Privacy policy

Your privacy is important to us. Therefore we set up this Privacy Policy to help you understand how Heartland Physio manages personal data in accordance with the Personal Data Protection Act 2012 (PDPA). It will inform you on what personal data we collect, why and how we collect, use and disclose your personal data, as well as how you can access your personal data, withdraw or manage your consents and preferences on your personal data.

When you contact us and submit information to us, you consent to Heartland Physio, its related corporations and affiliates, and our respective representatives (collectively “Heartland Physio”, “us”, “we” or “our” or similar expression) collecting, using, disclosing and sharing amongst themselves your personal data, and disclosing such personal data to Heartland Physio’s authorised service providers and relevant third parties in the manner set out in this Privacy Policy, so as to provide you with the relevant services, conduct relevant transactions, and/or interact with you as required.

Your consent may not be necessary or required in some situations whereby applicable law or regulation renders this unnecessary. When such law or regulation applies, we will act in accordance with those other laws and regulations.

Heartland Physio will update this Privacy Policy every now and then to ensure that this Privacy Policy is in line with any changes in legal or regulatory requirements, our future plans and/or industry trends. Please check on our website regularly for the updated information on how your personal data is being handled. Subject to your rights at law, you agree to be bound by the prevailing terms of the Privacy Policy as updated every now and then on our website.

About PDPA

For more information about the PDPA which informs this Privacy Policy, please refer to the website of the Personal Data Protection Commission (“PDPC”) at www.pdpc.gov.sg

Your Personal Data

In this Privacy Policy, “personal data” refers to any data or information about you from which you can be identified either (a) from that data; or (b) from that data and other information to which we have or are likely to have access. The exact type of personal data that may apply to you will vary depending on how you have interacted with us. Such personal data which you may provide to us include:

  • Your name, NRIC/passport/other identification numbers;
  • Your phone number, email address, home address;
  • Your address of the current location for teleconsultation;
  • Your reports of investigation results, hospital discharge summaries, doctors’ memo, medication list;
  • Your payment-related information such as bank account number and billing address;
  • Your next-of-kin caregiver/representative’s name and contact number;
  • Your employment history and educational background;
  • Information about your interaction with our website such as computer and connection information, device capability, statistics on page views, and traffic to and from our website;
  • Any other information relating to you which you have provided us in the course of our interaction. 

Heartland Physio will do our best to limit the collection of personal data to a reasonable standard necessary for the purposes laid out in this Privacy Policy. However, please note that in the case of medical/health information, full and proper diagnosis and appropriate treatment would rely on extensiveness and completeness of the information collected. Sometimes it may be even necessary to collect information about a patient’s next-of-kin, and/or employers/employees, such as in case of congenital diseases, predispositions to occupational or other risks, etc..

Personal data does not include data when such data about a data subject has been anonymised. Anonymisation is the process of removing identifying information so that any particular individual cannot be identified by the remaining data.  Methods of anonymisation include pseudonymisation, aggregation, replacement, data reduction, data suppression, data shuffling, data masking, and/or replacing identifiers with other references.

Collection of Personal Data

Heartland Physio collects your personal data in the following ways:

  • When you submit forms relating to any of our services;
  • When you register for or use any of our services;
  • When you interact with our physiotherapists and/or administrators via telephone calls (which may be recorded), letters, fax, face-to-face meetings, email, teleconferencing software such as Zoom, and messaging apps such as Whatsapp;
  • When you undergo any assessment, treatment or process with us;
  • When you call or send message to us;
  • When you request  for us to contact you;
  • When you respond to our request to furnish additional personal data;
  • When you respond to our promotions and other initiatives;
  • When you make a payment or provide details to facilitate payment;
  • When you submit a job/internship application or workshop/course application;
  • When you attend Heartland Physio’s events such as workshops and courses and your voice and image data is recorded on our recordings;
  • When you browse the Heartland Physio website and provide such information;
  • When you submit your personal data to us for any reason.

We may also collect your personal data from third parties, such as:

  • Business partners, third partners and/or healthcare providers from where you have been referred;
  • Your representatives/next-of-kin/caregiver who may either be doing so on your behalf, or in connection with their own transactions and/or agreements;
  • Your employers;
  • Your service provides such as your insurers, your bank.

When you submit any personal data regarding a third party (e.g. information of spouse, children, parents, caregivers, next-of-kins, employers, employees and/or authorised representatives) to us, you represent to us that you have obtained the third party’s consent for you to provide us with their personal data for the respective purposes.

You should ensure that all personal data submitted to us is complete, accurate, true and correct. If you fail to do so, we may be unable to provide you with the services you have requested.

Purposes for the Collection, Use and Disclosure of your Personal Data

Heartland Physio collects, uses and discloses your personal data for the following purposes:

  • Verifying identify; 
  • Communication;
  • Identifying health and/or treatment risks;
  • Providing physiotherapy assessment and treatment;
  • Coordinating healthcare services provided by other healthcare providers;
  • Referring you to other healthcare providers for investigations, other medical assessment and treatment, and/or continuity of care;
  • Ensuring safety for minors/persons lacking mental capacity;
  • Ensuring safety during teleconsultation;
  • Providing family members/next-of-kin/representatives with updates on your physiotherapy assessment and treatment and seeking consent from them in emergency/incapacity situations;
  • Billing;
  • Purchase and delivery of therapy equipment for you;
  • Delivery of  invoice, receipt, and/or educational materials;
  • Responding to your inquiries, requests and complaints;
  • Reminding you of appointments at Heartland Physio;
  • Protecting and enforcing our contractual and legal rights and  obligations;
  • Conducting audits, reviews and analysis of our internal processes;
  • Managing medical records;
  • Compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities; and/or
  • Any other purpose relating to any of the above.

Furthermore, Heartland Physio may collect, use and disclose your personal data for the following purposes, if you are applying for a job or internship position in Heartland Physio:

  • Pre-employment/recruitment checks;
  • Obtaining references from employers/previous employers or other references where relevant for background screening;
  • Assessing your suitability for the applied position;
  • Planning for staff training and staff development;
  • Performance appraisal;
  • Processing of payroll and employment benefits;
  • Arranging for tools as required for you to do your job;
  • Communication with you as required by Heartland Physio on its policies and processes for compliance; and 
  • Any other purposes relating to the above.

In the course of providing particular services or in your interactions with us, we may specifically inform you of other purposes for which we collect, use or disclose your personal data. In that case, we will also collect, use and disclose your personal data for these additional purposes, unless we have specifically notified you otherwise.

Disclosure of Personal Data

Heartland Physio will take reasonable steps to protect your personal data against unauthorised disclosure. 

Subject to the provisions of any applicable law, your personal data may be disclosed, for the purposes listed above where applicable, to the following third parties (either overseas or in Singapore):

  • Healthcare providers to which you are referred to for investigation,  other medical assessment and treatment, and/or continuity of care;
  • Next-of-kin/caregivers/representatives;
  • Affiliates of Heartland Physio;
  • Contractors, agents or other third-party service providers who provide operational services to Heartland Physio, such as telecommunications, information technology, payment, payroll, processing, purchases, posting, deliveries or other services to Heartland Physio;
  • Anyone to whom we transfer or may transfer our rights and duties;
  • Banks, credit card companies and their respective service providers;
  • Our professional advisors such as our auditors and lawyers;
  • Relevant government regulators or authority or law enforcement agency in compliance with laws or rules and regulations imposed by any governmental authority; and
  • Any other party to whom you authorise us to disclose your personal data.

In an emergency situation, to prevent injury or death, we may also disclose personal data affecting (or causing serious threats to) the health, life, or safety of any individual (such as reporting to appropriate authorities when we believe an individual has been abused, neglected or suffered from domestic violence). Such disclosures will be made to such persons who are required to address or respond to the situation.

Next-of-kin / Guardians / Parents of Minors and other Identified Individuals

When the patient is a minor (i.e. less than 18 years old), we will reasonably assume that each parent (either parent, married, separated or divorced) has full right of access to the minor’s personal data unless otherwise alerted with due proof of contrary authorisation/order, or when we are of the view that such access would jeopardize the health, safety or well being of the minor.

When the patient is of majority age (i.e. 18 years or older) and with full legal capacity, he/she is entitled to exercise his/her legal rights to identify his/her representative. In such case, unless otherwise instructed by the patient, or alerted with due proof of contrary authorisation/order, we will reasonably assume that any next-of-kin may be contacted in emergency situations or in situations where contact is needed to safeguard patient’s health, safety and well being. When such a patient instructs us to limit access to his/her personal data or to include only certain named individuals to handle his/her data, we will respect his/her decisions, subject to appropriate verifications or processes to ensure that such instructions are properly given.

For the reason stated in the previous paragraph, Heartland Physio reserves the right to decline access, in line with our obligations under PDPA.

Security

For personal data in our possession or our control, Heartland Physio will take reasonable efforts to protect them by making reasonable security arrangements to prevent them from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot fully guarantee the security of any personal data we may have collected from or about you, for instance, that no harmful code will enter our website (e.g. viruses, bugs, trojan horses, spyware or adware). 

Retention

Heartland Physio retains such personal data as may be required for business or legal purposes, and such purposes do vary according to the circumstances. 

Heartland Physio will securely dispose of or anonymise personal data which it can reasonably determine is no longer needed and does not generally hold on to personal data “just in case”. However, it is in the interests of any caregiver or healthcare provider treating the patient to be able to refer to a complete set of medical records to avoid risks to health and safety of the patient. Hence, regarding patients’ medical records, unless we receive specific contrary instructions from the patient, Heartland Physio may (but is not obliged to) retain such medical records for as long as Heartland Physio may be potentially consulted for further follow up by (or on behalf of) the patient even where such consultation may not occur until after a substantial period of time or there is no current or present indication that the patient may well return for further consultation or follow up. 

Cookies

Heartland Physio and our trusted partners use cookies when you visit our site or access our services. Cookies may be deployed in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, the type of browser and operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp. 

Cookies are small text files placed in the ‘Cookies’ folder on your computer’s hard disk and allow us to remember you. The types of cookies our website uses are:

  • session cookies – stored only while you browse our website;
  • persistent cookies (stored even after you have left our website; and
  • third-party cookies – cookies set by other websites who run content on the website

The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer.

All web browsers allow you to refuse any cookie, and if you refuse our cookie then we do not gather any of your browsing information. However, you may not be able to enter certain part(s) of our website. 

Third-Party Sites

Our website may contain links to other websites operated by third parties such as our affiliates or business partners. Some of these third-party websites may also contain our logo, trademark or website link, even though these third-party websites are not operated or maintained by us. We are not responsible for the privacy practices of these third-party websites which are not operated or maintained by us. Once you exit from our website, you should check the applicable terms, conditions and policies, including the privacy policy, of the third party website to understand how they will handle any information they collect from you and determine your interaction with them.

Withdrawal, Withholding, Access and Correction of your Personal Data

Should you wish to withdraw or withhold consent to use of, obtain access to, or make corrections to your personal data, please email our Personal Data Protection Officer at dataprotection@heartlandphysio.com.sg 

If your personal data has been provided to us by a third party, please contact such party directly to make any requests on consent withdrawal or withholding, obtaining access and making corrections to Heartland Physio on behalf of you.

Please note that if you withdraw or withhold your consent to any or all use of your personal data, depending on the nature of your request, Heartland Physio may not be able to continue to provide its services to you or administer any established contractual relationship. In this case, termination of any agreements with Heartland Physio and your being in breach of your contractual obligations or undertakings may result, and Heartland physio reserves its legal rights and remedies in such event.

Governing Law

This Privacy Policy shall be governed in all aspects by the laws of Singapore.

Last updated 19 June 2020

Open chat
Need help?
Hello 👋
Can we help you?