Search

Privacy Policy

Integrated Health Information Systems Pte. Ltd. (collectively "IHiS", "us", "we" or "our") are committed to protecting the rights and privacy of individuals in accordance with the Singapore Personal Data Protection Act 2012 (the "PDPA").

This policy ("Privacy Policy") describes how we may collect, use, disclose, process and manage your Personal Data in the course of our business, including our websites, services and products such as mobile applications, technical platforms, and other online or offline offerings otherwise indicated. This policy applies to any individual's Personal Data which is in our possession or under our control.

This Privacy Policy was last updated on the date shown at the end of this Privacy Policy. If you have any queries related to this Privacy Policy, please contact the persons identified at the end of this Privacy Policy.


1. What Personal Data We Collect

"Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. For example, "Mr ABC, 40 years old, talent acquisition manager, lives at 12 Ang Mo Kio Central 3" could constitute data that falls under (b). In relation to Personal Data, "processing" refers to carrying out any operations or set of operations on the Personal Data and including any recording, holding, adaptation or alteration, retrieval, combination, transmission, erasure or destruction of Personal Data.  

The definition does not extend to (a) business contact information; (b) Personal Data about an individual that is contained in a record that has been in existence for at least 100 years; (c) Personal Data about a deceased individual who has been dead for more than 10 years; or (d) anonymised data. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual.

The exact type of Personal Data that may apply in your case will vary depending on how you have interacted with us. Some examples of such Personal Data you may provide to us include:

  • Personal details (e.g. name, NRIC, FIN, passport or other identification number, contact details, residential address, personal email address, nationality, medical history and background, and/or income levels);
  • images and biometrics (e.g. photographs, voice and video recordings of you, including our conversations with you, using fingerprint mapping and facial recognition for verification or other purposes);
  • employment details (e.g. occupation, directorships, and other positions held, employment history, salary and/or benefits);
  • your personal opinions made known to us (e.g. through feedback or surveys);
  • other electronic data or information relating to you through your usage of our products and services or as part of their delivery to you (e.g. location data, IP address, activity logs, cookies, device carrier/operating system and connection type); and
  • (if you are an applicant for employment with us) past employment information and/or curriculum vitae and any other information relating to you which you have provided us.

2. How We Collect Your Data

Generally, we may collect your Personal Data in the following ways:

  1. when you use our electronic services, app downloads, or interact with us (including social media platforms) via any of our online and/or digital services;
  2. when you interact with us via any offline transactions such as counter customer service, face-to-face meetings, career roadshows and product tradeshows;
  3. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
  4. when you submit forms, applications, requests or feedback to us;
  5. when we receive your Personal Data from referral parties, your employer and/or other authorised third parties;
  6. when your images are captured by us when you attend corporate events (including our recreation activities) hosted by us; and
  7. when you submit your Personal Data to us for any other reason.

If you provide us with any Personal Data relating to a third party (e.g. information on your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained his/her/their consent to provide us with their Personal Data for the respective purposes.

We also rely on you and will assume that you have ensured that all Personal Data submitted to us is complete, accurate, true and correct.

If consents are not procured or if you fail to provide us with complete and accurate information or withhold information, we may be unable to proceed with a particular transaction, agreement or interaction with you. We will take the approach that best safeguards us, you and others from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.


3. How We Use Your Personal Data

Generally, we may collect, use and/or disclose your Personal Data for the following purposes:

  1. assessing and processing applications, instructions or requests from you;
  2. verifying your identity before providing our services or responding to your queries, feedback, complaints and/or requests;
  3. managing our day-to-day business operations and complying with internal policies and procedures;
  4. communicating with you, including providing you with job opportunities and updates on changes to products and services;
  5. carrying out research, survey and/or business analysis to improve our products and services and to enhance business strategies;
  6. facilitating and maintaining risk and security management including any enterprise-wide risk management exercise such as close-circuit television (CCTV), protection against unauthorised leakage, access or usage of our physical or IT platforms, investigating any fraudulent activities and conducting checks and audits;
  7. preventing, detecting and investigating crime and analysing and managing commercial risks including conducting investigations relating to disputes, billing or fraud;
  8. in connection with any claims, actions or proceedings (including but not limited to seeking consultancy or professional services, obtaining legal advice and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
  9. managing Requests for Proposal(s), Requests for Quotation(s), project tenders and quotations, processing orders or managing the supply of goods and services;
  10. processing and payment of vendor invoices and bills;
  11. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales); and/or
  12. complying with any applicable rules, laws, regulations, directives, orders, codes of practice or instructions issued by any legal or regulatory bodies and law enforcement authorities.

In addition to the above purposes, we may also use Personal Data for purposes set out in the terms and conditions and in any contracts that govern our relationship with you.


4. For Employment Purposes

In addition, we collect, use and/or disclose your Personal Data for the following purposes:

  1. If you apply to IHiS for any professional career roles or choose to respond to any employment opportunities offered by IHiS:
    • conducting interviews;
    • assessing, processing and evaluating your application to establish your suitability for the position applied for (including but not limited to pre-recruitment checks involving your qualifications and background screening and facilitating interviews);
    • obtaining employee references and for background screening, obtaining employee references or other references where relevant for background screening / vetting – and in this regard, by applying for employment and submitting references and referees, you warrant that consent has been obtained by you for us to contact any third parties named as referees or relevant as references;
    • collecting information and reviewing that information to establish your suitability for the position applied for; and/or
    • any other purpose reasonably related to the aforesaid.
  2. If you are an existing employee of IHiS, your relationship with us is governed primarily by an employment contract, and your agreement to IHiS policies and procedures, as well as Employee Handbook (as may be revised from time to time), which may expressly or impliedly inform you of how your Personal Data will be used. Generally, IHiS is required to process your Personal Data in order to comply with its contractual, statutory and management obligations and responsibilities. 
  3. If you are an employee, officer or owner of an external service provider or vendor who provides services (including outsourcing, secondment or other engagement by IHiS for services).

5. Who Will We Disclose Your Personal Data To

Subject to the provisions of any applicable law, and where relevant for the purposes described, your Personal Data may be collected, used and/or disclosed, for the purposes listed above (where applicable), to the following entities, each subject to our first having reviewed and approved such party for disclosure, whether they are located overseas or in Singapore:

  1. IHiS' related corporations, affiliates and associated companies;
  2. our authorised agents, contractors or third party service providers who provide operational services to IHiS, such as courier services, telecommunications, information technology, payment, printing, billing, payroll, processing, technical services, training, market research, call centre, security, or other services to IHiS;
  3. our professional advisers such as consultants, auditors and lawyers;
  4. third parties seeking employee references in respect of former employees of any of IHiS' related corporations, affiliates or associated companies;
  5. any credit bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
  6. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
  7. anyone to whom we transfer or may transfer our rights and duties;
  8. relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority;
  9. any other relevant party to whom you authorise us to disclose your Personal Data; and
  10. any other person in connection with the purposes set forth above.

6. Accuracy of Personal Data

We will take appropriate and reasonable steps to ensure the accuracy and correctness of the Personal Data that we collect, use and/or disclose. To enable us to ensure the quality and accuracy of Personal Data, you have an obligation to provide accurate and up-to-date information to IHiS.


7. How We Protect Your Personal Data

We will take reasonable efforts to protect the Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, e.g. that no harmful code (such as viruses, bugs, Trojan horses, spyware or adware) will enter our website.


8. How Long Do We Retain Your Personal Data

We retain Personal Data as may be required for business, legal, regulatory or compliance purposes, and such purposes do vary according to the circumstances. We will take reasonable steps to dispose or anonymise Personal Data that is no longer needed. With regard to medical data that we process, we will retain medical records in accordance with the duration stipulated by MOH and/or in adherence with contractual agreements.


9. Transfer of Personal Data Outside Singapore

Generally, we do not transfer Personal Data out of Singapore, except to our approved third-party services providers for applicable services. Should we do so, we will ensure there is compliance with the requirements under the PDPA.


10. Contacting Us – Withdrawal of Consent, Access, Update or Correct your Personal Data and Queries and Feedback

We respect your rights to your Personal Data and will respond to the following requests:

  1. Withdrawal of consent; and
  2. Access, update or correction of your Personal Data.

In each instance, we will use reasonable efforts to respond and/or attend to your request within 21 business days upon receiving your request unless more time is needed, in which case, we will notify you of this within the 21 day period.

For current employee and registered account holders, please log in to your respective dedicated portals. If you have any queries relating to the portals below, please contact the portals' administrators directly at:

  Portals   Assigned administrators
  Job application   careers@ihis.com.sg
  Others   contactus@ihis.com.sg

 

If you have any questions or feedback relating to your Personal Data or our Privacy Policy, you can contact our Data Protection Officer by emailing us at: contactus@ihis.com.sg.

To process your request, we will seek to verify your identity and other details so as to retrieve the relevant data. If we are unable to complete your request, we will inform you of the reasons. In responding to your access request, we may collect a reasonable fee if necessary and will inform you beforehand. If we require any further justifications or grounds before processing your request, we will inform you of the same.

You are entitled to withdraw your consent for the collection, use and disclosure of your Personal Data at any time. However, depending on the nature of the withdrawal, it may impact our ability to proceed with your transactions, agreements or interactions with us, and in particular it may not be possible, without undue risk, cost or liability to IHiS to proceed with a particular transaction, agreement or interaction with you, and we may be left with no choice but to cease or refrain from the same.

We will take the approach that best safeguards us, you and others from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.

At the same time, it should be noted that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies, or undertaking any steps as we may be entitled to at law).


11. Others

a) Use of Cookies
A cookie is a small piece of information that is placed on your computer when you visit certain websites. The cookies placed by the servers hosting our websites are readable only by us, and cookies cannot access, read or modify any other data on an electric device, nor does it capture any data which allows us to identify you individually. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we will not gather any information on you.

Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.

 

b) Third Party Sites
This site may contain links to other websites operated by third parties, whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to check the privacy notices of these other websites to determine how they will handle any information they collect from you.

 

c) Web Analytics

Web analytics is the term given to a method for collecting and assessing the behaviour of visitors to websites and mobile or web-based applications. This includes the analysis of traffic patterns in order, for example, to determine the frequency of visits to certain parts of a website or mobile or web-based application, or to find out what information and services our visitors are most interested in. For these purposes, we primarily make use of click-stream data and the other techniques listed above. Web analytics are carried out by the Content Management Systems, Google Analytics and/or other selected parties (as we may inform you from time to time) ("Web Analytics Providers"). When you visit our website(s), Personal Data may (unless you have refused the processing of your Personal Data via such cookies and technologies) be sent to the Web Analytics Providers for analysis for and on behalf of us for the purposes described in this Privacy Policy. Please note that if you have created an online profile at our website or mobile or web-based application and if you are logged in using this profile, a unique number identifying this profile may also be sent to the Web Analytics Providers in order to be able to match the web analytics data to this profile. If you do not wish information about your behaviour at our website or any mobile or web-based applications to be collected and assessed by Google Analytics, you can install the Google Analytics opt-out browser add-on. Please refer to Google Analytics Opt-out Browser Add-on page for more information on downloading the add-on and opting out.

 

d) Governing Law

This Privacy Policy shall be governed in all respects by the laws of Singapore.


12. Updates to this Privacy Policy

This Privacy Policy applies in conjunction with any other relevant notices, policies and contractual and consent clauses entered with us.

We will update this Privacy Policy from time to time to ensure that this Privacy Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements.

Any changes we may make to this Privacy Policy in the future will be posted onto our website at www.ihis.com.sg.

Last updated:  1st August 2022



NOTE:

IHiS is the IT agency for the public healthcare sector in Singapore. It is a wholly-owned subsidiary of MOHH Holdings Pte Ltd (“MOHH”), the holding company through which the Singapore government owns the corporatised institutions in the public healthcare sector. 

Generally, IHiS also acts as a data intermediary for public healthcare organisations, and where so, our processing of Personal Data is subject to stringent contractual controls and oversight including appropriate legal, regulatory, operational and technical requirements and safeguards. 

As data intermediaries we will perform data processing activities, the details of which are confidential. Queries concerning your Personal Data in relation to any public healthcare organisation for which IHiS acts as data intermediary, should be directed to that public healthcare organisation’s data protection officer / office.

Information about the policies and practices of such organisations are made available by the public healthcare organisation itself (e.g. your clinic, your hospital, etc) and you should refer to their privacy policy and direct any queries concerning the same to the appropriate contact stated therein.