Crawfurd Hospital Personal Data Protection Policy

Revised on: 1 February 2023 (with updated revision to PDPA 2021)


1. Introduction

1.1. This Personal Data Protection Notice (“Notice”) sets out the basis which Crawfurd Hospital Pte.Ltd, and/or its related corporations, (“we”, “us”, “our” or “company”) may collect, use, process, disclose and store your Personal Data responsibly and in compliance with Singapore’s Personal Data Protection Act (PDPA). It is by your consent and primarily for healthcare, administrative, business and human resource purposes. This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.


2. Personal Data

2.1. For purposes of this Notice, Personal Data means any information or combination of information relating to an identified or identifiable natural person.

2.2. The exact type of Personal Data that may apply will vary depending on the nature of your interaction with us. Examples of Personal Data that we collect may include but not limited to your name, NRIC, passport or other identification number, nationality, date of birth, gender, residential address, email address, telephone number(s), your image on our close-circuit television (CCTV) and in photographs, medical history, medical health records, employment history, educational qualifications, details of family members and any other information relating to any individuals which you have provided us in any forms you may have submitted to us.


3. Collection, Use and Disclosure of Personal Data

3.1. We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws.

3.2. We may collect, use and disclose Personal Data for the following purposes:

Healthcare, other medical services and health information sharing
(a) Provide medical treatment and services, healthcare and allied healthcare services;
(b) Manage and coordinate your care and other continuity of care issues; and/or
(c) Share medical records with other authorised health care providers for medical treatment and health care purposes, where required or permitted by law, including by way of the National Electronic Health Record (NEHR) system.

(d) Process appointments, bookings, admissions, transfers and discharge;
(e) Process and collecting payment for products, treatment and services;
(f) Verify identity, perform due diligence checks and credit checks;
(g) Respond to queries or feedback;
(h) Address or investigate complaints, claims or disputes; and/or
(i) Comply with our internal policies, procedures, legal obligations and requirements.

Business operations
(j) Conduct business with legitimate purposes including but not limited to, provision of products and services, contractual obligations, account management, customer service, finance and accounting, audit and investigation, risk management and reporting, research, analysis and development, internal management and control;

Marketing and promotion
(k) With your consent, conduct marketing and promotional communications and/or any initiatives in relation to us and/or our respective partners.

CCTV (closed-circuit television) and Photography
(l) Collect/take photographs, videos and/or sound recordings in and around our premises from time to time, including our meeting and function rooms for internal or communication use/purpose. You may be captured incidentally.; and/or
(m) Security of premise or facilitate investigation.

Human resources and personnel management
(n) Process job application, facilitate employment procedure, assessing suitability, monitoring of performance and/or any other management of employment relationship with you.
(o) Facilitate training and education.

3.3. We may disclose the personal data to third parties, whether located in Singapore or elsewhere, to achieve the purposes stated in this policy. Such third parties include:

(a) Our business and collaboration partners and their staff we have engaged for the provision of treatments and services, and/or the conduct of marketing and promotions with your consent;

(b) Our authorised service providers, vendors, contractors and agents;

(c) Healthcare providers, agencies or facilities for the purposes of information sharing and exchange via the NEHR system or other health information exchange systems, where such disclosure is required or permitted by law;
(d) The Central Provident Fund Board of Singapore and/or your health insurance provider, for payment processing purposes;
(e) Public and Governmental authorities that regulate or have jurisdiction over us for any legal or investigation purposes;
(f) Anyone you have authorised us to contact or communicate with involved in your care or payment for your care;
(g) Funeral homes and crematoria, where such disclosure is required or permitted by law.


4. Reliance on the Legitimate Interests Exception

4.1. In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of Crawfurd Hospital Pte. Ltd. In relying on the legitimate interests exception of the PDPA, Crawfurd Hospital Pte. Ltd. will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.

4.2. In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:

(a) Fraud detection and prevention;
(b) Detection and prevention of misuse of services;
(c) Network analysis to prevent fraud and financial crime, and perform credit analysis;
(d) Collection and use of personal data on company-issued devices to prevent data loss;
(e) Collection and use of personal data for market and industry analysis; and

The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.


5. Accuracy of Personal Data

5.1. We generally rely on Personal Data provided by you/or your authorised representative. The personal data you provide to us must be complete, accurate and up-to-date, and you must inform us of any significant changes to such Personal Data provided by you.


6. Protection of Personal Data

6.1. We are committed to maintaining the security of Personal Data processed and restrict the processing of personal data to those data/information that are adequate for, and/or relevant to the purposes described under this notice.

6.1. To protect your Personal Data, we take appropriate measures, and we also require external parties to whom we disclose your Personal Data to, to protect the security of your Personal Data. We have put in place physical, technical, and organisational measures to prevent risks such as unauthorised access, collection, use, disclosure, modification and disposal.

6.3. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.


7. Retention of Personal Data

7.1.We keep your Personal Data for as long as it is necessary to fulfil the purposes for which it has been collected, or as required or permitted by applicable laws. We retain Personal Data only:

(a) for the period required to serve applicable Business purposes;
(b) to the extent necessary to comply with an applicable legal and/or regulatory requirement; and/or
(c) as advised by Singapore laws.


8. Access to and Correction of Personal Data

8.1. If you wish to correct or have access to your personal data, please contact us. We may charge a reasonable fee for processing a request for access to personal data. If so, we will inform you of the fee before processing your request.


9. Withdrawing consent

9.1. You may contact us to withdraw consent to the collection, use and disclosure of personal data, or request for access or make corrections to your Personal Data held by us, by giving us reasonable notice. Please note that if you withdraw your consent to any or all of the purposes and depending on the nature of your request, we may not be in the position to be able to carry out or meet any of the purposes stated above.


10. Transfers of Personal Data outside of Singapore

10.1. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will ensure that personal data is only transferred to an authorised external party and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.


11. Data Protection Officer

11.1. If you have any questions about our policy or wish to withdraw consent, please contact our Data Protection Officer

Data Protection Officer
Crawfurd Hospital
19 Adam Road
Singapore 289891


12. Updates to Notice

12.2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. We will make available the updated policy on our website.