Personal Data refers to any information, regardless of whether it is true or not, that can uniquely identify an individual person (a) on its own, or (b) when combined with other information. Under the PDPA, business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions.
Some examples of Personal Data you may provide to us include:
(a) Personal Details (e.g. name, NRIC/FIN/Passport or other identification number, contact details, residential address, personal email address, nationality, medical history and background, and/or income levels);
(b) Your personal opinions made known to us (e.g. through surveys, feedbacks or reviews); and
(c) Other electronic data or information relating to you through your usage of our website and services as part of their delivery to you (e.g. location data, IP address, activity logs, cookies, device carrier/operating system and connection type).
In relation to Personal Data, “processing” refers to the carrying out of any operations or set of operations on the Personal Data and including any collecting, recording, holding, storing, adaption or alteration, retrieval, combination, transmission, erasure or destruction of Personal Data.
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for a job with us by sending in your resume/CV containing personal information.
We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances (only those relevant to River Physio are included):
(a) The personal data is publicly available;
(b) The personal data is disclosed by a public agency or disclosed to a public agency;
(c) The personal data is necessary for any investigation or proceedings;
(d) The personal data is necessary for evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for);
(e) The personal data is necessary for the purpose of managing or terminating an employment relationship;
(f) The personal data is necessary for a business asset transaction.
River Physio may collect your Personal Data in the following ways:
(a) When you submit forms, applications, requests or feedback to us;
(b) When you enter into any agreement or provide other documentation or information in respect to your interactions with us, or when you use our services;
(c) When you use our electronic services via our websites or third party mobile or web-based applications which may utilise various technologies to collect data (which may include Personal Data) automatically;
(d) When you respond to our requests for additional Personal Data;
(e) When we receive your Personal Data from referral parties, government ministries or agencies, regulators, Public and/or Private Healthcare Institutions, public agencies, your employer and/or other third parties;
(f) When you attend or participate in our events and activities (e.g. public forums or events) and your voice and/or image data is captured on cameras, audio and/or video recordings;
(g) When you respond to our initiatives;
(h) From third parties, including social networks (such as Facebook, Instagram Youtube and any other social networking platform), when you consent to such third parties disclosing information about you to us that those third parties have collected, whether by logging into or through the social plug-ins on our websites or otherwise; and
(i) When you submit your Personal Data to us for any other reason.
We use the personal data you provide us for one or more of the following purposes:
(a) Analyse your visits to our website;
(b) Respond to your inquiries and feedback to improve our quality of service;
(c) Analyse the use of our products, services or websites;
(d) Carry out our obligations arising from the services provided between you and us and
(e) Comply with or fulfil legal obligations and regulatory requirements.
We disclose some of the personal data you provide us to the following entities or organisations outside River Physio in order to fulfil our services to you:
(a) External insurance providers;
(b) External professional service providers (Medical or other healthcare professionals);
(c) SMS service providers
When required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise
you of the likely consequences of your withdrawal of consent, e.g. without your personal contact
information we may not be able to inform you of future services offered by us.
Your request for withdrawal of consent can take the form of an email or letter to us.
We will take reasonable steps to ensure that the Personal Data we collect about you is accurate, complete, not misleading and kept up-to-date.
If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).
We have implemented appropriate information security and technical measures to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures, and have taken reasonable steps to comply with these measures.
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
You may write to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request.
If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request. If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
In the unlikely event that we suffer a data breach pertaining to unauthorised access or disclosure of personal data being stored or processed by us, we will meet the PDPA’s breach notification timelines and requirements to perform the needful, including but not limited to informing relevant authorities and affected individuals, based on the Significant Harm or Significant Scale definitions as set out by the PDPA.
If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact us at: firstname.lastname@example.org
Any query or complaint should include, at least, the following details:
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time