Last Updated: 30.06.2020
We at OUCH are
strongly committed to protecting your privacy and providing you a safe and
secure experience while accessing our Services. We respect the privacy of your
personal data and undertake to ensure that the data that you provide us with
will be treated only in the manner described in this policy.
The terms “we”,
“us”, and “Ouch” refer to; (a) Our site
” and all associated web pages linked
to the same owned by us, (b) Our cloud-based appointment management platform
known by the proprietary brand name of OUCH and the tools and services
accessible via the Platform, (c) Our Mobile Application for prospective
Patients known by the brand name of OUCH (d) The configuration and setup
services offered by us and (e) Our customer interface channels (collectively
referred to as “Services”), and the terms “you” and “your” refer to a User
(which includes a “medical practitioner”, “healthcare provider”, whether an
individual, organisation or group and/or
“patients”, “individuals”) accessing our services and/or Visitor of our
If you are a
corporate entity or an organisation, references to the terms “you” and “your”
shall include your employees, representatives and agents.
We conduct our business
in compliance with applicable laws and shall collect, use and process data in
accordance with the following laws, (whichever applicable to you)
- Personal Data Protection Act (2012), Singapore,
- Personal Data Protection
Act, (2019), Thailand,
- Regulation No. 11 of
2008 amended by Regulation No. 19 of 2016 (Electronic Information and
Transactions) and Regulation No. 71 of 2019 (Electronic System and
Transaction Operation), Indonesia,
- Law on Electronic Data
Protection (2017), Laos People’s Democratic Republic,
- Data Privacy Act (2012),
- Law on Network
Information Security (2015), Vietnam,
Regulations and Guidelines on data privacy protection and data
policy sets out how we, as an organisation, will collect, use, share, disclose
and protect your personal information, and the rights and alternatives
available to you in connection with our use of your personal data. By visiting
and/or using our Services or by otherwise voluntarily giving us your
our collection, use, sharing and disclosure of your personal data as described
1. Scope of the Policy
2. Personal data we collect
web pages linked to the same owned by us, (b) Our cloud-based appointment
management platform known by the proprietary brand name of OUCH and the
tools and services accessible via the Platform, (c) Our Mobile
Application for prospective Patients known by the brand name of OUCH (d)
The configuration and setup services offered by us and (e) Our customer
interface channels (collectively referred to as “Services”)
- To administer and manage your relationship with us, we will
necessarily need to collect, use, disclose and/or process your personal
“personal data” means any information that you provide to us which either
directly or indirectly, whether true or not, about you or any other
individual who can be identified from that data or in combination with
other information we have or are likely to have access to.
collected from you, the purpose, means, modes of collection of such
personal data. It also sets out how we shall use, process, retain,
disclose and destroy such personal data.
- It is necessary for us to collect and process your personal data.
If you do not provide us with your personal data, or do not consent to
be able to render all services to you and you may be required to
terminate your agreement with us and/or stop accessing the Website or
using our services.
- Our Privacy and security practices in connection with the access
and use of our Services are governed by the Terms of Service, which is a
binding contract between you and us.
- We engage third parties who perform services on our behalf. We may
upon your express and clear consent and in accordance with the Terms of
Service and in compliance with the applicable laws transfer certain
Personal data to these third parties. These third parties shall have access
to your information and process it to perform services/ tasks on our
behalf and in a manner required by us. They shall not use such Personal
Data for any other purpose and shall be bound by confidentiality.
We request you to
voluntarily provide us with certain personal data and you hereby consent to the
collection of such personal data by us. The collection of your personal data
shall be strictly restricted to what is necessary for the purpose of fulfilling
the purposes identified herein below. We will not collect any personal data
about you unless you voluntarily choose to provide it to us or as otherwise
permitted by law. The information collected by us from you may include but is
not limited to;
- Personal Data you
B. Information we collect through our system
- We request
and record personal data when you register for an account to access or
utilise one or more services offered by us. We collect data such as;
- If you are a medical practitioner or a health care provider: name,
email address, phone number, gender, registration number, professional
information, Name of Clinic / hospital, field of expertise/ speciality,
or any other information provided by you during the use of our services
which you may enter into our system voluntarily.
- Incase of Patients or any other individuals, name , email address,
phone number, symptoms, ailment/sickness, medical records and history,
history of appointments previously made by you through the use of our
services, insurance details,
Name, Email, DOB, Gender, Location, Emergency Contact Name,
Emergency Contact Phone or any other information provided by you during
the use of our services which you may enter in our system voluntarily.
- You may also
voluntarily enter some personal data on our website and/or mobile
platform forms and customer interface channels, which we use to contact
- If you
decide to avail any of our services, and make payment for the same, we
may collect your billing name, billing address and payment method. We do
not store your credit card or debit card number, card expiry date or
other details pertaining to your credit/ debit card on our Services. We
use Stripe.com for processing financial transactions on our behalf, all
such third parties with whom we share your personal data for processing
financial transactions on our behalf shall be bound by our non-disclosure
policy. Stripe is PCI DSS compliant. Stripe has been audited by an
independent PCI Qualified Security Assessor (QSA) and is certified as a
PCI Level 1 Service Provider.
- We ask for
and may collect personal data from various sources, which may include but
are not limited to, information you voluntarily provide us at any events,
seminars, conferences, talks, promotions, surveys organised by us, and/or
information we collect when you submit web forms on our websites or if
you use interactive features of the websites. We record any personal
information or other content that you provide to us at the time of
providing feedback or registering a complaint.
Logs and Analytics: If
you use or visit our Services, we may collect information including your
Internet Protocol (IP) address, web browser type, web browser version, internet
service provider, the searches you undertake, language preferences, site
trends, location, referring URL, timestamp information and the operating system
that your computer or device is running.
We use data to collect,
monitor and analyse anonymous usage statistics of our Services. We use such
third-party services to optimise the functionality of our services and to make
our services user friendly. We treat such data in the same manner as we treat
additional information or queries regarding the privacy practices and policies,
please contact us.
c. Cookies and other Tracking Technologies:
We may collect personal data with the help of tracking tools like browser
cookies. The term "cookies" refers to small pieces of information
stored on the hard drive of your computer or computer while you view a site.
The primary objective of cookies is recordkeeping and uniquely identifying your
to tailor our website to best suit your preferences and provide you with and
ease and convenience while accessing our Services. Not all data collected from
cookies is Personal data, such information is collected for creating a better
user experience. Neither we nor any other Third Parties performing services on
information from your computer. If you do not wish to receive cookies, you may
configure your browser either to notify you when you receive a cookie or to
disable cookies. It is pertinent you understand that should you choose to
disable cookies, some functions of Services may not work properly or may not
work at all.
C. Information collected from other sources
We may collect information which is provided, are likely to have
access or made available by any third parties, law enforcement authorities,
etc. We may collect such information to supplement the information that we
collect directly from you for reasons including delivery of our services,
performance of conditions of agreements and/or to comply with our legal and
3. How we Use / Process your
- We may use the personal data that you voluntarily
provide to us or that we collect from you or through other sources for
the purpose of fulfilment of our obligations under our agreement with you
and/or to comply with our statutory legal obligations. Without prejudice
to the above, enumerated hereunder is a non-exhaustive list of the purposes
for which your personal data may be used/processed;
- To manage and regulate our Service(s) and to provide you with the
content that you access and request.
- To facilitate communication and improve our business relationship
with you and to respond to your queries, requests or complaints and/or
resolve any issues and disputes which may arise in connection with any
dealings with us.
- To inform you of
confirmation, cancellation and/or postponement of services.
- To verify and authenticate information or identifications provided
by you to us.
- To process or facilitate any payments relating to services
requested by you.
- To control and monitor and ensure compliance with security
arrangements and policies adopted by us, and also to ensure their
compliance with Personal Data Protection Act, 2012 and other legal and
- To comply with any request or direction or lawfully disclose
information required by any applicable law, regulation, direction, court
order, bylaw, guidance, circular or code applicable to us.
- To facilitate your participation in any events, meetings, seminars,
conferences promotions etc. held by us. To provide you with updates
and/or information on our products, services, offers, events etc.
- To undertake marketing research, analysis, analysis of customer
patterns and choices, statistical and trend analysis in relation to our
- To conduct research and development operations in relation to our
services, to improve our Services and for strategic business planning and
- To customize our Services to best suit your interests and enhance
your experience while accessing our services.
- To provide an easy and convenient user experience while accessing
- To monitor and identify areas of our services in which improvement
- To investigate, detect and prevent any fraudulent transaction,
unauthorised access to the services and prohibited or illegal activity or
omission or misconduct.
- To conduct security investigations and risk management.
- We may use information for the security of our company, customers,
employees and/or our Services.
We shall not use
your data for any purpose, than for what it is collected. We may use your
personal data for purposes not stated herein above but only with your express
or implied prior consent for such use.
4. Disclosure/ sharing of
information with third party
8. Personal Data of minors
- We shall not sell, rent, share,
disclose or transfer any of your personal data to any third party without
your consent and without notifying you of the purpose for such transfer
or sharing. We may disclose your personal data to the following third
parties, for one or more of the above stated purposes,
- With third parties who
undertake performance of services on our behalf, with third party
services who host, manage and maintain our website, develop applications
for us, carry on analytics and store and backup data, with third parties
who process financial transactions on our behalf, these third parties
shall use, retain or store information only for processing transactions
and providing services on our behalf.
- In case of a medical
practitioner or health care provider, we may share your information with
prospective and potential patients who shall use such information to
avail your service, contact you, send you queries, send personal messages
and review your Services.
- In case of Patients or other
users, we will share your personal data with doctors registered on our
website who may use this information to contact you in case of
cancellation or postponement of your appointment or if you have a query
or enquire about a service they might offer.
- We may upon your express
consent disclose aggregate information in relation to user behaviour with
actual or prospective business relationship such as advertisers and
- We may disclose information if
requested by a governmental or investigatory authority. We may also
disclose information required to be disclosed by any applicable law,
regulation, direction, court order, bylaw, guidance, circular or code
applicable to us.
- With any third party involved
in any proposed or actual sale of business, sale or transfer of our
assets or stocks, merger, joint venture, assignment, reorganisation.
- We may with your prior and
expressed consent share personal data for reasons not described in this
9. Transfer of personal data
- We do not consciously collect personal data from
minors (i.e individuals under 13 years of age) and respect the privacy of
minors who may inadvertently use our services and provide us with
personal information. If you are a parent or a guardian we strongly
recommend you to supervise the online activity of your minor children and
ensure that your children do not disclose any personal information.
- We may
collect, use and disclose personal information of minors on obtaining
consent for the same from the minor’s parents or guardians, who have the
legal competence and parental responsibility to give such consent on
behalf of the minor.
- If you
believe that we may have unknowingly collected personal data from minors
without parental consent, kindly Contact us at the contact details
provided hereinbelow, so that we may adopt appropriate measures to
address the issue promptly and remove the information.
We do not
transfer your Personal data with third parties, unless it is necessary to
fulfil our obligations to you and as permitted by law. We shall make
appropriate arrangements to ensure that your data is processed in a secure
manner and in compliance with applicable data protection laws.
10. Our Security Policy for your
- We have made
reasonable security arrangements to prevent unauthorised access,
collection, use, disclosure, modification, loss, damage, disposal or
similar risks of your personal data. We have adopted technical, physical,
electronic, procedural administrative and organisational security
measures in accordance with applicable laws and regulations and industry
standards to protect your personal data.
- Although we
have used our best efforts to ensure the security of your personal data,
we cannot guarantee you that your personal data will never be disclosed
- All our employees
and intermediaries, who have access to and process your personal data,
are trained in handling personal data and are required to respect the
confidentiality of your personal data.
therefore agree that any security breaches beyond our reasonable control
are at your sole risk and discretion, we cannot and do not accept
responsibility for the same. If you have any questions about our security
arrangements please contact us at the Contact details provided herein
We will retain
your personal data for as long as required to perform the purpose specified
suspension, your personal data is destroyed or anonymised from our records and the system in accordance with our retention policy in the event your personal data
is no longer required for the said purposes unless its further retention is
required to satisfy a longer retention period to meet our operational,
business, legal or other statutory requirements.
12. Links to other sites
Our Services may
to the Privacy Practices of those websites. We do not control and assume no
responsibility for the content, security or privacy policies and practices on
those websites. We request you to read the privacy policies of those sites to
determine how they collect, process, use, disclose and protect your personal
13. Additional Terms and
Conditions for Certain Regions
means and covers every individual data which is identifiable or can be
identified, alone or combined with any other information directly or
indirectly, through an electronic system or non-electronic system. In Indonesia
Personal Data will be collected, stored, used and/or processed in compliance
with our obligations under Regulation No. 11 of 2008 (Electronic Information
and Transactions) amended by Regulation No. 19 of 2016 and Regulation No. 71 of
2019 (Electronic System and Transaction Operation).
a. Except as otherwise required
by law, we shall acquire, use and utilise your personal data only upon your
b. We shall ensure and maintain
the confidentiality, integrity, authenticity, accessibility, availability and
traceability of your data.
c. We shall train our employees
in charge or enshrined with the task of processing your data and shall have a
management policy, operations work procedures and periodical audit mechanisms
for our Services.
d. On our Services, we allow you
to make corrections in your appointment, Cancel your appointment, Confirm or
reconfirm your appointment.
Right to be informed in case
We shall notify you in writing of any instances of breach of your
Right to be forgotten:
You may make an application,
requesting us to delete any irrelevant electronic information or documents
under our control.
Right to delisting:
you make request us to
delist irrelevant electronic information and electronic documents from an
internet search engine through a court order.
To access your
rights, or in case of any concerns and/or complaints kindly contact our
concerned authority at the contact details provided herein under.
We shall ensure
that the collection, access, use and disclosure of your data is safe and
correct and in consonance with the Law on Electronic Data Protection (2017),
Lao People’s Democratic Republic.
a. The term Personal Data means
electronic data of individuals, legal entities or organisations. We shall not
access, use or disclose your Personal Data without your permission and consent.
b. We shall collect data from
you only for the purposes expressly enumerated in this policy and the
collection of which you have expressly approved.
c. You are under an obligation
to provide accurate and complete details and must inform of changes to your
Personal Data in order to update and edit the data correctly and completely.
d. Except as otherwise permitted
under law, we shall use and disclose your Personal Data that we collect,
maintain or administer only upon your approval.
Right to Access:
You have a right to access
the Personal Data that you provide to us.
Right to update or edit:
You may request us to update
or edit your Personal Data, we shall use our best efforts to resolve your
request promptly. We shall inform you promptly if we cannot activate your
request due to technical or other issues.
Right to delete:
We shall delete all your
Personal Data that you provide to us upon your request for deletion. We have a
legal right to delete your Personal Data if it is contrary to the law.
Right to disclosure:
We shall not disclose your
Personal Information to a third person until we obtain your approval for the
i. Transfer of Personal Data :
We shall not transfer your personal Data outside Lao People’s Democratic
Republic with your permission. You also have a right to subsequently deny
transfer of your Personal Data and we shall stop sending or transferring data
upon such request to the third person.
j. We shall not retain your
Personal Data for longer than the purpose for which it is required or we shall
delete your Personal Data upon expiry of the purpose for which it was
k. If you have reasons to
believe that your Personal Data has been damaged or is at risk, you may inform
us at the Contact Information provided herein under.
To access your
rights or in case of any queries relating to our privacy policies or practices
kindly contact us at the Contact Information provided herein under.
We shall process
your Personal Information in accordance with the Data Privacy Act of 2012.
Personal Information refers to any information whether recorded in a material
form or not, from which the identity of an individual is apparent or can be
reasonably and directly ascertained by the entity holding the information, or
when put together with other information would directly and certainly identify
an individual, Personal Information also includes sensitive Personal
a. We shall process your
Personal Information lawfully only after receiving your consent for such
b. All information shall be
up-to-date and any inaccurate or incomplete data shall be rectified,
supplemented, destroyed or the processing of such inaccurate or incomplete
information shall be restricted.
c. Your Personal Data which
includes Sensitive Personal Information shall be retained only for the
fulfilment of the purposes mentioned in this Policy or if otherwise required
Right to access:
You have a right to access
your Personal Information that you provide us with.
Right of Transmissibility:
Your Lawful heirs and
assigns may invoke your rights under the Act upon your death or if you are
incapacited or incapable of exercising your rights.
Right of Data Portability:
You have the right, where
personal Information is processed by electronic means and in a structured and
commonly used format, to obtain from us a copy of data undergoing processing in
an electronic or structured format, which is commonly used and allows for
further use by you.
contact us at the Contact details provided herein under.
We ensure that
all your data that we collect, store, use and process is done in compliance
with the Personal Data Protection Act, 2019. Elucidated hereunder are
additional terms applicable to citizens of Thailand.
a. The term personal data means
any information relating to a Person, which enables the identification of such
Person, whether directly or indirectly, but not including the information of
the deceased Persons in particular.
b. Legal basis for processing
your Personal Information: If you are a citizen of Thailand, we collect, use,
process or disclose personal information, which includes prohibited information
such as your health data, only for the purposes described in this Policy. We
shall process your data only if we have your explicit written consent or
consent via an electronic system or if the processing is necessary for complying
with our legal obligations or where the processing is in our legitimate
interest. If you need further clarification concerning the legal basis on which
we collect and use your personal information, you may contact us at the Contact
information provided hereunder.
c. Your Rights under the
Personal Data Protection Act (PDPA), 2019
Residents of the
Kingdom of Thailand have certain additional rights in relation to their
Personal Data under the PDPA, 2019.
Right to withdraw consent:
Except unless restricted by law, you
may withdraw your consent at any time, however withdrawal of consent shall not
affect the collection, use or disclosure of personal data, that you have
already legally consented to. You may withdraw your consent by contacting us at
the Contact information provided herein under. We shall at the time of
withdrawal of your consent inform you of the consequences of such
Right to access:
Except if otherwise prohibited under law, you have a right to and are
allowed access to and obtain copies of your Personal information that is
Right to erasure or destruction:
You may request erasure or
destruction or anonymization of your Personal data only under certain
circumstances which include but are not limited to unlawful
processing of your data, if your personal data is no longer necessary in
relation to the purposes for which it was collected or otherwise processed, if
you withdraw your consent etc. Please note, however, that we may need
to retain certain information to comply with our legal obligations.
Right to restriction of processing:
You have a right to restrict
the processing of Personal Data if the data is the personal data for which a
request is made for its erasure or destruction, or if the data is no longer
needed for the purpose of processing etc.
Right to data portability:
You may request to obtain or send
and transfer personal data to other Data Controllers in the format which is
readable or commonly used by ways of automatic tools or equipment, unless it is
impossible to do so due to technical reasons.
Right to object:
You have unless prohibited by law, a
right to object to the collection, use or disclosure of your personal
You may exercise
any of the rights listed above by contacting our Data Protection Officer at the
Contact details provided hereunder. We shall make best efforts to respond to
and resolve all your requests within a period of 30 days from the receipt of
Personal data of minors: We do not consciously collect
personal data from minors (i.e individuals under 20 years of age). We may
collect, use and disclose personal information of minors on obtaining consent
for the same from a person holding parental responsibility over the minor. If
you believe that we may have unknowingly collected personal data from minors
without parental consent, kindly Contact us at the contact details provided
Transfer of Personal Data: Kindly note that you are
signifying agreement to the transfer of your Personal Information outside the
Kingdom of Thailand. Such transfer to which you hereby expressly consent is
primarily for processing and we ensure an adequate level of protection through
a series of agreements with our Service providers and in compliance with the
We shall collect,
edit, use, store, supply, share and disperse our Personal Data only in
accordance with Law on Network Information Security (2015) and other relevant
laws and regulations.
a. Personal Information means
information associated with the identity of a specific person. We shall collect
and process your Personal Data only upon your prior consent for such collection
b. We shall not share, disperse
the collected, accessed or controlled Personal Information to any third party
unless you consent to the same or if otherwise required under the law. We shall
maintain the integrity of your Personal Data.
Right to obtain and access
You have a right to request access and obtain Personal Data that is
collected and stored by us.
Right to correction:
You may request to check the
accuracy of your personal data and may request correction of your Personal
Right to delete:
You have a right to update,
change and delete your Personal Information we collect.
Right to restrict transfer:
You may request us to stop
disclosing or transferring your Personal Data to a Third Party.
We collect, use
and process your data in accordance with the Personal Data Protection Act
(PDPA), 2012. Details of our obligations, and your rights and other essential
provisions are set out hereinbelow.
a. Accuracy of your personal
We will make all
reasonable efforts to ensure that the personal data collected by us is
accurate, complete and up-to-date. We shall adopt methods to verify and
authenticate the information provided by you. We shall make sure that any and/or
all changes made or requested are updated in our records. We rely on the
information you provide to us for performing our obligations/ Services to you,
you are required to provide us with accurate and complete information and to
promptly update us in the event there are any changes to your personal data. .
b. Your Rights as a User or
You shall, to the extent that the applicable law allows, have
the right to request access to your personal data held by us.
You have a right to request correction/ rectification of your
personal data entrusted to us or update your personal data held by us.
You have a right to request us at any time to limit the
processing and use of your personal data.
You may by giving notice, withdraw any consent given to us
for the collection, use or disclosure of your personal data. We shall upon
receipt of such notice inform you of the repercussions of withdrawing your
consent. We may not allow withdrawal of consent in circumstances where it is
required or authorised under this Act or any other written law. It is essential
to note that your withdrawal of consent could result in legal consequences
arising from such withdrawal.
If you wish to
exercise any of the above-stated rights, you are required to contact us or send
us a request to the Contact details specified hereinbelow. On receipt of a
request for the exercise of any of the rights stated above, we shall make best
efforts to respond to and resolve the same without undue delay within a period
of 30 days of its receipt. If the requests received are complex or numerous we
may, by giving you notice, extend this said period of 30 days to a further
period of 02 months. We reserve the right to charge you an administrative fee
to process your request (permitted under PDPA), we shall notify you of such fee
before proceeding with your request.
c. Transfer of Personal Data
outside Singapore: In fulfilling our obligations to you it may become necessary
to transfer data that we collect from you to jurisdictions outside Singapore
for processing and storing. By providing information to us, you are consenting
to the transfer, storing and processing of that information outside Singapore
We reserve the
as to reflect our current privacy practices. We may change the policy without
sending a prior notice of the same. We will post an updated copy/ new version
on our Services. Any changes to this notice will come into effect on posting to
this page. You are requested to check our site periodically for such updates.
If you access our Services after a notice of change has been published on our
page, you hereby provide us with your consent to the changed terms.
15. Contact Us
If you have any questions regarding this Policy or about our
privacy practices, you may contact our Data Protection Officer (DPO) appointed
by us. We will make all efforts to ensure that any request, concerns, questions
and grievances that you may have are resolved quickly and promptly. Feel free to contact our Data Protection Officer at the contact details provided below; Name of Data Protection Officer-
Mr. Anil Kumar
Business Address of the DPO -
50 Tagore Lane #05-01 B/C/D Entrepreneur
Centre Singapore 787494
Business Contact of the DPO -
Email Address of the DPO-