THE O&G SPECIALIST CLINIC DATA PROTECTION POLICY
SECTION 1 – INTRODUCTION
- This is the personal data protection policy of The O&G Specialist Clinic Pte.
Ltd.. In this Policy, the terms “TOGS”, “we”, “us” and “our”
refer to The O&G Specialist Clinic Pte. Ltd. or any of its subsidiaries, associated companies, corporations,
joint ventures and partnerships and any entity directly or indirectly controlling or controlled by or under
common control with TOGS such as Women & Fertility Clinic by Marianne,and the term ”Group”
refers collectively to us, our parent company, The O&G Specialists Limited and/or its subsidiaries.
- We, TOGS, value the privacy of every individual and are committed to protect the
personal data we collect in accordance with the principles set out in this Policy.
- In accordance with The Personal Data Protection Act 2012 (“PDPA”), this
Personal Data Protection Policy (“Policy”) describes how we may collect, use, disclose and manage
your personal data. For general information on Personal Data Protection, please visit the Personal Data
Protection Commission (“PDPC”) website (https://www.pdpc.gov.sg).
- Should there be other regulatory or statutory requirements, such as Human Organ
Transplant Act, Infectious Diseases Act etc which we may have obligations or mandated to comply or under which
we are licensed under, we would need to comply with them as well and in the event of inconsistencies between
those written laws and PDPA, the provisions of those other written laws may take precedence over PDPA.
- Any terms used in this document, such as “individuals”, “personal
data” or “reasonable”, which are also defined in the PDPA, should be understood to take on the
definition or interpretation as provided by the PDPA or PDPC’s Advisory Guidelines documents.
- We may update this Policy from time to time to ensure that our standards and
practices remain relevant and comply with the applicable laws and guidelines. The latest version of this Policy
supersedes earlier versions and will apply to personal data provided to us previously. We encourage you to
review this page periodically to keep up to date with any changes to this Policy.
SECTION 2 – PERSONAL DATA
- Personal data is defined as “data, whether true or not, about an individual
who can be identified (i) from that data, or (ii) from that data and other information to which the organization
has or is likely to have access.” This may include your full name, identification number, passport, name,
nationality, date of birth, sex, contact details (address, email address, telephone numbers), NRIC, FIN or
passport number, your image on our close-circuit television (CCTV) and in photographs, your medical history,
patient history, allergy information, any other medical and health records, as well as name and residential
address of any individual which you have provided us. Where required and medically necessary for diagnostic,
treatment and record purposes, we may also take photographs of your wound(s).
- The PDPA does not apply to:
- business contact information, defined as an individual’s name, position name
or title, business telephone number, business address, business electronic mail address, business fax number and
any other similar information about the individual, not provided solely for the individual’s personal
- personal data that is anonymized, i.e. identifying information is
removed such that the remaining data does not identify any particular individual. The PDPC will consider the
data anonymized only if the possibility of re- identification is trivial;
- personal data of a deceased individual who has been dead for more than 10 years;
- personal data that is falsified with the intent to commit fraudulent.
- The PDPA recognizes that a balance needs to be struck between the needs to protect
personal data and the need of organizations to collect, use or disclose personal data. Hence, in meeting those
obligations, PDPA considers what a reasonable person would consider appropriate in the circumstances when they
undertake any action that is subject to data protection.
SECTION 3 – CONSENT, PURPOSES FOR COLLECTION, USE OR DISCLOSURE OF YOUR
- By applying this Policy, you consent to our collection, use and disclosure of your
personal data for the purposes that a reasonable person would consider appropriate in the circumstances.
- Consent for the collection, use or disclosure of your personal data can be provided
either in the form of expressed consent or deemed consent. Your provision of personal data to us is voluntary
and you are deemed to consent to our collection, use or disclosure of your personal data under which it was
collected. If you have consented to our disclosure of your personal data to another organization for a
particular purpose, they will use your personal data only for the purposes you have consented to.
- If you provide the personal data belonging to others (such as your family members or
next-of-kin), you warrant that you have informed the individuals of the purposes for which we are collecting
their personal data and that they have consented to your disclosure of their personal data to us for those
- We collect, use and disclose personal data for the following purposes:
- Healthcare and other services
- providing inpatient and outpatient medical treatment and services, healthcare and
allied healthcare services;
- management and coordination of your care including follow-ups, step-down care and
other continuity of care issues; and/or
- providing all other services on request or as needed, including customer service,
patient liaison services, travel and accommodation arrangements, concierge services, porter, butler and
housekeeping services, laundry services, ambulance services, arrival/departure transport services, security and
guarding services and other products and services made available by us other Group entities and our respective
- appointments, bookings, admissions, transfers and discharge;
- processing and collecting payment for products, treatments and services;
- reimbursement of healthcare providers for services provided to you;
- creation, storage, hosting, backup (whether for disaster recovery or other purposes)
of medical records and financial and other business records;
- verifying identity and conducting screenings, due diligence checks and credit
- responding to queries or feedback;
- addressing or investigating complaints, claims or disputes;
- compliance with internal policies, procedures and directives;
- enforcing obligations owed to us; and/or
- complying with our legal obligations and requirements.
- Business operations
- guarding and securing our premises;
- monitoring and assessing the provision of products and services;
- financial reporting, regulatory reporting, management reporting, risk management
(including monitoring credit exposures), audit and record keeping purposes;
- business research, planning, statistical analysis and policy development;
- enhancing and improving our services, including reviewing standards of care
- Health information sharing
- Sharing medical records with other health care providers for medical treatment and
health care purposes, where required or permitted by law or pursuant to our referrals to other health care
providers, including by way of the National Electronic Health Record (NEHR) system, which enables health
information to be shared throughout the Singapore healthcare ecosystem.
- Teaching purposes
- Providing education and training for doctors and other medical, nursing or health
professionals and students. You are entitled to say no at any time to such persons viewing or being granted
access to your treatment and related information. Please inform your doctor before treatment if you do not want
such persons to view or have access to your treatment and related information.
- Conducting research into new treatments, procedures and practices for the
improvement of healthcare, subject always to applicable laws and codes of conduct, including those relating to
the protection of research subjects’ safety and confidentiality.
- Marketing and promotion
- With your consent, conducting marketing and promotion in relation to us, other
Group entities and/or our respective partners.
- We will not send telemarketing messages to your Singapore telephone number via text
messages, telephone calls or facsimile transmission if we do not have your clear and unambiguous consent in
writing or other recorded form to do so or if you have made the appropriate registration of your number with the
Do Not Call Registry.
- Public health purposes
- Safeguarding public health and safety and preventing or lessening the threat to
your health and safety or the health and safety of others.
- Photography and CCTV (closed-circuit television)
- We may take photographs and make videos and/or sound recordings in and around our
premises from time to time, including our meeting and function rooms. You may be captured in such photographs
- We may use such photographs and/or recordings in our publications, websites and
other communication channels, as well as in third party media, or display them in and around our premises and/or
the premises of our Group.
- CCTV may be in operation in and around our premises as necessary in the interests
- Any other purposes relating to or arising out of the above
- We may disclose the personal data to third parties, whether located in Singapore or
elsewhere, in order to achieve the purposes stated in this policy. Such third parties include:
- the doctors and other healthcare professionals who treat or have treated you, and
their respective staff;
- the Central Provident Fund Board of Singapore and/or your health insurance
provider, for payment processing purposes;
- other Group entities and our respective partners for the provision of products and
services at your request or the conduct of marketing and promotions with your consent;
- our service providers, contractors and agents;
- third parties that you have used to obtain or request our products and services,
including referral agencies, business introducers, travel agencies or similar service providers;
- other Group entities for group-wide business purposes or where such disclosure is
required or permitted by law;
- healthcare providers, agencies or facilities for the purposes of information
sharing and exchange via the NEHR system or other health information exchange systems, where such disclosure is
required or permitted by law;
- regulatory authorities, any statutory bodies or public agencies for the purposes of
complying with their respective requirements, policies and directives or where such disclosure is required or
permitted by law, including the Ministry of Health, Health Sciences Authority, the coroner and the police and
other law enforcement agencies
- funeral homes and crematoria, where such disclosure is required or permitted by
- organizations that handle organ donation, procurement and transplants, where such
disclosure is required or permitted by law;
- national registers and databases for various medical conditions, diseases and
transplants, where such disclosure is required or permitted by law;
- accreditation or representative bodies for health care providers, agencies,
facilities or healthcare professionals, where such disclosure is required or permitted by law; and/or
- anyone involved in your care or payment for your care (including a family member,
friend or your caregiver or caregiving organisation) and anyone you have authorized us to contact or communicate
- We may also collect, use and disclose personal data where required or permitted by
law for any purpose. Your consent may not be necessary or required in some circumstances as provided in the
“Second Schedule – Collection of Personal Data without Consent”, “Third Schedule –
Use of Personal Data without Consent” and “Fourth Schedule – Disclosure of Personal Data
without Consent” of the PDPA, or there may be other legislation such as Infectious Disease Act which
renders this necessary. Where the disclosure is restricted by such legislation, the obligation under such other
laws will prevail.
- When using your personal data to contact you for the purposes under which you have
consented, we may contact you via postal mail, electronic mail, SMS, telephone, fax or any other means.
- If consents are not procured or if you fail to provide us with complete or accurate
information, we may, in some situations, be prevented from providing a patient with medical treatment (or may be
impaired in doing so, resulting in risks to that patient) or cause harm to a data subject.
- We will take the approach that best safeguards us, you and others from risks, and we
may well have no choice but to decline to proceed with the treatment in question to avoid causing harm or
exposing us, you or others at risk.
SECTION 4 – PROTECTION OF YOUR PERSONAL DATA
- We will practice strong data protection as part of our IT Policies and Procedures
and in fulfilment of the obligations under various legislation requirements such as Private Hospitals and
Medical Clinics Act (PHMCA), Infectious Disease Act (IDA) etc.
- While we take reasonable efforts to protect your personal data held by us, we cannot
be held responsible for unauthorized and unintended access that is beyond our control.
SECTION 5 – RETENTION OF YOUR PERSONAL DATA
- We will review your personal data held by us on a regular basis to determine if
such personal data is still needed. Your personal data will not be retained longer than needed for the purpose
under which it was collected, unless there are business, industry and/or legal requirements for the retention of
such. Your personal data will also not be kept for “just in case” it may be needed for other
purposes that you have not been notified.
- We may anonymize your personal data on record as an organization is considered to
have ceased retention of personal data when it no longer has the means to associate the personal data with
particular individuals. The anonymizing of data could be found under the section on Anonymization in the
Advisory Guidelines on Selected Topics in the PDPC website.
- We will retain employee personal data for a reasonable period for up to 7 years in
accordance with its legal and business purposes, even after the person ceases to be employed by the Group. With
regard to medical data, we will retain medical records in accordance to the duration stipulated by Ministry of
SECTION 6 – TRANSFER OF YOUR PERSONAL DATA OUT OF SINGAPORE
- If we transfer your personal data to a country outside of Singapore, we will ensure
that such personal data is protected to a standard comparable to the protection accorded to personal data under
PDPA. In summary, this means:
- the collection, use and/or disclosure of your personal data would be for the
purpose(s) for which you have given consent;
- steps would be taken to ensure accuracy and completeness of your personal data when
your personal data is used or disclosed to third parties;
- security arrangements would be made to protect your personal data;
- your personal data would be retained only if necessary for legal and business
- anyone who receives your personal data from us is either in a jurisdiction which
has comparable data protection laws or is otherwise bound to protect your personal data.
SECTION 7 – WITHDRAWAL OF CONSENT, ACCESS AND CORRECTION OF YOUR PERSONAL
- It is the obligation of the individual to ensure that all personal data submitted
to us is true, accurate and complete.
- You may access your personal data currently in our possession by contacting our Data
Protection Officer. We will process your request in accordance with the access requirements of the PDPA and will
provide you with the relevant personal data within a reasonable time after the request has been made. A fee may
be charged for processing an access request.
- You may request to correct your personal data by contacting our Data Protection
Officer. We will correct your personal data as soon as practicable after the request has been made unless we
have reasonable grounds not to do so.
- You may withdraw your consent for the collection, use and disclosure of your
personal data in our possession by giving reasonable notice to us. Kindly note that we are obliged to evaluate
and process your request. If you choose to proceed with your withdrawal, do note that it will affect the medical
care and services you would receive from us or other healthcare institutions.
- We will not be able to provide access to data which are opinion data kept solely
for evaluation purpose such as opinion of suitability, eligibility, qualification of individuals for employment,
promotion or continuance in employment. Once your consent is withdrawn, it is our obligation to cease, and cause
our data intermediaries and agents to cease, such collection, use and disclosure within reasonable notice
period. As a result, we may not be able to proceed with some transactions that you have requested.
SECTION 8 – CONTACTING US
- If you wish to withdraw any consent you have given us at any time, or if you wish
to obtain access or make corrections to your personal data held by us, or if you do not accept any amendment to
this Policy, please contact:
The Data Protection Officer
339 Thomson Road
#05-06 Thomson Medical Centre
SECTION 9 – AMENDMENTS AND UPDATES
- We may amend this policy from time to time and will make available the updated
policy on our website at https://ogclinic.com.sg/. Each time we collect, use or disclose personal data, the
latest version of this policy in force at the time will apply.