- Information We Collect
2.1 Personal Information Generally
Some of the Solutions require us to learn more about you so that we can best meet your needs. When you access the Solutions, we may ask you to voluntarily provide us certain information that personally identifies you or could be used to personally identify you (“Personal Information”). Personal Information includes, but is not limited to, the following categories of information: (1) contact data (such as your e-mail address and phone number); (2) demographic data (such as your gender, your date of birth and your zip code); (3) insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the doctors, dentists or other healthcare specialists, professionals, providers, or organizations (collectively, “Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us); and (5) other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords, and Personal Information in emails or letters that you send to us. We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent. You may still access and use some of the Solutions if you choose not to provide us with any Personal Information, but features of the Solutions that require your Personal Information will not be accessible to you.
2.2 Traffic Data
We also may automatically collect certain data when you use the Solutions, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Solutions; (4) web browser(s) used to access the Solutions; (5) referring webpage or other source through which you accessed the Solutions; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Solutions (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.
2.3 Personal Data Protection Act
In Singapore, our country of corporate registration, Personal Data and Protection Act (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
The PDPA provides for the establishment of a national Do Not Call (DNC) Registry. The DNC Registry allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.
The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession.
The PDPA takes into account the following concepts:
- Consent – Organisations may collect, use or disclose personal data only with the individual's knowledge and consent (with some exceptions);
- Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
- Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
For more information regarding PDPA, please refer to www.pdpc.gov.sg
2.4 General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies; the key points of the GDPR as well as information on the impacts it will have on business can be found below.
- How We Collect Information
We collect information (including Personal Information and Traffic Data) when you use and interact with the Solutions, and in some cases from third party sources. Such means of collection include:
- When you use the Solutions’ interactive tools and Solutions, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms prior to Healthcare Provider appointments;
- When you voluntarily provide information in free-form text boxes through the Solutions or through responses to surveys, questionnaires and the like;
- If you use our Site on mobile device(s) or use a location-enabled browser, we may receive information about your location, as applicable;
- Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
- When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.
- Tracking Tools and “Do Not Track”
4.1. Tracking Tools
We may use tools outlined below to provide our Solutions to, advertise to, and to better understand users.
- Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of our Solutions. The information collected by Web Beacons allows us to analyse how many people are using the Solutions, and for what purpose, and also allows us to enhance our interest-based marketing.
- Website Analytics: We may use third-party website analytics services in connection with the Solutions, including, for example, to register mouse clicks, mouse movements, scrolling activity and text typed into the Site. We use the information collected from these services to help make the Solutions easier to use and as otherwise set forth in Section 5 (Use of Information). These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites that do not use their services.
- Mobile Device Identifiers: As with other Tracking Tools, mobile device identifiers help Intermedika learn more about our users’ demographics and internet behaviours. Mobile device identifiers are data stored on mobile devices that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as address and location) and Traffic Data.
- Cross Device Matching: To determine if users have interacted with content across multiple devices and to match such devices, we may work with partners who analyse device activity data and/or rely on your information (including demographic, geographic and interest-based data). To supplement this analysis, we may also provide de-identified data to these partners. Based on this data, we may then display targeted marketing across devices that we believe are associated or use this data to further analyse usage of Solutions across devices.
4.2. Options for Opting out of Cookies and Mobile Device Identifiers
Some web browsers (including some mobile web browsers) allow you to reject Cookies or to alert you when a Cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Intermedika’s Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Solutions.
4.3. How Intermedika Responds to Browser “Do Not Track” (DNT) Signals
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behaviour tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including Intermedika, do not proactively respond to DNT signals.
- Use of Information
We may use information that is neither Personal Information nor Personal Health Information (PHI) (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses Intermedika and how we can deliver a better healthcare experience, or otherwise at our discretion.
We use information, including Personal Information, to provide the Solutions and to help improve the Solutions, to develop new Solutions. Such use may include:
- Providing you with the products, Solutions and information you request;
- Responding to correspondence that we receive from you;
- Contacting you when necessary or requested, including to remind you of an upcoming appointment;
- Providing, maintaining, administering or expanding the Solutions, performing business analyses, or for other internal purposes to support, improve or enhance our business, the Solutions, and other products and Solutions we offer;
- Customizing or tailoring your experience of the Solutions, which may include sending customized messages;
- Notifying you about certain resources, Healthcare Providers or Solutions we think you may be interested in learning more about;
- Sending you information about Intermedika or our products or Solutions;
- Sending emails and other communications that display content that we think will interest you and according to your preferences;
- Showing you advertisements, including interest-based marketing;
- Using statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and
- Fulfilling our legally required obligations, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
- Disclosure of Information
- In certain circumstances, and to perform the Solutions, we may disclose certain information that we collect from you:
- We may share your Personal Information with Healthcare Providers with whom you choose to schedule through the Solutions.
- We may share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments.
- We may share your Personal Information with Healthcare Providers in the event of an emergency.
- We do not sell email addresses to third parties.
- We may share your Personal Information and Traffic Data with our partners who perform operational services (such as hosting, data storage, security, insurance verification, or, website analytics) and/or who make certain services, features or functionality available to our users.
- We may share your Personal Information with the insurance provider you identify to us (and via our partners) to determine eligibility and cost-sharing obligations, and otherwise obtain benefit plan information on your behalf.
- We may transfer your information to another company in connection with a merger, sale, acquisition or other change of ownership or control by or of Intermedika (whether in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
We also may need to disclose your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfil our obligations under applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of you, Intermedika or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.
We may disclose information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) at our discretion.
- Storage and Security of Information
The security of your Personal Information is important to us. We endeavour to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, when you enter sensitive information on our Site, we encrypt that information using Secure Socket Layer (SSL) technology.
We store and process your information on our servers in Singapore and the United States. We maintain industry standard backup and archival systems.
Although we make good faith efforts to store Personal Information in a secure operating environment that is not open to the public, we do not and cannot guarantee the security of your Personal Information. If at any time during or after our relationship we believe that the security of your Personal Information may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavour to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can update that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. You consent to our use of e-mail as a means of such notification. You may also use this e-mail address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Information.
- Controlling Your Personal Information & Notifications
If you are a registered user of the Solutions, you can modify certain Personal Information or account information by logging in and accessing your account. If you wish to close your account, please email us at support@Intermedika.com. Intermedika will delete your account and the related information at your request as soon as reasonably possible. Please note, however, that Intermedika reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law. You must promptly notify us if any of your account data is lost, stolen or used without permission.
- Information Provided on Behalf of Children and Others
The Solutions are not intended for use by children and children are prohibited from using the Solutions. Intermedika does not knowingly collect any information from children, nor are the Solutions directed to children.
By accessing, using and/or submitting information to or through the Solutions, you represent that you are not younger than age thirteen (13). If we learn that we have received any information directly from a child under age thirteen (13) without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Solutions, and we will subsequently delete that information.
If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Solutions only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Solutions on behalf of such minor child. Any information that you provide us while using the Solutions on behalf of your minor child will be treated as Personal Information as otherwise provided herein.
If you use the Solutions on behalf of another person, regardless of age, you agree that Intermedika may contact you for any communication made in providing the Solutions or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Solutions on behalf.
- Other Websites