Section 1 – Introduction and Definitions
1.1 This Data Protection Policy (“Policy”) is the personal data protection policy of Sunshine Smile Dental Implant Centre Pte Ltd, Sunshine Dental Citygate Pte Ltd, and its related entities (collectively, “Sunshine Dental”). In this Policy, the terms “Sunshine Dental”, “we”, “us” and “our” refer to Sunshine Smile Dental Implant Centre Pte Ltd, Sunshine Dental Citygate Pte Ltd, and its related entities.
1.2 Sunshine Dental is committed to protecting the personal data we collect in accordance with the principles set out in this Policy.
1.3 In accordance with the Personal Data Protection Act 2012 (2020 Rev. Ed) (“PDPA”), this Policy sets out how we may collect, use, disclose and manage your personal data. For more information on the PDPA, you may visit the Personal Data Protection Commission (“PDPC”) website (pdpc.gov.sg).
1.4 Any terms used in this Policy, such as “individuals”, “personal data” or “reasonable”, which are also defined in the PDPA, should be understood to take on the definition or interpretation as provided by the PDPA or PDPC’s Advisory Guidelines documents.
1.5 Please note that this Policy is not an exhaustive list of all the situations or scenarios concerning personal data. You may wish to approach Sunshine Dental’s Data Protection Officer for clarification on any specific situation.
1.6 This Policy will apply to and form part of the terms and conditions governing your treatment, agreements or interactions with us, whenever your personal data is handled by us. This Policy becomes binding upon the taking of any of the following steps by you :-
- proceeding with your treatment, agreements or interactions with us;
- submitting information to us via forms or other data collection means or processes (whether through a form, an interview, undergoing examinations or by other means);
- signing up / applying for dental treatment;
- attending at our clinics for visits;
- interacting with our websites, electronic forms, emails;
- calling or sending messages to us;
- transacting with us, or undergoing any treatment or process with us; and
- any other means.
1.7 This Policy supplements but does not supersede nor replace any other consents you may have previously or specifically provided to Sunshine Dental in respect of your personal data, and your consents here are in addition to any consents by you or rights given at law to Sunshine Dental to handle your personal data.
Section 2 – Personal Data
2.1 This Policy applies to “personal data”, which includes any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access to, including data in our records as may be updated from time to time.
2.2 Personal data may include, but is not limited to, your full name, passport, NRIC or FIN number, address, telephone number(s), personal email address, medical and patient history, photographs, videos, tape-recording of consultations, clinical notes, laboratory reports, radiographs, X-rays, imaging or dental scans, printouts from monitoring machines, medical and health records, name and residential address of any individual which you may have provided to us, or any other information you have submitted to us (including in the form of biometric data) in the course of your interaction with us.
2.3 NRIC, passport or other national identification numbers which are collected, used or disclosed will be handled in accordance with the applicable PDPA guidelines and to the extent necessary to accurately establish or verify the identity of the individual to a high degree of fidelity.
2.4 However, personal data does not include: (a) business contact information, i.e. an individual’s name, position name or title, business telephone number, business address, business electronic mail address, business fax number and any other similar information not provided solely for the individual’s personal purposes, (b) data that is anonymised such that the data does not identify any particular individual, and (c) data that is falsified with the intent to commit fraud.
Section 3 – Consent for collection, use and disclosure of Personal Data
3.1 By applying this Policy, you consent to our collection, use and disclosure of your personal data for the purposes that a reasonable person would consider appropriate in the circumstances.
3.2 Your provision of personal data to us is voluntary and you are deemed to consent to our collection, use or disclosure of your personal data under which it was collected.
3.3 If you have provided the personal data of others (such as your family members or next-of-kin), you warrant that you have informed those individuals of the purposes for which we are collecting their personal data and that they have consented to your disclosure of their personal data to us for those purposes.
3.4 If consent is not procured or if you fail to provide us with complete or accurate information, we may, in some situations, be prevented from providing the patient with treatment (or impaired in doing so).
Collection of personal data
3.5 Sunshine Dental endeavours to limit the collection of personal data to what is reasonable or necessary for such applicable purposes as described in this Policy.
3.6 We may collect personal data from you in the following ways, including but not limited to :-
- when you submit any form, such as the Invisalign patient consent form, patient registration forms, Clinic Assist form, any other informed consent forms or financial counselling form;
- when you are examined by our staff or medical equipment, or when you are subject to or participate in a medical examination, including but not limited to, various forms of screening (which may include the taking of biological samples or matter), or when, as a patient you are engaged in dental procedures (which may result in notes, or records being made);
- when you interact with our staff, including receptionists, customer service officers, nurses, dentists, dental associates, locums and other representatives etc. via telephone calls (which may be recorded), text messages, emails, letters, scanned documents, fax and face-to-face meetings;
- when your images and/or audio are captured by our CCTV cameras while you are within our premises, or by audio, photographs or videos taken by us or our representatives when you visit our clinic or attend events hosted by us;
- when you use our services provided through online and other technology platforms, such as our website and social media platforms and all other online platforms / technologies or tools;
- when you request that we contact you, be included in an email or other mailing list; or when you respond to our request for additional personal data, our promotions and other initiatives;
- when you are contacted by, and respond to, our staff, including receptionists, customer service officers, nurses, dentists, dental associates, agents and other service providers;
- when we receive your personal data from referral parties, public agencies (including other government agencies, third party organisations, other professionals with whom you have interacted), your representatives (or third parties engaged by you or acting for you, including concierges, assistants), your employer and other third parties;
- when you make payment or provide details to facilitate payment, or secure or administer the application of funding / benefits / subsidies;
- when we seek information from third parties about you in connection with your relationship with us, including from next-of-kin and caregivers;
- when you browse our website and you provide such information on the website;
- from publicly available sources including public social media or information you make available to the public; and
- when you submit your personal data to us for any other reasons.
Collection of personal data from third parties
3.7 We may also collect personal data about you from third parties such as :-
- your representatives / intermediaries / agents or your next-of-kin who may either be doing so on your behalf, or in connection with their own transactions, agreements or interactions with us (in which event we will endeavour to collect only such personal data as may be relevant);
- your employers; and
- your service providers (e.g. your insurers, your bank and credit card companies, etc.).
3.8 If you provide us with any personal data relating to a third party (e.g. information of your next-of-kin, spouse, children, parents, and/or employees), we rely on you and will assume that you represent that you have obtained the consent from the third party to provide us with their personal data for the respective purpose for which we are collecting such personal data.
Cookies
3.9 When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. Cookies are small text files placed in the ‘Cookies’ folder on your computer’s hard disk and allow us to remember you. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
3.10 The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
3.11 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.
Section 4 – Purposes for which Personal Data is collected, used and disclosed
4.1 We collect, use and disclose personal data for the following non-exhaustive purposes :-
- Treatment and other services
- management and coordination of your care including follow-ups and consultations;
- to disclose or share with other healthcare professionals who are involved in the care of the patient;
- contacting family members / next-of-kin / representatives and seeking consent from them in emergency / incapacity situations;
- ensuring proper and complete diagnosis and appropriate treatment including and without limitation to identifying health / treatment risks (e.g. collecting, identifying and communicating vulnerabilities, conditions, allergies, potentially adverse reactions, adverse events, device failures / issues, etc.) and monitoring appropriateness of medication usage;
- prescribing and dispensing appropriate medication;
- co-ordinating healthcare services provided by other healthcare providers;
- to contact you and/or your representatives to remind you of appointments at Sunshine Dental, or as part of your care and follow-up;
- third party laboratory service providers;
- all other purposes reasonably related to the aforesaid.
- Administration
- appointments, registration, bookings, admissions, referrals and discharge;
- processing and collecting payment for products, treatments and services;
- reimbursement for services provided to you;
- creation, storage, hosting, backup of medical records and financial and other business records;
- internal auditing, managing medical records, including answering requests for medical records, producing medical reports and associated administrative documents;
- verification of identity and conducting due diligence, screenings and credit checks;
- responding to queries or feedback;
- addressing or investigating complaints, claims or disputes;
- compliance with internal policies, procedures and directives;
- enforcing obligations owed to us;
- complying with our legal and regulatory obligations and requirements;
- all other purposes reasonably related to the aforesaid.
- Business or healthcare operations
- guarding and securing our premises;
- monitoring and assessing the provision of products and services;
- financial regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record-keeping purposes;
- business research, planning, statistical analysis and policy development;
- enhancing and improving our services, including reviewing standards of care; and
- all other purposes reasonably related to the aforesaid.
- To leverage the use of information technology (“IT”) tools and platforms as may be appropriate to provide services, such as third party IT platforms and services
- To make payment and / or facilitate claims for reimbursement, grants or subsidies, treatments etc.
- authorising payment instructions;
- payment administration with financial institutions such as your banks / payment service providers;
- liaising with government agencies, statutory bodies, organisations handling and/or administering the provision of subsidies, grants, endowments, or other funds relevant to the payment of dental services;
- liaising with financial institutions (including banks, credit card service providers) or other payment service providers to facilitate and administer payments, payments instructions, clearing or settling payment transactions;
- procuring custodial services for payments;
- disclosures to health insurers, or another party that pays for some or all of your healthcare (payor) including for the purposes of verifying their payment for your invoice; and
- all other purposes reasonably related to the aforesaid.
- Health information sharing
- sharing medical records with other healthcare providers for treatment and healthcare purposes, where required or permitted by law or pursuant to our referrals to other healthcare providers.
- Teaching, training and / or education purposes
- creating materials for teaching, training and / or education purposes for dentists, locums, students, or other staff;
- compiling patient data;
- creating case notes for case presentation or examination purposes; and
- all other purposes reasonably related to the aforesaid.
- Research
- conducting research into new treatment methods, subject to applicable laws, regulations and codes of conduct;
- improving the quality and delivery of our dental services; and
- all other purposes reasonably related to the aforesaid.
- Public health purposes
- safeguarding public health and safety and preventing or lessening the threat to your health and safety or to the health and safety of others; and
- all other purposes reasonably related to the aforesaid.
- Photography and CCTV
- any CCTV footage including photographs, videos and/or sound recordings taken in and around our premises from time to time, including our meeting and function rooms which you may be captured in will generally be kept for internal and security use, unless it is required to be disclosed by law;
- using photographs and / or recordings in our publications, websites and other communication channels, as well as in third party media, or displaying them in and around our premises provided that we have made a reasonable attempt to obtain your express consent for such use;
- except as stated in part (ii) above, any photographs and/or videos taken of you will be used solely for internal purposes related to your treatment, teaching, training / education;
- as necessary in the interests of security; and
- any other purposes reasonably related to or arising out of the aforesaid.
- To comply with applicable law / regulations
- including but not limited to, obligations under the Healthcare Services Act 2020, Infectious Diseases Act 1976, the Singapore Dental Council Ethical Code and Ethical Guidelines 2018, Dental Registration Act 1999, Computer Misuse Act 1993;
- to comply with our obligations to meet requirements under other ministries such as the Ministry of Health, Ministry of Home Affairs, Ministry of Community, Youth & Sports, the Immigration and Checkpoints Authority, the Singapore Police Force, the Singapore Dental Council (or other vocational regulatory bodies);
- reporting relevant suspected adverse drug reactions experienced by patients to the Health Sciences Authority;
- complying with court orders, directives, or applicable requests from appropriate authorities; and
- all other purposes reasonably related to the aforesaid.
4.2 We may also collect, use and disclose personal data where required or permitted by law for any purpose. Your consent may not be necessary or required in some circumstances as provided in the “Second Schedule – Collection of Personal Data without Consent”, “Third Schedule – Use of Personal Data without Consent” and “Fourth Schedule – Disclosure of Personal Data without Consent” of the PDPA, or there may be other legislation such as the Infectious Diseases Act 1976 which renders this necessary. Where the disclosure is restricted by such legislation, the obligation under such other laws will prevail.
4.3 When using your personal data to contact you for the purposes under which you have consented, we may contact you via postal mail, electronic mail, social media messaging, SMS, Whatsapp, telephone, fax or any other means.
4.4 Notwithstanding the above, Sunshine Dental has a right under the PDPA to contact such persons or execute such steps involving the handling of personal data as may be reasonably necessary to address emergencies or in situations where contact is needed to safeguard and preserve the health, safety or well-being of the patient, or to comply with our legal obligations.
Section 5 – Protection of Personal Data
5.1 Sunshine Dental will practice strong data protection as part of our IT policies and procedures, and in compliance with legal and regulatory obligations including under the Healthcare Services Act 2020, Infectious Diseases Act 1976, the Singapore Dental Council Ethical Code and Ethical Guidelines 2018, Dental Registration Act 1999, Computer Misuse Act 1993 etc. We will take reasonable efforts to protect personal data in our possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
5.2 However, we cannot completely guarantee the security of any personal data we may have collected from or about you. While we take reasonable efforts to protect your personal data held by us, we cannot be held responsible for unauthorised and unintended access that is beyond our control. We cannot ensure the security of the information you transmit to us via the Internet, and we urge you to take every precaution to protect your personal data when you are on the Internet. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
Section 6 – Retention of Personal Data
6.1 Sunshine Dental will retain such personal data as may be required for business or legal purposes, and such purposes will vary according to the circumstances. However, personal data will not be retained for longer than necessary for the purposes under which it was collected unless there are business, industry and/or legal requirements for the retention of such.
6.2 We will securely dispose of or anonymise personal data which we reasonably determine is no longer necessary and will not generally hold on to such data on a ‘just in case’ basis. However, it is in the interests of any individual treating the patient to be able to refer to a complete set of medical records to avoid risks to patient health and safety.
6.3 We will retain employee personal data for a reasonable period for up to 7 years in accordance with its legal and business purposes, even after the person ceases to be employed by Sunshine Dental. In relation to medical data, we will retain medical records in accordance with the duration stipulated by the Ministry of Health.
6.4 With respect to the medical records of patients, unless specific instructions to the contrary are received from the patient, Sunshine Dental may (but is not obliged to) retain such medical records for as long as Sunshine Dental may potentially be consulted for further follow-up by (or on behalf of) the patient even where such consultation may not occur until after such a substantial period of time or there is no current or present indication that the patient may well return for further consultation or follow-up.
6.5 We will comply with all laws and regulations requiring us to retain medical records for legal, regulatory and compliance purposes, such as the National Electronic Health Records (“NEHR”) system.
Section 7 – Transfer of Data to Third Parties
7.1 We may disclose the personal data to third parties, whether located in Singapore or elsewhere, in order to achieve the purposes stated in this Policy. Such third parties include :-
- the dentists and other healthcare professionals who treat or have treated you, and their respective staff;
- the Central Provident Fund Board of Singapore and/or your health insurance provider, for payment processing purposes;
- our service providers, contractors and agents;
- our professional advisers such as auditors and lawyers;
- third parties that you have used to obtain or request our products and services, including referral agencies, business introducers, travel agencies or similar service providers;
- healthcare providers, agencies or facilities for the purposes of information sharing and exchange via the NEHR system or other health information exchange systems, where such disclosure is required or permitted by law;
- regulatory authorities, any statutory bodies or public agencies for the purposes of complying with their respective requirements, policies and directives or where such disclosure is required or permitted by law, including the Ministry of Health, Health Sciences Authority, the coroner and the police and other law enforcement agencies;
- funeral homes and crematoria, where such disclosure is required or permitted by law;
- national registers and databases for various dental / medical conditions, diseases and transplants; and
- accreditation or representative bodies for dental care providers, agencies, facilities or healthcare professionals, where such disclosure is required or permitted by law; and/or
- anyone involved in your care or payment for your care (including a family member, friend or your caregiver); and
- anyone you have authorized us to disclose your personal data to.
7.2 In any event, if we are required to transfer your personal data to an organisation or country located outside of Singapore for any reason, we will take all reasonable steps practicable to verify that the organisation or country provides a standard of data protection is comparable to that under the PDPA.
Section 8 – Accuracy
8.1 We rely on you and will assume that you have ensured that all personal data submitted to us is complete, accurate, true and correct.
8.2 If you provide us with any personal data relating to a third party (e.g. information of your next-of-kin, spouse, children, parents, and/or employees), we rely on you and will assume that you have ensured that all personal data submitted to us in relation to the third party is complete, accurate, true and correct.
Section 9 – Withdrawal of Consent, Access and Correction
Withdrawal of Consent
9.1 You are entitled to withhold or withdraw consent to the collection, use or disclosure of your personal data. You may do so at any time when you are asked for consent, and may apply the process / method to withdraw your consent as stated in paragraph 11.1 of this Policy (see below, Section 11 – Contact Us).
9.2 However, withholding or withdrawal of your consent may impact our ability to proceed with your treatment, agreements or interactions with us, such as the following :-
- where it becomes unsafe or unlawful for us to provide (or continue to provide) medical treatment without the ability to collect, use or disclose personal data; and
- where it may not be possible, without undue risk, cost or liability to Sunshine Dental, to proceed with a particular treatment, agreement or interaction with you, and we may be left with no choice but to cease or refrain from the same.
9.3 We will take the approach that best safeguards us, you and others from risks and we may have to decline to proceed with the treatment in question to avoid causing harm or exposing us, you or others to risk.
9.4 However, any withholding or withdrawal of your consent will not prevent us from exercising our legal rights (including any remedies, or undertaking any steps as we may be entitled to at law).
Access and correction
9.5 You may access and/or request to correct the data currently in our possession at any time, and may contact our Data Protection Officer and apply the process / method to withdraw your consent as stated in paragraph 11.1 of this Policy (see below, Section 11 – Contact Us).
9.6 We will process your request in accordance with the access and correction requirements of the PDPA. For an access request, we will provide you with the relevant personal data within a reasonable time after the request has been made. A fee may be charged for processing an access request. For a correction request, we will correct your personal data as soon as practicable after the request has been made unless we have reasonable grounds not to do so.
9.7 Where the patient is a minor, we will, unless otherwise alerted with due proof of contrary authorisation / order, make the reasonable assumption that each parent (meaning both parents, whether married, separated or divorced) has full rights of access to the minor patient’s personal data unless otherwise alerted with due proof of contrary authorisation / order, or where our staff take the view that such access could jeopardize the health, safety or well-being of any person.
9.8 Should any patient of legal age of majority (i.e. above 21 years of age), with full legal capacity, wish for Sunshine Dental to limit access to his / her personal data or include only certain named persons in the handling / administration of any personal data or matters concerning the individual’s healthcare, we will respect these decisions, subject to appropriate verifications / processes to ensure that such instructions are properly given.
Section 10 – Amendments and Updates to this Policy
10.1 We may update this Policy from time to time to ensure that our standards and practices remain relevant, are up to date, and comply with the applicable laws and guidelines, including the prevailing PDPA at the operative time. The latest version of this Policy will be made available on our website at data protection policy, and supersedes earlier versions and will apply to personal data provided to us previously. We encourage you to review this page periodically to keep up to date with any changes to this Policy.
Section 11 – Contact Us
11.1 If you :-
- have any queries, concerns or feedback relating to your personal data or this policy; or
- wish to withdraw or withhold your consent to any use of your personal data as set out in this policy; or
- wish to obtain access or make corrections to your personal data records; or
- if you do not accept any amendments to this Policy,
- you may contact our Data Protection Officer at cust_svc@sunshinedental.com.sg.
11.2 Please note that if your personal data has been provided to us by a third party (e.g. other dentists who have referred you to us), you should contact such parties directly to make any queries, feedback or access and correction requests to Sunshine Dental on your behalf.