Enna Health Data Protection Policy
Our Commitment
We recognise the importance of the personal data you have entrusted to us and this Data Protection Policy is to assist you in understanding the purpose of collection, use and disclosure of your personal data by us. We are committed to protecting your personal data and will manage and process your personal data in accordance with the requirements of Singapore's Personal Data Protection Act 2012 (the "PDPA"), the Philippine’s Data Privacy Act of 2012 (the “DPA”), India’s Digital Personal Data Protection Act, 2023 (the “DPDPA”) and other relevant legislation.As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time and reserve the right to amend this Data Protection Policy at our discretion.
Section 1: Introduction – About this DPP
- The purpose of this document (“Data Protection Policy”, or “DPP”) is to inform you of how Enna Health Pte. Ltd. (“Enna Health”) collects, uses, discloses, processes or otherwise handles (“Handles”) your personal data, and to let you know how you can exercise your rights in respect of your personal data. This is the full DPP.
- The portion of the DPP that applies to your personal data will depend on the nature of your transactions, agreements or interactions with us.
- Please note that though we make an effort, as per legal requirements, to provide reasonably adequate information concerning our policies as it pertains to personal data, this DPP is not an exhaustive list of all the situations or scenarios concerning personal data. Feel free to approach Enna Health’s Personal Information Controller / Data Protection Officer / Data Fiduciary (see Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data below) if you need clarification about any specific situation.
- We update the DPP from time to time to ensure that our standards and practices remain relevant, are up to date, comply with applicable laws and guidelines, and remain applicable to industry trends. The latest version of the DPP supersedes and replaces the earlier versions.
- The public website at http://www.enna.health contains the latest links and most updated editions of the DPP or resources.
- We encourage and ask all individuals who interact with Enna Health, including any person to whom personal data relates (each a “data subject”) to check back to the publicly posted / circulated copies of the DPP.
How this DPP becomes a part of your journey with us
- The DPP is an integral part of your journey with us. It applies to and forms part of the terms and conditions governing your transactions, agreements or interactions with us, whenever your personal data is Handled by us.
- We bring it to your attention and make it a part of or complementary to your transactions, agreements or interactions with us, in addition to the website and making the copies of this DPP available as mentioned above, by
- making the DPP available or issuing / providing the DPP to you (or your authorised representatives) upon your first registration as a user following the publication of the DPP;
- making the DPP available upon request;
- including a reference to the DPP in applicable documents / recordings or other media including, generally for all data subjects, agreements, documents, and various forms (e.g. consent forms, data collection forms, feedback forms, application forms, questionnaires, surveys, and any other forms etc.) which may be given to you in the course of your interaction with us.
- The DPP, having been brought to your attention, becomes binding by your taking any of the following step
- proceeding with your transactions, agreements or interactions with us;
- submitting information to us via forms or other data collection means or processes (whether through a form, an interview or by other means);
- signing up / applying for using our tools;
- interacting with our websites, electronic forms;
- calling or sending messages to us; and
- other means.
Your other / specific agreements
- The DPP is an integral part of your journey with us. It applies to and forms part of the terms and conditions governing your transactions, agreements or interactions with us, whenever your personal data is Handled by us.
Who will comply with this DPP
- We ask and require that each of the following parties / persons to abide by this DPP:
- all Enna Health employees;
- all volunteers and trainees (including students);
- third parties (including third party partners, service providers, or affiliates) whom we work with and who have agreed to abide by this DPP.
Section 2: Your personal data
What kind of data will this DPP apply to
- This DPP applies to “personal data”, which, in this DPP and in line with the relevant laws and regulations, refers to any data, whether true or not, about an individual (i.e. the data subject) who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access to, including data in our records as may be updated from time to time.
- The exact type of personal data that may apply in your case will vary depending on how you have interacted with us. Examples of such personal data you may provide to us include (depending on the nature of your interaction with us) your name, telephone number(s), mailing address, email address and any other information relating to any individuals which you have provided us in any forms you may have submitted to us or via other forms of interaction with us.
What is not personal data
- Personal data does not include data about a data subject which has been anonymised. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual. Techniques can include pseudonymisation, aggregation, replacement, data reduction, data suppression, data shuffling, or masking.
- Enna Health practices and undertakes reasonable safeguards to anonymise personal data in appropriate situations, balancing both the need to rely on and use sufficiently accurate and complete personal data to protect life and health, and avoid mistakes, injury or accidents.
Section 3: Consent
What this DPP enables you and us to do
- By applying this DPP, you:
- consent to Enna Health and the relevant person(s) (see “Who will comply with this DPP” above) Handling your personal data in ways which enable us to serve you, provide you with the relevant services, attend to the relevant transaction, or to facilitate our interactions with you;
- enable the exercise of your rights under the relevant laws and regulations in an operative and applicable framework, including securing the right to access your personal data, withdraw (or manage) your consents and preferences as to your personal data.
- Your consent may not be necessary or required in some situations as there may be applicable law or regulation which renders this unnecessary, or where certain permissions or rights or duties have been accorded to Enna Health which enable / require us to Handle the personal data. Where such law or regulation applies, we will act in accordance with those other laws and regulations.
Withholding / Withdrawing Consent
- You are entitled under applicable law to withhold / withdraw consent to the collection, use or disclosure of personal data, and Enna Health will respect your choices in this regard. You may withhold consent at any juncture that you are asked for consent, and you may also apply the process / method to withdraw consent as stated in this DPP (see Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data below).
- However, as is recognised by and provided for under the relevant laws and regulations, it may be that any choice you make to withhold or withdraw consent may impact our ability to proceed with your transactions, agreements or interactions with us, and in particular, it may not be possible, without undue risk, cost or liability to Enna Health, to proceed with a particular transaction, agreement or interaction with you, and we may be left with no choice but to cease or refrain from the same.
- Enna Health will take the approach that best safeguards us, you and others from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.
- At the same time, it should be noted that your withholding / withdrawal of consent will not prevent us from exercising our legal rights (including any remedies, or undertaking any steps as we may be entitled to at law).
Section 4: Collection of Personal Data
How we collect personal data
- Generally, depending on the situation, we may collect personal data in the following ways:
- when you submit any form, including but not limited to consent forms;
- when, as a user, submit medical records, including but not limited to various forms of diagnostic files or records to us;
- when you interact with our staff, including customer service officers other representatives etc. via telephone calls (which may be recorded), letters, fax, face-to-face meetings and email;
- when you attend Enna Health’s events (e.g. public forums and corporate events) and your voice and image data is captured on our audio and video recordings;
- when you use our services provided through online and other technology platforms, such as kiosks, websites and apps, including through the use of any online platforms / technologies or tools;
- when you request that we contact you, be included in an email or other mailing list; or when you respond to our request for additional personal data, our promotions and other initiatives;
- when you are contacted by, and respond to, our customer service officers and other service providers;
- when we receive your personal data from referral parties, public agencies (including other government agencies, third party organisations, other professionals with whom you have interacted, such as medical social workers), your representatives (or third parties engaged by you or acting for you, including concierges, assistants) and other third parties;
- when you make payment or provide details to facilitate payment;
- when we seek information from third parties about you in connection with your relationship with us, including from next-of-kin and caregivers;
- when you browse the Enna Health website (you generally do so anonymously but please see the section below on cookies), and you provide such information or login with your account credentials;
- from publicly available sources including public social media or information you make available to the public; and
- when you submit your personal data to us for any other reasons.
Collection of personal data about you from third parties, & collection of data about third parties from you
- We may also collect personal data about you from third parties such as:
- your representatives / intermediaries / agents or your next-of-kin who may either be doing so on your behalf, or in connection with their own transactions, agreements or interactions with us (in which event we will endeavour to collect only such personal data as may be relevant); and
- your service providers (e.g. your clinicians, insurers, bank, etc.).
- If you provide us with any Personal Data relating to a third party (e.g. information of your next-of-kin, spouse, children, parents, and / or employees), by submitting such information to us, we rely on you and will assume that you are representing to us that you have obtained the consent from the third party to provide us with their personal data for the respective purpose for which we are collecting this personal data.
Accuracy of personal data we collect from you
- We also rely on you and will assume that you have ensured that all personal data submitted to us is complete, accurate, true and correct.
Risks of relying on data we collect from you that is without consent or which is inaccurate
- If consents are not procured or if you fail to provide us with complete and accurate information, we may, in some situations, be prevented from performing the transaction, agreement or interaction in question or cause harm to a data subject.
- Enna Health will take the approach that best safeguards us, you and others from risks, and we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.
How much personal data we collect
- Enna Health will endeavour to limit the collection of personal data to what is reasonable or necessary for such applicable purposes as described in this DPP.
- However, it should be noted that in the case of medical / health information, the extensiveness and completeness of information that is collected can mean the difference between saving a life, or preventing the loss of life, and can make a crucial difference between a full and proper diagnosis with appropriate treatment and incomplete or inadequate treatment.
- Further, the relevance of information may not be immediately apparent at first and personal data may be collected as a matter of precaution to ensure that you or a data subject is adequately protected from or treated for illness.
Withholding information
- If you withhold information, this can have the same effect as when you withdraw consent (see “Withholding / Withdrawing Consent” above), and as stated in the “Risks of relying on data we collect from you that is without consent or which is inaccurate” section above, we may well have no choice but to decline to proceed with the transaction, agreement or interaction in question to avoid causing harm or exposing us, you or others to risk.
Section 5: Why we Handle Your Personal Data (i.e. the “Purposes”) & to Whom We Disclose It to
- Generally, Enna Health Institution Handles your personal data for the purposes set out in this section. Any one or more of the listed purposes may apply to your personal data, depending on the actual situation. The following does not purport to be an exhaustive listing, although an effort is made to set out as many salient purposes as may be applicable as set out in paragraphs 36, 40, 53 and 56 of this section.
- In the sub-sections that follow we set out some of the Purposes which apply to collection or use of personal data in certain scenarios and also identify some of the relevant recipients in the disclosure of personal data. We would also highlight that while a party may be listed as a recipient or source of personal data in these sections, that same party may also be a recipient or source (albeit not listed or mentioned expressly) in other scenarios.
To treat patients or provide medical services
- Generally, Enna Health Institution Handles your personal data for the purposes set out in this section. Any one or more of the listed purposes may apply to your personal data, depending on the actual situation. The following does not purport to be an exhaustive listing, although an effort is made to set out as many salient purposes as may be applicable as set out in paragraphs 36, 40, 53 and 56 of this section.
- In the sub-sections that follow we set out some of the Purposes which apply to collection or use of personal data in certain scenarios and also identify some of the relevant recipients in the disclosure of personal data. We would also highlight that while a party may be listed as a recipient or source of personal data in these sections, that same party may also be a recipient or source (albeit not listed or mentioned expressly) in other scenarios.
To treat patients or provide medical services
- The personal data may be disclosed / shared with healthcare professionals (such as doctors, physicians, residents, nurses, technicians, students / trainees who are assisting on or providing medical treatment / services), other medical institutions / facilities (including labs, pharmacies, counsellors, care providers such as next-of-kin, service providers etc.), and healthcare providers. In each case the disclosure or sharing of such personal data is solely to such persons or entities which are involved in the care of the patient.
- We may Handle your personal data, particularly if you are a patient, to suggest other medical treatments, such as physiotherapy, mental health therapy, speech and dietetics treatments and therapies.
- The purposes for which such personal data is Handled includes:
- processing new users, and the onboarding of information on relevant data subjects necessary to establish user records and to commence supporting user during their treatment journey;
- managing your relationship with your healthcare providers, and providing medical services, including and without limitation to the management of your appointments, registration, advising you of alternative treatment options, sending notifications to you, communicating patient care issues, securing instructions on treatment choices;
- contacting family members / next-of-kin / representatives for purposes of providing patient location and medical updates;
- ensuring appropriate delivery of core services including delivering medical updates, facilitating set-up and registration of alternative treatment options;
- verifying patient identity, preventing impersonation / fraud, and documenting accurate information;
- internal auditing, managing medical records, including facilitating patient merge processing and answering requests for medical records (including compilation of centralised medical records for quick reference by various internal departments for medical purposes), producing medical reports and associated administrative documents;
- co-ordinating health care services provided by other healthcare providers;
- referring / collaboration with / transferring users to other institutions, healthcare professionals, caregivers, persons, organisations for procedures, additional support on treatment, specialist assistance, the procurement or provision of follow up care or as part of integrated / seamless / holistic care arrangements;
- supporting, organising, co-ordinating, facilitating or executing regional health programs; and
- all other purposes reasonably related to the aforesaid.
- We may also Handle personal data (such as telephone number and email address) to contact you and / or your representatives to remind you of appointments with your healthcare provider. Telephone calls may also be made as part patient care and follow up (including but not limited phone triage, or consultation).
- We may also disclose personal data in emergency situations affecting (or causing serious threats to) the health, life, safety of any individual. Such disclosures will be made to such persons as may be necessary to address or respond to the situation.
For healthcare operations
- We may Handle your personal data in order to execute healthcare operations. In brief, this relates to planning, execution, administration and implementation of functions or things which are necessary to run Enna Health. Your personal data may also be used to respond to the service needs of patients as well as other data subjects.
- Purposes under this heading include:
- acknowledging, responding to, processing and handling your complaints, queries, requests, feedback (including patient experience interviews or surveys, and including for purposes of improving services, or recognising service achievements, which, in each case, participation would include us reaching out to you and/or responding to your feedback) and suggestions;
- managing the administrative and business operations of Enna Health, including file management, tracing of old reports, old films and old clinical notes for review and audit studying and improving efficiency, standards and quality of Enna Health services and operations;
- complying with internal policies and procedures, including recording and managing third party service utilisation;
- personalising your experience with Enna Health;
- right siting users to ensure that the correct and most appropriate level / type of healthcare services are applied and making appropriate referrals or directions accordingly or to transfer users accordingly;
- matching any personal data held which relates to you for any of the Purposes;
- requesting feedback or participation in surveys;
- processing and billing for services delivered and collecting payment on debts;
- conducting quality update and morbidity and mortality review;
- handling potential legal claims, manage litigation cases and review legal cases;
- analysis for statistical, profiling or other purposes for us to conduct category analysis, financial analysis, investigate service lapses, and to review, develop and improve the quality of our products and services;
- quality improvement projects and / or data analytics for service enhancement and improvement, including workload management, efficiency requirements, process reengineering or management / introduction of new processes or technologies to enhance / supplement service delivery, and all associated interactions with service providers, regulatory bodies or related companies to facilitate or support such purposes;
- to develop predictive tools so as to enhance treatment and diagnosis, and to manage risks;
- to study workflows for efficiency and effectiveness including data capture and processing;
- conduct reviews, reporting and examining case studies, incidents (including incident reporting and governance), issues encountered with a particular data subject so as to understand, minimize and avoid risks, service failures or hazards;
- undertaking preventative measures to safeguard any individual, property or defend and maintain legal rights;
- to clarify issues or matters which have arisen in connection with existing or potential disputes;
- to clarify and resolve discrepancies or reconcile information and establish accurate records;
- to carry out root cause analysis of issues for the compilation of reports to management and to address investigations;
- ensuring the safety of the Enna Health’s staff and operations;
- data mining to track pharmaceutical drug transactions, usage patterns and drug movement;
- to identify and establish ways to improve or deliver more appropriate products, services or developments to better address the needs of data subjects;
- to combine, collate, compile, analyze, review or submit reports or recommendations to meet the Purposes listed above;
- to ensure that staff, volunteers, students are properly trained to provide services or execute their functions in the context of healthcare operations generally;
- to meet organisational auditing, accreditation and compliance requirements concerning service standards;
- sending staff for occupational health reviews; and
- all other purposes reasonably related to the aforesaid.
- For these purposes, disclosures may be made to Enna Health’s staff who have a need to know, such as administrators, executive / administrative staff, as well as persons who can assist Enna Health in undertaking these purposes such as analysts, consultants, advisors, educators, or other similar persons.
- Disclosures for this purpose can also be to Enna Health’s relevant regulatory bodies who monitor performance for public healthcare operational indicators, or to service providers.
- Disclosures may also be to agents, debt collection agencies, contractors or third party service providers who provide operational services to the Enna Health, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to Enna Health, or other vendors or other third party service providers in connection with services offered by the Enna Health.
- It may be necessary to disclose personal data records to a third party service provider or vendor, in order to obtain the services of that vendor. In such instances, reasonable safeguards will be taken to ensure the confidentiality of your personal data records.
- In the case of third party entities, Enna Health will ensure that agreements in place with such third parties to hold them to the standards in this DPP.
To minimise or eliminate errors which can cause harm & to safeguard the health, safety or well being of individuals
- Enna Health believes that the making of decisions and taking of steps in relation to the healthcare of a patient involves great care and should be made on the basis of complete and accurate information. Should a situation develop where the lack of information about an individual (whether a user, next-of-kin, or other person) or the lack of completeness of a particular record could result in the creation or rise in risk to the health, safety or well being an individual (e.g. through errors, or inability to validate information etc.), it is essential for our staff to be able to take steps to minimize or eliminate such risks and any personal data may be collected, used or disclosed by us for this purpose.
- In such cases, collection, use or disclosure will be made strictly to the extent necessary and to such persons as may be necessary to achieve the minimization or elimination of such risks.
To leverage the use of information technology tools and platforms as may be appropriate to provide services
- Enna Health is progressive and continually exploring ways to advance the seamless and efficient delivery of healthcare services, and information technology (“IT”) tools and platforms are central to this drive.
- Enna Health may also, as part of the efforts to increase security and efficiency around healthcare operations or the handling of any information including personal data, make use of third party IT platforms and services. Where so, Enna Health will ensure that such engagements are made with appropriate legal, operational, technological and security controls.
To comply with applicable law / regulations
- As healthcare related service providers, Enna Health and / or its staff are subject to and regulated by various statutes and regulations such as the DPA, PDPA, DPDPA etc.
- Other compliance obligations may include where health information is to be collected, used, disclosed or process to meet requirements under other local governing bodies, or to comply with court orders.
- In addition, Enna Health may be required to collect, use or disclose personal data for the purposes of facilitating business asset transactions (which may extend to any merger, acquisition or asset sale); and in order to comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities.
- Examples of such purposes include:
- reporting relevant suspected adverse drug reactions experienced by patients to relevant drug authorities;
- preventing, detecting and investigating crime, and making the necessary reports to the investigative or appropriate authorities (e.g. where we suspect cases of abuse, or the information is required to assist in investigations or proceedings.);
- complying with court orders, directives, or applicable requests from appropriate authorities;
- working with and releasing personal data to a coroner or medical examiner so as to identify a deceased person, determine the cause of death, assist in the coroner or examiner’s investigations / verdicts; and g. all other purposes reasonably related to the aforesaid.
- To comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered, Enna Health may disclose the relevant personal data to government regulators, government ministries, registries for diseases and illnesses, statutory boards or authorities and/or law enforcement agencies, whether local or overseas.
Section 6: Your Trusted Representatives – E.g. Next-of-Kin / Guardians / Parents of Minors & other Identified Individuals
- Enna Health recognizes that the care of a user may well involve or impact more than 1 individual, and the persons who must be kept informed, or who could have a say in such matters may well extend beyond the user.
- Relevant laws and regulations place an emphasis on the rights of the data subject, and obligate Enna Health to respect that data subject’s wishes. Enna Health seeks always to balance the need to respect the interests of the data subjects as required by law, with the rights of such persons connected to the data subject.
Caregivers, Next-of-Kin, Legal Guardians / parents of minors (or disabled individuals)
- Where the data subject is a caregiver, next-of-kin, representative (including an executor or administrator to a deceased patient) to a user and / or former user (including a deceased user), or where the data subject is a the legal guardian or parent of a minor / disabled individual who are either users or former users of Enaa Health (collectively a “User’s Representative”), the purposes for the Handling of your personal data include:
- identifying users who booked appointments;
- managing and supporting for users, including registering for outpatient or inpatient consultations;
- processing registration for outreach programmes such as support groups and public forums;
- confirming workshop attendance and issuing acknowledgment receipt of registration fees;
- facilitating vendor liaisons;
- all other purposes reasonably related to the aforesaid.
Granting access to a patient’s personal data to a User’s Representative
- Enna Health will accept any notification from a court or competent legal authority as to the identification of any individual appointed under applicable law, regulation or court order as a User’s Representative and Enna Health will grant any such person access to the personal data of the patient where required by such law, regulation or court order.
- Where the user is a minor, we will, unless otherwise alerted with due proof of contrary authorisation / order, make the reasonable assumption that each parent (meaning both parents, whether married, separated or divorced) has full rights of access to the minor user’s personal data unless otherwise alerted with due proof of contrary authorisation / order, or where our staff take the view that such access could jeopardize the health, safety or well being of any person.
- Every user who is of majority age (i.e. above 18 years old) and with full legal capacity, is entitled to exercise his / her legal rights to identify any persons who are to act as a User’s Representative. In such instances, we will, unless otherwise instructed by the user, or alerted with due proof of contrary authorisation / order, make the reasonable assumption that any immediate next-of-kin (i.e. parents, siblings, and children) may be contacted in respect of emergencies or in situations where contact is needed to safeguard to preserve the health, safety or well being of the user.
- Should any user of legal age of majority, with full legal capacity, wish for Enna Health to instruct us to limit access to his / her personal data or include only certain named persons in the handling / administration of any personal data or matters concerning the individuals healthcare, we will respect these decisions, subject to appropriate verifications / processes to ensure that such instructions are properly given.
NOTICE to all persons identifying themselves as a User’s Representative
- For this reason, notice is given to all individuals that even if they identify themselves as a User’s Representative, such identification may not match our latest records / instructions from the user, or such records / instructions may limit access to the user’s personal data. In such cases, Enna Health reserves the right to decline access, pursuant to our obligations under the relevant laws and regulations.
Contacting persons in emergencies / safeguarding of health, safety & well being
- Notwithstanding the above, Enna Health has a right under the relevant laws and regulations to contact such persons or execute such steps involving the Handling of personal data as may be reasonably necessary to address emergencies or in situations where contact is needed to safeguard and preserve the health, safety or well being of the user, or to comply with our legal obligations.
Section 7: Research Purposes
- At Enna Health, we are committed to serving the needs of all our patients by constantly pushing the frontiers of our services through research. To the extent that research refers to human biomedical research under the HBRA (https://www.moh.gov.sg/content/moh_web/home/legislation/legislation_and_guidelines_/humanbiomedical-research-act.html). We have committed a significant amount of resources into our research processes so that the outcome of our research studies may offer better clinical care and outcomes to all our users today and for generations to come.
- All other activities such as efficiency reviews, study of support activities mentioned elsewhere in this DPP which are intended to improve the quality and delivery of our services. Enna Health is in compliance with the relevant laws and regulations and will apply reasonable safeguards to the Handling of your personal data when executing such activities.
Section 8: Security, Retention & IT matters Security
- Enna Health is engaged with services providers to maintain security over processing and storage of your personal data. In certain instances, this may necessitate the international transfer of data. We have vetted these providers to ensure compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). We prioritise service providers which are in compliance with HIPAA and GDPR, which are standards comparable to the DPA, PDPA, DPDPA and other relevant regulations.
- Enna Health will take reasonable efforts to protect personal data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any personal data we may have collected from or about you. E.g., that no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware).
- Enna Health will take reasonable effort to protect personal data in our possession or our control by making reasonable security arrangements to prevent loss of any storage medium or device on which personal data is stored. However, we cannot completely guarantee the safety of any personal data we may have collected from or about you. E.g. that no harmful code will enter our website (for example viruses, bugs , trojan horses, spyware or adware).
Retention
- Enna Health retains such personal data as may be required for business or legal purposes, and such purposes do vary according to the circumstances.
- Whilst Enna Health will securely dispose of or anonymise personal data which it can reasonably determine is no longer needed and does not generally hold on to personal data “just in case”, it is in the interests of any caregiver or person treating the user to be able to refer to a complete set of medical records to avoid risks to health and safety of the user.
- Enna Health will retain your information for as long as you maintain an active account with us. However, should you choose to deactivate your account, we will promptly delete all personal data within 5 business days of receiving your request. During the retention period, your information is safeguarded with encryption technology. This ensures that your personal data remains secure and protected against unauthorised access or misuse.
IT Matters
- While we strive to protect your personal data, we cannot ensure the security of the information you transmit to us via the Internet, and we urge you to take every precaution to protect your personal data when you are on the Internet. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
- If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person. Please inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and / or fraudulent use of your username and password.
Cookies
- When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
- Cookies are small text files placed in the 'Cookies' folder on your computer's hard disk and allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
- Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.
Third-Party Sites
- Our website may contain links to other websites operated by third parties. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.
Data Breach Notification
- Where a data breach occurs, Enna Health will conduct an expeditious and reasonable assessment of the breach. Where we have assessed that the breach is likely to give rise to a real risk of serious harm to any affected data subject, or is of significant scale, we will notify the relevant data commissions and affected data subjects as soon as is practicable, but in any case no later than seventy-two (72) hours after the day we have made that assessment.
Section 9: Contact Information – Withdrawal of Consent, Access and Correction of your personal data
- If you have any questions or feedback relating to your personal data or our DPP, would like to withdraw your consent to any use of your personal data as set out in this DPP; or would like to obtain access and make corrections to your personal data records, please contact the relevant Enna Health staff as follows:
Designation
Contact Details
Personal Information Controller / Data Protection Officer / Data Fiduciary
The roles and responsibilities of the Personal Information Controller / Data Protection Office / Data Fiduciary include:
- advising on data protection compliance;
- data processing accountability;
- lawful basis for processing;
- data security measures;
- privacy notices and policies;
- monitoring compliance;
- data protection policies and procedures;
- training and awareness;
- data subject requests;
- privacy impact assessment;
- incident response and breach management;
- collaboration with data commissions;
- vendor management;
- documentation and record-keeping; and
- all other purposes reasonably related to the aforesaid.
- Please note that if your personal data has been provided to us by a third party (e.g. general practitioners who refer you to us), you should contact such party directly to make any queries, feedback, and access and correction requests to Enna Health on your behalf.
- We respect your rights, including your right to voice concerns and provide feedback. If you believe that we have not adhered to our privacy policy or if you have any concerns regarding the handling of your personal information, you have the right to make a complaint to the Board in accordance with the prescribed procedures.
- This Data Protection Policy and your use of this website are subject to the laws of Singapore, the Philippines and India.