We at Astique The Aesthetic Clinic (the “Clinic”) respect the privacy and confidentiality of the personal data of our patients, associates, partners, visitors and other individuals whom we interact with in the course of providing our medical services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.
How We Collect Your Personal Data?
Personal data refers to any information that can uniquely identify an individual person either (a) on its own (e.g. NRIC No., FIN No.), or (b) when combined with other information (e.g. Full Name + Full Address).
We collect your personal data when you:
- When you register and receive our medical services
- Book for a medical appointment at our clinics over the counter, through calls or via our website portal
- Enter our physical premises and your contact information is required for registration, safety and security purposes
- Are within our premises and your images are being captured via CCTV
- Provide us with goods and services as our service providers
- Provide feedback to us on our products and services or quality of service
- Communicate with us via calls, emails or written correspondences
- Submit your CV and job application form to us in response to our recruitment advertisements, through recruitment firms or job portals
Types of Personal Data We Collect About You
The types of personal data we collect about you include:
- Medical information (such as allergies, medical conditions, prescriptions, medical and family history)
- Personal information (such as name, NRIC, gender, nationality)
- Contact information (such as address, phone number, email address)
- Financial information (such as credit card details, bank account details)
- Photos and Images (such as those captured on our CCTV cameras and those required for medical purposes)
- Transactional data (such as name, company/organisation, designation, address)
- Job Applicant data (such as educational and professional qualifications as well as work experience)
- Shareholding data (such information necessary to manage your shareholding with us and to fulfil your other requests)
How We Use Your Personal Data
We use the personal data you provide us for one or more of the following purposes:
- Provide patient care and patient relationship management
- Provide medical services and meeting healthcare needs
- Process and administer health records
- Process payment for services
- Conduct marketing and promotion activities
- Monitor the movement of visitors to our physical premises for safety and/or security purposes
- Respond to booking of appointments, enquiries, update requests and feedback on user experience
- Facilitate your attendance at our General Meetings and all other shareholder-related matters
- Process job application and selection
- Carry out our obligations arising from any contracts entered into between you and us
- Comply with legal obligations and regulatory requirements
Who We Disclose Your Personal Data To
We disclose some of the personal data you provide us to the following entities or organisations outside the Clinic in order to fulfil our services to you:
- Clinics / Hospitals / Medical Practitioners / Specialists
- Medical Service Providers such as Laboratories, Radiology and Diagnostic Imaging Centres
- Government Agencies & Regulatory Authorities such as Ministry of Health, Ministry of Manpower
- Providers of Professional Services such as Share Registrars, Auditors, Lawyers, Consultants
- Insurance Companies
- Banks, Payment Card Processing Companies and other Financial Institutions
- Data Processing and Hosting Companies such as IT Service Providers, Webhosting Companies and Cloud Service Providers
- Recruitment Agencies / Headhunters
- Providers of Goods or Services such as Freight and Courier Services, Warehouse Services
Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
How We Manage the Collection, Use and Disclosure of Your Personal Data
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.
Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of our future events and product launches.
Your request for withdrawal of consent can take the form of an email or letter to us.
How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.
From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).
How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
How We Retain Your Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
How You Can Access and Make Correction to Your Personal Data
You may write to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
How We Transfer Your Personal Data
If there is a need for us to transfer your personal data to another organisation outside of Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
- Keeping you signed in
- Understanding how you use our website
What types of cookies we use?
There are several different types of cookies which our website uses:
Functionality – We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
How to Manage Cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: firstname.lastname@example.org.
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.
Changes to this Data Protection Notice
We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes. Changes to this Notice take effect when they are posted on our website.