Section 1 - Introduction
1. National Healthcare Group Pte Ltd or any of its subsidiaries, associated companies, corporations, joint ventures and partnerships and any entity directly or indirectly controlling or controlled by or under common control with NHG, such as Tan Tock Seng Hospital, Institute of Mental Health, Khoo Teck Puat Hospital, Yishun Community Hospital, Woodlands Health Campus, NHG Polyclinics, National Skin Centre, Admiralty Medical Centre, NHG Pharmacy, NHG Diagnostics and Geriatric Education & Research Institute (GERI), shall be collectively referred as “NHG”, “we”, “us” or “our” in this policy.
2. We, NHG, value the privacy of every individual and are committed to protect the personal data we collect in accordance with the principles set out in this Policy.
3. In accordance with the Personal Data Protection Act (“PDPA”), this Personal Data Protection Policy (“Policy”) describes how we may collect, use, disclose and manage your personal data. For general information on Personal Data Protection, please visit the Personal Data Protection Commission (“PDPC”) website.
4. Should there be other regulatory or statutory requirements, such as Human Organ Transplant Act, Infectious Diseases Act, etc. which NHG have obligations or mandated to comply with them as well and in the event of inconsistencies between those written laws and PDPA, the provisions of those other written laws shall take precedence over PDPA.
5. Any terms used in this document, such as “individuals”, “personal data” or “reasonable”, which are also defined in the PDPA, should be understood to take on the definition or interpretation as provided by the PDPA or PDPC’s Advisory Guidelines documents.
6. We may update this Policy from time to time to ensure that our standards and practices remain relevant and comply with the applicable laws and guidelines. The latest version of this Policy supersedes earlier versions and will apply to personal data provided to us previously. We encourage you to review this page periodically to keep up to date with any changes to this Policy.
Section 2 - Personal Data
7. Personal data is defined as “data, whether true or not, about an individual who can be (i) identified from that data, or (ii) from that data and other information to which the organization has or is likely to have access to.” This may include your full name, identification number, passport, photograph, video, mobile, telephone number, personal email address, thumbprint, DNA profile, as well as name and residential address of any individual which you may have provided us.
8. The PDPA does not apply to: (a) Business contact information, defined as an individual’s name, position name or title, business telephone number, business address, business electronic mail address, business fax number and any other similar information not provided solely for the individual’s personal purposes. (b) Personal data that is anonymized, i.e. identifying information is removed such that the remaining data does not identify any particular individual. The PDPC will consider the data anonymized only if the possibility of re-identification is trivial. (c) Personal data that is falsified with the intent to commit fraud
9. The PDPA recognize that a balance needs to be struck between the needs to protect personal data and the need of organizations to collect, use or disclose personal data. Hence, in meeting those obligations, PDPA considers what is reasonable person would consider appropriate in the circumstances when they undertake any action that is subject to data protection.
Section 3 - Consent, Purposes for Collection, Use or Disclosure of your Personal Data
10. By applying this Policy, you consent to our collection, use and disclosure of your personal data for the purposes that a reasonable person would consider appropriate in the circumstances.
11. Consent for the collection, use or disclosure of your personal data can be provided either in the form of expressed consent or deemed consent. Your provision of personal data to us is voluntary and you are deemed to consent to our collection, use or disclosure of your personal data under which it was collected. If you have consented to our disclosure of your personal data to other organization for a particular purpose, they will use your personal data only for the purpose you have consented to.
12. If you provide the personal data belonging to others, you warrant that you have informed the individuals of the purposes for which we are collecting their personal data and that they have consented to your disclosure of their personal data to us for those purposes.
13. NHG, being part of the public healthcare system, will operate under a “deemed consent” framework for collection, use and disclosure of patient data for patient care purposes. In addition, NHG as well as other public healthcare institutions are also training grounds for medical and healthcare professionals, and are key nodes of recruiting patients into various programmes that will benefit the individual patients themselves or advance medical knowledge for future care. Hence, if you are a patient seeking care at NHG or have consented to participate in various programmes, you agree that we may use your data for training purposes. Please refer to the Personal Data Protection Notification on NHG’s website.
14. Your consent may not be necessary or required in some circumstances as provided in the “Second Schedule – Collection of Personal Data without Consent”, “Third Schedule – Use of Personal Data without Consent” and “Fourth Schedule – Disclosure of Personal Data without Consent” of the PDPA, or there may be other legislation, such as Infectious Disease Act, which rends this necessary. Where the disclosure is restricted by such legislation, the obligation under such other laws will prevail.
15. When using your personal data to contact you for the purposes under which you have consented, we may contact you via postal mail, electronic mail, SMS, telephone fax or any other means.
Section 4 - Protection of your Personal Data
16. We will practice strong data protection as part of our IT Policies and Procedures and in fulfilment of the obligations under various legislation requirements and in fulfilment of the obligations under various legislation requirements, such as Private Hospitals and Medical Clinics Act (PHMCA), Infectious Disease Act (IDA) etc.
17. While we take reasonable efforts to protect your personal data held by us, we cannot be held responsible for unauthorized and unintended access that is beyond our control.
Section 5 - Retention of your Personal Data
18. We will review your personal data held by us on a regular basis to determine if such personal data is still need. Your personal data will not be retained longer than needed for the purpose under which it was collected, unless there are business, industry and/or legal requirements for the retention of such. Your personal data will also not be kept “just in case” it may be needed for other purposes that you have not been notified.
19. We may anonymize your personal data on records as an organisation is considered to have ceased retention personal data when it no longer has the means to associate the personal data with particular individuals. The anonymizing of data could be found under the section on Anonymization in the Advisory Guidelines on Selected Topics in the PDPC website.
20. We will retain employee personal data for a reasonable period for up to 7 years in accordance with its legal and business purposes, even after the person ceases to be employed by NHG. With regard to medial data, we will retain medical records in accordance to the duration stipulated by MOH.
Section 6 - Transfer of your Personal Data out of Singapore
21. If we transfer your personal data to a country outside of Singapore, we will ensure that the organization or country provides a standard of protection to the personal data that is comparable to that provided und Singapore’s PDPA.
Section 7 - Withdrawal of Consent, Access and Correction of your Personal Data
22. It is the obligation of the individual to ensure that all personal data submitted to us is true, accurate and complete. If you wish to withdraw your consent to the use of your personal data, correct or obtain access to your personal data held by us, please contact our Data Protection Officer
23. We may charge you a fee for the provision of your personal data held by us or for information about the ways in which the data may have been used or disclosed in the past one year.
24. We will not be able to provide access to data which are opinion data kept solely for evaluation purpose, such as opinion of suitability, eligibility, qualification of individuals for employment, promotion or continuance in employment.
25. Once your consent is withdrawn, it is our obligation to cease, and cause our data intermediaries and agents to cease such collection, use and disclosure within reasonable notice period. As a result, we may not be able to proceed some transaction that you have requested.
26. If you wish to withdraw any consent you have given us at any time, or if you wish to obtain access or make corrections to your personal data held by us, or if you do not accept any amendments to this Policy, please contact:
Data Protection Officer
11 Jalan Tan Tock Seng
Telephone: 6357 3078