3. We take our responsibilities under Singapore’s Personal Data Protection Act (the “PDPA”) seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
5. We own and/or operate website(s) such as www.ofnoah.com and/or any mobile apps that may be published by us (the said website and mobile apps may be collectively or individually referred to as the “Website”).
7. “Personal data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Noah receives or collects information about you, such as but not limited to when you provide your information to us, when you use our Website, when you interact with us, when you interact with or enter into (or attempt to enter into) a transaction with us. Personal data which we may receive or collect include but may not be limited to :
· Identification Number
· Home address
· Health related information
· Contact information such as mobile number, email address
· Transactional information
· Credit card and/or other financial related information that is used for a transaction
· Location Information of yourself and/or your computer or device
We will receive or collect your personal data in accordance with the PDPA.
8. We may collect and store certain information automatically when you visit the Website. Examples include the internet protocol (IP) address used to connect your computer or device to the internet, connection information such as browser type and version, your operating system and platform, a unique reference number linked to the data you enter on our system, login details, the full URL clickstream to, through and from the Website (including date and time), cookie number and/or your activity on our Website, including the pages you visited, the searches you made.
9. We may receive information about you from third parties if you use any websites or social media platforms operated by third parties (for example, Facebook, Instagram, Twitter etc.) and, if such functionality is available, you have chosen to link your profile on our Website with your profile on those other websites or social media platforms.
11. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device.
12. You can block or deactivate cookies in your browser settings.
13. We use log-in cookies in order to remember you when you have logged in for a seamless experience.
14. We may use session cookies to track your movements from page to page and in order to store your selected inputs so you are not constantly asked for the same information.
15. Our Website may use Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the Website and ways that we can improve your experience. These cookies may track things such as how long you spend on the Website and the pages that you visit so we can continue to produce engaging content.
17. For further information on types of cookies and how they work visit www.allaboutcookies.org
18. Our Website and mobile or web-based applications may offer location-enabled services. We may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location. You may be asked if the geo-location service can be activated and you can also object to this geo-location service within the respective mobile or web-based application.
19. Noah will/may collect, use, disclose and/or process your personal data for one or more of the following purposes [RT1] :
(a) processing, facilitating and/or dealing with your interest in our or a Healthcare Provider’s products and/or services (“Healthcare Provider” refers to a third party (whether an individual or an organisation or a Noah Group entity) that is in the healthcare business such as but not limited to a medical clinic, a doctor, a healthcare organisation, a pharmacy, a person in the healthcare industry, which Noah links you up with or that/whom uses Noah’s Website to provide products or services to customers or that Noah has a business relationship with). Without limiting the generality of the foregoing and for the avoidance of doubt, this means that we may disclose your personal data to a Healthcare Provider to deal with this purpose. “Noah Group” means Noah’s related corporations and/or affiliates around the world;
(b) considering, processing, facilitating (including carrying out risk or fraud analysis), dealing with and/or managing, your request/application for or your purchase of, intended purchase of or your subscription for, our or a Healthcare Provider’s products and/or services (the “Transaction”);
(c) dealing with, facilitating, processing and/or administering the account that you may open with us;
(d) facilitating, processing, dealing with, administering and/or managing Transaction(s) or intended Transaction(s);
(e) providing products or services to you;
(f) administering, facilitating, managing, processing and/or dealing with your relationship with us or a Healthcare Provider;
(g) administering, facilitating, processing and / or dealing in any matters relating to your use of the Website or of the website of a Healthcare Provider. Without limiting the generality of the foregoing, this may include our collection and subsequent processing of your location data or data that identifies your location;
(h) monitoring, processing and/or tracking your use of the Website in order to provide you with a seamless experience, facilitating or administering your use of the Website, and/or to assist us in improving your experience in using the Website;
(i) administering, facilitating, processing and/or dealing in any transactions or activities carried out by you on the Website or on the website or mobile application of a Healthcare Provider;
(j) carrying out and/or facilitating your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
(k) contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for one or more of the Purposes stated herein. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
(l) the conduct of training or training purpose, so as to develop or improve our products or services and/or our staff’s and agents’ services and/or service quality. Without limiting the generality of the foregoing, such training may involve collection, use, disclosure or processing of your personal data including your feedback or comments or reviews;
(m) carrying out due diligence or other screening activities (including background checks, anti-money laundering checks, know your client checks) in accordance with legal or regulatory obligations (whether of Singapore or other countries) applicable to us or any Noah Group entity, the requirements or guidelines of governmental authorities (whether of Singapore or other countries) which we determine are applicable to us or any Noah Group entity, and/or our or any Noah Group entities’ risk management procedures that may be required by law (whether of Singapore or other countries) or that may have been put in place by us or any Noah Group entities;
(n) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned, regardless that such prevention or investigation involves us and/or is done by us or any Noah Group entities; dealing with conflict of interests; or dealing with and/or investigating complaints; carrying out fraud detection and/or credit risk control in relation to your Transactions/online transactions or attempted Transactions/online transactions;
(o) complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or any Noah Group entity, including meeting the requirements to make disclosure under the requirements of any law binding on us or any Noah Group entity, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or other countries) (such as but not limited to the Singapore Medical Council Ethical Code and Ethical Guidelines), with which we or any Noah Group entity is/are expected to comply;
(p) complying with or as required by any request or direction of any governmental authority (whether of Singapore or other countries) which we or any Noah Group entity is/are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (whether of Singapore or other countries). For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
(q) conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our or a Noah Group entity’s products, services and/or facilities in order to enhance any continued interaction between yourself and us or an Noah Group entity connected or in relation to the Website, or your Transaction(s); or to improve any of our or an Noah Group entity’s products or services or, whether now or in the future;
(r) for marketing purpose where you have provided your consent to us for the same, and with such consent, we may/would be providing you with marketing, advertising and promotional information, materials and/or documents relating to products, services and/or events (including products, services and/or events of third party organisations with which we may collaborate with such as Healthcare Providers) that we (including a Noah Group entity) or such third party organisations may be selling, marketing, offering, organizing, involved in or promoting, whether such products, services and/or events exist now or are created in the future;
(s) storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
(t) to facilitate and/or ensure the safety and security of our premises, our customers, our staff and/or visitors to our premises; to deal with, handle and/or conduct disciplinary, security, crime prevention and/or quality assurance processes, matters and/or arrangements. Without prejudice to the generality of the aforesaid, we wish to bring to your attention that if there are surveillance cameras installed at our premises and/or offices, whether now or in future, such surveillance cameras are for security, crime prevention, safety and training reasons and you acknowledge that your personal data will be collected by such cameras and processed by us consequently;
(u) maintaining and/or developing our IT or business systems and infrastructure including testing and upgrading of these systems;
(v) creating reports with respect to your Transaction(s) and/or transactions that we or a Healthcare Provider have/has with our/its customers;
(w) facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of Noah and/or of any Noah Group entities, Transaction(s), and/or our or a Noah Group entity’s transactions with our/its customers;
(x) dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves Noah as a participant or involves only an Noah Group entity as a participant or involves Noah and/or any Noah Group entities as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” is defined in the PDPA and includes the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;
(y) record-keeping purposes and producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements, of Noah or of any Noah Group entities;
(z) Noah, Noah Group’s or a Noah Group entity’s reporting purposes including but not limited to reporting on Noah’s business performance;
(aa) anonymization of your personal data. In this regard, you acknowledge that personal data that has been anonymized is no longer personal data and the requirements of applicable local data protection law (i.e. the PDPA) would no longer apply to such anonymized data; and
(bb) to deal with the or as part of a bankruptcy, winding up, reorganization, restructuring, insolvency, receivership or an assignment for the benefit of creditors, of Noah;
(the purposes set out in this paragraph 19 above shall be collectively referred to as the “Purposes”)
Arising from our processing of your personal data, new personal data about you may be created.
20. Noah may/will need to disclose your personal data to third parties, whether located within or outside Singapore, for one or more of the above Purposes, as such third parties, would be processing your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purposes. Without limiting the generality of the foregoing or of paragraph 19, such third parties include :
(a) any Noah Group entities;
(b) any of our agents, contractors or third party service providers that process or will be processing your personal data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres. Additionally, any party to whom Noah outsources the performance of certain functions or activities of Noah;
(c) Healthcare Providers;
(d) third parties with whom we enter into or may enter into any contractual or other arrangement in relation to the products or services to be provided to you, or in relation to the Transaction; and
(e) third parties to whom disclosure by Noah is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.
21. We may share your information with any Noah Group entities, which may be based in countries other than Singapore, from time to time for one or more of the Purposes.
22. For the avoidance of doubt, you consent to our using, disclosing and/or processing personal data that we currently possess about you and/or that we had lawfully received or that we lawfully receive in future, from third parties or other Noah Group entities, for the Purposes.
23. You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by emailing us at [insert email address]. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request, unless an exception under the law or a provision in the law permits us to. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal, including us being unable to perform the transactions requested by you or the termination of your relationship with us (depending on the extent of your withdrawal), as the case may be.
24. We may collect, use, disclose or process your personal data for other purposes that do not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
25. We may/will be receiving or collecting from sources other than yourself, personal data about you, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes. We may combine information we receive from other sources with information you give to us and/or with information we have about you. We may use this information and the combined information for the Purposes set out above (depending on the types of information we receive).
26. We take reasonable steps to ensure that any personal data we collect, disclose and use is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, it is important that you advise us of any changes to your personal data or if there are any errors in the personal data we hold about you. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us of any changes in your personal data that you had initially provided us with.
27. Noah may rely on the legitimate interests exception under the PDPA to collect, use or disclose your personal data without your consent, for the purpose of detecting and/or preventing :
(b) an illegal activity; and/or
(c) the misuse of services provided by or to be provided by Noah, on the basis that such collection, use or disclosure is for the legitimate interests of Noah or some other organisation, and that such legitimate interests outweigh any adverse effect (if any) on you.
28. Should Noah rely on this exception, Noah may/will need to disclose your personal data that is being processed in reliance on such exception, to third parties, whether located within or outside Singapore, for the purposes stated in paragraph 27 above, and such third parties, would be processing your personal data for the purposes stated in paragraph 27 above.
29. Should you have any queries regarding Noah’s reliance on this legitimate interests exception, please contact our Data Protection Officer at : email@example.com.
30. Security of your personal data is important to us. We will put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data.
31. We will put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
32. You have the right to ask us not to use your personal data for marketing purposes. Please let us know if you want to withdraw your consent by emailing us at firstname.lastname@example.org.
33. You have the right to access and/or correct any personal data that we hold about you, subject to exceptions under the law. This right can be exercised at any time by emailing us at email@example.com. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. With respect to your access request, we may charge a fee in order to process it.
34. For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA exempts certain types of personal data from being subject to your access request.
35. For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.
36. We hold and deal with your personal data in accordance with the PDPA.
37. If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.
38. Please contact us with your complaint or grievance by emailing us at firstname.lastname@example.org.
39. Where you are sending an email in which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.
40. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
Last Updated on 16 March 2021