Global Personal Data Protection And Privacy Policy

Last Updated: 1 April 2020


 

HEALTHBEATS PTE. LTD. and its subsidiaries (collectively "HealthBeats", " us", "we" or "our") recognise the importance of the rights of individuals (" you" or "your") to protect their personal data and privacy. This document is our Global Personal Data Protection and Privacy Policy ("Privacy Policy") and explains how we collect and use your personal data, with whom we share or disclose it to, and what are your rights and choices under the Singapore Personal Data Protection Act, 2012 ("Act") and the data protection or privacy laws of the country in which we provide our Services in.

This Privacy Policy applies to data we collect through our online service interfaces such as our main website at healthbeats.co and our HealthBeats™ remote vitals monitoring mobile and web apps (collectively the "Online Sites and Services"), as well as those collected through other offline service interactions in relation to HealthBeats™remote vitals monitoring products and services (collectively together with the Online Sites and Services, the " Services").

This Privacy Policy does not apply to third-party websites, products, or services, even if they link to our Online Sites and Services. You should review the privacy policies and practices of these third parties independently and carefully.

For the purposes of this Privacy Policy, a reference to 'including' or 'for example' means including or for example without limitation.

 

1. OVERVIEW

In this Privacy Policy, personal data have the meaning defined in the Act. In general terms, personal data is any data, whether true or not, that (a) by itself can be used to personally identify you; or (b) when combined with other data or information that we have or are likely to have access to, can be used to personally identify you.

"You" may be (i) a healthcare organisation/institution, medical/healthcare professional, doctor, physician or clinician who subscribes to our Services ("User" or "Healthcare Provider"); or (ii) a patient or customer of a User ("Customer"); or (iii) a visitor to our Online Sites and Services ("Visitor ").

Minimum Age . You must be at least 18 years old (or the age of majority in your jurisdiction, if it is older, " Minimum Age") to use the Services. If you are a Visitor to our Online Sites and Services and are under the Minimum Age, we request that you do not provide any Personal Data through the Online Sited and Services but request that your parent or guardian ("Guardian") contacts us instead. If you are a Customer and under the Minimum Age: (i) you may use the Services only with the involvement and agreement of a Guardian; and (ii) your Guardian must also have read and agreed to the terms of this Privacy Policy (including the Terms of Use) and will bear all responsibility of protecting your personal data. If a Guardian refuses to consent or accept the terms of this Privacy Policy, or we (or a User, if you are its Customer) are unable to verify a Guardian's consent or acceptance of the terms of this Privacy Policy within a reasonable time, we have the absolute right to delete all your personal data, including the termination of your Services account and deletion of all information contained therein. We will not be responsible or liable for any loss or damage arising from such deletion of data or information (including any costs or expenses incurred to activate/reactivate the account).

 

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT

Depending on the nature of your interaction with us, the types of personal data that we collect when you provide to us are essentially as follows:

(i) User. If you are a User, as part of your sign-up and enrolment to the Services (which include creation of User account and on-boarding of care teams to the various healthcare plans that you may offer your Customers), you will provide us the following personal data of your designated or authorised officers, administrators and care team members - full name, role and/or designation, email address, mobile and office numbers, government identifiers associated with you and your organisation (such as your identity card, social security number, tax number, employer identification number, or professional registration number). As part of your business relationship with us, we may also receive financial information such as your organisation bank account details for billing and invoicing purposes.

(ii) Customer. If you are a Customer, and you sign-up to the Services as part of your healthcare plan with a User, we will generally collect and process your personal data in the following manner:

(a) Personal Information. During your on-boarding and creation of a Customer account, the following information will be collected and shared by the User with us when the User uploads the information onto our HealthBeats™ remote vitals monitoring mobile and web apps - your full name, home number, mobile number, email address, home address, gender, age and date of birth, race and nationality, government identifiers associated with you (such as your identity card, social security number, driving licence number, health insurance details, where applicable), height and weight, language spoken. If you are a Customer below the Minimum Age, the name and contact information of your Guardian will be collected and shared with us too;

(b) Health Information. As part of your on-going remote vitals monitoring by a User, and depending on the health data that a User monitors under your healthcare plan, the following information will be uploaded by your internet enabled devices provided as part of the Services (such as blood pressure monitor, glucose monitor, oximeter, ECG/ holter monitor, weighing scale, fitness tracker) onto our HealthBeats™ remote vital monitoring mobile and web apps - your perfusion index, pulse, oxygen saturation, blood pressure, heart rate, electrocardiogram, temperature, aerobic steps/strokes taken, blood glucose levels, body fat percentage, BMI, calories burnt, metabolism rate, and such other health vitals intended to be captured by the User through the use of the Services; and

(c) Purchase and Payment Information. When you make payment for subscription fees and/or purchase of products/consumables through our Online Sites and Services, we will receive the following information that allows us to process your payment and/or delivery of your products/consumables - your name, delivery address, phone number, email address and payment details (such as purchased products/consumables, purchase amount, purchase date and payment method). If you make online payment through our Online Sites and Services, your payment card transactions will be processed by our PCI DSS-certified third-party payment processor, Stripe, who will collect and use your purchase and payment card details strictly for payment processing purposes only. HealthBeats do not store or collect your payment card details. That information is provided directly to Stripe whose use of your personal data is governed by their privacy policy at https://stripe.com/sg/privacy.

Please note that your agreement with the relevant User should explain how the User collects, uses and shares your personal data with us, and if you have any question or require further clarification on any of these areas, you should direct those questions to the User. As a User's service provider, we will process your personal data only in accordance with the terms of our agreement with the User, or as may be permissible under or as required by law.

(iii) Visitor. If you are a Visitor and wish to contact or get in touch with us via our online form or email, we will collect your full name, email address and mobile number, and such other personal data or information that you choose to provide for us to process your enquiry or request.

You may also be providing us (whether directly or indirectly through our authorised agents, representatives or service providers) information on other occasions or through other methods, for example: (1) when you respond to our marketing or other communications and activities; (2) when you participate in our user or customer surveys; (3) when you contact our customer support team or communicate with us via online chat services; or (4) when you visit or provide us information through our social or networking media and online forums, or during trade shows, conventions or other events.

Non-Personal Data . We may also collect information that is not personal data because it does not identify you or anyone else. These non-personal data include for example, data collected automatically through cookies and similar technologies; anonymous answers to surveys and other data provided by you; or aggregated information about how you use our Online Site and Services. To the extent these non-personal data should reveal your specific identity or relate to an individual, we will treat these data as personal data.

 

3. COOKIES AND SIMILAR TECHNOLOGIES

What are cookies?

"Cookies" are small text files containing unique ID numbers that are placed on your internet enabled device (such as your computer or mobile device) by websites that you visit. They are used in order for websites to work, or work more efficiently, as well as to provide information to website providers. For example, they allow a website provider to remember your login details and website preferences (so that you don't have to reconfigure your settings each time you log-in to your account), and to better understand how you use its website. Similar technologies such as web beacons, pixel tags and GIFs, essentially also do the same thing.

To find out more about cookies, please visit www.allaboutcookies.org.

How we use cookies

Our website use cookies and similar technologies to allow our Online Sites and Services to function safely and effectively, prevent fraudulent and other harmful activities, and analyse and enhance our Services. These cookies and similar technologies collect information about your use of our website and Online Sites and Services, and they include:

(a) browser and device data, such as IP address and location, device type, operating system and internet browser type, operating system name and version, and the language version of the websites you are visiting; and

(b) website usage data and online activities, such as time spent on the websites, pages visited or followed, links clicked, your language preference, your general location, and the pages that led or referred you to our websites, and shopping history.

To learn more about how HealthBeats use cookies and similar technologies through our Online Sites and Services, and how you can manage and control the use of cookies and similar technologies, please see our Cookies Policy.

 

4. CONSEQUENCES IF WE CANNOT COLLECT PERSONAL DATA

If you do not provide us with the personal data described above, some or all of the following may happen: (a) we may not be able to provide the Services to you, either to the same standard or at all; (b) we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions; or (c) we may be unable to tailor the content of the Online Sites and Services to your preferences and your experience of the Online Sites and Services may be impacted and not be as enjoyable or useful.

 

5. HOW WE USE PERSONAL DATA

We use your personal data for the following purposes:

(i) To deliver our products and services, including:

(a) To perform contractual obligations with our Users - these activities include:

(1) creation, authentication and management of accounts;

(2) accounting, invoicing/billing and financial reporting and auditing; and

(3) provision of customer and technical support services.

As mentioned earlier, we as a User's service provider, will process a Customer's personal data in accordance with the terms of our agreement with the User. We use Personal Data of our User's Customers: (i) to create, authenticate and manage Customer accounts, including customer and technical support services; (ii) to enable Users to monitor their respective Customers' health data; and (iii) where applicable, to process a Customer's online purchases and payments for the Services. All such use is pursuant to the terms of our contractual obligations and business relationships with our Users. We wish to remind all Customers again that your agreement with the relevant User should explain how the User collects, uses and shares your personal data with us, and if you have any question or require further clarification on any of these areas, you should direct those questions to the User.

(b) In compliance with legal/regulatory requirements or as permitted by law - these include:

(1) compliance with any law, rule, regulation, binding determination, decision or direction of a regulator or in co-operation with any governmental authority of any country; and

(2) to protect our rights, property or safety and those of our Users, its Customers or the public as required or permitted by law.

(c) For legitimate business interests and purposes - these include:

(1) to monitor, detect and prevent fraud and unauthorized or illegal activities and transactions;

(2) to ensure network and information security throughout our Services;

(3) to assess and improve the performance, operation and relevance of our product and services by understanding their effectiveness; and to develop new products and services;

(4) to ensure network and information security throughout our Services analyse and advertise our products and services more effectively;

(5) to respond to your enquiries or request for information of our products or services; and

(6) to conduct aggregate research and analysis to produce data analytics, statistical research and reports and to develop business intelligence that enable us to operate, protect, make informed decisions on, and report on the performance of, our business.

(ii) We will not send you any marketing or advertising information or communication without your prior consent. Our system is configured, by default, to opt you out of receiving such marketing and advertisements until you actively opt-in or give us your consent. If you have previously provided us your consent or opted-in to receive our marketing and advertising information and communication, we may send you marketing communications and information which offers, advertises or promotes our products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided always that we do so in accordance with the consent requirements that are imposed by applicable law.

When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.

If you do not wish to receive marketing communications, you may opt-out of receiving these communications from us at any time by using the opt-out feature specified in our direct marketing communications or by contacting our "HealthBeats Support Centre" web portal at http://healthbeats.co/support. We will ensure that your details are removed from the relevant marketing contact list you have elected to opt-out of.

 

6. HOW WE DISCLOSE PERSONAL DATA

Personal data provided by you may be shared with our related corporations and other authorised third-party organisations for the purposes set out in this Privacy Policy, as follows:

(i) Users. We share Customer personal data with Users as part of our Services and contractual obligations to our Users.

(ii) HealthBeats Group. We share personal data with other HealthBeats entities in order to provide our Services and for internal administration purposes.

(iii) Service providers. We share personal data with third-party service providers who perform services for us and help us operate our business. They include web hosting; cloud and storage services; IT systems and related infrastructure services; payment gateway/processing services; logistics and delivery; marketing and advertising; and professional services. These service providers may need to access personal data to perform their services, and to the extent that they do, they will only use or process your personal data only to the extent necessary to perform services on our behalf or comply with legal requirements.

You can find out more about our third-party service providers, here. Our business requirements may change from time to time. This means we may, for example, add or replace a service provider if we believe that doing so will improve the delivery of our Services. We will update the list accordingly as and when such changes happen.

(iv) Business partners. We share your personal data with third party business partners when this is necessary to provide our Services to our Users. They include organisations involved in our sales and support network, for example, our authorised distributors, sales agents, and dealers.

(v) Change of Control or Sale of HealthBeats. If the ownership of our business changes, or we otherwise dispose or transfer assets relating to our business or the Services to another party (whether by way of sale, merger, acquisition, amalgamation, insolvency proceeding or otherwise), we may sell, share, disclose and transfer your personal data to such party in order to facilitate the completion of the transactions contemplated. Unless otherwise stated in this Privacy Policy or expressly stated at the time of collection of your personal data, we will never sell your personal data to any third party.

(vi) Regulatory Authorities, Governmental Agencies. We share your personal data if we determine that it is reasonably necessary to: (i) comply with any law, rule, regulation, binding determination, decision or direction of a regulator or in co-operation with any governmental authority of any country; and (ii) to protect our rights, property or safety and those of our Users, its Customers or the public as required or permitted by law.

(vii) Your authorised agent. In addition to the above, we may also share your personal data with any other third-party agent or personnel expressly authorised by you.

 

7. SHARING OF INFORMATION AND PERSONAL DATA BY YOU

Your personal data (including account details such as user names, PIN codes, passwords and security authentications) are private and confidential to you (hereinafter referred to as the "Confidential Data "). If you choose to disclose or share any of such Confidential Information with a third party (including your healthcare provider, specialist, doctor, Guardian, spouse and relative): (i) you do so solely at your own risk; and (ii) you expressly acknowledge and agree that we will not be responsible or liable in any way whatsoever for: (1) any loss of confidentiality due to disclosure or sharing of such Confidential Data by you; or (2) the use and/or processing of such Confidential Data by the third party, including any and all losses, damages, liabilities and harm arising therefrom, including any act or omission of medical prevention, intervention, diagnosis, advice, treatment or care.

 

8. CONSENT

IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT CONTINUE TO USE OR ACCESS THE SERVICES.

By disclosing your personal data to us or continuing to use the Services, you are deemed to agree with this Privacy Policy and consent to the purposes for which we collect, use and disclose your personal data.

From time to time we may seek your consent to a specific proposed collection, use and/or disclosure of your personal data. If we decide to bundle multiple requests for your consent, you may withhold your consent to any or all such requests. If you have consented to a specific purpose for our use and disclosure of your personal data, then we may rely on your consent until you withdraw your consent.

You may withdraw your consent under this Privacy Policy at any time by contacting our data protection officer at dpo@healthbeats.co.

 

9. YOUR DATA PROTECTION RIGHTS

Depending on your locations and subject to applicable law, you may have the following rights with regards to the Personal Data we control of you:

The right to access - You can request confirmation of whether we process any personal data relating to you, and if so, to request a copy of such data.

The right to rectification - When providing any personal data to us, you should take care to only provide us with accurate, complete and up-to-date data. If you believe any information provided to us is inaccurate or incomplete, or needs to be updated, and to the extent the Online Sites and Services allows you to rectify these information on your own, you can do so personally. When you update such information, we usually keep a copy of the prior version for our records.

The right to erasure - You can request that we erase your personal data, to the extent legally permissible.

The right to restrict processing - You can request that we restrict the processing of your personal data, and we will advise you accordingly of the impact and effect of such restriction on the delivery of our Services, and/or whether such restriction is technically feasible.

The right to object to processing - You can object to us processing of your personal data, and we will advise you accordingly of the impact and effect of such objection on the delivery of our Services, and/or whether such objection is technically feasible.

The right to data portability - You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of these rights, please contact our data protection officer at dpo@healthbeats.co. We will respond to you as soon as reasonably practicable within the timelines and to the extent required by applicable law.

If you are a Customer of our User and you wish to exercise any of the above right, please direct your requests directly to the relevant User. Because our personnel may have limited ability to access data our Users submit to our Online Sites and Services, if you wish to make your request directly to us, please provide the name of the User who submitted your data to our Online Sites and Services. We will refer your request to that User and will support them as needed in responding to your request.

To enable us to review and respond to your requests in a timely manner, please include the following details in your requests: (a) your full legal name and telephone contact number; (b) a description of your request; (c) a date range of when you believe the personal data was supplied to us; (d) any details of how the personal data was supplied to us originally (for example, when you completed an online subscription form); and (e) where rectification is required, details of the rectification requested. We may contact you for additional information if required (for example, to clarify your request, to verify your identity etc).

Please note that when you unsubscribe and close your account with us, we will have the right to remove and delete all your data, whereupon you will no longer be able to access your data.

Fees . We will not charge you any fee when you make a request under this Section. However, and where legally permissible, we may charge you a fee for the administrative costs in complying with your request such as costs of producing or delivering a copy of the personal data or medical record requested. To the extent practicable, we will advise you in advance prior to charging you in these circumstances and give you an indication of the likely amount.

 

10. CROSS-BORDER TRANSFER OF PERSONAL DATA

HealthBeats is a global business and service provider. Personal data may be processed and stored in various countries that we operate in (whether on our own or through our channel partners/distributors) or where we engage third-party service providers to provide services to us (for example, cloud and storage service providers). Your data, including personal data, may therefore be disclosed or transferred to or accessed by our related corporations and third-party service providers located outside of your country where the data protection rules and standards may differ from those in your jurisdiction.

Regardless of where we process your personal data, we will take all reasonable steps to ensure that any such transfers will comply with applicable data protection laws and your data continues to be protected and treated securely in accordance with the standards set out in this Privacy Policy and in compliance with applicable laws .

You can find out more about our third-party service providers, here.

By signing-up and using and accessing the Services, you expressly agree and consent to the transfer and processing of data by such entities located outside your jurisdiction. You may withdraw your consent to this at any time, in which case: (i) you must inform us of this consent withdrawal immediately; and thereafter, (ii) you will then no longer have access to our Services.

 

11. INTERNET SECURITY AND THIRD-PARTY WEBSITES

Internet Security . We take reasonable steps to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. Your personal data is accessible only to a limited number of personnel who need access to the information to perform their duties.

However, as the Online Sites and Services are linked to the internet, and the internet is inherently insecure, we cannot provide any guarantee, warranty or assurance regarding, nor be held liable or responsible for any liability arising out of or in connection with any breach of, the security of transmission of information communicated online. In particular, we cannot guarantee that information transmitted or communicated will not be intercepted while being transmitted over the internet or that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, physical or technical safeguards.

As an Online Sites and Services user, it is your sole responsibility to protect the security of your login and password information. If you have reason to believe that your communication or interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact our "HealthBeats Support Centre" web portal at http://healthbeats.co/support, immediately.

Third-Party Websites and Privacy Policies . The Online Sites and Services may contain links to other websites or services operated by third parties that are not owned or controlled by us. These third-party websites and services are governed by their own separate data privacy, security and other practices and policies (including any "cookies" or similar technology practices), and we make no representation or warranty in relation to, and will not be responsible or liable in any way for, the data privacy, security or other practices and policies or content of such third-party websites and services. These third-party websites and services are responsible for informing you about their own data privacy, security and other practices and policies.

 

12. PERSONAL DATA RETENTION PERIOD

We will retain your personal data as long as you have an Online Sites and Services account with us, or we are providing Services to you. We also retain your personal data after we cease providing Services to you, or even if you close your Online Sites and Services account with us, to the extent that such retention is needed for us to comply with (i) our legal and regulatory obligations; (ii) our tax, accounting, and financial reporting obligations; and (iii) where we are required to retain the data by our contractual obligations to Users. Where we retain your personal data, we do so in accordance with any limitation periods and record retention obligations imposed by applicable laws.

 

13. HOW TO CONTACT US

If you have any question or comments regarding this Privacy Policy, please contact our data protection officer at:

Mailing Address:

HealthBeats Pte. Ltd.

1003 Bukit Merah Central
#06-16 Inno Centre
Singapore 159836
Attention: Data Protection Officer
Email: dpo@healthbeats.co

If your concern relates to a complaint or a believe that we have failed to comply with a provision of this Privacy Policy, please provide us the following details so that we can review and respond to your complaint in a timely manner: (a) your full legal name and telephone contact number; (b) a description of the incident (including any relevant dates) so that we can review and/or investigate the complaint; and (c) a description of how you believe we have breached our obligations under this Privacy Policy. We may contact you for additional information if required (for example, to clarify your request, to verify your identity etc).

 

14. CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy from time to time to reflect new products or services, changes in our privacy practices and/or relevant laws, so please review it frequently. Any updated version of this Privacy Policy will be posted on our webpage and will be effective from the date of posting. We will provide you with notifications and/or alerts regarding material changes to this Privacy Policy by posting them on our website and, if you are a User or Customer, we will notify you through our Online Sites and Services and emails.