn about the privacy policies of such third-party website(s) by checking the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

 

8. PROTECTION OF YOUR PERSONAL DATA

8.1 We maintain appropriate security safeguards and practices to protect your Personal Data unauthorised access, collection, use, disclosure, copying, modification disposal or similar risks, in accordance with applicable laws.

 

9. ACCESS AND CORRECTION OF YOUR PERSONAL DATA

9.1 We take all reasonable measures to ensure that your Personal Data remains accurate, complete and up-to-date.

9.2. You may also keep us informed when there are any updates to your Personal Data by contacting us directly.

9.3. You may request access to or make corrections to your Personal Data records, but we have the right to charge a reasonable fee for processing your request.

9.4. Please submit your request to us by writing to our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com.

 

10. RETENTION OF PERSONAL DATA

10.1 We may retain your personal data for as long  as it is necessary to fulfil the purpose for which it was collected, or as required or permitted under applicable laws.

10.2 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to determine that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

 

11. WITHDRAWAL OF CONSENT

11.1 If you wish to withdraw your consent to any use or disclosure of your Personal Data as set out in this Personal Data Protection Policy, you may contact our Data Protection Officer at globalprivacy@tetsuyuhealthcare.com.

11.2 If you have any questions or complaints relating to the use or disclosure of your Personal Data, or if you wish to know more about our data protection policies and practices, please contact our Data Protection Officer via email at globalprivacy@tetsuyuhealthcare.com.

 

SECTION B: OUR RESPONSIBILITIES AS DATA INTERMEDIARY 

Patient Personal data is stored in software products designed, developed and distributed by us (CARES, CARES4CAGIVER and CARES4WOUNDS product) software or Database hosted with us  of software and data hosting. Hence, we take steps to comply with our responsibilities as a data intermediary under the PDPA.

 

12. COLLECTIONS, USE, PROCESS AND DISCLOSURE OF PERSONAL DATA

12.1 Licensees of our products collect user or patient’s personal data (“The Data)”in our software. They are deemed to be Data Controllers of such data and we shall manage our responsibilities as data intermediary as follows:  

(a) Collection of any user or patient data (“the Data”) by the Licensee is deemed to be with consent of users and patients. 

(b) We will take the necessary technical and operational precautions including data encryption, data masking and access controls to protect the personal data and comply to PDPA,

(c) Only authorized Tetsuyu staff supporting the Licensee in the use of the software e.g. maintenance or bug fix shall have access to the Licensee’s software instance, 

(d) The licensee should be also responsible to take the necessary precautions.

12.2 Additionally, we shall:

(a) Comply with the requirements of the License Agreement in the provision of services to the Data Controller;

(b) Process and use the Data only to the extent strictly necessary to perform its obligations or as otherwise provided under License Agreement;

(c) Only disclose the Data to the our employees and personnel that have a need to access the Data for the sole purpose of supporting Licensee’s use of the solution. We shall ensure that all such employees and personnel are bound by a confidentiality agreement;

(d) ensure that appropriate controls are in place to prevent the unauthorized access to special categories of Data,

(e) implement, maintain and at all times operate adequate and appropriate technical and organizational measures to protect the security, confidentiality, integrity and availability of the Data, and protect against unauthorised or unlawful processing of the Data and against accidental loss, destruction or the making vulnerable of, or damage to, the Data; such measures shall, at a minimum, meet the requirements of Data Protection Law;

(f) comply with its obligations under Data Protection Law, and shall take such steps as are requested by Licensee / Data Controller to enable the Licensee / Data Controller to comply with the Data Controller’s obligations under Data Protection Law;

(g) provide evidence to the Licensee /Data Controller on request of the technical and organizational measures we have taken to comply with its obligations.

12.3 We may be required to release personal data belonging to the Licensee /Data Controller to government agencies during an investigation or litigation, if required to.

 

13. DATA PROTECTION

13.1 We incorporate Data Protection by Design as an approach when designing the software and its mobile applications.

13.2 Data is encrypted at rest with Transparent Data Encryption (TDE) while data during transit is encrypted by Transport Layer Security (TLS). Apart from that, our web application is secured with SSL (HTTPS).

13.3 We will not disclose the Licensee Confidential Information to any person without the Licensee’s prior written consent, and then only under conditions of confidentiality approved in writing by the Licensee

13.4 Where required, we may disclose the Licensee Confidential Information to the Licensor’s officers, employees, and subcontractors who have a need to access the information based on the least privilege principle. Confidential Information is released for the performance of their work with respect to the Permitted Purpose and who are bound by a written agreement or professional obligation to protect the confidentiality of the Licensee Confidential Information

13.5 We will also ensure that appropriate controls are in place to prevent our employees  access to special categories of Data, where relevant, except in circumstances where employees have a need to access the Data for  technical support or compliance reasons.

 

14. DATA TRANSFER

14.1 We will not transfer, access or process any personal data outside Singapore without written consent from the Licensee.

 

15. DATA SUB-INTERMEDIARIES

15.1 We will not sub-contract data to another data intermediaries without written permission from Licensee. 

15.2 If written permission is provided, we will ensure that all third parties engaged to store or process personal data on our behalf (i.e. Data sub-intermediaries) are aware of and comply with the contents of this policy and Data Protection Law. Assurance of such compliance is obtained from all sub-intermediaries whether companies or individuals, prior to granting them access to Personal Data controlled by us.

 

16. DATA RETENTION AND RETURNING DATA

16.1 We will cease to retain any personal data belonging to the Licensee upon the termination of the contract.

16.2 Upon the request of the Licensee /Data Controller or on Termination of the Licensing Agreement, we will return the data to the Licensee as per the agreement with the Licensee and securely destroy any personal data belonging to the Licensee.

 

17. BREACH OR COMPLIANCE FAILURE

17.1 Should we discover or suspect a compliance failure, security incident, suspected incident or breach, we will inform the Licensee / Data Controller as soon as possible.

17.2 We will investigate the compliance failure, security incident, suspected incident or breach as per Data Breach Response Plan.

 

18. DATA SUBJECT REQUEST REFUSALS

18.1 We will not respond to any individual’s requests, including withdrawal of the personal data, access and correction of the personal data entrusted to us by Licensee / Data Controller.

 

Effective date : [03 September 2022]

Last updated : [15 March 2023]