In this policy, “Personal Information” is any information which can be used to identify you or from which you are identifiable. This includes but is not limited to your name, nationality, telephone number, payment card information, preferences, email address, your image, identification numbers, biometric data, race, date of birth, marital status, religion, health information, and employment information.
This policy sets out how Knowledge Catalyst manages Personal Information which is in our possession or under our control. That is:
(a) the information we collect about you
(b) how we collect the information
(c) how we use, disclose, store, and secure the information; and
(d) how you may access and control the information.
1. What information we collect about you
1.1. We collect the following types of information (collectively “Data”) about you, your customers, clients, or (in the case of our Digital Health Credentials Platform) patients:
(a) account and profile information that you provide when you register for an account, or sign up for, or use our Services, including but not limited to:
(collectively, “Account Data”);
(b) health information, medical record and test result details, including but not limited to COVID-19 results details, (collectively, “Medical Data”);
(c) information you provide through support channels, for example when you report a problem to us or interact with our support team, including but not limited to, any contact information, documentation, and screenshots (collectively, “Support Data”);
(d) the content you provide through the use of our Services, including but not limited to, posts, comments, discussion forums, chats, and reviews (collectively, “User Content”);
(e) communication, marketing, and other preferences that you set when you set up your account or profile, or when you participate in a survey or a questionnaire that we send you (collectively, “Preference Data”);
(f) details of any transactions, purchases, or orders that you have made with us (collectively, “Transaction Data”);
(g) payment information, including but not limited to, your payment card information, bank account details, and bank transaction details (collectively, “Financial Data”);
(h) technological information, including but not limited to, information about your device or connection, for example, your internet protocol (IP) address, log-in data, browser type, and version, time-zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Services and information we collect through cookies and other data collection technologies (please read our paragraph 7. Cookies policy for details) (collectively, “Technical Data”); and
(i) Information about your use of or visit to our Platform, for example, your clickstream to, through, and from our Platform, products you viewed, used, or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods to browse away from the page (collectively, “Usage Data”); and
(j) any other Personal Information permitted by or required in order to comply with any applicable local laws or laws of foreign jurisdictions which we operate or have presence in.
We collect Data about you in the ways listed below. We may also combine the collected Personal Information with other Data in our possession. If you have or are a party to multiple relationships with us (for example if you use various of our Services), we will link your Data collected across your various capacities to facilitate your use of our Services and for the Purposes described below.
When you provide your Data to us
1.2. We collect Data when you voluntarily provide it to us or when you use or visit our Platform. For example, you may provide your Data to us when you:
(a) complete user profile or registration forms (Account Data such as name, identification number, date of birth, gender, username or similar identifier, email address, residential address, telephone number(s) and other identification information is collected)
(b) provide information to register for any medical tests or appointments like COVID-19 tests (Account Data such as name, identification number, passport number, date of birth, medical record, and flight or event details and Medical Data)
(c) verify or authenticate your identity though various means (Account Data such as your email address, name, social media logins)
(d) use other services linked to your account, for example, if you register or log in to your account using Google Sign-In to authenticate yourself, as permitted by your Google profile settings (Account Data such as your name, email address and profile picture);
(e) interact with our personnel, agents, advisors, consultants, contractors, processes, and third parties in connection with our Platform or Services (Account Data such as your name, username or similar identifier, email address, Support Data such as contact information, documentation and screenshots and any other Data which you may be required to provide);
(f) fill up information in surveys (Preference Data)
(g) seek customer support (Support Data such as contact information, documentation, and screenshots, and Usage Data such as page response times, download errors, length and page interaction information, and Transaction Data such as transactions, purchases, or orders that you have made with us, and any other Data required to provide adequate customer support)
In certain circumstances, you may need to provide your Data to comply with legal requirements or contractual obligations, or where it is necessary to conclude a contract. Failure to provide such Data, under such circumstance, may constitute failure to comply with legal requirements or contractual obligations, or inability to conclude a contract with you.
When you use our Services
1.3. Data may be collected through the normal operation of our Platform or Services. For example, when you:
(a) detect clinics near your location (Account Data like precise location data that shows your geographical position);
(b) create, share, message or communicate with others (Account Data such as name, username, and User Content such as posts, comments, discussion forums, chats, and reviews)
(c) make a payment (Financial Data such as payment card details, bank account details and other necessary information required to complete the payment)
(d) interact with us, our Platform, or Services (Account Data such as username, and email address, Usage Data such as clickstream, length of visit to certain pages, and page interaction information, and Technical Data such as your IP address, browser type, operating system and platform)
(e) when you interact with other users on our Platform or via our Services (Account Data such as name, username, and User Content such as posts, comments, discussion forums, chats, and reviews)
(f) generate any credentials with our platform (Account Data such as name, identification number, date of birth, gender, nationality, citizenship; and Medical Data such as COVID-19 test results)
From other sources
1.4. When we collect Personal Information of you from other sources, we make sure that data is transferred to us in accordance with applicable laws. Such sources include:
(a) referral programmes;
(b) a third party who has been duly authorised by you to disclose your Data to us (your “Authorised Representative”) after you (or your Authorised Representative) have been notified of the purpose(s) for which the Data is collected, and you (or your Authorised Representative) have provided consent to the collection and usage of your Data for those purposes;
(c) our group companies or overseas offices that provide information technology services, system administrative services, and marketing services;
(d) our business partners and service providers who provide technical, payment, delivery services, advertising networks, analytics, market research, and search information services;
(e) publicly available, or publicly accessible information sources;
(f) governmental sources;
(g) marketing services providers or partners;
(h) our CCTV cameras, for any audio or visual information captured, while you are within or in the vicinity of our premises, or via photographs or videos taken by us or our representatives when you attend our events; and
(i) such other written, electronic or verbal communications or documents delivered to us; and
(j) any other Data reasonably required in order for us to provide the services requested by you.
1.5. As a parent or legal guardian, please do not allow minors under your care to submit Data to us. In the event that such Data of a minor is disclosed to us, you hereby consent to the processing of the minors’ Data and accept and agree to be bound by this Policy and take responsibility for his or her actions.
1.6. You may provide Personal Information of other individuals to us. For example, you may participate in referral programmes. If you provide us with their Personal Information, you represent and warrant that you have obtained their consent for their Personal Information to be collected, used and disclosed as set out in this Policy.
How we use the information we collect
2.1. We collect, use, and disclose your Data for our business purposes, including the provision and continuing operation of the Platform or Services provided to you, and where the law allows us to. We collect, use, and disclose your Data when:
(b) we, with your expressed consent, market our and our partners’, sponsors’, and advertisers’ products, services, events, or promotions
(c) it satisfies a legitimate interest which is not overridden by your fundamental rights or data protection interests, for example for research and development, and in order to protect our legal rights and interests
(d) you have given us consent to do so for a specific purpose, for example, we may send you direct marketing materials or publish your information as part of our testimonials or customer stories to promote our products or services with your permission; or
(e) we need to comply with a legal or regulatory obligation.
2.3. We do not share your Personal Information with any company outside our group for marketing purpose unless with your express specific consent to do so.
2.4. For visitors to or users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Basis Table at the end of this policy.
How we share information we collect
3.1. We share information with other companies in our group in order to operate our Platform and to offer and improve our Services.
3.2. We share Data with other users when you communicate or interact with other users on our platform, for example, when you communicate with clinics to make an appointment on our platform.
3.3. We share information with third parties that help us operate, provide, support, improve, and market our Services, for example, third-party service providers who provide website and application development, data storage and backup, infrastructure, billing, payment processing, customer support, business analytics, and other services.
3.4. Third-party service providers have access to your personal information only for the purpose of performing their services and in compliance with applicable laws and regulations. We require these third-party service providers to maintain confidentiality and security of all personal information that they process on our behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity, and availability of your personal information.
3.5. We take reasonable steps to confirm that all third-party service providers that we engage in processing personal information in the manner that provides at least the same level of protection as is provided under this policy. Where any third-party provider is unable to satisfy our requirements, we will require them to notify us immediately and we will take reasonable steps to prevent or stop non-compliant processing.
3.6. We may share personal information on an aggregated or de-identified basis with third parties for research and analysis, profiling, and similar purposes to help us improve our Services.
3.7. If you use any third-party software in connection with our products or services, for example, any third-party software that our Platform integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us, and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.
3.8. Our Platform may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.
3.9. We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, or national security requests.
3.10. If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such transaction. We will notify you if such a transaction takes place and inform you of any choices you may have regarding your information.
3.11. We may disclose Medical Data to third parties with your express specific consent to do so. We do not disclose Medical Data for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research.
How we store and secure the information we collect
4.1. We use data hosting service providers based in Singapore, or based in jurisdictions where laws require us to, to host the information we collect.
4.2. We have adopted the following measures to protect the security and integrity of your personal information:
(a) information is encrypted using TLS/SSL technology;
(b) your account is password-protected, with the requirement(s) that the passwords must be at least 8 characters long, with a combination of letters, special characters, and numbers;
(c) access to your personal information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and
(d) our information collection, storage, and processing practices are reviewed regularly.
4.3. We will take reasonable legal, organisational and technical measures to ensure that your Data is protected. This includes measures to prevent your Data from getting lost or used or accessed in an unauthorised way. We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
4.4. While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure.
4.5. We only retain personal information for so long as it is reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After such time, we will delete or anonymize your information, or if this is not possible, we will securely store your information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy.
How we transfer information internationally
5.1. We collect information globally and store that information in Singapore, or in jurisdictions where laws require us to. We transfer, process, and store your information outside your country of residence where we or our service providers operate for the purpose of providing our Services to you.
5.2. Some of the countries in which our companies or service providers are located may not have the privacy and data protection laws that are equivalent to those in your country of residence. When we share information with these companies or service providers, we make use of contractual clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of information.
6.1. You have the right to:
(a) be informed of what we do with your personal information;
(b) request a copy of the personal information we hold about you;
(c) require us to correct any inaccuracy or error in any personal information we hold about you;
(d) request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure for record-keeping purposes, to complete transactions, or to comply with our legal obligations);
(e) object to or restrict the processing by us of your personal information (including for marketing purposes);
(f) request to receive some of your personal information in a structured, commonly used, and machine-readable format, and request that we transfer such information to another party; and
(g) withdraw your consent at any time where we are relying on consent to process your personal information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent).
6.2. Our Platform enables you to update certain information about yourself, for example, you may change your business or personal information by updating your user profile or changing your user settings.
6.3. You may opt-out of receiving marketing materials from us by using the unsubscribe link in our communications, by updating your preferences within your account on our Platform, or by contacting us. Please note, however, that even if you opt-out of receiving marketing materials from us, you will continue to receive notifications or information from us that are necessary for the use of our products or services.
6.4. As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.
6.5. Any request under paragraph 6.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive.
6.6. We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.
7.1. We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Site or a partner site that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).
7.2. We use the following types of cookies:
(a) Strictly necessary cookies – These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our website.
(b) Analytical/performance cookies – These allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are easily finding what they are looking for.
(c) Functionality cookies – These are used to recognize you when you return to our site.
(d) Targeting cookies – These cookies record your visit to our site, the pages you have visited, and the links you have followed.
Third parties may be able to associate the Data they collect with other Data they have about you from other sources. We do not necessarily have access to or control over the Cookies they use.
You can block cookies by activating the setting on your browser that allows you to refuse the use of all or some cookies. However, if you do so, you may not be able to access all or parts of our site.
Third party sites
Changes to this policy
9.1. We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform after the changes come into effect, you agree to be bound by the revised policy.
10.1. Please contact us at [email protected] or submit any written request to:
Knowledge Catalyst Pte. Ltd.71 Ayer Rajah Crescent, #04-11, Singapore 139951Attn: Chief Privacy Officer
Last updated: 27 Dec 2021
LEGAL BASIS TABLE
Subscribe and receive relevant information regarding product updates, offers, thought leadership, and event invitations from PT. Kredensia Cipta Utama