Your consent may not be necessary or required in some situations whereby applicable law or regulation renders this unnecessary. When such law or regulation applies, we will act in accordance with those other laws and regulations.
Your Personal Data
- Your name, NRIC/passport/other identification numbers;
- Your phone number, email address, home address;
- Your address of the current location for teleconsultation;
- Your reports of investigation results, hospital discharge summaries, doctors’ memo, medication list;
- Your payment-related information such as bank account number and billing address;
- Your next-of-kin caregiver/representative’s name and contact number;
- Your employment history and educational background;
- Information about your interaction with our website such as computer and connection information, device capability, statistics on page views, and traffic to and from our website;
- Any other information relating to you which you have provided us in the course of our interaction.
Personal data does not include data when such data about a data subject has been anonymised. Anonymisation is the process of removing identifying information so that any particular individual cannot be identified by the remaining data. Methods of anonymisation include pseudonymisation, aggregation, replacement, data reduction, data suppression, data shuffling, data masking, and/or replacing identifiers with other references.
Collection of Personal Data
Heartland Physio collects your personal data in the following ways:
- When you submit forms relating to any of our services;
- When you register for or use any of our services;
- When you interact with our physiotherapists and/or administrators via telephone calls (which may be recorded), letters, fax, face-to-face meetings, email, teleconferencing software such as Zoom, and messaging apps such as Whatsapp;
- When you undergo any assessment, treatment or process with us;
- When you call or send message to us;
- When you request for us to contact you;
- When you respond to our request to furnish additional personal data;
- When you respond to our promotions and other initiatives;
- When you make a payment or provide details to facilitate payment;
- When you submit a job/internship application or workshop/course application;
- When you attend Heartland Physio’s events such as workshops and courses and your voice and image data is recorded on our recordings;
- When you browse the Heartland Physio website and provide such information;
- When you submit your personal data to us for any reason.
We may also collect your personal data from third parties, such as:
- Business partners, third partners and/or healthcare providers from where you have been referred;
- Your representatives/next-of-kin/caregiver who may either be doing so on your behalf, or in connection with their own transactions and/or agreements;
- Your employers;
- Your service provides such as your insurers, your bank.
When you submit any personal data regarding a third party (e.g. information of spouse, children, parents, caregivers, next-of-kins, employers, employees and/or authorised representatives) to us, you represent to us that you have obtained the third party’s consent for you to provide us with their personal data for the respective purposes.
You should ensure that all personal data submitted to us is complete, accurate, true and correct. If you fail to do so, we may be unable to provide you with the services you have requested.
Purposes for the Collection, Use and Disclosure of your Personal Data
Heartland Physio collects, uses and discloses your personal data for the following purposes:
- Verifying identify;
- Identifying health and/or treatment risks;
- Providing physiotherapy assessment and treatment;
- Coordinating healthcare services provided by other healthcare providers;
- Referring you to other healthcare providers for investigations, other medical assessment and treatment, and/or continuity of care;
- Ensuring safety for minors/persons lacking mental capacity;
- Ensuring safety during teleconsultation;
- Providing family members/next-of-kin/representatives with updates on your physiotherapy assessment and treatment and seeking consent from them in emergency/incapacity situations;
- Purchase and delivery of therapy equipment for you;
- Delivery of invoice, receipt, and/or educational materials;
- Responding to your inquiries, requests and complaints;
- Reminding you of appointments at Heartland Physio;
- Protecting and enforcing our contractual and legal rights and obligations;
- Conducting audits, reviews and analysis of our internal processes;
- Managing medical records;
- Compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities; and/or
- Any other purpose relating to any of the above.
Furthermore, Heartland Physio may collect, use and disclose your personal data for the following purposes, if you are applying for a job or internship position in Heartland Physio:
- Pre-employment/recruitment checks;
- Obtaining references from employers/previous employers or other references where relevant for background screening;
- Assessing your suitability for the applied position;
- Planning for staff training and staff development;
- Performance appraisal;
- Processing of payroll and employment benefits;
- Arranging for tools as required for you to do your job;
- Communication with you as required by Heartland Physio on its policies and processes for compliance; and
- Any other purposes relating to the above.
In the course of providing particular services or in your interactions with us, we may specifically inform you of other purposes for which we collect, use or disclose your personal data. In that case, we will also collect, use and disclose your personal data for these additional purposes, unless we have specifically notified you otherwise.
Disclosure of Personal Data
Heartland Physio will take reasonable steps to protect your personal data against unauthorised disclosure.
Subject to the provisions of any applicable law, your personal data may be disclosed, for the purposes listed above where applicable, to the following third parties (either overseas or in Singapore):
- Healthcare providers to which you are referred to for investigation, other medical assessment and treatment, and/or continuity of care;
- Affiliates of Heartland Physio;
- Contractors, agents or other third-party service providers who provide operational services to Heartland Physio, such as telecommunications, information technology, payment, payroll, processing, purchases, posting, deliveries or other services to Heartland Physio;
- Anyone to whom we transfer or may transfer our rights and duties;
- Banks, credit card companies and their respective service providers;
- Our professional advisors such as our auditors and lawyers;
- Relevant government regulators or authority or law enforcement agency in compliance with laws or rules and regulations imposed by any governmental authority; and
- Any other party to whom you authorise us to disclose your personal data.
In an emergency situation, to prevent injury or death, we may also disclose personal data affecting (or causing serious threats to) the health, life, or safety of any individual (such as reporting to appropriate authorities when we believe an individual has been abused, neglected or suffered from domestic violence). Such disclosures will be made to such persons who are required to address or respond to the situation.
Next-of-kin / Guardians / Parents of Minors and other Identified Individuals
When the patient is a minor (i.e. less than 18 years old), we will reasonably assume that each parent (either parent, married, separated or divorced) has full right of access to the minor’s personal data unless otherwise alerted with due proof of contrary authorisation/order, or when we are of the view that such access would jeopardize the health, safety or well being of the minor.
When the patient is of majority age (i.e. 18 years or older) and with full legal capacity, he/she is entitled to exercise his/her legal rights to identify his/her representative. In such case, unless otherwise instructed by the patient, or alerted with due proof of contrary authorisation/order, we will reasonably assume that any next-of-kin may be contacted in emergency situations or in situations where contact is needed to safeguard patient’s health, safety and well being. When such a patient instructs us to limit access to his/her personal data or to include only certain named individuals to handle his/her data, we will respect his/her decisions, subject to appropriate verifications or processes to ensure that such instructions are properly given.
For the reason stated in the previous paragraph, Heartland Physio reserves the right to decline access, in line with our obligations under PDPA.
For personal data in our possession or our control, Heartland Physio will take reasonable efforts to protect them by making reasonable security arrangements to prevent them from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot fully guarantee the security of any personal data we may have collected from or about you, for instance, that no harmful code will enter our website (e.g. viruses, bugs, trojan horses, spyware or adware).
Heartland Physio retains such personal data as may be required for business or legal purposes, and such purposes do vary according to the circumstances.
Heartland Physio will securely dispose of or anonymise personal data which it can reasonably determine is no longer needed and does not generally hold on to personal data “just in case”. However, it is in the interests of any caregiver or healthcare provider treating the patient to be able to refer to a complete set of medical records to avoid risks to health and safety of the patient. Hence, regarding patients’ medical records, unless we receive specific contrary instructions from the patient, Heartland Physio may (but is not obliged to) retain such medical records for as long as Heartland Physio may be potentially consulted for further follow up by (or on behalf of) the patient even where such consultation may not occur until after a substantial period of time or there is no current or present indication that the patient may well return for further consultation or follow up.
Cookies are small text files placed in the ‘Cookies’ folder on your computer’s hard disk and allow us to remember you. The types of cookies our website uses are:
- session cookies – stored only while you browse our website;
- persistent cookies (stored even after you have left our website; and
- third-party cookies – cookies set by other websites who run content on the website
The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer.
All web browsers allow you to refuse any cookie, and if you refuse our cookie then we do not gather any of your browsing information. However, you may not be able to enter certain part(s) of our website.
Withdrawal, Withholding, Access and Correction of your Personal Data
Should you wish to withdraw or withhold consent to use of, obtain access to, or make corrections to your personal data, please email our Personal Data Protection Officer at firstname.lastname@example.org
If your personal data has been provided to us by a third party, please contact such party directly to make any requests on consent withdrawal or withholding, obtaining access and making corrections to Heartland Physio on behalf of you.
Please note that if you withdraw or withhold your consent to any or all use of your personal data, depending on the nature of your request, Heartland Physio may not be able to continue to provide its services to you or administer any established contractual relationship. In this case, termination of any agreements with Heartland Physio and your being in breach of your contractual obligations or undertakings may result, and Heartland physio reserves its legal rights and remedies in such event.
Last updated 19 June 2020