Caring Up Pte. Ltd. ( hereinafter referred to as “we”, “us” or “our”) has the highest regard for the privacy and personal data of each user of CaringUp Applications (hereinafter referred to as “User”, “you” or “your”) and realize that the success of our services depends on the trust that you have in the way we handle your personal data. By entrusting us with your information, we would like to assure you of our commitment to keep such information private. We have taken considerable steps to protect the confidentiality, security and integrity of this information. We encourage you to review the following information carefully.
- “Agreement” refers to the Terms and Conditions specific to each of the CaringUp Platform.
- A “CaringUp Application” (collectively, the “CaringUp Platform”) refers to any of the below mentioned products delivered by us:
- CareAide, which is the CareAide mobile device application service delivered by CaringUp. The Terms and Conditions of use of CareAide are available at https://caringup.com/terms-and-conditions/; and
- WeCare, an entirely web-based analytics portal delivering medical insights, health monitoring services and patient and/or caregiver engagement tools to the corporations and businesses. The Terms and Conditions of WeCare are available at https://caringup.com/wecare-terms-and-conditions/.
- The “CaringUp Platform” shall mean the collective reference to the entire solution provided by the CaringUp Applications and the CaringUp Site.
- “CaringUp Site” means the website at www.caringup.com, associated systems and any subdomains thereof, including the mobile-optimised versions of such website;
- “Terms and Conditions” refers to the conditions of use of the CaringUp Applications as described under Clause 1.2 above.
- Where you are an EU Data Subject, as defined under the General Data Protection Regulation (“GDPR”), Section 17 shall also apply to you.
- GROUNDS FOR DATA COLLECTION
- Processing of your personal data is necessary for the performance of our contractual obligations towards you under the Agreement and providing you with our Services, to protect our legitimate interests, and to ensure compliance with legal and financial regulatory obligations. Failure to provide the relevant data to us or the limitation placed on us in the processing of your personal data may affect our ability to provide the Services and/or your ability to enjoy some benefits from us.
- HOW DO WE RECEIVE INFORMATION ABOUT YOU?
- While you may use some of the functionality of the Services without creating a profile or registration, certain tools of the Services require registration and provision of your information, including personal data.
- If you choose to create a profile or register with us – you will be asked to provide personal data which will be associated with your Health information.
- Whenever you submit information via our Services – including, but not limited to, by telephone or email with customer service, we may collect Health Information and other personal data (whether belonging to you or other person) you provide us, in order to provide you or such other person with our Services.
- If you choose to sign up via your social media accounts or other authentication providers – when you sign-up to the Services via your social media accounts or other authentication providers (such as Google account or Facebook account), we will have access to basic information made publicly from such account, such as your full name, home address, email address, birthdate, profile picture, friends list, personal description, as well as any other information you made publicly available on such account, or agreed to share with us.
- If you are referred to us by a third party – your pharmacies, healthcare service providers or insurers may introduce our Services to you, and with your consent, the pharmacies, healthcare service providers or insurers will provide your name and contact details to us for us to get in touch with you.
- It is your voluntary decision whether to provide us with any personal data or Health Information, however if you do not provide the information we require or requested, you may not be able to create a profile or register with the Services and your use of the Services may be limited.
- To enable us to provide our Services to you effectively, the information you provide to us shall be accurate, complete, not misleading and without material omission, and that such information is kept up-to-date. If you discover that the information is inaccurate, incomplete, misleading, contains material omission or is outdated, please update us with the true, accurate, complete and updated information.
- WHAT TYPES OF INFORMATION WE COLLECT?
- We collect the following personal data about you:
- Create Profile and Registration information – you will be required to provide your name, email address, gender, birth date, zip code, country of residency, home address and phone number;
- If you are a healthcare provider, you will be asked to provide information regarding your professional qualifications as well as additional personal data during registration.
- Payment information – you may be required to provide your bank account details, credit card or debit card details (if you subscribe for Subscribed Services);
- Voluntary information – when you communicate with us (for example when you send us an email or use a “contact us” form) we collect the personal data you provided us with.
- Technical information – we collect certain technical information that is automatically recorded when you use our Services, such as your IP address, device approximate location.
- Personal Health Information – you may choose to use certain features of the Services that will allow you to input other personal data with respect to your health, such as the medications you take, the date of your prescriptions, the number of refills you have made, how often you take your medication, dosage, physical measurements, your doctor’s name, the name of your pharmacy, your health (both physical and mental) condition (collectively your “Health Information”).
- We also collect the following information:
- CaringUp Platform usage data – we collect information about your use of the CaringUp Platform. This includes, but not limited to: type of computing or mobile device you use, language of your operating system, the Internet browser you are using, geo-location and use of the CaringUp Platform.
- Health Information – we may also collect your non-identifiable Health Information if you choose to provide it (in case of non-registered users).
- Technical information – CaringUp Platform might also access a list of installed apps on your device. This is done only to ensure proper quality of service, as some apps might interfere with the CaringUp Platform’s functionality, such as blocking notifications, and in such cases we will notify you.
- We collect the following personal data about you:
- TRACKING TECHNOLOGIES – COOKIES
- A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the CaringUp Platform, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the CaringUp Platform.
- TheCaringUp Platform automatically accepts cookies however you may to modify security settings so you can approve or reject cookies on a case-by-case basis or reject all cookies.
- Also, you are free to delete any existing cookies at any time. If you delete or disable cookies from the CaringUp Platform, some parts or functions of the CaringUp Platform may not work properly for you.
- HOW DO WE USE THE INFORMATION WE COLLECT?
- We use your information collected for the following purposes:
- Provision of Services – we will use your information for the provision and improvement of our Services to you, and for the processing of your requests and queries. For example, data collected automatically on the Services may be used to help diagnose problems with our servers, to make our Services more useful, to customize it and personalize its content for you (for example, we will use your Health information to send you reminders to take your medications).
- Monitoring compliance – we also use your personal data to monitor your compliance with the Agreement and other applicable laws.
- Enforcement – we may use your personal data for the purpose of enforcing our rights under the Agreement or to defend ourselves.
- Marketing purposes – we will use your personal data (such as your email address or phone number) to communicate with you. We may also send you promotional material concerning our Services or our partners’ services (which we believe may interest you), including but not limited to, by building an automated profile based on your personal data, for marketing purposes.
- Opt-out of receiving marketing materials – If you do not want us to use or share your personal data for marketing purposes, you may request us to cease processing your personal data for marketing purposes using the information below under “How to Contact Us”. Please note that even if you opt-out, we may still use and share your personal data with third parties for non-marketing purposes (for example to fulfil your requests, communicate with you and respond to your inquiries, etc.). In such cases, the organisation with whom we share your personal data are authorized to use your personal data only as necessary to provide these non-marketing services.
- Analytics, surveys and research – we are always trying to improve our services and think of new and exciting features for our users. From time to time, we may conduct surveys or test features, and analyze the information we have to develop, evaluate and improve these features.
- Anonymised data – we may analyse and evaluate your personal data in connection with the Services, anonymise and aggregate our analysis and evaluation, and commercialise such anonymised and aggregated analysis and evaluation in any manner as we think fit.
- Protecting our interests – we may use your personal data when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our Services and protect the rights and property of CaringUp, its users and/or partners.
- Enforcing of policies – we may use your personal data in order to enforce our policies, including but limited to our Terms and Conditions.
- Compliance with legal and regulatory requirements – we also use your personal data as required by or for the purpose of compliance with law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
- Ancillary purpose – we may use your personal data for any purposes in connection with, relating or ancillary to any of the above, provided that they are necessary for the delivery of the Services.
- We use your information collected for the following purposes:
- WITH WHOM YOUR PERSONAL DATA MAY BE SHARED?
- We may share your personal data with the following persons:
- Research partners and corporate subscribers– we may share your personal data with third parties, such as research institutes, healthcare systems and healthcare providers, that they may associate with other information that they have about you, for research purposes, analytics and for improvement of our Services.
- Providers of personalized third party content – from time to time, we may also ask whether you would like us to share your personal data with another organisation that may want to send you information about their products or services. If you consent to such transfer by us of your personal data to another organisation, please note that the information provided will be subject to such organisation’s privacy practices and shall not be within our control.
- Content providers – we may also use your personal data in order to provide you with personalized third party content or links to third party sites that might interest you. We provide this third party content and/or links to third party sites for information purposes only and are not liable for such content or sites. For more information see the “Links to other Websites or Apps” section below.
- Service providers – we might share your personal data, as is reasonably necessary, with our contractors or consultants, including vendors and suppliers that provide us with development services, technology (such as Google Analytics), services, or content for the operation, development and maintenance of our Services or data and analysis on the use of our Services , who are bound by an obligation of confidentiality, provided that we will only share personal data to the extent necessary with such contractors or consultants.
- Law authorities – we may share your personal data with law enforcement authorities, courts and tribunals, including with legal advisors and consultants, in case we need to respond to law enforcement requests or other legal requests or pursuant to a requirement imposed by law, order, judgment or decree, or courts in order to protect and defend our rights and property or those of Services users.
- Merger, acquisition or sale – we may transfer your personal data to another organisation in the event of a merger, acquisition or sale of all or a portion of our assets.
- Auditor, legal and professional advisor – we may share your personal data with our auditor if requested for the purpose of audit on our business. We may also share your personal data with our legal and other professional advisors for the purpose of enforcing our rights or defending any claims against us, or for any other purpose in connection with the Services.
- Group companies – we may share your personal data with CaringUp group of companies for internal reporting purposes.
- We may offer you, from time to time and at our sole discretion, participation in customized programs, based on specified criteria (“Programs”). Participation in Programs may require sharing of your personal data with additional third parties. If you choose to participate, we will provide you with additional information and seek your consent for such sharing.
- You may share the following information through our Services:
- Guardian – you may send family members or friends an invitation to be your “Guardian” by means of the Services, so that such Guardian will receive alerts and information in connection with the features you have opted for, such as regarding your compliance with your medication regime, emergency alert on your health anomalies. By sending such invitation, you represent that you have the right to contact the Guardian and that you consent to us sending your personal data (including Health Information) to the Guardian. Sharing of your personal data in this manner is solely your responsibility.
- Medical professionals and doctors – you may use the Services in order to share your personal data or other information with your doctor or healthcare providers. Such sharing may be enabled by inviting your healthcare provider to monitor your personal data, by accepting an invitation from your healthcare provider to download and use the Services, or otherwise using the Services settings to share your information with your healthcare provider; in these cases you consent to us sending your personal data (including Health Information) with your healthcare providers. Confirm with your healthcare provider that they have sent you an invitation to download CareAide . Such sharing of your information is at your discretion and is solely your responsibility.
- Pharmacies – you may choose to share your personal data with pharmacies with which we partner, in order that we may provide you with reminders to get your prescription refilled. If you choose to share your personal data in this manner, please note that such information may be disclosed to the pharmacies and will be subject to their privacy practices. Such sharing of your information is at your discretion and is solely your responsibility.
- While we take great care to keep your personal data confidential and secure, when you share your health or medication information with others or provide feedback regarding health matters, medications and otherwise, including by means of social media sites, or when you participate in a forum on the Services, any information disclosed by you in such way is solely your responsibility. You should exercise caution when disclosing any information (including personal data) in such ways, as you do not know who will access or use such information and for what purposes.
- We may share your personal data with the following persons:
- USE OF AGGREGATED DATA
We make every effort to ensure that aggregated data does not include any personally identifiable information. We may analyze and/or combine all information we receive, including Health Information and information regarding your use of the Services, with information from other users to create aggregated data that may be disclosed to and utilized by us, our affiliates and by third parties without restriction, on commercial terms that we can determine in our sole discretion, for purposes such as: content marketing, research purposes, in order to understand behavior patterns, in order to increase adherence to medication regimens, marketing strategies and for entering into commercial contracts in order to provide our users with the Services.
- ACCESS AND CORRECTION
You may request access to and correction of, your personal data and limit the processing of your personal data, or make any enquiries or complaints in respect of the processing of your personal data, by contacting us at the contact details set out in “How to Contact Us” section below. You are responsible for informing us when your personal data or preferences have changed and require updating. We shall, within a reasonable time frame, attend to your request for access to and correction of your personal data or updating of your preferences.
- INTERNATIONAL TRANSFERS
- We may transfer our databases containing your personal data in connection with the transfer or sale of all (or substantially all) of our business assets, or in the event of a merger, consolidation or similar transaction.
- We store Contents on public and/or private cloud, where your data can be stored and/or backed up in any of the jurisdictions where the cloud service providers provide their cloud service. You hereby consent that we may store your personal data on our cloud server, which may be located outside Singapore or the jurisdiction in which the Services was obtained or is used.
We will retain your personal data for as long as necessary to provide our services or as required by any legal, regulatory and/or accounting requirements. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Without prejudice to the foregoing, where you do not use our Services for 1 consecutive year, we will delete all your Health Information from our records.
- LINKS TO OTHER WEBSITES OR APPS
- HOW WE PROTECT YOUR INFORMATION
- We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your personal data. Your information is stored on secure servers and isn’t publicly available. We limit access of your information only to those employees or partners that need to know the information in order to enable the carrying out of the agreement between us.
- You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use.
- While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your personal data, we cannot ensure or warrant the security and privacy of your personal data or other content you transmit using the Services, and you do so at your own risk.
- We shall, in the event of a compromise of personal data:
- Assess the extent to which personal data collected by us has been compromised and put in place appropriate measures to contain the breach of personal data and minimize any harm to you arising from the breach of personal data;
- Analyze and determine the cause of the data breach;
- Ascertain if the data breach is a notifiable data breach under the PDPA;
- Report the data breach to the Singapore Personal Data Protection Commission if the data breach is a notifiable data breach;
- Ascertain if you are required to be informed of the data breach having regard to the Personal Data Protection (Notification of Data Breaches) Regulations 2021 and the Advisory Guidelines on Key Concepts in the PDPA;
- Inform you if you are required to be notified of the data breach; and
- Take continuing action to prevent further harm to you arising from the breach of personal data, including but not limited to reviewing measures taken to contain breaches of personal data and protect personal data.
- We shall, in managing data breaches, have regard to the Guide on Managing and Notifying Data Breaches under the PDPA (“Guide”). Subject to our compliance with the Guide in the event of a breach of personal data, by continuing to use the Platform following such an event of breach, you confirm that you accept the adequacy of measures taken by us following an event of breach of personal data.
Under CareAide, our Services are intended for use by persons 18 years of age and older. Under no circumstances should the Services be used by children under 18 years of age, and we will not knowingly collect personal data from any person we know to be in this age group. If any person discovers that his/her child has been using the Services without his/her consent, or that someone has been using the Services for or on behalf of his/her child without his/her consent, please contact us using the information below under “How to Contact Us” and we will take reasonable steps to delete the child’s information from our active databases. We reserve the right to check our user base from time to time and remove users whom we have grounds to believe they are in fact minors, including without limitation, restricting those user accounts, or deleting them, as we may deem appropriate.
- COMPANIES OR LEGAL ENTITIES
- SPECIFIC PROVISIONS RELATED TO THE EUROPEAN UNION GENERAL DATA PROTECTION REGULATION
- We acknowledge that the GDPR will apply if we process or hold any personal data of individuals residing in the EU or if we offer goods or services to individuals in the EU (“EU Individuals”).
- We understand that we may lawfully process personal data if consent is provided by the EU Individual for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for our compliance with a legal obligation.
- We understand that personal data must be processed lawfully, fairly, and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.
- We acknowledge and agree that the GDPR affords EU Individuals with rights such as:
- Right to access and obtain a copy of the EU Individuals’ personal data, including the purposes of processing and who the personal data has been disclosed to;
- FRight to rectify inaccurate personal data concerning the EU Individual;
- Right to erasure of personal data concerning the EU Individual in certain circumstances;
- Right to restriction of processing of personal data in certain circumstances, such as where the accuracy of the personal data is contested, or the processing is unlawful;
- Right to data portability by receiving personal data concerning the EU Individual or data which has been provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to another organisation;
- Right to object to the processing of personal data in certain circumstances, including for the purposes of direct marketing; and
- Right not to be subject to automated decision-making (including profiling) where this has a legal effect on the EU Individual or significantly affects him.
- We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.
- Where you are an EU individual, we are required to:
- investigate any reported actual or suspected data security breach;
- where applicable, make the required report of a data breach to any relevant supervisory authority without undue delay and, where possible within 72 hours of becoming aware of it, if it is likely to result in a risk to the rights and freedoms of individuals; and
- notify the affected individuals if a data breach is likely to result in a high risk to their rights and freedoms and notification is required by law.
- By proceeding with or continuing with the use of the Platform, you agree that this Policy and the Terms and Conditions of Use of the Platform provide sufficient protection to your personal data rights under the GDPR. You also agree that where the Company has acted on your request in accordance with Clause 17.5, the action by the Company is in all respects, compliant with the GDPR.
- HOW TO CONTACT US
CARINGUP PTE. LTD.
ATTN: Chief Data Protection Officer
1 Wallich St, #14-01 Guoco Tower, Singapore 078881
You may also contact our Data Protection team: email@example.com
- ENGLISH VERSION AND OTHER LANGUAGES