"Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. For example, "Mr ABC, 40 years old, talent acquisition manager, lives at 12 Ang Mo Kio Central 3" could constitute data that falls under (b). In relation to Personal Data, "processing" refers to carrying out any operations or set of operations on the Personal Data and including any recording, holding, adaptation or alteration, retrieval, combination, transmission, erasure or destruction of Personal Data.
The definition does not extend to (a) business contact information; (b) Personal Data about an individual that is contained in a record that has been in existence for at least 100 years; (c) Personal Data about a deceased individual who has been dead for more than 10 years; or (d) anonymised data. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual.
The exact type of Personal Data that may apply in your case will vary depending on how you have interacted with us. Some examples of such Personal Data you may provide to us include:
If you provide us with any Personal Data relating to a third party (e.g. information on your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained his/her/their consent to provide us with their Personal Data for the respective purposes.
We also rely on you and will assume that you have ensured that all Personal Data submitted to us is complete, accurate, true and correct.
If consents are not procured or if you fail to provide us with complete and accurate information or withhold information, we may be unable to proceed with a particular transaction, agreement or interaction with you. We will take the approach that best safeguards us, you and others from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.
Generally, we may collect, use and/or disclose your Personal Data for the following purposes:
In addition to the above purposes, we may also use Personal Data for purposes set out in the terms and conditions and in any contracts that govern our relationship with you.
In addition, we collect, use and/or disclose your Personal Data for the following purposes:
- If you apply to IHiS for any professional career roles or choose to respond to any employment opportunities offered by IHiS:
If you are an existing employee of IHiS, your relationship with us is governed primarily by an employment contract, and your agreement to IHiS policies and procedures, as well as Employee Handbook (as may be revised from time to time), which may expressly or impliedly inform you of how your Personal Data will be used. Generally, IHiS is required to process your Personal Data in order to comply with its contractual, statutory and management obligations and responsibilities. If you are an employee, officer or owner of an external service provider or vendor who provides services (including outsourcing, secondment or other engagement by IHiS for services).
- conducting interviews;
- assessing, processing and evaluating your application to establish your suitability for the position applied for (including but not limited to pre-recruitment checks involving your qualifications and background screening and facilitating interviews);
- obtaining employee references and for background screening, obtaining employee references or other references where relevant for background screening / vetting – and in this regard, by applying for employment and submitting references and referees, you warrant that consent has been obtained by you for us to contact any third parties named as referees or relevant as references;
- collecting information and reviewing that information to establish your suitability for the position applied for; and/or
- any other purpose reasonably related to the aforesaid.
5. Who Will We Disclose Your Personal Data To
Subject to the provisions of any applicable law, and where relevant for the purposes described, your Personal Data may be collected, used and/or disclosed, for the purposes listed above (where applicable), to the following entities, each subject to our first having reviewed and approved such party for disclosure, whether they are located overseas or in Singapore:
- IHiS' related corporations, affiliates and associated companies;
- our authorised agents, contractors or third party service providers who provide operational services to IHiS, such as courier services, telecommunications, information technology, payment, printing, billing, payroll, processing, technical services, training, market research, call centre, security, or other services to IHiS;
- our professional advisers such as consultants, auditors and lawyers;
- third parties seeking employee references in respect of former employees of any of IHiS' related corporations, affiliates or associated companies;
- any credit bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
- anyone to whom we transfer or may transfer our rights and duties;
- relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority;
- any other relevant party to whom you authorise us to disclose your Personal Data; and
- any other person in connection with the purposes set forth above.
6. Accuracy of Personal Data
We will take appropriate and reasonable steps to ensure the accuracy and correctness of the Personal Data that we collect, use and/or disclose. To enable us to ensure the quality and accuracy of Personal Data, you have an obligation to provide accurate and up-to-date information to IHiS.
7. How We Protect Your Personal Data
We will take reasonable efforts to protect the Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, e.g. that no harmful code (such as viruses, bugs, Trojan horses, spyware or adware) will enter our website.
8. How Long Do We Retain Your Personal Data
We retain Personal Data as may be required for business, legal, regulatory or compliance purposes, and such purposes do vary according to the circumstances. We will take reasonable steps to dispose or anonymise Personal Data that is no longer needed. With regard to medical data that we process, we will retain medical records in accordance with the duration stipulated by MOH and/or in adherence with contractual agreements.
9. Transfer of Personal Data Outside Singapore
Generally, we do not transfer Personal Data out of Singapore, except to our approved third-party services providers for applicable services. Should we do so, we will ensure there is compliance with the requirements under the PDPA.
10. Contacting Us – Withdrawal of Consent, Access, Update or Correct your Personal Data and Queries and Feedback
We respect your rights to your Personal Data and will respond to the following requests:
- Withdrawal of consent; and
- Access, update or correction of your Personal Data.
In each instance, we will use reasonable efforts to respond and/or attend to your request within
21 business days upon receiving your request unless more time is needed, in which case, we will notify you of this within the 21 day period.
For current employee and registered account holders, please log in to your respective dedicated portals. If you have any queries relating to the portals below, please contact the portals' administrators directly at:
To process your request, we will seek to verify your identity and other details so as to retrieve the relevant data. If we are unable to complete your request, we will inform you of the reasons. In responding to your access request, we may collect a reasonable fee if necessary and will inform you beforehand. If we require any further justifications or grounds before processing your request, we will inform you of the same.
You are entitled to withdraw your consent for the collection, use and disclosure of your Personal Data at any time. However, depending on the nature of the withdrawal, it may impact our ability to proceed with your transactions, agreements or interactions with us, and in particular it may not be possible, without undue risk, cost or liability to IHiS to proceed with a particular transaction, agreement or interaction with you, and we may be left with no choice but to cease or refrain from the same.
We will take the approach that best safeguards us, you and others from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.
At the same time, it should be noted that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies, or undertaking any steps as we may be entitled to at law).
A cookie is a small piece of information that is placed on your computer when you visit certain websites. The cookies placed by the servers hosting our websites are readable only by us, and cookies cannot access, read or modify any other data on an electric device, nor does it capture any data which allows us to identify you individually. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we will not gather any information on you.
Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.
b) Third Party Sites
This site may contain links to other websites operated by third parties, whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to check the privacy notices of these other websites to determine how they will handle any information they collect from you.
c) Web Analytics
Web analytics is the term given to a method for collecting and assessing the behaviour of visitors to websites and mobile or web-based applications. This includes the analysis of traffic patterns in order, for example, to determine the frequency of visits to certain parts of a website or mobile or web-based application, or to find out what information and services our visitors are most interested in. For these purposes, we primarily make use of click-stream data and the other techniques listed above. Web analytics are carried out by the Content Management Systems, Google Analytics and/or other selected parties (as we may inform you from time to time) ("Web Analytics Providers"). When you visit
d) Governing Law
Last updated: 1st August 2022
IHiS is the IT agency for the public healthcare sector in Singapore. It is a wholly-owned subsidiary of MOHH Holdings Pte Ltd (“MOHH”), the holding company through which the Singapore government owns the corporatised institutions in the public healthcare sector.
Generally, IHiS also acts as a data intermediary for public healthcare organisations, and where so, our processing of Personal Data is subject to stringent contractual controls and oversight including appropriate legal, regulatory, operational and technical requirements and safeguards.
As data intermediaries we will perform data processing activities, the details of which are confidential. Queries concerning your Personal Data in relation to any public healthcare organisation for which IHiS acts as data intermediary, should be directed to that public healthcare organisation’s data protection officer / office.