Dr Ben Medical Personal Data Protection Statement and Consent to Use Personal Data

1. Introduction

1.1. Dr Ben Medical (“DRBM”) recognises the importance of safeguarding personal data when dealing with information relating to its patients, visitors, job applicants and employees, and therefore is committed to fully implementing and complying with the provisions of the Personal Data Protection Act (the “Act”). The DRBM’s Personal Data Protection Statement set out here explains the procedures and systems in place to comply with the Act (the “Statement”), in respect of personal data as defined under the Act.

2. Application

2.1. As used in this Statement:
2.1.1. “patient” means an individual who (a) has contacted us through any means to find out more about medical services we provide, or (b) may, or has, entered into a business relationship with us for the supply of any goods or services by us
2.1.2. “visitor” means an individual who have entered our premises for business (other than a patient), duty (accompanying a patient) or the like; and may include engagement with DRBM over various communication channel modalities for general and intentional
queries or feedback or access our website and attend our events.
2.1.3. “employee” means an individual who has entered into or works under a contract of service with DRBM
2.1.4. “job applicant” means an individual who applies for a role in DRBM
2.1.5.“personal data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access

3. Personal data collected

3.1. Depending on the nature of your interaction with us (see Article 2), some examples of personal data which we may collect from you, not exhaustive, may include name, national identification numbers such as NRIC, contact information such as residential address, email address or telephone number, nationality, personal and medical history, photographs and other audio-visual information, employment/training information and financial information such as credit card numbers, debit card numbers or bank account information.
3.2. We endeavour to collect only what is necessary for the purpose of its intended collection.

4. Purposes for the Collection, Use and Disclosure of Personal Data

4.1. The collection, use and disclosure of your personal data, which will be obtained directly from you, or information we obtain because of our interaction with you, may include but is not limited to the following purposes, within or outside of Singapore:
4.1.1. For verification of your identity and the accuracy of your personal details and other information provided
4.1.2. To perform obligations under or in connection with the provision of our goods or services to our patients.
4.1.3. To render medical services and meeting your health needs within DRBM.
4.1.4. To maintain records such as your medical report, employment report, and the likes.
4.1.5.To transfer or share your data with other members of DRBM or third-party vendors engaged by us for the purpose of rendering medical services to you.
4.1.6. To respond to your enquiries, provide you advice and updates, such as your medical appointment schedule or collection of your medical report, to ensure continuity of service.
4.1.7. such other purposes as may reasonably be appropriate in the circumstances of the collection of personal data.
4.1.8. When you access our website or attend our events.
4.1.9. For assessing and evaluating your suitability for employment in any current or prospective position within DRBM.
4.1.10. To enter into, manage or terminate an employment relationship when you work for DRBM.
4.1.11. To facilitate our compliance with any laws, customs and regulations which may be applicable to us, including the submission of your information to regulatory authorities as required.
4.1.12. For such other purposes as may reasonably be appropriate in the circumstances of the collection of personal data.
4.1.13. Where consent for the collection, use or disclosure cannot be obtained, and is of vital interest to the individual, matters affecting the public, or of legitimate interest to DRBM, or any other provisions in the PDPA, we shall collect, use or disclose personal data pursuant to exceptions under the PDPA First and Second Schedules of the PDPA Act 2012, or as required/authorised under any other written law.

4.1.13.1. In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
4.1.13.1.1. Fraud detection and prevention;
4.1.13.1.2. Detection and prevention of misuse of services;
4.1.13.1.3. Network analysis to prevent fraud and financial crime, and perform credit analysis; and
4.1.13.1.4. Collection and use of personal data on company-issued devices to prevent data loss.

4.2. Without a complete and accurate record of your information provide by you voluntarily, it will affect our capacity to accomplish the purposes stated above.
4.3. Any submission of personal data to DRBM on behalf of another individual by you, DRBM deems that you have notified the individual of the purpose and have received their consent before your submission.
4.4. DRBM will not use the personal data for any purpose other than that for which it was collected. Should DRBM require any personal data in its possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought to use the data for that new purpose.
4.5. All personal data collected by DRBM shall only be accessible by designated parties on a need-to-know basis to serve the purpose for which the data was collected. Such parties shall always observe strict confidentiality.
4.6. While processing personal data for the above purposes, DRBM may disclose such personal data to third parties within or outside Singapore. These third parties include:
4.6.1.governmental organisations or authorities to whom the DRBM is required by law to disclose the data;
4.6.2.individuals who are legally entitled to the data;
4.6.3.third parties who require the data in order to process and operate programs in which an individual intends to participate;
4.6.4.third parties who provide the DRBM with data processing, administration, health, insurance, or legal services, or other professional or management services; and 4.6.5.such other persons as may reasonably be appropriate in the circumstances of the
collection of personal data.
4.7. Disclosure to third parties outside Singapore shall only be to organisations that are required or undertake to process the data with a comparable level of data protection as that required under Singapore law.

5. Minors below 13

5.1. The DRBM shall not collect, use, or disclose personal data of persons below the age of thirteen (13) for any purpose unless written parental or guardian consent has been given for such purpose.

6. Withdrawal of consent

6.1. Should you wish to withdraw or limit your consent to the DRBM’s collection, use and disclosure of your personal data, please write in with full particulars to our Data Protection Officer (“DPO”) using the contact details provided below.
6.2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
6.3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us by writing to our Data Protection Officer (“DPO”) using the contact details provided below.
6.4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

7. Confidentiality

7.1. Any personal data collected by DRBM shall be accessible by employee(s) of DRBM to serve the purpose for which the data was collected. Such employee(s) shall always observe strict confidentiality.
7.2. In the event personal data is disclosed to third parties (such as vendors), such third parties will be required to sign an agreement requiring them to always observe confidentiality and to use the personal data only for the purpose for which it was disclosed to them.

8. Data Protection Officer (DPO)

8.1. The DRBM has designated a DPO to deal with day-to-day data protection matters and complaints, encourage good data handling practices and ensure that DRBM complies with the Act and implements the Policy. If you have any questions, complaints or concerns,
please contact the DPO using the contact details provided below.

9. Accuracy

9.1. The DRBM endeavours to take all reasonable steps to ensure that personal data in its possession or under its control is accurate, up-to-date, and complete. If there is any error or omission in the personal data you have provided to DRBM, please write in to our DPO with the necessary details for correction of your data. If any personal data you have provided to DRBM becomes inaccurate, please contact our DPO to update your data.

10. Access and Correction

10.1. Should you wish to access or correct any personal data collected by DRBM or understand how such data has been used or disclosed, please write in to our DPO with your request.
10.2. In general, our response will be within thirty (30) business days, after verification of your identity. Kindly note that DRBM reserves the right to charge a reasonable administrative fee for responding to any such requests. If so, we will inform you of the fee
before processing your request.

11. Retention

11.1. DRBM will retain personal data for as long as it is necessary to serve the purpose for which it has been collected. Once the data in DRBM’s possession is no longer necessary to serve the purpose for which it was collected, or required for legal or business purposes, the data will be destroyed or anonymised in a secure manner.

12. Protection

12.1. DRBM endeavours to maintain all personal data in its possession or under its control securely.
12.2. We have introduced appropriate administrative, physical and technical measures such as minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data
anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, and security review and testing performed regularly.
12.3. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and
enhancing our information security measures.

13. Transfer

13.1. We generally do not transfer any personal data in our possession to any parties  outside Singapore except as specified in this Policy. Any outside party to which DRBM intends to transfer data in its possession, we will obtain your consent for the transfer to be
made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

14. Complaints

14.1. If an individual feels that their data have been erroneously or improperly handled by DRBM, the individual may lodge a complaint in writing with the DPO. Once a complaint has been received, the DPO will acknowledge receipt of the same in writing and will contact the relevant departments to investigate the complaint.
14.2. The outcome of the investigation will be communicated by the DPO to the complainant in writing, notifying the individual of the outcome.

15. Enquiries

15.1. DRBM is committed to protecting the personal data of its (name all the data subjects). For enquiries about DRBM’s Policy, please write to the DPO at the following address:

15.1.1. Data Protection Officer
admin@drbenmedical.sg

SBF Center Medical Suites, 160 Robinson Road, #03-09 SBF Center Medical Suites.
Singapore 068914

16. Cookie/Tracking Technology

16.1. This website may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering personal data such as browser type and operating system, tracking the number of visitors to the website, and understanding how visitors use the website. Cookies can also help customise the website for visitors. Personal data cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be
tied to such information. Aggregate cookie and tracking information may be shared with third parties.

17. Updating the Policy

17.1. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
17.2. This Policy may be updated from time to time to take account of changes in policy, technology, and/or to ensure compliance with any legislative changes.