Data Protection Notice – Anvision Healthtech

Data Protection Notice

DATA PROTECTION NOTICE

This Data Protection Notice (“Notice”) outlines how Anvision Healthtech Pte. Ltd. (“we”, “us”, or “our”) collects, uses, discloses, and manages personal data in accordance with Singapore’s Personal Data Protection Act (“PDPA”). It applies to all personal data held by us or by third-party service providers acting on our behalf.

1. Definitions

1.1. For the purposes of this Notice:
(a) “Customer” refers to an individual who:
(i) has contacted us via any means to inquire about our products or services; or
(ii) has entered or intends to enter into an agreement with us for the supply of such products or services.

(b) “Personal Data” means data, whether accurate or not, that can be used to identify a customer, either directly from that data or from that data combined with other information to which we may have access.

1.2. Terms used but not defined in this Notice shall carry the meanings ascribed to them under the PDPA.

2. Collection, Use, and Disclosure of Personal Data

2.1. We collect personal data only when:
(a) it is voluntarily provided by you or your authorised representative, following notification of the purposes for such collection and with your written consent; or
(b) such collection and use is permitted or required under applicable laws and regulations.

2.2. Personal data may be collected, used, and disclosed for the following purposes:
(a) To fulfil contractual obligations and provide requested goods or services;
(b) To verify the identity of the customer;
(c) To handle enquiries, feedback, complaints, or other communications;
(d) To manage our business relationship with the customer;
(e) To process billing, payments, and related transactions;
(f) To comply with applicable legal and regulatory requirements;
(g) For purposes to which the customer has provided consent;
(h) To disclose to third-party vendors, agents, or service providers for the above-stated purposes;
(i) For business-related or administrative activities reasonably related to the above.

2.3. Disclosure of personal data may also occur in the following circumstances:
(a) Where necessary to perform our obligations under a contract;
(b) Where required for third-party service providers to carry out work on our behalf.

2.4. These purposes may continue to apply even after the termination or alteration of your relationship with us, for a reasonable period necessary to satisfy legal or business obligations.

3. Legitimate Interests Exception

3.1. In accordance with the PDPA, we may collect, use, or disclose your personal data without obtaining consent where such collection, use, or disclosure is necessary for our legitimate business interests or those of another party.

3.2. Before doing so, we will assess any potential adverse impact on the individual and ensure our legitimate interests override such impact.

3.3. Legitimate interests may include:
(a) Fraud detection and prevention;
(b) Prevention of misuse of our services;
(c) Network security and credit risk analysis;
(d) Monitoring of company-issued devices to prevent data leakage.

3.4. These purposes may also apply after the end of our relationship with you.

4. Withdrawal of Consent

4.1. Consent for the collection, use, and disclosure of personal data remains valid until withdrawn in writing.

4.2. You may withdraw your consent at any time by submitting a request to our Data Protection Officer (DPO) via email or in writing.

4.3. Upon receiving your request, we will:
(a) Acknowledge receipt within a reasonable time;
(b) Inform you of any potential consequences, including our inability to continue services;
(c) Complete processing of your request typically within ten (10) business days.

4.4. Withdrawal of consent does not affect our right to collect, use, or disclose personal data where permitted under applicable laws.

5. Access and Correction of Personal Data

5.1. You may submit a request to:
(a) Access your personal data held by us; or
(b) Correct or update your personal data.

5.2. Requests should be sent to our DPO in writing or by email.

5.3. A reasonable fee may apply for access requests. If applicable, we will notify you of the fee before processing.

5.4. We aim to respond within thirty (30) business days. If additional time is needed, we will inform you of the revised timeline.

5.5. If we are unable to comply with your request, we will provide an explanation, unless exempted under the PDPA.

6. Protection of Personal Data

6.1. We implement appropriate security measures to protect personal data against unauthorised access, use, disclosure, modification, loss, or destruction. These include but are not limited to:
(a) Access control policies and strong authentication measures;
(b) Encryption and anonymisation of data;
(c) Antivirus software and regular system patching;
(d) Secure disposal of physical and electronic records;
(e) Multi-factor authentication (MFA) for system access;
(f) Ongoing security testing and reviews.

6.2. While no system is completely immune to breaches, we continuously monitor and improve our data protection mechanisms.

7. Accuracy of Personal Data

7.1. We rely on you to provide accurate and up-to-date personal data.

7.2. Please inform our DPO of any changes to your data so we can maintain accurate records.

8. Retention of Personal Data

8.1. Personal data will be retained only as long as required for the purposes for which it was collected or as required by law.

8.2. When retention is no longer necessary, we will securely dispose of or anonymise the data.

9. Transfer of Personal Data Outside Singapore

9.1. We do not typically transfer personal data outside of Singapore.

9.2. If such a transfer becomes necessary, we will obtain your consent and ensure that the recipient provides a standard of protection comparable to that under the PDPA.

10. Contacting Our Data Protection Officer

10.1. For any enquiries, feedback, or requests relating to your personal data, please contact:

Data Protection Officer
Email: compliance@anvision.com.sg

11. Revisions to This Notice

11.1. This Notice is intended to complement other notices, contractual terms, or consent forms you may have agreed to with us.

11.2. We may revise this Notice from time to time without prior notice. You may determine the latest version by referring to the “Effective Date” below.

11.3. Your continued engagement with our services constitutes your acknowledgement and acceptance of any revisions.

Effective Date: 25 May 2025