Privacy Policy

 
Last Updated: 23.09.2021

We at OUCH are strongly committed to protecting your privacy and providing you a safe and secure experience while accessing our Services. We respect the privacy of your personal data and undertake to ensure that the data that you provide us with will be treated only in the manner described in this policy.

The terms “we”, “us”, and “Ouch” refer to; (a) Our site “ www.ouchinc.com” and all associated web pages linked to the same owned by us, (b) Our cloud-based appointment management platform known by the proprietary brand name of OUCH and the tools and services accessible via the Platform, (c) Our Mobile Application for prospective Patients known by the brand name of OUCH (d) The configuration and setup services offered by us and (e) Our customer interface channels (collectively referred to as “Services”), and the terms “you” and “your” refer to a User (which includes a “medical practitioner”, “healthcare provider”, whether an individual, organisation or group and/or “patients”, “individuals”) accessing our services and/or Visitor of our Services.

If you are a corporate entity or an organisation, references to the terms “you” and “your” shall include your employees, representatives and agents.

We conduct our business in compliance with applicable laws and shall collect, use and process data in accordance with the following laws, (whichever applicable to you)

  • Personal Data Protection Act (2012), Singapore,
  • Personal Data Protection Act, (2019), Thailand,
  • Regulation No. 11 of 2008 amended by Regulation No. 19 of 2016 (Electronic Information and Transactions) and Regulation No. 71 of 2019 (Electronic System and Transaction Operation), Indonesia,
  • Law on Electronic Data Protection (2017), Laos People’s Democratic Republic,
  • Data Privacy Act (2012), Philippines,
  • Law on Network Information Security (2015), Vietnam, Regulations and Guidelines on data privacy protection and data security.
This privacy policy sets out how we, as an organisation, will collect, use, share, disclose and protect your personal information, and the rights and alternatives available to you in connection with our use of your personal data. By visiting and/or using our Services or by otherwise voluntarily giving us your information, you agree to this Privacy Policy. You hereby expressly consent to our collection, use, sharing and disclosure of your personal data as described in this Privacy Policy. We request you to thoroughly read this Privacy Policy.

Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use.

1. Scope of the Policy
    • This Privacy Policy applies to (a) Our site “www.ouchinc.com” and all associated web pages linked to the same owned by us, (b) Our cloud-based appointment management platform known by the proprietary brand name of OUCH and the tools and services accessible via the Platform, (c) Our Mobile Application for prospective Patients known by the brand name of OUCH (d) The configuration and setup services offered by us and (e) Our customer interface channels (collectively referred to as “Services”)
    • To administer and manage your relationship with us, we will necessarily need to collect, use, disclose and/or process your personal data, to which you consent by agreeing to this privacy policy. The term “personal data” means any information that you provide to us which either directly or indirectly, whether true or not, about you or any other individual who can be identified from that data or in combination with other information we have or are likely to have access to.
    • This privacy policy states the categories of personal data collected from you, the purpose, means, modes of collection of such personal data. It also sets out how we shall use, process, retain, disclose and destroy such personal data.
    • It is necessary for us to collect and process your personal data. If you do not provide us with your personal data, or do not consent to this Privacy Policy or any amendments to this Privacy Policy, we may not be able to render all services to you and you may be required to terminate your agreement with us and/or stop accessing the Website or using our services.
    • Our Privacy and security practices in connection with the access and use of our Services are governed by the Terms of Service, which is a binding contract between you and us.
    • We engage third parties who perform services on our behalf. We may upon your express and clear consent and in accordance with the Terms of Service and in compliance with the applicable laws transfer certain Personal data to these third parties. These third parties shall have access to your information and process it to perform services/ tasks on our behalf and in a manner required by us. They shall not use such Personal Data for any other purpose and shall be bound by confidentiality.
2. Personal data we collect

We request you to voluntarily provide us with certain personal data and you hereby consent to the collection of such personal data by us. The collection of your personal data shall be strictly restricted to what is necessary for the purpose of fulfilling the purposes identified herein below. We will not collect any personal data about you unless you voluntarily choose to provide it to us or as otherwise permitted by law. The information collected by us from you may include but is not limited to;

  • Personal Data you provide voluntarily
    • We request and record personal data when you register for an account to access or utilise one or more services offered by us. We collect data such as;
      • If you are a medical practitioner or a health care provider: name, email address, phone number, gender, registration number, professional information, Name of Clinic / hospital, field of expertise/ speciality, or any other information provided by you during the use of our services which you may enter into our system voluntarily.
      • Incase of Patients or any other individuals, name , email address, phone number, symptoms, ailment/sickness, medical records and history, history of appointments previously made by you through the use of our services, insurance details, Name, Email, DOB, Gender, Location, Emergency Contact Name, Emergency Contact Phone or any other information provided by you during the use of our services which you may enter in our system voluntarily.
    • You may also voluntarily enter some personal data on our website and/or mobile platform forms and customer interface channels, which we use to contact you.
    • If you decide to avail any of our services, and make payment for the same, we may collect your billing name, billing address, Phone and payment method. We do not store your credit card or debit card number, card expiry date or other details pertaining to your credit/ debit card on our Services. We use Stripe.com for processing financial transactions on our behalf, all such third parties with whom we share your personal data for processing financial transactions on our behalf shall be bound by our non-disclosure policy. Stripe is PCI DSS compliant. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. You may further refer to Stripe Privacy policy at this link https://stripe.com/en-sg/privacy.
    • We ask for and may collect personal data from various sources, which may include but are not limited to, information you voluntarily provide us at any events, seminars, conferences, talks, promotions, surveys organised by us, and/or information we collect when you submit web forms on our websites or if you use interactive features of the websites. We record any personal information or other content that you provide to us at the time of providing feedback or registering a complaint.
B. Information we collect through our system

a. Logs and Analytics: If you use or visit our Services, we may collect information including your Internet Protocol (IP) address, web browser type, web browser version, internet service provider, the searches you undertake, language preferences, site trends, location, referring URL, timestamp information and the operating system of your computer or the operating system and version, and device model of your device.

b. We use data to collect, monitor and analyse anonymous usage statistics of our Services. We use such third-party services to optimise the functionality of our services and to make our services user friendly. We treat such data in the same manner as we treat personal data voluntarily provided by you, under this Privacy Policy. For additional information or queries regarding the privacy practices and policies, please contact us.

c. Cookies and other Tracking Technologies: We may collect personal data with the help of tracking tools like browser cookies. The term "cookies" refers to small pieces of information stored on the hard drive of your computer or computer while you view a site. The primary objective of cookies is recordkeeping and uniquely identifying your browser. We use cookies to improve the quality of our service. Cookies help us to tailor our website to best suit your preferences and provide you with and ease and convenience while accessing our Services. Not all data collected from cookies is Personal data, such information is collected for creating a better user experience. Neither we nor any other Third Parties performing services on our behalf shall use cookies to automatically retrieve personally identifiable information from your computer. If you do not wish to receive cookies, you may configure your browser either to notify you when you receive a cookie or to disable cookies. It is pertinent you understand that should you choose to disable cookies, some functions of Services may not work properly or may not work at all.

C. Information collected from other sources We may collect information which is provided, are likely to have access or made available by any third parties, law enforcement authorities, etc. We may collect such information to supplement the information that we collect directly from you for reasons including delivery of our services, performance of conditions of agreements and/or to comply with our legal and statutory obligations.

3. How we Use / Process your personal data
    • We may use the personal data that you voluntarily provide to us or that we collect from you or through other sources for the purpose of fulfilment of our obligations under our agreement with you and/or to comply with our statutory legal obligations. Without prejudice to the above, enumerated hereunder is a non-exhaustive list of the purposes for which your personal data may be used/processed;
    • To manage and regulate our Service(s) and to provide you with the content that you access and request.
    • To facilitate communication and improve our business relationship with you and to respond to your queries, requests or complaints and/or resolve any issues and disputes which may arise in connection with any dealings with us.
    • To inform you of confirmation, cancellation and/or postponement of services.
    • To verify and authenticate information or identifications provided by you to us.
    • To process or facilitate any payments relating to services requested by you.
    • To control and monitor and ensure compliance with security arrangements and policies adopted by us, and also to ensure their compliance with Personal Data Protection Act, 2012 and other legal and regulatory obligations.
    • To comply with any request or direction or lawfully disclose information required by any applicable law, regulation, direction, court order, bylaw, guidance, circular or code applicable to us.
    • To facilitate your participation in any events, meetings, seminars, conferences promotions etc. held by us. To provide you with updates and/or information on our products, services, offers, events etc.
    • To undertake marketing research, analysis, analysis of customer patterns and choices, statistical and trend analysis in relation to our services.
    • To conduct research and development operations in relation to our services, to improve our Services and for strategic business planning and development.
    • To customize our Services to best suit your interests and enhance your experience while accessing our services.
    • To provide an easy and convenient user experience while accessing our services.
    • To monitor and identify areas of our services in which improvement maybe needed.
    • To investigate, detect and prevent any fraudulent transaction, unauthorised access to the services and prohibited or illegal activity or omission or misconduct.
    • To conduct security investigations and risk management.
    • We may use information for the security of our company, customers, employees and/or our Services.
    • To enforce our Terms of Use and other policies.
We shall not use your data for any purpose, than for what it is collected. We may use your personal data for purposes not stated herein above but only with your express or implied prior consent for such use.

4. Disclosure/ sharing of information with third party
    • We shall not sell, rent, share, disclose or transfer any of your personal data to any third party without your consent and without notifying you of the purpose for such transfer or sharing. We may disclose your personal data to the following third parties, for one or more of the above stated purposes,
    • With third parties who undertake performance of services on our behalf, with third party services who host, manage and maintain our website, develop applications for us, carry on analytics and store and backup data, with third parties who process financial transactions on our behalf, these third parties shall use, retain or store information only for processing transactions and providing services on our behalf.
    • In case of a medical practitioner or health care provider, we may share your information with prospective and potential patients who shall use such information to avail your service, contact you, send you queries, send personal messages and review your Services.
    • In case of Patients or other users, we will share your personal data with doctors registered on our website who may use this information to contact you in case of cancellation or postponement of your appointment or if you have a query or enquire about a service they might offer.
    • We may upon your express consent disclose aggregate information in relation to user behaviour with actual or prospective business relationship such as advertisers and content distributors.
    • We may disclose information if requested by a governmental or investigatory authority. We may also disclose information required to be disclosed by any applicable law, regulation, direction, court order, bylaw, guidance, circular or code applicable to us.
    • With any third party involved in any proposed or actual sale of business, sale or transfer of our assets or stocks, merger, joint venture, assignment, reorganisation.
    • We may with your prior and expressed consent share personal data for reasons not described in this privacy policy with third parties.
8. Personal Data of minors
    • We do not consciously collect personal data from minors (i.e individuals under 13 years of age) and respect the privacy of minors who may inadvertently use our services and provide us with personal information. If you are a parent or a guardian we strongly recommend you to supervise the online activity of your minor children and ensure that your children do not disclose any personal information.
    • We may collect, use and disclose personal information of minors on obtaining consent for the same from the minor’s parents or guardians, who have the legal competence and parental responsibility to give such consent on behalf of the minor.
    • If you believe that we may have unknowingly collected personal data from minors without parental consent, kindly Contact us at the contact details provided hereinbelow, so that we may adopt appropriate measures to address the issue promptly and remove the information.
9. Transfer of personal data outside Singapore

We do not transfer your Personal data with third parties, unless it is necessary to fulfil our obligations to you and as permitted by law. We shall make appropriate arrangements to ensure that your data is processed in a secure manner and in compliance with applicable data protection laws.

10. Our Security Policy for your Personal Data
    • We have made reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, modification, loss, damage, disposal or similar risks of your personal data. We have adopted technical, physical, electronic, procedural administrative and organisational security measures in accordance with applicable laws and regulations and industry standards to protect your personal data.
    • Although we have used our best efforts to ensure the security of your personal data, we cannot guarantee you that your personal data will never be disclosed in a manner that is inconsistent with this Privacy Policy.
    • All our employees and intermediaries, who have access to and process your personal data, are trained in handling personal data and are required to respect the confidentiality of your personal data.
    • You therefore agree that any security breaches beyond our reasonable control are at your sole risk and discretion, we cannot and do not accept responsibility for the same. If you have any questions about our security arrangements please contact us at the Contact details provided herein under.
11. Retention

We will retain your personal data for as long as required to perform the purpose specified under this privacy policy. Upon termination of your account by cancellation or suspension, your personal data is destroyed or anonymised from our records and the system in accordance with our retention policy in the event your personal data is no longer required for the said purposes unless its further retention is required to satisfy a longer retention period to meet our operational, business, legal or other statutory requirements.

12. Links to other sites

Our Services may contain links to other third party websites. This Privacy Policy does not apply to the Privacy Practices of those websites. We do not control and assume no responsibility for the content, security or privacy policies and practices on those websites. We request you to read the privacy policies of those sites to determine how they collect, process, use, disclose and protect your personal data.

13. Additional Terms and Conditions for Certain Regions

i. Indonesia
Personal Data means and covers every individual data which is identifiable or can be identified, alone or combined with any other information directly or indirectly, through an electronic system or non-electronic system. In Indonesia Personal Data will be collected, stored, used and/or processed in compliance with our obligations under Regulation No. 11 of 2008 (Electronic Information and Transactions) amended by Regulation No. 19 of 2016 and Regulation No. 71 of 2019 (Electronic System and Transaction Operation).
a. Except as otherwise required by law, we shall acquire, use and utilise your personal data only upon your explicit consent.
b. We shall ensure and maintain the confidentiality, integrity, authenticity, accessibility, availability and traceability of your data.
c. We shall train our employees in charge or enshrined with the task of processing your data and shall have a management policy, operations work procedures and periodical audit mechanisms for our Services.
d. On our Services, we allow you to make corrections in your appointment, Cancel your appointment, Confirm or reconfirm your appointment.

e. Right to be informed in case of breach: We shall notify you in writing of any instances of breach of your Personal Data.
f. Right to be forgotten: You may make an application, requesting us to delete any irrelevant electronic information or documents under our control.
g. Right to delisting: you make request us to delist irrelevant electronic information and electronic documents from an internet search engine through a court order.
To access your rights, or in case of any concerns and/or complaints kindly contact our concerned authority at the contact details provided herein under.

ii. Laos
We shall ensure that the collection, access, use and disclosure of your data is safe and correct and in consonance with the Law on Electronic Data Protection (2017), Lao People’s Democratic Republic.
a. The term Personal Data means electronic data of individuals, legal entities or organisations. We shall not access, use or disclose your Personal Data without your permission and consent.
b. We shall collect data from you only for the purposes expressly enumerated in this policy and the collection of which you have expressly approved.
c. You are under an obligation to provide accurate and complete details and must inform of changes to your Personal Data in order to update and edit the data correctly and completely.
d. Except as otherwise permitted under law, we shall use and disclose your Personal Data that we collect, maintain or administer only upon your approval.
e. Right to Access: You have a right to access the Personal Data that you provide to us.
f. Right to update or edit: You may request us to update or edit your Personal Data, we shall use our best efforts to resolve your request promptly. We shall inform you promptly if we cannot activate your request due to technical or other issues.
g. Right to delete: We shall delete all your Personal Data that you provide to us upon your request for deletion. We have a legal right to delete your Personal Data if it is contrary to the law.
h. Right to disclosure: We shall not disclose your Personal Information to a third person until we obtain your approval for the same.
i. Transfer of Personal Data : We shall not transfer your personal Data outside Lao People’s Democratic Republic with your permission. You also have a right to subsequently deny transfer of your Personal Data and we shall stop sending or transferring data upon such request to the third person.
j. We shall not retain your Personal Data for longer than the purpose for which it is required or we shall delete your Personal Data upon expiry of the purpose for which it was collected.
k. If you have reasons to believe that your Personal Data has been damaged or is at risk, you may inform us at the Contact Information provided herein under.
To access your rights or in case of any queries relating to our privacy policies or practices kindly contact us at the Contact Information provided herein under.

iii. Philippines
We shall process your Personal Information in accordance with the Data Privacy Act of 2012. Personal Information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual, Personal Information also includes sensitive Personal Information.
a. We shall process your Personal Information lawfully only after receiving your consent for such processing and in consonance with this Privacy Policy.
b. All information shall be up-to-date and any inaccurate or incomplete data shall be rectified, supplemented, destroyed or the processing of such inaccurate or incomplete information shall be restricted.
c. Your Personal Data which includes Sensitive Personal Information shall be retained only for the fulfilment of the purposes mentioned in this Policy or if otherwise required by law.
d. Right to access: You have a right to access your Personal Information that you provide us with.
e. Right of Transmissibility: Your Lawful heirs and assigns may invoke your rights under the Act upon your death or if you are incapacited or incapable of exercising your rights.
f. Right of Data Portability: You have the right, where personal Information is processed by electronic means and in a structured and commonly used format, to obtain from us a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use by you.
Incase of questions regarding this Privacy Policy or to inorder to enforce your rights contact us at the Contact details provided herein under.

iv. Thailand
We ensure that all your data that we collect, store, use and process is done in compliance with the Personal Data Protection Act, 2019. Elucidated hereunder are additional terms applicable to citizens of Thailand.
a. The term personal data means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
b. Legal basis for processing your Personal Information: If you are a citizen of Thailand, we collect, use, process or disclose personal information, which includes prohibited information such as your health data, only for the purposes described in this Policy. We shall process your data only if we have your explicit written consent or consent via an electronic system or if the processing is necessary for complying with our legal obligations or where the processing is in our legitimate interest. If you need further clarification concerning the legal basis on which we collect and use your personal information, you may contact us at the Contact information provided hereunder.
c. Your Rights under the Personal Data Protection Act (PDPA), 2019
Residents of the Kingdom of Thailand have certain additional rights in relation to their Personal Data under the PDPA, 2019.
i. Right to withdraw consent: Except unless restricted by law, you may withdraw your consent at any time, however withdrawal of consent shall not affect the collection, use or disclosure of personal data, that you have already legally consented to. You may withdraw your consent by contacting us at the Contact information provided herein under. We shall at the time of withdrawal of your consent inform you of the consequences of such withdrawal.
ii. Right to access: Except if otherwise prohibited under law, you have a right to and are allowed access to and obtain copies of your Personal information that is processed.
iii. Right to erasure or destruction: You may request erasure or destruction or anonymization of your Personal data only under certain circumstances which include but are not limited to unlawful processing of your data, if your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you withdraw your consent etc. Please note, however, that we may need to retain certain information to comply with our legal obligations.
iv. Right to restriction of processing: You have a right to restrict the processing of Personal Data if the data is the personal data for which a request is made for its erasure or destruction, or if the data is no longer needed for the purpose of processing etc.
v. Right to data portability: You may request to obtain or send and transfer personal data to other Data Controllers in the format which is readable or commonly used by ways of automatic tools or equipment, unless it is impossible to do so due to technical reasons.
vi. Right to object: You have unless prohibited by law, a right to object to the collection, use or disclosure of your personal data.
You may exercise any of the rights listed above by contacting our Data Protection Officer at the Contact details provided hereunder. We shall make best efforts to respond to and resolve all your requests within a period of 30 days from the receipt of the request.
d. Personal data of minors: We do not consciously collect personal data from minors (i.e individuals under 20 years of age). We may collect, use and disclose personal information of minors on obtaining consent for the same from a person holding parental responsibility over the minor. If you believe that we may have unknowingly collected personal data from minors without parental consent, kindly Contact us at the contact details provided hereinbelow.
e. Transfer of Personal Data: Kindly note that you are signifying agreement to the transfer of your Personal Information outside the Kingdom of Thailand. Such transfer to which you hereby expressly consent is primarily for processing and we ensure an adequate level of protection through a series of agreements with our Service providers and in compliance with the Law.

v. Vietnam
We shall collect, edit, use, store, supply, share and disperse our Personal Data only in accordance with Law on Network Information Security (2015) and other relevant laws and regulations.
a. Personal Information means information associated with the identity of a specific person. We shall collect and process your Personal Data only upon your prior consent for such collection and processing.
b. We shall not share, disperse the collected, accessed or controlled Personal Information to any third party unless you consent to the same or if otherwise required under the law. We shall maintain the integrity of your Personal Data.
c. Right to obtain and access Personal Data: You have a right to request access and obtain Personal Data that is collected and stored by us.
d. Right to correction: You may request to check the accuracy of your personal data and may request correction of your Personal Data.
e. Right to delete: You have a right to update, change and delete your Personal Information we collect.
f. Right to restrict transfer: You may request us to stop disclosing or transferring your Personal Data to a Third Party.

vi. Singapore
We collect, use and process your data in accordance with the Personal Data Protection Act (PDPA), 2012. Details of our obligations, and your rights and other essential provisions are set out hereinbelow.

a. Accuracy of your personal data
We will make all reasonable efforts to ensure that the personal data collected by us is accurate, complete and up-to-date. We shall adopt methods to verify and authenticate the information provided by you. We shall make sure that any and/or all changes made or requested are updated in our records. We rely on the information you provide to us for performing our obligations/ Services to you, you are required to provide us with accurate and complete information and to promptly update us in the event there are any changes to your personal data. .
b. Your Rights as a User or Visitor
i. You shall, to the extent that the applicable law allows, have the right to request access to your personal data held by us.
ii. You have a right to request correction/ rectification of your personal data entrusted to us or update your personal data held by us.
iii. You have a right to request us at any time to limit the processing and use of your personal data.
iv. You may by giving notice, withdraw any consent given to us for the collection, use or disclosure of your personal data. We shall upon receipt of such notice inform you of the repercussions of withdrawing your consent. We may not allow withdrawal of consent in circumstances where it is required or authorised under this Act or any other written law. It is essential to note that your withdrawal of consent could result in legal consequences arising from such withdrawal.
If you wish to exercise any of the above-stated rights, you are required to contact us or send us a request to the Contact details specified hereinbelow. On receipt of a request for the exercise of any of the rights stated above, we shall make best efforts to respond to and resolve the same without undue delay within a period of 30 days of its receipt. If the requests received are complex or numerous we may, by giving you notice, extend this said period of 30 days to a further period of 02 months. We reserve the right to charge you an administrative fee to process your request (permitted under PDPA), we shall notify you of such fee before proceeding with your request.

c. Transfer of Personal Data outside Singapore: In fulfilling our obligations to you it may become necessary to transfer data that we collect from you to jurisdictions outside Singapore for processing and storing. By providing information to us, you are consenting to the transfer, storing and processing of that information outside Singapore in accordance with the terms of this privacy policy.

14. Privacy Policy Updates
We reserve the right to modify, revise and/or amend this Privacy Policy from time to time so as to reflect our current privacy practices. We may change the policy without sending a prior notice of the same. We will post an updated copy/ new version on our Services. Any changes to this notice will come into effect on posting to this page. You are requested to check our site periodically for such updates. If you access our Services after a notice of change has been published on our page, you hereby provide us with your consent to the changed terms.

15. Contact Us

If you have any questions regarding this Policy or about our privacy practices, you may contact our Data Protection Officer (DPO) appointed by us. We will make all efforts to ensure that any request, concerns, questions and grievances that you may have are resolved quickly and promptly. Feel free to contact our Data Protection Officer at the contact details provided below;

Name of Data Protection Officer- Mr. Anil Kumar
Business Address of the DPO - 50 Tagore Lane #05-01 B/C/D Entrepreneur Centre Singapore 787494
Business Contact of the DPO - +65 97525990
Email Address of the DPO- anil.kumar@ouchinc.com