EXTERNAL DATA PROTECTION NOTICE

The Harley Street Heart & Vascular Centre
  1. Introduction
    1. We at The Harley Street Heart & Vascular Centre (“HSHV”) respect the privacy and confidentiality of personal data of our patients with whom we interact in the course of rendering our services. We are committed to implementing policies and practices to safeguard the collection, use, disclosure, storage and other processing of personal data provided to us in compliance with Personal Data Protection Act 2012 of Singapore (“PDPA”)
    2. This External Data Protection Notice has been developed to assist you in understanding how we collect, use, disclose, process and retain your personal data that you provide to us.
    3. As a licensed healthcare institution under the Private Hospitals and Medical Clinics Act (Cap. 248) (“PHMC Act”), the Healthcare Services Act (when it comes into force) as well as any other Singapore healthcare-related legislation (collectively “Healthcare Written Laws”), we have obligations to comply with under the Healthcare Written Laws, in the event of inconsistencies between the Healthcare Written Laws and PDPA, the provisions of the Healthcare Written Laws shall prevail over PDPA.
  2. How is your personal data being collected?
    1. The PDPA defines personal data as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
    2. We collect personal data from you when you:
      • Interact or leave a message or enquiry together with your personal information on our website
      • contact our clinics for our services
      • engage us directly at our clinics, for consultation or other services
      • take part in a survey or event conducted by us and/or our business partners
      • respond to our job vacancy advertisement or taking up an internship with us by submitting your CV directly to us or which are in turn forwarded to us through recruitment firms or job portals.
      • communicate with us via emails or written correspondences
      • provide feedback to us on our quality of service or your user experience
      • when your images are captured by our CCTV cameras while you are in our clinics, or photographs taken by our staff during the course of patient registration or treatment
      • When you submit your personal data for other reasons
    3. If you provide the personal data of anyone else (such as your family members), it means that you have obtained his/her consent to our collection, use and disclosure of his/her personal data for the purposes set out in this policy or that you validly give us such consent on their behalf.
  3. What types of personal data do we process?
    The types of personal data we collect and process about you include:
    • your personal details such as your name, your address, your marital status, your mobile number and your email address
    • photographs or video footage of you
    • your social and professional network
    • your behaviour and preferences
    • your payment card details such as the card holder’s name, credit/debit card no. and card expiry date.
    • your educational and professional qualifications
    • your professional and work experience
    • your medical and health information, including those of your family members (for patients)
  4. What do we process your personal data for?
    We process the personal data we have collected about you for one or more of the following purposes:
    • to respond to your request and queries for medical treatment and similar services
    • to provide goods and services to you
    • for processing payment for our products and services.
    • as part of customer feedback in order to manage and improve our services.
    • for conducting market research and analysis of data
    • for remarketing and behavioral targeting through the use of analytical tools
    • for customer care and account management
    • to process exchange or product returns (e.g. medical prescriptions)
    • for monitoring of visitors to our offices
    • IT/Technical Support
    • Freight/Courier service providers
    • to process job applications, recruitment and selection
    • to respond to inquiries and feedback to improve our quality of service
    • to investigate complaints, claims and disputes
    • to pass information about you to our agents, associates, subsidiaries or partners to carry out services for us
    • to carry out our obligations arising from any contracts entered into between you and us.
    • to comply with legal obligations and regulatory requirements
  5. Where do we disclose your personal data to?
    1. We disclose some of the personal data we have collected about you to the following parties or organisations outside Harley Street in order to fulfill our services to you:
      • Harley Street members and affiliates (including their staff and medical professionals)
      • Third party medical clinics, institutions and hospitals
      • Companies providing services relating to insurance to Harley Street
      • Professional advisers such as consultants, auditors and lawyers
      • Banks, Payment card processing companies
      • Recruitment Agencies / Headhunters
      • Professional Medical and Business Process Outsourcing Services Providers
      • Application service providers
      • Regulatory authorities and government agencies (e.g. Ministry of Health)
      • Any other party that you have authorised Harley Street to disclose your personal data to (e.g. your health insurer)
    2. In addition to the above, where required to do so by law, we will disclose personal data about you to the relevant authorities or to law enforcement agencies.
    3. We may also share some of your personal data, after they are anonymised, with third parties for research purposes in order to improve our services to you.
  6. How do we manage the collection, use, disclosure and storage of your personal data?
    1. Obtaining Consent
      1. Where we collect personal data directly from you, we will notify you of the purposes for which we are collecting it and obtain your express consent to us collecting, using and disclosing it for those purposes. We will not collect more personal data than is necessary for the stated purpose.
      2. When you voluntarily provide personal data to us for a purpose and it is reasonable that you do so, we may assume that you have deemed to have given us your consent to us collecting, using and disclosing your personal data for that purpose (e.g. when you provide your CV to us when responding to a job advertisement).
      3. Under certain circumstances, we may collect, use and/or disclose personal data about you without your consent (e.g. to comply with our statutory obligations or where personal data is publicly available).
    2. Consent on behalf of another individual
      If you provide the personal data of anyone else (such as your family members), it means that you have obtained his/her consent to our collection, use and disclosure of his/her personal data for the purposes set out in this policy or that you validly give us such consent on their behalf.
    3. Withdrawal of Consent
      1. Where your consent has been obtained, you may withdraw that consent at any time by giving us reasonable advance notice of your withdrawal. We will notify you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future updates or that the quality of our service may be impacted.
      2. You may withdraw your consent by sending an email or letter to us, or through the “UNSUB” feature in an online service.
    4. Use of Cookies
      We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in the user’s computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms.
      Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.
      You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web application.
    5. Tracking of User Activity
      If and where we do track your activity, we will document this in our Data Inventory, and disclose such activity in this Data Protection Notice.
  7. How do we handle access and correction requests of personal data?
    1. You may write in to ask us what personal data we hold about you and how we have been using or disclosing your personal data over the past one year from your date of request. When you make any such request, we may need to verify your identity (e.g. by checking your identity card number or other legal identification document).
    2. We will try to respond to your request as soon as reasonably possible or within the stipulated period in the PDPA from our receipt of your request. If we are unable to do so within the stipulated period, we will let you know and give you an estimate of how much longer we require. We may charge a reasonable fee for processing your request and we will let you know the amount of the fee before you incur it.
    3. You may also ask us to correct an error or omission in the personal data we hold about you. We will correct the personal data as soon as practicable unless we are satisfied on reasonable grounds that a correction should not be made.
  8. How do we ensure accuracy of your personal data?
    1. We take reasonable precautions and make reasonable verification checks to ensure that your personal data is reasonably accurate, complete and up-to-date.
    2. From time to time, we may do a verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us if there are any changes in the personal data we hold about you (such as a change in your home address).
  9. How do we protect your personal data?
    1. Our Information Security Policy governs how we protect personal data. We make reasonable security arrangements to protect personal data about you that is in our possession or under our control to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
    2. All of Harley Street’s employees (including part-timers and interns) will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.
    3. We ensure that the entities that process personal data on our behalf will be bound by contracts that require them to provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and to take reasonable steps ensure compliance with those measures.
  10. What do we do when we retain your personal data?
    1. Our Document Retention Policy spells out when we must cease to retain personal data and that requires documents and personal data to be destroyed (paper documents) or deleted (electronic documents and data stored in databases) securely. Certain retention periods are based on statutory or regulatory requirements.
    2. We will not retain any documents containing personal data about you as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by retention of it and retention is no longer necessary for legal or business purposes.
  11. What do we do if we do transfer your personal data?
    If there is a need for us to transfer personal data about you to a country or territory outside Singapore, we will ensure that the recipient organisation will be obliged to provide a standard of protection to such transferred data that is comparable to the protection it receives under Singapore law.
  12. How can you contact us?
    1. If you have any questions about our collection, use, and/or disclosure of personal data about you; feedback regarding this Policy, or any complaint you have relating to how we collect, use, disclose and store personal data about you, you may contact our Data Protection Officer(s) at dpo@harleystreet.sg
    2. Any query or complaint should include, at least, the following details:
      • Your full name and contact information
      • Brief description of your query or complaint
  13. What happens if we make changes to this Data Protection Notice?
    As we may revise this Data Protection Notice from time to time and we will notify you of any material changes on this page, please revisit this page periodically for any changes.
HAVE A QUESTION OR
NEED A SECOND OPINION?
Book an appointment or a teleconsult now.