Personal data protection policy

Last Updated: 15 November 2018


 

HEALTHBEATS PTE. LTD. (UEN. 201829879Z), whose registered address is 1003 Bukit Merah Central, #06-16 Inno Centre, Singapore 159836 (“HealthBeats”, “us”, “we” or “our”) recognise the importance of the right of the individual ("you" or "your") to protect their personal data. This document is our Personal Data Protection Policy (“Privacy Policy”) and explains how we collect, use and/or disclose your personal data in compliance with the Personal Data Protection Act, 2012 (“Act”).

This Privacy Policy applies only to data we collect at and through online service interfaces (for example, websites, mobile apps, web apps, social media pages) owned and/or controlled by us, including HealthBeats™ (collectively the “Online Services”) or through other offline service interactions in relation to HealthBeats products and services (collectively together with the Online Services, the “Services”). Please note that your use of the Services, including our collection, use and/or disclosure of your personal data, is also subject to our HealthBeatsTM Terms of Use.

BY USING THE services, YOU ARE ACCEPTING AND AGREEING TO THE PRACTICES SET OUT IN THIS PRIVACY POLICY AND ALL OUR TERMS OF USE.

For the purposes of this Privacy Policy, a reference to 'including' or 'for example' means including or for example without limitation.

 

1. YOUR INFORMATION

In this Privacy Policy, personal data have the meaning defined in the Act. In general terms, personal data is any data, whether true or not, that (a) by itself can be used to personally identify you; or (b) when combined with other data or information that we have or are likely to have access to, can be used to personally identify you.


Minimum Age. You must be at least 18 years old to use the Services (or the age of majority in your jurisdiction, if it is older) or create an account with us. By using the Services, you represent and warrant that you are at least 18 years old. If you are under 18 years old: (i) you may use the Services only with the involvement and agreement of a parent or guardian (“Guardian”); (ii) in addition to your personal data, we may collect also the Guardian’s name and contact information for verification purposes; and (iii) a Guardian must also have read and agreed to the terms of this Privacy Policy (including the Terms of Use) and will bear all responsibility of protecting your personal data. If a Guardian refuses to consent or accept the terms of this Privacy Policy, or we are unable to verify a Guardian’s consent or acceptance of the terms of this Privacy Policy within a reasonable time, we have the absolute right to delete all your personal data, including the termination of your Services account and deletion of all information contained therein. We will not be responsible or liable for any loss or damage arising from such deletion of data or information (including any costs or expenses incurred to activate/reactivate the account).

 

2. INFORMATION WE COLLECT

Depending on the nature of your interaction with us, the types of personal data that we collect when you provide to us include: (a) name; (b) NRIC, passport, visa or other government-issued identification data; (c) address; (d) telephone number; (e) email address; (f) profession, occupation or job title; (g) photograph, for example, for your account profile; and (h) health, medical and clinical information that you provide to us through the Services, including our mobile apps, web apps and internet enabled devices that integrate with the Online Services. This information includes your age, date of birth, gender, height, weight, nationality, race or ethnicity, medical history (including hereditary illnesses or diseases, allergies, past and/or present medical treatments sought), living lifestyles (including alcohol consumption, smoking habits, sleep patterns, exercise regimes), activity and fitness data (including perfusion index, pulse, oxygen saturation, blood pressure, heart rate, aerobic steps/strokes taken, blood glucose levels, body fat percentage, BMI, calories burnt, metabolism rate); (i) details of products and/or services that you have purchased from us or which you have enquired about, together with any additional information necessary to process your purchase order and deliver those products and services (including payment data such as debit and credit card number), or to respond to your enquiries; (j) any additional information relating to you that you provide to us directly through the Services or indirectly through use of the Services or through our representatives; (k) information you provide to us through our customer support centre, customer surveys or visits by our representatives from time to time; and (l) any information that is provided to us by, or that we have collected on behalf of, customers that have outsourced a business process function to us including healthcare providers, institutions, organisations, specialists, clinics and doctors.

We may also collect information that is not personal data because it does not identify you or anyone else. These non-personal data include for example, browser and device data; app usage data; data collected through cookies, pixel tags and other technologies; demographic data, anonymous answers to surveys and other data provided by you; or aggregated information about how users use the Site. To the extent these non-personal data should reveal your specific identity or relate to an individual, we will treat these data as Personal Data.

 

3. HOW WE COLLECT PERSONAL DATA

We collect your personal data directly from you unless it is unreasonable or impracticable to do so. We may collect personal data in a number of ways, including: (a) through your access and use of the Online Services (for example, when you download/install our apps or create an online account with us, or when data from your health or fitness monitoring devices is transmitted or stored on the our apps); (b) during communication or conversations between you or your organisation and our representatives (for example, when you contact our customer support centres or communicate with us via online chat services); and (c) when you submit to us a document containing personal data (for example, emails, contact forms, subscription forms, event or promotional participation forms, proof of identification, etc.)

We may also collect personal data from third parties including: (a) from credit reporting agencies; (b) from law enforcement agencies and other government entities; (c) from agents, dealers and subcontractors that form part of our sales, business and/or service network; (d) from our customers that have outsourced a business process function to us; and (e) from our service providers that collect information on our behalf.

 

4. COOKIES, WEB BEACONS AND SIMILAR TECHNOLOGIES

A “cookie” is a small summary file containing a unique ID number which is sent to your internet enabled device, such as your computer. A web beacon is an electronic image which (whether alone or in conjunction with a cookie) is used to compile information about your website usage and your interaction with email. We use the term "cookies" to cover cookies, web beacons and similar technologies generally used in the market.

When you access the Online Services, we may use cookies to help provide you with a more enjoyable, relevant, faster and safer experience with us and the Online Services. Cookies may store information to help us recognise your internet enabled device (for example, the internet protocol (IP) address of your device) and may collect information (for example, number of times a page is visited). In some cases, the information used by cookies may be considered personal data if you are reasonably identifiable based on information readily available to us.

A cookie will enable us to greet you each time you visit the Online Services without bothering you with a request to register, and keep track of your interest in particular features, products or services on the Online Services, which we may use to tailor the relevance of news, advertisements, offers or marketing materials we send you. We also use cookies to measure traffic patterns, to determine which areas of the Online Services have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our Online Services. We may log the information for analytical purposes, for example, to analyse trends, administer the Online Services, track user movements and gather broad demographic information.

If you do not wish to receive cookies, you can set your browser so that your internet enabled device does not accept them. However, if these cookies are rejected, this may interfere or impair your use of some features of the Online Services.

 

5. CONSEQUENCES IF WE CANNOT COLLECT PERSONAL DATA

If you do not provide us with the personal data described above, some or all of the following may happen: (a) we may not be able to provide the requested products or services to you, either to the same standard or at all; (b) we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions; or (c) we may be unable to tailor the content of the Online Services to your preferences and your experience of the Online Services may be impacted and not be as enjoyable or useful.

 

6. PURPOSES FOR WHICH WE COLLECT, USE AND DISCLOSE PERSONAL DATA

We collect personal data about you so that we can perform our business activities and functions and to provide best possible quality of customer service. These data are held in either electronic and/or hardcopy form.

We collect, use and disclose your personal data for the following purposes: (a) to provide products and services to you and to send communications requested by you; (b) to answer enquiries and provide information or advice about existing and new products or services; (c) to provide you with access to protected areas of the Online Services; (d) to assess and improve the performance, operation and relevance of the Online Services; (e) to perform business processing functions including providing personal data to our related corporations, contractors, service providers or other third parties; (f) to service your account with us, including but not limited to processing and responding to any application or complaint made by you, investigating problems, resolving disputes and enforcing agreements with us; (g) for advertising, promotional and marketing activities (including direct marketing), administration, planning, product or service improvement and development, quality control, data analytics and research purposes. We may also use your personal data to plan and host corporate events, host online forums and social networks in which event you may participate, and to populate your online profiles on our Online Services; (h) to update our records and keep your contact details up to date; and (i) if we determine that it is reasonably necessary to: (1) comply with any law, rule, regulation, binding determination, decision or direction of a regulator or in co–operation with any governmental authority of any country; (2) protect any person from death or injury, and includes any response to an emergency that threatens the life, health or safety of an individual; or (3) protect our rights, property or safety and those of our users or the public as required or permitted by law.

Your personal data will not be shared or disclosed other than as described in this Privacy Policy and will be destroyed or de–identified when no longer needed.

As mentioned in Section 1 above, we may collect information that is provided by, or collected on behalf of our customers (including your healthcare provider, institution, organisation, specialist, clinic and/or doctor). Where such information is collected or submitted to us for hosting and processing purposes (“Customer Data”), please note that we will not review, share, distribute, or reference any such Customer Data except as provided in our contractual agreement with the customer (and subject to this Privacy Policy), or as may be permissible under or as required by law. In accordance with our contractual agreement with a customer, we may access Customer Data for the purpose of providing the services under the agreement or preventing or addressing service or technical problems or as may be required by law. We acknowledge that you have the right to access your personal data. If personal data pertaining to you as an individual has been submitted to us by our customer and you wish to exercise any right you may have to access, correct, amend, or delete such data, please inquire with our customer directly. Because our personnel have limited ability to access data our customers submit to our Online Services, if you wish to make your request directly to us, please provide the name of the customer who submitted your data to our Online Services. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.

Purchase Orders and Information. To process your purchase orders (including apps subscriptions and device rentals), we may require your name, address, phone number, email address and payment card information. Please note that payment card transactions are processed by our PCI DSS-certified third-party payment processor, Stripe, who will collect and use your data strictly for payment purposes only. We will not store or collect your payment card details. That information is provided directly to our third-party payment processor whose use of your personal data is governed by their privacy policy (please see https://stripe.com/sg/privacy).

 

7. DISCLOSURE OF PERSONAL DATA BY US

We may disclose your personal data to our related corporations and to other third-party organisations, and will only do so for one of the purposes set out in this Privacy Policy.

These third-party organisations include: (a) your nominated or authorised healthcare provider, institution, organisation, specialist, clinic and doctor; (b) any organisation involved in our sales and support network, for example: our authorised sales agents, dealers, service providers and subcontractors (for example, delivery services providers); (c) any organisation involved in our business processing functions, for example: payment processors, credit reporting bodies, debt collection providers; (d) any organisation involved in the operation, hosting and management of our information technology infrastructure (including our website), for example: web hosting providers, IT systems administrators, electronic network administrators; (e) professional advisors, for example, accountants, solicitors, business advisors and consultants; (f) organisations that perform advertising or marketing related services on our behalf, for example, advertising agencies and our authorised agents and dealers; (g) any supplier or other third parties with whom we have commercial relationships for business related purposes; (h) any organisation if we determine that it is reasonably necessary to: (1) comply with any law, rule, regulation, binding determination, decision or direction of a regulator or in co–operation with any governmental authority of any country; (2) protect any person from death or injury, and includes any response to an emergency that threatens the life, health or safety of an individual; or (3) protect our rights, property or safety and those of our users or the public as required or permitted by law; and (i) in addition to the above examples, any other third-party organisations expressly authorised by you.

We may combine or share any personal data that we collect from you with personal data collected by any of our related corporations or by any organisations within our authorised sales and support network.

 

8. SHARING OF INFORMATION AND PERSONAL DATA BY YOU

Your personal data (including account details such as user names, PIN codes, passwords and security authentications) are private and confidential to you (hereinafter referred to as the “Confidential Data”). If you choose to disclose or share any of such Confidential Information with a third party (including your healthcare provider, specialist, doctor, Guardian, spouse and relative): (i) you do so solely at your own risk; and (ii) you expressly acknowledge and agree that we will not be responsible or liable in any way whatsoever for: (1) any loss of confidentiality due to disclosure or sharing of such Confidential Data by you; or (2) the use and/or processing of such Confidential Data by the third party, including any and all losses, damages, liabilities and harm arising therefrom, including any act or omission of medical prevention, intervention, diagnosis, advice, treatment or care.

Public Forums, Refer A Contact And Testimonials. We may provide bulletin boards, blogs, or chat rooms on the Online Services. Any personal data that you choose to disclose, share or submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. You are disclosing, sharing and submitting those personal data at your own risk and we will not be responsible or liable in any way for such disclosure, sharing or submission of data. You may elect to use our referral program to inform your contacts about our Services and products. When using the referral program, we may request the contact’s name and email address. We may post a list of customers and testimonials on the Online Services that contains information such as customer names and titles. Where you have given us a testimonial, you hereby consent to our posting of such information and testimonials on our Online Services.

 

9. CONSENT

IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT CONTINUE TO USE OR ACCESS THE SERVICES. By disclosing your personal data to us or continuing to use the Services, you are deemed to agree with this Privacy Policy and consent to the purposes for which we collect, use and disclose your personal data.

From time to time we may seek your consent to a specific proposed collection, use and/or disclosure of your personal data. If we decide to bundle multiple requests for your consent, you may withhold your consent to any or all such requests. If you have consented to a specific purpose for our use and disclosure of your personal data, then we may rely on your consent until you withdraw your consent.

You may withdraw your consent under this Privacy Policy at any time by contacting our data protection officer at dpo@healthbeats.co.

 

10. DIRECT MARKETING MATERIALS

We may collect, hold, use and/or disclose your personal data to send you direct marketing communications and information which offers, advertises or promotes our products and services and which we consider may be of interest to you. These communications may be sent in various forms, including voice calls, mail, SMS, fax and email.

If you do not wish to receive marketing communications, you may opt–out of receiving these communications from us at any time by using the opt–out feature/facilities specified in our direct marketing communications or by contacting us at support@healthbeats.co, or +65 6957 4800. We will then ensure that your details are removed from the relevant marketing contact list you have elected to opt–out of.

 

11. ACCESS TO, CORRECTION, DELETION OR ERASURE OF, YOUR PERSONAL DATA

When providing any personal data to us, you should take care to only provide us with accurate, complete and up-to-date data.

To the extent the Online Services allows you to update certain information on your own (including correction and/or deletion of your personal data in your Online Services account), you can always choose to do so personally. When you update such information, we usually keep a copy of the prior version for our records.

Otherwise or alternatively, if you wish to apply for a copy of the personal data we hold about you; or request for your personal data to be updated or corrected or deleted by us; or if you would like to receive an electronic copy of your personal data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), please contact our data protection officer at dpo@healthbeats.co, and we will take all reasonable steps to comply with such requests, as soon as reasonably possible.

To enable us to review and respond to your requests in a timely manner, please include the following details (as a minimum) in your requests: (a) your full legal name and telephone contact number; (b) a description of the personal data you are requesting to access, correct and/or delete; (c) a date range of when you believe the personal data was supplied to us; (d) any details of how the personal data was supplied to us originally (for example, when you completed an online subscription form); and (e) where correction/deletion is required, details of the correction/deletion requested. We may contact you for additional information if required (for example, to clarify your request, to confirm your identity etc).

Please note that when you unsubscribe and close your account with us, we will have the right to remove and delete all your data, whereupon you will no longer be able to access your data.

Fees. We will not charge you any fee when you make a request for access, correction and/or deletion. However, and where legally permissible, we may charge you for our reasonably incurred costs in complying with your request, including: (a) costs of producing a copy of the personal data requested (for example, photocopying/printing and portable storage device costs); and (b) expenses we have incurred in giving access or delivering the personal data (for example, postage costs). To the extent practicable, we will advise you in advance prior to charging you in these circumstances and give you an indication of the likely amount.

 

12. TRANSFER OF PERSONAL DATA

Your data, including personal data, may be disclosed or transferred to or accessed by our related corporations and third-party organisations (for example, IT or cloud storage service providers) located outside of your country where the data protection standards may differ from those in your jurisdiction. By using and accessing the Services, you expressly agree and consent to the transfer to and processing of data by such entities located outside your jurisdiction.

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and any transfer of personal data will be made only to an oversea recipient that is subject to a standard of personal data protection or equivalent law or scheme that is comparable to the protection afforded under the Act (for example, privacy or data protection law, industry privacy scheme or code or binding corporate rules) and you have the ability to enforce the law or binding scheme; or if we have received your express and informed consent before doing so.

You may revoke your consent to this at any time, in which case: (i) you must inform us of this consent revocation immediately; and thereafter, (ii) your data will be deleted, and you will then no longer have access to our Services.

Transfer of Personal Data in the Event of Change of Control or Sale of HealthBeats. If the ownership of our business changes, or we otherwise dispose or transfer assets relating to our business or the Services to another party (whether by way of sale, merger, acquisition, amalgamation, insolvency proceeding or otherwise), you hereby expressly agree that we may sell, disclose and/or transfer your personal data to such party. Unless otherwise stated in this Privacy Policy or expressly stated at the time of collection of your personal data, we will never sell your personal data to any third party.

 

13. INTERNET SECURITY AND THIRD-PARTY WEBSITES

We will take reasonable steps to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

However, as the Online Services are linked to the internet, and the internet is inherently insecure, we cannot provide any guarantee, warranty or assurance regarding, nor be held liable or responsible for any liability arising out of or in connection with any breach of, the security of transmission of information communicated online. In particular, we cannot guarantee that information transmitted or communicated will not be intercepted while being transmitted over the internet or that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, physical or technical safeguards. It is your sole responsibility to protect the security of your login and password information. Please note that emails and other communications you send through the Online Services are not be encrypted, we therefore strongly advise you not to communicate or disclose any confidential information through these means.

The Online Services may contain links to other websites or services operated by third parties that are not owned or controlled by us. These third-party websites and services are governed by their own separate data privacy, security and other practices and policies (including any “cookies” or similar technology practices), and we make no representation or warranty in relation to, and will not be responsible or liable in any way for, the data privacy, security or other practices and policies or content of such third-party websites and services. These third-party websites and services are responsible for informing you about their own data privacy, security and other practices and policies.

 

14. PERSONAL DATA RETENTION PERIOD

We may retain your personal data for a period of time consistent with the original purpose of collection. For instance, we may retain your personal data during the time in which you have an account to use our Online Services and for a reasonable period of time afterward. We also may retain your personal data during the period of time needed for legal or other legitimate business purposes.

 

15. HOW TO CONTACT US

If you have any question or comments regarding this Privacy Policy or otherwise need to contact us, please contact us at (i) dpo@healthbeats.co, for matters relating to this Privacy Policy; and (ii) support@healthbeats.co, for all other matters. Alternatively, you may reach us by mail at HealthBeats Pte. Ltd. (UEN. 201829879Z), 1003 Bukit Merah Central, #06-16 Inno Centre, Singapore 159836, or +65 6957 4800.

If your concern relates to a believe that we have failed to comply with a provision of the Act or this Privacy Policy that affects your personal data, please provide us the following details (as a minimum) to enable us to review and respond to your complaint in a timely manner: (a) your full legal name and telephone contact number; (b) a description of the incident (including any relevant dates) so that we can review and/or investigate the complaint; and (c) a description of how you believe we have breached our obligations under this Privacy Policy. We may contact you for additional information if required (for example, to clarify your request, to confirm your identity etc).

 

16. CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy at any time and from time to time, so please review it frequently. Any updated version of this Privacy Policy will be effective from the date of posting on this page. Your continued use of the Services, including use after the posting of any changes to this policy, will be deemed acceptance by you of the then-current Privacy Policy.

 

17. APPLICABLE LAW

This Privacy Policy and any dispute of any kind between you and us shall be governed by and construed in accordance with the laws of Singapore, and each party irrevocably and unconditionally submits to the exclusive jurisdiction of the Courts of Singapore.