Last Updated: 1 April 2020
"You" may be (i) a healthcare organisation/institution, medical/healthcare professional, doctor, physician or clinician who subscribes to our Services ("User" or "Healthcare Provider"); or (ii) a patient or customer of a User ("Customer"); or (iii) a visitor to our Online Sites and Services ("Visitor ").
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
Depending on the nature of your interaction with us, the types of personal data that we collect when you provide to us are essentially as follows:
(i) User. If you are a User, as part of your sign-up and enrolment to the Services (which include creation of User account and on-boarding of care teams to the various healthcare plans that you may offer your Customers), you will provide us the following personal data of your designated or authorised officers, administrators and care team members - full name, role and/or designation, email address, mobile and office numbers, government identifiers associated with you and your organisation (such as your identity card, social security number, tax number, employer identification number, or professional registration number). As part of your business relationship with us, we may also receive financial information such as your organisation bank account details for billing and invoicing purposes.
(ii) Customer. If you are a Customer, and you sign-up to the Services as part of your healthcare plan with a User, we will generally collect and process your personal data in the following manner:
(a) Personal Information. During your on-boarding and creation of a Customer account, the following information will be collected and shared by the User with us when the User uploads the information onto our HealthBeats™ remote vitals monitoring mobile and web apps - your full name, home number, mobile number, email address, home address, gender, age and date of birth, race and nationality, government identifiers associated with you (such as your identity card, social security number, driving licence number, health insurance details, where applicable), height and weight, language spoken. If you are a Customer below the Minimum Age, the name and contact information of your Guardian will be collected and shared with us too;
(b) Health Information. As part of your on-going remote vitals monitoring by a User, and depending on the health data that a User monitors under your healthcare plan, the following information will be uploaded by your internet enabled devices provided as part of the Services (such as blood pressure monitor, glucose monitor, oximeter, ECG/ holter monitor, weighing scale, fitness tracker) onto our HealthBeats™ remote vital monitoring mobile and web apps - your perfusion index, pulse, oxygen saturation, blood pressure, heart rate, electrocardiogram, temperature, aerobic steps/strokes taken, blood glucose levels, body fat percentage, BMI, calories burnt, metabolism rate, and such other health vitals intended to be captured by the User through the use of the Services; and
Please note that your agreement with the relevant User should explain how the User collects, uses and shares your personal data with us, and if you have any question or require further clarification on any of these areas, you should direct those questions to the User. As a User's service provider, we will process your personal data only in accordance with the terms of our agreement with the User, or as may be permissible under or as required by law.
(iii) Visitor. If you are a Visitor and wish to contact or get in touch with us via our online form or email, we will collect your full name, email address and mobile number, and such other personal data or information that you choose to provide for us to process your enquiry or request.
You may also be providing us (whether directly or indirectly through our authorised agents, representatives or service providers) information on other occasions or through other methods, for example: (1) when you respond to our marketing or other communications and activities; (2) when you participate in our user or customer surveys; (3) when you contact our customer support team or communicate with us via online chat services; or (4) when you visit or provide us information through our social or networking media and online forums, or during trade shows, conventions or other events.
Non-Personal Data . We may also collect information that is not personal data because it does not identify you or anyone else. These non-personal data include for example, data collected automatically through cookies and similar technologies; anonymous answers to surveys and other data provided by you; or aggregated information about how you use our Online Site and Services. To the extent these non-personal data should reveal your specific identity or relate to an individual, we will treat these data as personal data.
What are cookies?
"Cookies" are small text files containing unique ID numbers that are placed on your internet enabled device (such as your computer or mobile device) by websites that you visit. They are used in order for websites to work, or work more efficiently, as well as to provide information to website providers. For example, they allow a website provider to remember your login details and website preferences (so that you don't have to reconfigure your settings each time you log-in to your account), and to better understand how you use its website. Similar technologies such as web beacons, pixel tags and GIFs, essentially also do the same thing.
To find out more about cookies, please visit www.allaboutcookies.org.
(a) browser and device data, such as IP address and location, device type, operating system and internet browser type, operating system name and version, and the language version of the websites you are visiting; and
(b) website usage data and online activities, such as time spent on the websites, pages visited or followed, links clicked, your language preference, your general location, and the pages that led or referred you to our websites, and shopping history.
4. CONSEQUENCES IF WE CANNOT COLLECT PERSONAL DATA
If you do not provide us with the personal data described above, some or all of the following may happen: (a) we may not be able to provide the Services to you, either to the same standard or at all; (b) we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions; or (c) we may be unable to tailor the content of the Online Sites and Services to your preferences and your experience of the Online Sites and Services may be impacted and not be as enjoyable or useful.
5. HOW WE USE PERSONAL DATA
We use your personal data for the following purposes:
(i) To deliver our products and services, including:
(a) To perform contractual obligations with our Users - these activities include:
(1) creation, authentication and management of accounts;
(2) accounting, invoicing/billing and financial reporting and auditing; and
(3) provision of customer and technical support services.
As mentioned earlier, we as a User's service provider, will process a Customer's personal data in accordance with the terms of our agreement with the User. We use Personal Data of our User's Customers: (i) to create, authenticate and manage Customer accounts, including customer and technical support services; (ii) to enable Users to monitor their respective Customers' health data; and (iii) where applicable, to process a Customer's online purchases and payments for the Services. All such use is pursuant to the terms of our contractual obligations and business relationships with our Users. We wish to remind all Customers again that your agreement with the relevant User should explain how the User collects, uses and shares your personal data with us, and if you have any question or require further clarification on any of these areas, you should direct those questions to the User.
(b) In compliance with legal/regulatory requirements or as permitted by law - these include:
(1) compliance with any law, rule, regulation, binding determination, decision or direction of a regulator or in co-operation with any governmental authority of any country; and
(2) to protect our rights, property or safety and those of our Users, its Customers or the public as required or permitted by law.
(c) For legitimate business interests and purposes - these include:
(1) to monitor, detect and prevent fraud and unauthorized or illegal activities and transactions;
(2) to ensure network and information security throughout our Services;
(3) to assess and improve the performance, operation and relevance of our product and services by understanding their effectiveness; and to develop new products and services;
(4) to ensure network and information security throughout our Services analyse and advertise our products and services more effectively;
(5) to respond to your enquiries or request for information of our products or services; and
(6) to conduct aggregate research and analysis to produce data analytics, statistical research and reports and to develop business intelligence that enable us to operate, protect, make informed decisions on, and report on the performance of, our business.
(ii) We will not send you any marketing or advertising information or communication without your prior consent. Our system is configured, by default, to opt you out of receiving such marketing and advertisements until you actively opt-in or give us your consent. If you have previously provided us your consent or opted-in to receive our marketing and advertising information and communication, we may send you marketing communications and information which offers, advertises or promotes our products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided always that we do so in accordance with the consent requirements that are imposed by applicable law.
When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.
If you do not wish to receive marketing communications, you may opt-out of receiving these communications from us at any time by using the opt-out feature specified in our direct marketing communications or by contacting our "HealthBeats Support Centre" web portal at http://healthbeats.co/support. We will ensure that your details are removed from the relevant marketing contact list you have elected to opt-out of.
6. HOW WE DISCLOSE PERSONAL DATA
(i) Users. We share Customer personal data with Users as part of our Services and contractual obligations to our Users.
(ii) HealthBeats Group. We share personal data with other HealthBeats entities in order to provide our Services and for internal administration purposes.
(iii) Service providers. We share personal data with third-party service providers who perform services for us and help us operate our business. They include web hosting; cloud and storage services; IT systems and related infrastructure services; payment gateway/processing services; logistics and delivery; marketing and advertising; and professional services. These service providers may need to access personal data to perform their services, and to the extent that they do, they will only use or process your personal data only to the extent necessary to perform services on our behalf or comply with legal requirements.
You can find out more about our third-party service providers, here. Our business requirements may change from time to time. This means we may, for example, add or replace a service provider if we believe that doing so will improve the delivery of our Services. We will update the list accordingly as and when such changes happen.
(iv) Business partners. We share your personal data with third party business partners when this is necessary to provide our Services to our Users. They include organisations involved in our sales and support network, for example, our authorised distributors, sales agents, and dealers.
(vi) Regulatory Authorities, Governmental Agencies. We share your personal data if we determine that it is reasonably necessary to: (i) comply with any law, rule, regulation, binding determination, decision or direction of a regulator or in co-operation with any governmental authority of any country; and (ii) to protect our rights, property or safety and those of our Users, its Customers or the public as required or permitted by law.
(vii) Your authorised agent. In addition to the above, we may also share your personal data with any other third-party agent or personnel expressly authorised by you.
7. SHARING OF INFORMATION AND PERSONAL DATA BY YOU
Your personal data (including account details such as user names, PIN codes, passwords and security authentications) are private and confidential to you (hereinafter referred to as the "Confidential Data "). If you choose to disclose or share any of such Confidential Information with a third party (including your healthcare provider, specialist, doctor, Guardian, spouse and relative): (i) you do so solely at your own risk; and (ii) you expressly acknowledge and agree that we will not be responsible or liable in any way whatsoever for: (1) any loss of confidentiality due to disclosure or sharing of such Confidential Data by you; or (2) the use and/or processing of such Confidential Data by the third party, including any and all losses, damages, liabilities and harm arising therefrom, including any act or omission of medical prevention, intervention, diagnosis, advice, treatment or care.
From time to time we may seek your consent to a specific proposed collection, use and/or disclosure of your personal data. If we decide to bundle multiple requests for your consent, you may withhold your consent to any or all such requests. If you have consented to a specific purpose for our use and disclosure of your personal data, then we may rely on your consent until you withdraw your consent.
9. YOUR DATA PROTECTION RIGHTS
Depending on your locations and subject to applicable law, you may have the following rights with regards to the Personal Data we control of you:
The right to access - You can request confirmation of whether we process any personal data relating to you, and if so, to request a copy of such data.
The right to rectification - When providing any personal data to us, you should take care to only provide us with accurate, complete and up-to-date data. If you believe any information provided to us is inaccurate or incomplete, or needs to be updated, and to the extent the Online Sites and Services allows you to rectify these information on your own, you can do so personally. When you update such information, we usually keep a copy of the prior version for our records.
The right to erasure - You can request that we erase your personal data, to the extent legally permissible.
The right to restrict processing - You can request that we restrict the processing of your personal data, and we will advise you accordingly of the impact and effect of such restriction on the delivery of our Services, and/or whether such restriction is technically feasible.
The right to object to processing - You can object to us processing of your personal data, and we will advise you accordingly of the impact and effect of such objection on the delivery of our Services, and/or whether such objection is technically feasible.
The right to data portability - You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you would like to exercise any of these rights, please contact our data protection officer at email@example.com. We will respond to you as soon as reasonably practicable within the timelines and to the extent required by applicable law.
If you are a Customer of our User and you wish to exercise any of the above right, please direct your requests directly to the relevant User. Because our personnel may have limited ability to access data our Users submit to our Online Sites and Services, if you wish to make your request directly to us, please provide the name of the User who submitted your data to our Online Sites and Services. We will refer your request to that User and will support them as needed in responding to your request.
To enable us to review and respond to your requests in a timely manner, please include the following details in your requests: (a) your full legal name and telephone contact number; (b) a description of your request; (c) a date range of when you believe the personal data was supplied to us; (d) any details of how the personal data was supplied to us originally (for example, when you completed an online subscription form); and (e) where rectification is required, details of the rectification requested. We may contact you for additional information if required (for example, to clarify your request, to verify your identity etc).
Please note that when you unsubscribe and close your account with us, we will have the right to remove and delete all your data, whereupon you will no longer be able to access your data.
Fees . We will not charge you any fee when you make a request under this Section. However, and where legally permissible, we may charge you a fee for the administrative costs in complying with your request such as costs of producing or delivering a copy of the personal data or medical record requested. To the extent practicable, we will advise you in advance prior to charging you in these circumstances and give you an indication of the likely amount.
10. CROSS-BORDER TRANSFER OF PERSONAL DATA
HealthBeats is a global business and service provider. Personal data may be processed and stored in various countries that we operate in (whether on our own or through our channel partners/distributors) or where we engage third-party service providers to provide services to us (for example, cloud and storage service providers). Your data, including personal data, may therefore be disclosed or transferred to or accessed by our related corporations and third-party service providers located outside of your country where the data protection rules and standards may differ from those in your jurisdiction.
You can find out more about our third-party service providers, here.
By signing-up and using and accessing the Services, you expressly agree and consent to the transfer and processing of data by such entities located outside your jurisdiction. You may withdraw your consent to this at any time, in which case: (i) you must inform us of this consent withdrawal immediately; and thereafter, (ii) you will then no longer have access to our Services.
11. INTERNET SECURITY AND THIRD-PARTY WEBSITES
Internet Security . We take reasonable steps to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. Your personal data is accessible only to a limited number of personnel who need access to the information to perform their duties.
However, as the Online Sites and Services are linked to the internet, and the internet is inherently insecure, we cannot provide any guarantee, warranty or assurance regarding, nor be held liable or responsible for any liability arising out of or in connection with any breach of, the security of transmission of information communicated online. In particular, we cannot guarantee that information transmitted or communicated will not be intercepted while being transmitted over the internet or that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, physical or technical safeguards.
As an Online Sites and Services user, it is your sole responsibility to protect the security of your login and password information. If you have reason to believe that your communication or interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact our "HealthBeats Support Centre" web portal at http://healthbeats.co/support, immediately.
Third-Party Websites and Privacy Policies . The Online Sites and Services may contain links to other websites or services operated by third parties that are not owned or controlled by us. These third-party websites and services are governed by their own separate data privacy, security and other practices and policies (including any "cookies" or similar technology practices), and we make no representation or warranty in relation to, and will not be responsible or liable in any way for, the data privacy, security or other practices and policies or content of such third-party websites and services. These third-party websites and services are responsible for informing you about their own data privacy, security and other practices and policies.
12. PERSONAL DATA RETENTION PERIOD
We will retain your personal data as long as you have an Online Sites and Services account with us, or we are providing Services to you. We also retain your personal data after we cease providing Services to you, or even if you close your Online Sites and Services account with us, to the extent that such retention is needed for us to comply with (i) our legal and regulatory obligations; (ii) our tax, accounting, and financial reporting obligations; and (iii) where we are required to retain the data by our contractual obligations to Users. Where we retain your personal data, we do so in accordance with any limitation periods and record retention obligations imposed by applicable laws.
13. HOW TO CONTACT US
HealthBeats Pte. Ltd.
1003 Bukit Merah Central
#06-16 Inno Centre
Attention: Data Protection Officer