HEALTHBEATS® GLOBAL PERSONAL DATA PROTECTION AND PRIVACY POLICY
Last Updated: 17 June 2024
HEALTHBEATS PTE. LTD. and its subsidiaries (collectively "HealthBeats", "
us", "we" or "our") recognise the importance
of the rights of individuals ("you" or "your") to protect their personal data and
privacy. This document is our Global
Personal Data Protection and Privacy Policy ("Privacy Policy") and explains how we collect and use
your personal data,
with whom we share or disclose it to, and what are your rights and choices under the Singapore Personal Data
Protection Act, 2012 ("Act") and the data protection or privacy laws of the country in which we
provide our Services
in.
This Privacy Policy applies to data we collect through our online service interfaces such as our main website at
healthbeats.co and our HealthBeats remote vitals monitoring mobile and web apps (collectively the "Online
Sites and
Services"), as well as those collected through other offline service interactions in relation to
HealthBeats remote
vitals monitoring products and services (collectively together with the Online Sites and Services, the
"Services").
This Privacy Policy does not apply to third-party websites, products, or services, even if they link to our Online
Sites and Services. You should review the privacy policies and practices of these third parties independently and
carefully.
For the purposes of this Privacy Policy, a reference to 'including' or 'for example' means including or for example
without limitation.
1. OVERVIEW
In this Privacy Policy, personal data have the meaning defined in the Act. In general terms, personal data is any
data, whether true or not, that (a) by itself can be used to personally identify you; or (b) when combined with other
data or information that we have or are likely to have access to, can be used to personally identify you.
"You" may be (i) a healthcare organisation/institution, medical/healthcare professional, doctor, physician or
clinician who subscribes to our Services ("User" or "Healthcare Provider"); or (ii)
a patient or customer of a User
("Customer"); or (iii) a visitor to our Online Sites and Services ("Visitor").
Minimum Age. You must be at least 18 years old (or the age of majority in your jurisdiction, if it is
older, "Minimum
Age") to use the Services. If you are a Visitor to our Online Sites and Services and are
under the Minimum Age, we
request that you do not provide any Personal Data through the Online Sited and Services but request that your parent
or guardian ("Guardian") contacts us instead. If you are a Customer and under the
Minimum Age: (i) you may use the
Services only with the involvement and agreement of a Guardian; and (ii) your Guardian must also have read and agreed
to the terms of this Privacy Policy (including the Terms of Use) and will bear all responsibility of protecting your
personal data. If a Guardian refuses to consent or accept the terms of this Privacy Policy, or we (or a User, if you
are its Customer) are unable to verify a Guardian's consent or acceptance of the terms of this Privacy Policy within a
reasonable time, we have the absolute right to delete all your personal data, including the termination of your
Services account and deletion of all information contained therein. We will not be responsible or liable for any loss
or damage arising from such deletion of data or information (including any costs or expenses incurred to
activate/reactivate the account).
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
Depending on the nature of your interaction with us, the types of personal data that we collect when you provide to us
are essentially as follows:
(i) User. If you are a User, as part of your sign-up and enrolment to the Services (which include
creation of User
account and on-boarding of care teams to the various healthcare plans that you may offer your Customers), you will
provide us the following personal data of your designated or authorised officers, administrators and care team members
- full name, role and/or designation, email address, mobile and office numbers, government identifiers associated with
you and your organisation (such as your identity card, social security number, tax number, employer identification
number, or professional registration number). As part of your business relationship with us, we may also receive
financial information such as your organisation bank account details for billing and invoicing purposes.
(ii) Customer. If you are a Customer, and you sign-up to the Services as part of your healthcare plan
with a User, we
will generally collect and process your personal data in the following manner:
(a) Personal Information. During your on-boarding and creation of a Customer account, the following information
will
be collected and shared by the User with us when the User uploads the information onto our HealthBeats remote vitals
monitoring mobile and web apps - your full name, home number, mobile number, email address, home address, gender, age
and date of birth, race and nationality, government identifiers associated with you (such as your identity card,
social security number, driving licence number, health insurance details, where applicable), height and weight,
language spoken. If you are a Customer below the Minimum Age, the name and contact information of your Guardian will
be collected and shared with us too;
(b) Health Information. As part of your on-going remote vitals monitoring by a User, and depending on the
health data
that a User monitors under your healthcare plan, the following information will be uploaded by your internet enabled
devices provided as part of the Services (such as blood pressure monitor, glucose monitor, oximeter, ECG/ holter
monitor, weighing scale, fitness tracker) onto our HealthBeats remote vital monitoring mobile and web apps - your
perfusion index, pulse, oxygen saturation, blood pressure, heart rate, electrocardiogram, temperature, aerobic
steps/strokes taken, blood glucose levels, body fat percentage, BMI, calories burnt, metabolism rate, and such other
health vitals intended to be captured by the User through the use of the Services; and
(c)
Purchase and Payment Information. When you make payment for subscription fees and/or purchase of
products/consumables through our Online Sites and Services, we will receive the following information that allows us
to process your payment and/or delivery of your products/consumables - your name, delivery address, phone number,
email address and payment details (such as purchased products/consumables, purchase amount, purchase date and payment
method). If you make online payment through our Online Sites and Services, your payment card transactions will be
processed by our PCI DSS-certified third-party payment processor, Stripe, who will collect and use your purchase and
payment card details strictly for payment processing purposes only. HealthBeats do not store or collect your payment
card details. That information is provided directly to Stripe whose use of your personal data is governed by their
privacy policy at
https://stripe.com/sg/privacy.
Please note that your agreement with the relevant User should explain how the User collects, uses and shares your
personal data with us, and if you have any question or require further clarification on any of these areas, you should
direct those questions to the User. As a User's service provider, we will process your personal data only in
accordance with the terms of our agreement with the User, or as may be permissible under or as required by law.
(iii) Visitor. If you are a Visitor and wish to contact or get in touch with us via our online form
or email, we will
collect your full name, email address and mobile number, and such other personal data or information that you choose
to provide for us to process your enquiry or request
You may also be providing us (whether directly or indirectly through our authorised agents, representatives or service
providers) information on other occasions or through other methods, for example: (1) when you respond to our marketing
or other communications and activities; (2) when you participate in our user or customer surveys; (3) when you contact
our customer support team or communicate with us via online chat services; or (4) when you visit or provide us
information through our social or networking media and online forums, or during trade shows, conventions or other
events.
Non-Personal Data. We may also collect information that is not personal data because it does not
identify you or
anyone else. These non-personal data include for example, data collected automatically through cookies and similar
technologies; anonymous answers to surveys and other data provided by you; or aggregated information about how you use
our Online Site and Services. To the extent these non-personal data should reveal your specific identity or relate to
an individual, we will treat these data as personal data.
3. COOKIES AND SIMILAR TECHNOLOGIES
What are cookies?
"Cookies" are small text files containing unique ID numbers that are placed
on your internet enabled device (such as
your computer or mobile device) by websites that you visit. They are used in order for websites to work, or work more
efficiently, as well as to provide information to website providers. For example, they allow a website provider to
remember your login details and website preferences (so that you don't have to reconfigure your settings each time you
log-in to your account), and to better understand how you use its website. Similar technologies such as web beacons,
pixel tags and GIFs, essentially also do the same thing.
To find out more about cookies, please visit
www.allaboutcookies.org.
How we use cookies
Our website use cookies and similar technologies to allow our Online Sites
and Services to function safely and
effectively, prevent fraudulent and other harmful activities, and analyse and enhance our Services. These cookies and
similar technologies collect information about your use of our website and Online Sites and Services, and they
include:
(a) browser and device data, such as IP address and location, device type, operating system and internet browser type,
operating system name and version, and the language version of the websites you are visiting; and
(b) website usage data and online activities, such as time spent on the websites, pages visited or followed, links
clicked, your language preference, your general location, and the pages that led or referred you to our websites, and
shopping history.
To learn more about how HealthBeats use cookies and similar technologies through our Online Sites and Services, and
how you can manage and control the use of cookies and similar technologies, please see our
Cookies Policy.
4. CONSEQUENCES IF WE CANNOT COLLECT PERSONAL DATA
If you do not provide us with the personal data described above, some or all of the following may happen: (a) we may
not be able to provide the Services to you, either to the same standard or at all; (b) we may not be able to provide
you with information about products and services that you may want, including information about discounts, sales or
special promotions; or (c) we may be unable to tailor the content of the Online Sites and Services to your preferences
and your experience of the Online Sites and Services may be impacted and not be as enjoyable or useful.
5. HOW WE USE PERSONAL DATA
We use your personal data for the following purposes:
(i) To deliver our products and services, including:
(a) To perform contractual obligations with our Users - these activities include:
(1) creation, authentication and management of accounts;
(2) accounting, invoicing/billing and financial reporting and auditing; and
(3) provision of customer and technical support services.
As mentioned earlier, we as a User's service provider, will process a Customer's personal data in accordance with the
terms of our agreement with the User. We use Personal Data of our User's Customers: (i) to create, authenticate and
manage Customer accounts, including customer and technical support services; (ii) to enable Users to monitor their
respective Customers' health data; and (iii) where applicable, to process a Customer's online purchases and payments
for the Services. All such use is pursuant to the terms of our contractual obligations and business relationships with
our Users. We wish to remind all Customers again that your agreement with the relevant User should explain how the
User collects, uses and shares your personal data with us, and if you have any question or require further
clarification on any of these areas, you should direct those questions to the User.
(b) In compliance with legal/regulatory requirements or as permitted by law - these include:
(1) compliance with any law, rule, regulation, binding determination, decision or direction of a regulator or in
co-operation with any governmental authority of any country; and
(2) to protect our rights, property or safety and those of our Users, its Customers or the public as required or
permitted by law.
(c) For legitimate business interests and purposes - these include:
(1) to monitor, detect and prevent fraud and unauthorized or illegal activities and transactions;
(2) to ensure network and information security throughout our Services;
(3) to assess and improve the performance, operation and relevance of our product and services by understanding their
effectiveness, and develop new products and services;
(4) to analyse and advertise our products and services more effectively;
(5) to respond to your enquiries or request for information of our products or services; and
(6) to conduct aggregate research and analysis to produce data analytics, statistical research and reports, and to
develop business intelligence that enable us to operate, protect, make informed decisions on, and report on the
performance of, our business.
(ii) We will not send you any marketing or advertising information or communication without your prior consent. Our
system is configured, by default, to opt you out of receiving such marketing and advertisements until you actively
opt-in or give us your consent. If you have previously provided us your consent or opted-in to receive our marketing
and advertising information and communication, we may send you marketing communications and information which offers,
advertises or promotes our products and services, invite you to participate in our events or surveys, or otherwise
communicate with you for marketing purposes, provided always that we do so in accordance with the consent requirements
that are imposed by applicable law.
When we collect your business contact details through our participation at trade shows or other events, we may use the
information to follow-up with you regarding an event, send you information that you have requested on our products and
services and, with your permission, include you on our marketing information campaigns.
If you do not wish to receive marketing communications, you may opt–out of receiving these communications from us at
any time by using the opt–out feature specified in our direct marketing communications or by contacting our
“HealthBeats Support Centre” web portal at
https://healthbeats.co/support. We will ensure that
your details are
removed from the relevant marketing contact list you have elected to opt–out of.
6. HOW WE DISCLOSE PERSONAL DATA
Personal data provided by you may be shared with our related corporations and other authorised third-party
organisations for the purposes set out in this Privacy Policy, as follows:
(i) Users. We share Customer personal data with Users as part of our Services and contractual
obligations to our
Users.
(ii) HealthBeats Group. We share personal data with other HealthBeats entities in order to provide
our Services and for internal administration purposes.
(iii) Service providers. We share personal data with third-party service providers who perform
services for us and help us operate our business. They include web hosting; cloud and storage services; IT systems and
related infrastructure services; payment gateway/processing services; logistics and delivery; marketing and
advertising; and professional services. These service providers may need to access personal data to perform their
services, and to the extent that they do, they will only use or process your personal data only to the extent
necessary to perform services on our behalf or comply with legal requirements.
You can find out more about our third-party service providers,
here. Our business requirements may change from time to
time. This means we may, for example, add or replace a service provider if we believe that doing so will improve the
delivery of our Services. We will update the list accordingly as and when such changes happen.
(iv) Business partners. We share your personal data with third party business partners when this is
necessary to provide our Services to our Users. They include organisations involved in our sales and support network,
for example, our authorised distributors, sales agents, and dealers.
(v) Change of Control or Sale of HealthBeats. If the ownership of our business changes, or we
otherwise dispose or transfer assets relating to our business or the Services to another party (whether by way of
sale, merger, acquisition, amalgamation, insolvency proceeding or otherwise), we may sell, share, disclose and
transfer your personal data to such party in order to facilitate the completion of the transactions contemplated.
Unless otherwise stated in this Privacy Policy or expressly stated at the time of collection of your personal data, we
will never sell your personal data to any third party.
(vi) Regulatory Authorities, Governmental Agencies. We share your personal data if we determine that
it is reasonably necessary to: (i) comply with any law, rule, regulation, binding determination, decision or direction
of a regulator or in co-operation with any governmental authority of any country; and (ii) to protect our rights,
property or safety and those of our Users, its Customers or the public as required or permitted by law.
(vii) Your authorised agent. In addition to the above, we may also share your personal data with any
other third-party agent or personnel expressly authorised by you.
7. SHARING OF INFORMATION AND PERSONAL DATA BY YOU
Your personal data (including account details such as user names, PIN codes, passwords and security authentications)
are private and confidential to you (hereinafter referred to as the "Confidential Data"). If you
choose to disclose or
share any of such Confidential Information with a third party (including your healthcare provider, specialist, doctor,
Guardian, spouse and relative): (i) you do so solely at your own risk; and (ii) you expressly acknowledge and agree
that we will not be responsible or liable in any way whatsoever for: (1) any loss of confidentiality due to disclosure
or sharing of such Confidential Data by you; or (2) the use and/or processing of such Confidential Data by the third
party, including any and all losses, damages, liabilities and harm arising therefrom, including any act or omission of
medical prevention, intervention, diagnosis, advice, treatment or care.
8. CONSENT
IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT CONTINUE TO USE OR ACCESS THE SERVICES.
By disclosing your personal data to us or continuing to use the Services, you are deemed to agree with this Privacy
Policy and consent to the purposes for which we collect, use and disclose your personal data.
From time to time we may seek your consent to a specific proposed collection, use and/or disclosure of your personal
data. If we decide to bundle multiple requests for your consent, you may withhold your consent to any or all such
requests. If you have consented to a specific purpose for our use and disclosure of your personal data, then we may
rely on your consent until you withdraw your consent.
You may withdraw your consent under this Privacy Policy at any time by contacting our data protection officer at
dpo@healthbeats.co.
9. YOUR DATA PROTECTION RIGHTS
Depending on your locations and subject to applicable law, you may have the following rights with regards to the
Personal Data we control of you:
The right to access - You can request confirmation of whether we process any personal data relating
to you, and if so, to request a copy of such data.
The right to rectification - When providing any personal data to us, you should take care to only
provide us with accurate, complete and up-to-date data. If you believe any information provided to us is inaccurate or
incomplete, or needs to be updated, and to the extent the Online Sites and Services allows you to rectify these
information on your own, you can do so personally. When you update such information, we usually keep a copy of the
prior version for our records.
The right to erasure - You can request that we erase your personal data, to the extent legally
permissible.
The right to restrict processing - You can request that we restrict the processing of your personal
data, and we will advise you accordingly of the impact and effect of such restriction on the delivery of our Services,
and/or whether such restriction is technically feasible.
The right to object to processing - You can object to us processing of your personal data, and we
will advise you accordingly of the impact and effect of such objection on the delivery of our Services, and/or whether
such objection is technically feasible.
The right to data portability - You can request that we transfer the data that we have collected to
another organisation, or directly to you, under certain conditions, to the extent technically feasible. If any such
request for transfer involves cross-border transfer of your personal data, we may, where legally permissible, charge
you a fee for the administrative costs in complying with your request. For the avoidance of doubt, we will not be
responsible or liable for any subsequent processing carried out by you or the organisation directed by you.
If you would like to exercise any of these rights, please contact our data protection officer at
dpo@healthbeats.co.
We will respond to you as soon as reasonably practicable within the timelines and to the extent required by applicable
law.
If you are a Customer of our User and you wish to exercise any of the above right, please direct your requests
directly to the relevant User. Because our personnel may have limited ability to access data our Users submit to our
Online Sites and Services, if you wish to make your request directly to us, please provide the name of the User who
submitted your data to our Online Sites and Services. We will refer your request to that User and will support them as
needed in responding to your request.
To enable us to review and respond to your requests in a timely manner, please include the following details in your
requests: (a) your full legal name and telephone contact number; (b) a description of your request; (c) a date range
of when you believe the personal data was supplied to us; (d) any details of how the personal data was supplied to us
originally (for example, when you completed an online subscription form); and (e) where rectification is required,
details of the rectification requested. We may contact you for additional information if required (for example, to
clarify your request, to verify your identity etc).
Please note that when you unsubscribe and close your account with us, we will have the right to remove and delete all
your data, whereupon you will no longer be able to access your data.
Fees. We will not charge you any fee when you make a request under this Section. However, and where
legally permissible, we may charge you a fee for the administrative costs in complying with your request such as costs
of producing, transferring or delivering a copy of the personal data or medical record requested. To the extent
practicable, we will advise you in advance prior to charging you in these circumstances and give you an indication of
the likely amount.
10. CROSS-BORDER TRANSFER OF PERSONAL DATA
HealthBeats is a global business and service provider. Personal data may be processed and stored in various countries
that we operate in (whether on our own or through our channel partners/distributors) or where we engage third-party
service providers to provide services to us (for example, cloud and storage service providers). Your data, including
personal data, may therefore be disclosed or transferred to or accessed by us or our related corporations and
third-party service providers located outside of your country where the data protection rules and standards may differ
from those in your jurisdiction.
To the extent where cross-border transfer of data is required due to or necessitated by your relocation from one
country or jurisdiction to another country or jurisdiction, or for any reason whatsoever due to you, we will advise
you accordingly of the impact and effect of such relocation or any reason, on the delivery of our Services, including
any requirement for cross-border transfer of your personal data, whether such transfer is legally possible and whether
we deem such transfer to be operationally, technically or commercially feasible or reasonable.
If we, in our sole discretion, deem any such transfer to be operationally, technically or commercially not feasible or
reasonable, we may terminate the Services without any liability whatsoever by written notification to you. If we agree
to continue the Services, we may charge you a fee for reasonable costs arising out of or in connection with any
requirement for cross-border transfer of your data, and you expressly agree and consent to such transfer and charges
as necessary for us to deliver the Services to you.
Regardless of where we process your personal data, we will take all reasonable steps to ensure that any such transfers
will comply with applicable data protection laws and your data continues to be protected and treated securely in
accordance with the standards set out in this Privacy Policy and in compliance with applicable laws.
You can find out more about our third-party service providers,
here.
By signing-up and using and accessing the Services, you expressly agree and consent to the transfer and processing of
data by such entities located outside your jurisdiction. You may withdraw your consent to this at any time, in which
case: (i) you must inform us of this consent withdrawal immediately; and thereafter, (ii) you will then no longer have
access to our Services.
11. INTERNET SECURITY AND THIRD-PARTY WEBSITES
Internet Security. We take reasonable steps to protect your personal data from unauthorised access,
improper use or
disclosure, unauthorised modification, unlawful destruction or accidental loss. Your personal data is accessible only
to a limited number of personnel who need access to the information to perform their duties.
However, as the Online Sites and Services are linked to the internet, and the internet is inherently insecure, we
cannot provide any guarantee, warranty or assurance regarding, nor be held liable or responsible for any liability
arising out of or in connection with any breach of, the security of transmission of information communicated online.
In particular, we cannot guarantee that information transmitted or communicated will not be intercepted while being
transmitted over the internet or that such information may not be accessed, disclosed, altered, or destroyed by breach
of any of our administrative, physical or technical safeguards.
As an Online Sites and Services user, it is your sole responsibility to protect the security of your login and
password information. If you have reason to believe that your communication or interaction with us is no longer secure
(for example, if you feel that the security of your account has been compromised), please contact our "HealthBeats
Support Centre" web portal at
https://healthbeats.co/support, immediately.
Third-Party Websites and Privacy Policies. The Online Sites and Services may contain links to other
websites or
services operated by third parties that are not owned or controlled by us. These third-party websites and services are
governed by their own separate data privacy, security and other practices and policies (including any "cookies" or
similar technology practices), and we make no representation or warranty in relation to, and will not be responsible
or liable in any way for, the data privacy, security or other practices and policies or content of such third-party
websites and services. These third-party websites and services are responsible for informing you about their own data
privacy, security and other practices and policies.
12. PERSONAL DATA RETENTION PERIOD
We will retain your personal data as long as you have an Online Sites and Services account with us, or we are
providing Services to you. We also retain your personal data after we cease providing Services to you, or even if you
close your Online Sites and Services account with us, to the extent that such retention is needed for us to comply
with (i) our legal and regulatory obligations; (ii) our tax, accounting, and financial reporting obligations; and
(iii) where we are required to retain the data by our contractual obligations to Users. Where we retain your personal
data, we do so in accordance with any limitation periods and record retention obligations imposed by applicable laws.
13. HOW TO CONTACT US
If you have any question or comments regarding this Privacy Policy, please contact our data protection officer at:
Mailing Address:
HealthBeats Pte. Ltd.
19 Jalan Kilang Barat
#03-07 Acetech Centre
Singapore 159361
Attention: Data Protection Officer
Email:
dpo@healthbeats.co
If your concern relates to a complaint or a believe that we have failed to comply with a provision of this Privacy
Policy, please provide us the following details so that we can review and respond to your complaint in a timely
manner: (a) your full legal name and telephone contact number; (b) a description of the incident (including any
relevant dates) so that we can review and/or investigate the complaint; and (c) a description of how you believe we
have breached our obligations under this Privacy Policy. We may contact you for additional information if required
(for example, to clarify your request, to verify your identity etc).
14. CHANGES TO OUR PRIVACY POLICY
We may change this Privacy Policy from time to time to reflect new products or services, changes in our privacy
practices and/or relevant laws, so please review it frequently. Any updated version of this Privacy Policy will be
posted on our webpage and will be effective from the date of posting. We will provide you with notifications and/or
alerts regarding material changes to this Privacy Policy by posting them on our website and, if you are a User or
Customer, we will notify you through our Online Sites and Services and emails.
15. DISCLAIMER
(i) HealthBeats® is the trademark of the HealthBeats group. Other names and brands mentioned in this document may be
claimed as the intellectual property of others. HealthBeats makes no warranty and assumes no liability of any kind
with respect to these third-party products, services and/or properties.
(ii) The original text of this document is English – it is the official version for this document. This document may
have been translated to another language for convenience and information purposes. In the event of any discrepancy,
the original English version shall prevail.