Last Updated: 23.09.2021
We at OUCH are strongly committed to protecting your privacy and providing you a safe and secure experience while accessing our Services. We respect the privacy of your personal data and undertake to ensure that the data that you provide us with will be treated only in the manner described in this policy.
The terms “we”, “us”, and “Ouch” refer to; (a) Our site “ www.ouchinc.com” and all associated web pages linked to the same owned by us, (b) Our cloud-based appointment management platform known by the proprietary brand name of OUCH and the tools and services accessible via the Platform, (c) Our Mobile Application for prospective Patients known by the brand name of OUCH (d) The configuration and setup services offered by us and (e) Our customer interface channels (collectively referred to as “Services”), and the terms “you” and “your” refer to a User (which includes a “medical practitioner”, “healthcare provider”, whether an individual, organisation or group and/or “patients”, “individuals”) accessing our services and/or Visitor of our Services.
If you are a corporate entity or an organisation, references to the terms “you” and “your” shall include your employees, representatives and agents.
We conduct our business in compliance with applicable laws and shall collect, use and process data in accordance with the following laws, (whichever applicable to you)
- Personal Data Protection Act (2012), Singapore,
- Personal Data Protection Act, (2019), Thailand,
- Regulation No. 11 of 2008 amended by Regulation No. 19 of 2016 (Electronic Information and Transactions) and Regulation No. 71 of 2019 (Electronic System and Transaction Operation), Indonesia,
- Law on Electronic Data Protection (2017), Laos People’s Democratic Republic,
- Data Privacy Act (2012), Philippines,
- Law on Network Information Security (2015), Vietnam, Regulations and Guidelines on data privacy protection and data security.
1. Scope of the Policy
- Our Privacy and security practices in connection with the access and use of our Services are governed by the Terms of Service, which is a binding contract between you and us.
- We engage third parties who perform services on our behalf. We may upon your express and clear consent and in accordance with the Terms of Service and in compliance with the applicable laws transfer certain Personal data to these third parties. These third parties shall have access to your information and process it to perform services/ tasks on our behalf and in a manner required by us. They shall not use such Personal Data for any other purpose and shall be bound by confidentiality.
2. Personal data we collect
We request you to voluntarily provide us with certain personal data and you hereby consent to the collection of such personal data by us. The collection of your personal data shall be strictly restricted to what is necessary for the purpose of fulfilling the purposes identified herein below. We will not collect any personal data about you unless you voluntarily choose to provide it to us or as otherwise permitted by law. The information collected by us from you may include but is not limited to;
- Personal Data you provide voluntarily
- We request and record personal data when you register for an account to access or utilise one or more services offered by us. We collect data such as;
- If you are a medical practitioner or a health care provider: name, email address, phone number, gender, registration number, professional information, Name of Clinic / hospital, field of expertise/ speciality, or any other information provided by you during the use of our services which you may enter into our system voluntarily.
- Incase of Patients or any other individuals, name , email address, phone number, symptoms, ailment/sickness, medical records and history, history of appointments previously made by you through the use of our services, insurance details, Name, Email, DOB, Gender, Location, Emergency Contact Name, Emergency Contact Phone or any other information provided by you during the use of our services which you may enter in our system voluntarily.
- You may also voluntarily enter some personal data on our website and/or mobile platform forms and customer interface channels, which we use to contact you.
- We ask for and may collect personal data from various sources, which may include but are not limited to, information you voluntarily provide us at any events, seminars, conferences, talks, promotions, surveys organised by us, and/or information we collect when you submit web forms on our websites or if you use interactive features of the websites. We record any personal information or other content that you provide to us at the time of providing feedback or registering a complaint.
- We request and record personal data when you register for an account to access or utilise one or more services offered by us. We collect data such as;
B. Information we collect through our system
a. Logs and Analytics: If you use or visit our Services, we may collect information including your Internet Protocol (IP) address, web browser type, web browser version, internet service provider, the searches you undertake, language preferences, site trends, location, referring URL, timestamp information and the operating system of your computer or the operating system and version, and device model of your device.
C. Information collected from other sources We may collect information which is provided, are likely to have access or made available by any third parties, law enforcement authorities, etc. We may collect such information to supplement the information that we collect directly from you for reasons including delivery of our services, performance of conditions of agreements and/or to comply with our legal and statutory obligations.
3. How we Use / Process your personal data
- We may use the personal data that you voluntarily provide to us or that we collect from you or through other sources for the purpose of fulfilment of our obligations under our agreement with you and/or to comply with our statutory legal obligations. Without prejudice to the above, enumerated hereunder is a non-exhaustive list of the purposes for which your personal data may be used/processed;
- To manage and regulate our Service(s) and to provide you with the content that you access and request.
- To facilitate communication and improve our business relationship with you and to respond to your queries, requests or complaints and/or resolve any issues and disputes which may arise in connection with any dealings with us.
- To inform you of confirmation, cancellation and/or postponement of services.
- To verify and authenticate information or identifications provided by you to us.
- To process or facilitate any payments relating to services requested by you.
- To control and monitor and ensure compliance with security arrangements and policies adopted by us, and also to ensure their compliance with Personal Data Protection Act, 2012 and other legal and regulatory obligations.
- To comply with any request or direction or lawfully disclose information required by any applicable law, regulation, direction, court order, bylaw, guidance, circular or code applicable to us.
- To facilitate your participation in any events, meetings, seminars, conferences promotions etc. held by us. To provide you with updates and/or information on our products, services, offers, events etc.
- To undertake marketing research, analysis, analysis of customer patterns and choices, statistical and trend analysis in relation to our services.
- To conduct research and development operations in relation to our services, to improve our Services and for strategic business planning and development.
- To customize our Services to best suit your interests and enhance your experience while accessing our services.
- To provide an easy and convenient user experience while accessing our services.
- To monitor and identify areas of our services in which improvement maybe needed.
- To investigate, detect and prevent any fraudulent transaction, unauthorised access to the services and prohibited or illegal activity or omission or misconduct.
- To conduct security investigations and risk management.
- We may use information for the security of our company, customers, employees and/or our Services.
We shall not use your data for any purpose, than for what it is collected. We may use your personal data for purposes not stated herein above but only with your express or implied prior consent for such use.
4. Disclosure/ sharing of information with third party
- We shall not sell, rent, share, disclose or transfer any of your personal data to any third party without your consent and without notifying you of the purpose for such transfer or sharing. We may disclose your personal data to the following third parties, for one or more of the above stated purposes,
- With third parties who undertake performance of services on our behalf, with third party services who host, manage and maintain our website, develop applications for us, carry on analytics and store and backup data, with third parties who process financial transactions on our behalf, these third parties shall use, retain or store information only for processing transactions and providing services on our behalf.
- In case of a medical practitioner or health care provider, we may share your information with prospective and potential patients who shall use such information to avail your service, contact you, send you queries, send personal messages and review your Services.
- In case of Patients or other users, we will share your personal data with doctors registered on our website who may use this information to contact you in case of cancellation or postponement of your appointment or if you have a query or enquire about a service they might offer.
- We may upon your express consent disclose aggregate information in relation to user behaviour with actual or prospective business relationship such as advertisers and content distributors.
- We may disclose information if requested by a governmental or investigatory authority. We may also disclose information required to be disclosed by any applicable law, regulation, direction, court order, bylaw, guidance, circular or code applicable to us.
- With any third party involved in any proposed or actual sale of business, sale or transfer of our assets or stocks, merger, joint venture, assignment, reorganisation.
8. Personal Data of minors
- We do not consciously collect personal data from minors (i.e individuals under 13 years of age) and respect the privacy of minors who may inadvertently use our services and provide us with personal information. If you are a parent or a guardian we strongly recommend you to supervise the online activity of your minor children and ensure that your children do not disclose any personal information.
- We may collect, use and disclose personal information of minors on obtaining consent for the same from the minor’s parents or guardians, who have the legal competence and parental responsibility to give such consent on behalf of the minor.
- If you believe that we may have unknowingly collected personal data from minors without parental consent, kindly Contact us at the contact details provided hereinbelow, so that we may adopt appropriate measures to address the issue promptly and remove the information.
9. Transfer of personal data outside Singapore
We do not transfer your Personal data with third parties, unless it is necessary to fulfil our obligations to you and as permitted by law. We shall make appropriate arrangements to ensure that your data is processed in a secure manner and in compliance with applicable data protection laws.
10. Our Security Policy for your Personal Data
- We have made reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, modification, loss, damage, disposal or similar risks of your personal data. We have adopted technical, physical, electronic, procedural administrative and organisational security measures in accordance with applicable laws and regulations and industry standards to protect your personal data.
- All our employees and intermediaries, who have access to and process your personal data, are trained in handling personal data and are required to respect the confidentiality of your personal data.
- You therefore agree that any security breaches beyond our reasonable control are at your sole risk and discretion, we cannot and do not accept responsibility for the same. If you have any questions about our security arrangements please contact us at the Contact details provided herein under.
12. Links to other sites
13. Additional Terms and Conditions for Certain Regions
Personal Data means and covers every individual data which is identifiable or can be identified, alone or combined with any other information directly or indirectly, through an electronic system or non-electronic system. In Indonesia Personal Data will be collected, stored, used and/or processed in compliance with our obligations under Regulation No. 11 of 2008 (Electronic Information and Transactions) amended by Regulation No. 19 of 2016 and Regulation No. 71 of 2019 (Electronic System and Transaction Operation).
a. Except as otherwise required by law, we shall acquire, use and utilise your personal data only upon your explicit consent.
b. We shall ensure and maintain the confidentiality, integrity, authenticity, accessibility, availability and traceability of your data.
c. We shall train our employees in charge or enshrined with the task of processing your data and shall have a management policy, operations work procedures and periodical audit mechanisms for our Services.
d. On our Services, we allow you to make corrections in your appointment, Cancel your appointment, Confirm or reconfirm your appointment.
e. Right to be informed in case of breach: We shall notify you in writing of any instances of breach of your Personal Data.
f. Right to be forgotten: You may make an application, requesting us to delete any irrelevant electronic information or documents under our control.
g. Right to delisting: you make request us to delist irrelevant electronic information and electronic documents from an internet search engine through a court order.
To access your rights, or in case of any concerns and/or complaints kindly contact our concerned authority at the contact details provided herein under.
We shall ensure that the collection, access, use and disclosure of your data is safe and correct and in consonance with the Law on Electronic Data Protection (2017), Lao People’s Democratic Republic.
a. The term Personal Data means electronic data of individuals, legal entities or organisations. We shall not access, use or disclose your Personal Data without your permission and consent.
b. We shall collect data from you only for the purposes expressly enumerated in this policy and the collection of which you have expressly approved.
c. You are under an obligation to provide accurate and complete details and must inform of changes to your Personal Data in order to update and edit the data correctly and completely.
d. Except as otherwise permitted under law, we shall use and disclose your Personal Data that we collect, maintain or administer only upon your approval.
e. Right to Access: You have a right to access the Personal Data that you provide to us.
f. Right to update or edit: You may request us to update or edit your Personal Data, we shall use our best efforts to resolve your request promptly. We shall inform you promptly if we cannot activate your request due to technical or other issues.
g. Right to delete: We shall delete all your Personal Data that you provide to us upon your request for deletion. We have a legal right to delete your Personal Data if it is contrary to the law.
h. Right to disclosure: We shall not disclose your Personal Information to a third person until we obtain your approval for the same.
i. Transfer of Personal Data : We shall not transfer your personal Data outside Lao People’s Democratic Republic with your permission. You also have a right to subsequently deny transfer of your Personal Data and we shall stop sending or transferring data upon such request to the third person.
j. We shall not retain your Personal Data for longer than the purpose for which it is required or we shall delete your Personal Data upon expiry of the purpose for which it was collected.
k. If you have reasons to believe that your Personal Data has been damaged or is at risk, you may inform us at the Contact Information provided herein under.
To access your rights or in case of any queries relating to our privacy policies or practices kindly contact us at the Contact Information provided herein under.
We shall process your Personal Information in accordance with the Data Privacy Act of 2012. Personal Information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual, Personal Information also includes sensitive Personal Information.
b. All information shall be up-to-date and any inaccurate or incomplete data shall be rectified, supplemented, destroyed or the processing of such inaccurate or incomplete information shall be restricted.
c. Your Personal Data which includes Sensitive Personal Information shall be retained only for the fulfilment of the purposes mentioned in this Policy or if otherwise required by law.
d. Right to access: You have a right to access your Personal Information that you provide us with.
e. Right of Transmissibility: Your Lawful heirs and assigns may invoke your rights under the Act upon your death or if you are incapacited or incapable of exercising your rights.
f. Right of Data Portability: You have the right, where personal Information is processed by electronic means and in a structured and commonly used format, to obtain from us a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use by you.
We ensure that all your data that we collect, store, use and process is done in compliance with the Personal Data Protection Act, 2019. Elucidated hereunder are additional terms applicable to citizens of Thailand.
a. The term personal data means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
b. Legal basis for processing your Personal Information: If you are a citizen of Thailand, we collect, use, process or disclose personal information, which includes prohibited information such as your health data, only for the purposes described in this Policy. We shall process your data only if we have your explicit written consent or consent via an electronic system or if the processing is necessary for complying with our legal obligations or where the processing is in our legitimate interest. If you need further clarification concerning the legal basis on which we collect and use your personal information, you may contact us at the Contact information provided hereunder.
c. Your Rights under the Personal Data Protection Act (PDPA), 2019
Residents of the Kingdom of Thailand have certain additional rights in relation to their Personal Data under the PDPA, 2019.
i. Right to withdraw consent: Except unless restricted by law, you may withdraw your consent at any time, however withdrawal of consent shall not affect the collection, use or disclosure of personal data, that you have already legally consented to. You may withdraw your consent by contacting us at the Contact information provided herein under. We shall at the time of withdrawal of your consent inform you of the consequences of such withdrawal.
ii. Right to access: Except if otherwise prohibited under law, you have a right to and are allowed access to and obtain copies of your Personal information that is processed.
iii. Right to erasure or destruction: You may request erasure or destruction or anonymization of your Personal data only under certain circumstances which include but are not limited to unlawful processing of your data, if your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you withdraw your consent etc. Please note, however, that we may need to retain certain information to comply with our legal obligations.
iv. Right to restriction of processing: You have a right to restrict the processing of Personal Data if the data is the personal data for which a request is made for its erasure or destruction, or if the data is no longer needed for the purpose of processing etc.
v. Right to data portability: You may request to obtain or send and transfer personal data to other Data Controllers in the format which is readable or commonly used by ways of automatic tools or equipment, unless it is impossible to do so due to technical reasons.
vi. Right to object: You have unless prohibited by law, a right to object to the collection, use or disclosure of your personal data.
You may exercise any of the rights listed above by contacting our Data Protection Officer at the Contact details provided hereunder. We shall make best efforts to respond to and resolve all your requests within a period of 30 days from the receipt of the request.
d. Personal data of minors: We do not consciously collect personal data from minors (i.e individuals under 20 years of age). We may collect, use and disclose personal information of minors on obtaining consent for the same from a person holding parental responsibility over the minor. If you believe that we may have unknowingly collected personal data from minors without parental consent, kindly Contact us at the contact details provided hereinbelow.
e. Transfer of Personal Data: Kindly note that you are signifying agreement to the transfer of your Personal Information outside the Kingdom of Thailand. Such transfer to which you hereby expressly consent is primarily for processing and we ensure an adequate level of protection through a series of agreements with our Service providers and in compliance with the Law.
We shall collect, edit, use, store, supply, share and disperse our Personal Data only in accordance with Law on Network Information Security (2015) and other relevant laws and regulations.
a. Personal Information means information associated with the identity of a specific person. We shall collect and process your Personal Data only upon your prior consent for such collection and processing.
b. We shall not share, disperse the collected, accessed or controlled Personal Information to any third party unless you consent to the same or if otherwise required under the law. We shall maintain the integrity of your Personal Data.
c. Right to obtain and access Personal Data: You have a right to request access and obtain Personal Data that is collected and stored by us.
d. Right to correction: You may request to check the accuracy of your personal data and may request correction of your Personal Data.
e. Right to delete: You have a right to update, change and delete your Personal Information we collect.
f. Right to restrict transfer: You may request us to stop disclosing or transferring your Personal Data to a Third Party.
We collect, use and process your data in accordance with the Personal Data Protection Act (PDPA), 2012. Details of our obligations, and your rights and other essential provisions are set out hereinbelow.
a. Accuracy of your personal data
We will make all reasonable efforts to ensure that the personal data collected by us is accurate, complete and up-to-date. We shall adopt methods to verify and authenticate the information provided by you. We shall make sure that any and/or all changes made or requested are updated in our records. We rely on the information you provide to us for performing our obligations/ Services to you, you are required to provide us with accurate and complete information and to promptly update us in the event there are any changes to your personal data. .
b. Your Rights as a User or Visitor
i. You shall, to the extent that the applicable law allows, have the right to request access to your personal data held by us.
ii. You have a right to request correction/ rectification of your personal data entrusted to us or update your personal data held by us.
iii. You have a right to request us at any time to limit the processing and use of your personal data.
iv. You may by giving notice, withdraw any consent given to us for the collection, use or disclosure of your personal data. We shall upon receipt of such notice inform you of the repercussions of withdrawing your consent. We may not allow withdrawal of consent in circumstances where it is required or authorised under this Act or any other written law. It is essential to note that your withdrawal of consent could result in legal consequences arising from such withdrawal.
If you wish to exercise any of the above-stated rights, you are required to contact us or send us a request to the Contact details specified hereinbelow. On receipt of a request for the exercise of any of the rights stated above, we shall make best efforts to respond to and resolve the same without undue delay within a period of 30 days of its receipt. If the requests received are complex or numerous we may, by giving you notice, extend this said period of 30 days to a further period of 02 months. We reserve the right to charge you an administrative fee to process your request (permitted under PDPA), we shall notify you of such fee before proceeding with your request.
15. Contact Us
If you have any questions regarding this Policy or about our privacy practices, you may contact our Data Protection Officer (DPO) appointed by us. We will make all efforts to ensure that any request, concerns, questions and grievances that you may have are resolved quickly and promptly. Feel free to contact our Data Protection Officer at the contact details provided below;
Name of Data Protection Officer- Mr. Anil Kumar
Business Address of the DPO – 50 Tagore Lane #05-01A Entrepreneur Centre Singapore 787494
Business Contact of the DPO – +65 97525990
Email Address of the DPO- firstname.lastname@example.org