1. This Personal Data Policy (“Policy”) sets out how Charazoi Medical Clinic (including its associated companies and affiliates, as well as service providers and third parties appointed by Charazoi on your behalf) (collectively “we”, “us”, or “our”) may collect, use, disclose or otherwise processes your personal data in accordance with the Singapore Personal Data Protection Act (No. 26 of 2012) (“PDPA”).
1. In this Policy, “personal data” refers to any data, whether true or not, about an individual who can be identified
(a) from that data; or
(b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
2. Depending on the nature of your interaction, transaction or agreement with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information, financial information such as credit card numbers, debit card numbers or bank account information and medical history.
Withholding/Withdrawal of consent
4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
5. If consents are not procured or if you fail to provide us with complete and accurate information, we may, in some situations, be prevented from providing a patient with medical treatment, or may be impaired in doing so, resulting in risks to that patient.
1. Generally, we may collect your personal data in various ways including but not limited to:
i. when you submit any forms, including but not limited to Data Enrolment Form and hospital reference letters;
ii. in the course of your engaging our services, or your providing documentation or information to us;
iii. when you request for a patient assessment or when you interact with our care coordinators and service providers via telephone calls (which may be recorded), email, face-to-face meetings, our website, our electronic services, letters;
iv. when we seek information from third parties about you in connection with your relationship with us, including from next-of-kin and caregivers;
v. when, as a patient, you are examined by our staff or medical equipment, or when you are subject to or participate in a medical examination;
vi. when you are contacted by, and respond to, our care coordinators, nurses, doctors and other service providers;
vii. when you subscribe to any of our online services or communication platforms (including electronic updates and alerts);
viii. CCTV recordings while you are within our premises; ix. when you request that you be included in an email or other mailing list;
x. when you make payment or provide details to facilitate payment, or secure or administer the application of grants/ benefits/ subsidies;
xi. when you submit an employment application or provide documents or information such as your resume, from recruitment agencies and employment references;
xii. when you submit your personal data to us for any other reasons.
2. We may also collect personal data about you from third parties such as:
i. your representatives/ intermediaries/ agents or your next-of-kin who may either be providing information on your behalf or in connection with their own transactions, agreements or interactions with us (in which event we will endeavor to collect only such personal data as may be relevant);
ii. your employers; and
iii. your service providers (e.g. your bank, your insurance office, etc.)
3. If you provide us with any personal data relating to a third party, by submitting such personal data to us, you also represent to us and must ensure that you have notified the third party of the terms of this Policy and obtained his / her consent thereto.
4. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete, true and accurate, please update us if there are changes to your personal data by informing us in writing or via email to our Data Protection Officer at the contact details provided below (Section 9: Contact Us).
1. Generally, Charazoi handles your personal data for the purposes set out in this section. Any one or more of the listed purposes may apply to your personal data, depending on the actual circumstance. The following does not purport to be an exhaustive listing, although an effort is made to set out as many salient purposes as may be applicable.
2. The purposes which we collect, use and disclose personal data include but is not limited to:
i. if you are a patient, provide medical and other allied health treatments, such as physiotherapy and speech treatment, and therapy. In each case the disclosure or sharing such personal data is sole to such persons or entities which are involved in the care of the patient;
ii. onboarding of information necessary to establish patient records and to commence treatment and care of the patient;
iii. managing your relationship with us, and providing medical treatment, services and advice, including and without limitation to the management of your appointments, registration, communicating patient care issues, securing instructions on treatment instructions.
iv. communicating next-of-kin/authorized representatives for purposes of providing the patient location (e.g. during home visits), medical updates, and seeking consent from them in emergency/ incapacity situations;
v. contact number and email address for purposes of contacting you and/or your representatives to remind you of appointments with Charazoi;
vi. prescribing and dispensing appropriate medication whether through Charazoi or other channels;
vii. ensuring proper and complete diagnosis and appropriate treatment including and without limitation to identifying health/ treatment risks (e.g. communicating potential adverse reactions) and monitoring appropriateness of medication usage and recording patient infection data;
viii. ensuring appropriate delivery of care patient care services including delivering results of investigations, other medical updates, and facilitating rental/purchase of healthcare services equipment;
ix. verifying patient identity and documenting accurate information e.g. certification of reportable diseases, certification of death;
x. coordinating healthcare services provided by other healthcare providers;
xi. referring/ collaboration with/ transferring patients to other institutions, healthcare professionals, caregivers, additional support on treatment, specialist assistance, the procurement or provision of follow up care or as part of seamless/ integrated/ holistic care arrangements;
xii. working with funeral directors, casket companies, or other relevant personnel as may be necessary to discharge duties with respect to a deceased individual; and
xiii. all other purposes reasonably related to the aforesaid.
For healthcare operations
In relation to planning, execution, administration, and implementation of relevant healthcare operations matters:
i. responding to, processing, and handling your queries, feedback, and suggestions;
ii. requesting feedback or participation in surveys;
iii. verifying your identity, processing payments as well as managing our administrative and business operations (including the processing, storage, monitoring, and backup of data);
iv. managing the security of our premises, facilities, and technology infrastructure;
v. providing updates and other communications on developments relating to our services;
vi. sending administrative email notifications e.g. security, support, and/or maintenance notices;
vii. to improve our services and communications to you as well as the quality of your interaction with our website;
viii. conduct reviews, reporting and examining case studies, incidents, issues encountered so as to understand, minimize and avoid risks, service failures, or hazards;
ix. to meet organizational auditing, accreditation, and compliance requirements concerning service standards;
x. to ensure that staff, volunteers, trainees are properly trained to provide medical services or execute their functions in the context of healthcare operations generally;
xi. to ensure that staff, volunteers, trainees are properly trained to provide medical services or execute their functions in the context of healthcare operations generally;
xii. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority; and
xiii. any other incidental business purposes related to or in connection with the above.
For next-of-kin, family member, caregiver, representative or legal guardian of our patients
We recognise that the care of a patient may involve other individuals; these may include caregiver, next-of-kin, representative (including executor or administrator to a deceased patient) to a patient (including a deceased patient) or where the individual is a legal guardian or parent of a minor/ disabled patient (collectively a “Patient’s Representative”). The purposes of handling of your personal data include:
i. processing your application for our services on behalf of the patient;
ii. contacting relevant authorities in coroner’s cases;
iii. arrangement of home visits, providing medical updates, and seeking consent in emergency/ incapacity situations;
iv. arrangements for caregiver placements;
v. facilitating vendor liaisons for delivery and maintenance of medical equipment;
vi. managing and treating patients, including registering for consultations; and
vii. all other purposes reasonably related to the aforesaid. purpose relating to any of the above.
i. assessing your suitability as an external service provider;
ii. administrative and support processes relating to your provision of services to Charazoi;
iii. facilitating communication between you and the patient and patient’s next-of-kin/ caregivers/ representatives/ legal guardians;
iv. managing our relationship with you and ensuring medical records are kept up-todate;
v. processing and payment of vendor invoices and bills; and viii. all other purposes related to the aforesaid
In addition, if you are seeking employment or any other appointment with us, the purposes for which we collect, use, and disclose personal data include:
i. processing and assessing your application;
ii. performing background checks, verifying your credentials and qualifications as well as obtaining employment references; and
iii. any other purpose relating to any of the above.
Disclosures of Personal Data
Compliance with applicable law and regulations
4. As healthcare providers, Charazoi and its staff are subject to and regulated by various statutes and regulations such as Medical Registration Act, Singapore Medical Council Guidelines etc. Additionally, special legislation may apply to certain healthcare scenarios e.g. National Registry of Disease Act, Infectious Disease Act, etc. Such legislation (collectively, “Medical Laws”) may override/ apply in place of the provisions/ standards set by the PDPA in respect of the subject matter of such legislation. We may owe duties under such Medical Laws to handle your personal data in certain ways, including making disclosures to appropriate government agencies, ministries, statutory bodies, or third parties in each case in accordance with and within the scope of our legal duties.
5. For these purposes, disclosures are made as follows:
i. reporting relevant suspected adverse drug reactions experienced by patients to Health Sciences Authority (HSA);
ii. complying with court orders, directives, or applicable requests from appropriate authorities;
iii. notifying and registering with various registries including registration and notification of death;
iv. providing necessary reports were required to assist in investigations or proceedings (e.g. suspect cases of abuse);
v. facilitating contact tracing if the patient is exposed to a certain infectious disease e.g. COVID-19 or identifying and reporting an outbreak or cluster of infection e.g. dengue fever;
vi. releasing personal data to coroner or medical examiner to identify a deceased person, determine the cause of death/ investigations/ verdicts; and
vii. all other purposes reasonably related to the aforesaid.
6. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
7. You further understand, acknowledge and agree that we may be required to transfer your personal data records to jurisdictions outside Singapore in the provision of our services to you. Personal data may therefore be exported to, processed and accessed in countries whose laws provide a different level of protection, which may not necessarily be comparable to that provided in Singapore.
1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below (Section 9: Contact Us).
If you wish to make
a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or
b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
2. We will respond to your request as soon as reasonably possible. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA). We may also request for more information from you for verification purposes.
1. To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks, we have introduced appropriate administrative, physical, and technical measures such as up-to-date antivirus protection, encryption, and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorized third-party service providers and agents only on a need-to-know basis.
2. You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
3. We will retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. For employee personal data, we will retain for up to 7 years in accordance with its legal and business purposes, even after the person ceases to be employed by Charazoi. With regard to medical data, we will retain medical records in accordance to the duration stipulated by MOH.
4. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
5. Charazoi will acknowledge notification duty executed from a court or competent legal authority as to the identification of any individual appointment under applicable law, regulation or court order as a Patient’s Representative and Charazoi will accord any such person access to the personal data of the patient
6. We recognize that the care of a patient may involve other individuals; these may include caregiver, next-of-kin, representative (including executor or administrator to a deceased patient) to a patient (including a deceased patient) or where the individual is a legal guardian or parent of a minor/ disabled patient (collectively a “Patient’s Representative”).
7. The purposes of Handling your personal data include:
i. contacting relevant authorities in coroner’s cases;
ii. arrangement of home visits, providing medical updates, and seeking consent in emergency/ incapacity situations;
iii. arrangements for caregiver placements;
iv. facilitating vendor liaisons for delivery and maintenance of medical equipment;
v. managing and treating patients, including registering for consultations;
vi. all other purposes reasonably related to the aforesaid.
vi. Charazoi will acknowledge notification duly executed from a court or competent legal authority as to the identification of any individual appointment under applicable law, regulation or court order as a Patient’s Representative and Charazoi will accord any such person access to the personal data of the patient where required by such law, regulation or court order.
vii. Patients of majority age (i.e. 18 years and above) and with full legal capacity, are entitled to exercise their legal rights to identify any persons who are to act as a Patient’s Representative. If not otherwise specified by the patient, or alerted with due proof of contrary authorization/order, a reasonable assumption will be made to contact any next-of-kin (i.e. parents, spouse, siblings, and children) in the event of emergency situations where such contact is necessary to safeguard the health, well-being, and safety of the patient.
viii. We will endure abiding by (subject to approved verifications to ensure the validity of such instructions) any instruction given to us by any patient of legal age of majority to limit access to his/her personal information or to allow only certain proposed individuals in the management/handling of any personal data or issues concerning the patient’s healthcare.
ix. Notice is given to all individuals that even if they identify themselves as a Patient’s Representative, the identification may not match our latest records/ instructions from the patient, or such records/ instructions may limit access to the patient’s personal data. In such cases, Charazoi reserves the right to decline access, pursuant to our obligations under the PDPA.
1. We generally do not transfer personal data to countries outside of Singapore.
1. This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
2. We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
Follow our Facebook page for family care and elderly care tips
380 Jalan Besar, #05-01, ARC 380 Singapore 209000