Integrated Health information Systems Pte. Ltd. (collectively “IHiS”, “us”, “we” or “our”) are committed to protecting the rights and privacy of individuals in accordance with the Singapore Personal Data Protection Act 2012 (the “PDPA”).
https://www.healthhub.sg/. Each time you use our websites and/or mobile and web-based applications, and any updates, upgrades, new versions, documentation and content and services provided by or through the websites and/or mobile and web-based applications (collectively referred to as
Do note that, with effect from 1 December 2020, IHiS owns and operates the HealthHub website at
https://www.healthhub.sg/ and the associated app and any updates, upgrades, new versions, documentation and content and services provided by or through them (each, and collectively, “HealthHub”), having taken over the operation of HealthHub from the Health Promotion Board.
1. Your / Another Person's Personal Data
Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. For example, “Mr ABC, 40 years old, talent acquisition manager, lives at 12 Ang Mo Kio Central 3” could constitute data that falls under (b).
The definition does not extend to (a) business contact information; (b) personal data about an individual that is contained in a record that has been in existence for at least 100 years; (c) personal data about a deceased individual who has been dead for more than 10 years; or (d) anonymised data. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual.
The exact type of personal Data that may apply in your case will vary depending on how you have interacted with us. Some examples of such Personal Data you may provide to us include:
Personal details (e.g. name, NRIC, FIN, passport or other identification number, contact details, residential address, personal email address, nationality, medical history and background, and/or income levels);
images and biometrics (e.g. photographs, voice and video recordings of you, including our conversations with you, using fingerprint mapping and facial recognition for verification or other purposes);
your personal opinions made known to us (e.g. through feedback or surveys); and
other electronic data or information relating to you through your usage of our products and services or as part of their delivery to you (e.g. location data, IP address, activity logs, cookies, device carrier/operating system and connection type).
Any reference to “Personal Data” also includes such data that may be provided by you on behalf of another person pursuant to Clause 3 below.
References to “includes,” “including”, “including but not limited to”, “including without limitation” and words or phrases of similar import shall be deemed to have the same meaning and the words “includes(s)” and “including” shall not be deemed to be terms of limitation but rather be deemed to be followed by the words “without limitation”.
In relation to Personal Data, “processing” refers to the carrying out of any operations or set of operations on the Personal Data and including any collecting, recording, holding, storing, adaptation or alteration, retrieval, combination, transmission, erasure or destruction of Personal Data.
2. Use and Collection of Personal Data
IHiS may use your Personal Data (a) for the purposes identified below or separately communicated to you; (b) to fulfil legitimate business interests and/or contractual and legal obligations; and (c) to comply with applicable laws, regulations and/or requirements from government agencies, regulatory bodies, statutory boards or other relevant bodies in Singapore.
Generally, IHiS may collect your Personal Data in the following ways:
when you submit forms, applications, requests or feedback to us;
when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
when you interact with our customer service officers, for example, via telephone calls, letters, face-to-face meetings, social media platforms and/or emails;
when you use our electronic services, mobile and web-based applications or interact with us via any of our websites or mobile or web-based applications or use the services on any of our websites or mobile or web-based applications which may utilise various technologies to collect data (which may include Personal Data) automatically either by us or by third parties on behalf of us;
when you respond to our request(s) for additional Personal Data;
when we receive your Personal Data from referral parties, government ministries or agencies, regulators, statutory boards, Public Healthcare Institutions, public agencies, your employer and/or other third parties;
when you attend or participate in our events or activities (e.g. public forums or events) and your voice and/or image data is captured on cameras, audio and/or video recordings;
when you respond to our initiatives;
from third parties, including social networks (such as Facebook, LinkedIn or YouTube), when you consent to such third parties disclosing information about you to us that those third parties have collected, whether by logging into or through the social plug-ins on our websites or mobile or web-based applications or otherwise; and
when you submit your Personal Data to us for any other reason.
As a website or app, HealthHub may also use some of the following technologies in the services and functionalities in HealthHub. Examples of some of the technologies which may be used (either by us or by third parties on behalf of us) by or in our electronic services, websites and mobile and web-based applications to collect, use and/or disclose Personal Data include the following:
Authentication confirmations from biometric data services. We do not store biometric data, but may interface with third party biometric data services (such as SingPass which uses biometric-enabled authentication processes for user login) to authenticate your identity when you seek to access HealthHub services.
Click-stream data. A visit to one of our websites or use of our mobile or web-based applications result in data that is transmitted from your browser to our server being automatically collected and stored by us or by third parties on behalf of us. This data can include the following:
the visitor's IP address;
the date and time of the visit;
the referral URL (the site from which the visitor has come);
the pages visited and action taken on our website or mobile or web-based applications; and
information about the device, mobile carrier and browser used (browser type and version, operating system, etc).
Web beacons and tracking links. Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our emails, website or mobile or web-based applications. In conjunction with cookies, these are primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
Unique application numbers. Certain services include a unique application number. This number and information about your installation of the application (for example, the operating system type and application version number) may be sent to us when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
Local Storage. We may collect and store information (including Personal Data) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches. Such information may include your self-added medication list and medication reminders.
3. Accessing the Personal Data of Others on HealthHub
You may give authorisation to your caregiver to use HealthHub to access your Personal Data. To do so, you will need to provide your National Identification Number (NRIC / FIN / Passport) (“NIN”), as well as the caregiver’s NIN, name, email and contact number. Additionally, if you are a parent, you may also apply to access your child’s Personal Data if your child is a minor (under 21 years of age). Where so, by applying to obtain or to grant such access, you represent to us that:
you are authorised to do so;
you have obtained the consent of the third party to provide us with his/her Personal Data for the respective purposes;
you agree to fully indemnify us in respect of any regulatory penalties, claims or proceedings by any third party(ies) and any proceedings, investigations, orders, directions, judgments issued by a court, statutory body or regulatory authority, in connection with the provision of his/her/their Personal Data.
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested or process your application.
Purposes Related to Your Use of Personal Data on HealthHub
Generally, IHiS may collect, use and/or disclose your Personal Data for the following purposes:
setting up your account with us and managing your use and access of HealthHub;
facilitating your use of our online and mobile services such as the healthcare management programmes and/or the transactional e-services like e-appointments and e-payments;
(subject to and in accordance with agreements executed with the relevant Public Healthcare Institutions specifying security and Personal Data safeguards) integrating onto healthcare computer systems and applications operated or managed by the Public Healthcare Institutions in order to provide you with the healthcare services (including medical, dental, health-screening and immunisation services) and any programmes related to promotion of good health, healthy lifestyles and prevention and detection of diseases. The institutions include but are not limited to the National Electronic Health Record system managed by the Ministry of Health, the SingHealth Online Appointment System and National Healthcare Group Polyclinics Online Appointment System or any healthcare institutions under the Ministry of Health.
managing your relationship with us by personalising our services and recommending content related to your health and our services and informing you about service upgrades and updates;
carrying out security and safety measures and services such as performing network or service enhancement and protecting our platforms from unauthorised access or use;
carrying out market-related, evaluation or similar research and analysis for our operational strategy and policy planning purposes, including providing data to authorised external parties for any purposes to review, develop and improve the quality of healthcare products and services;
verifying your identity and such other information provided by you, including but not limited to the relationship between yourself and a third party dependent or the relationship between yourself and a third party caregiver;
managing the administrative and business operations more effectively such as attending to your queries, feedback and/or complaints and complying with our internal record keeping for meeting any applicable laws and regulations;
facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
carrying out due diligence in accordance with legal and regulatory obligations or our risk management procedures and policies such as conducting audits to prevent, detect and investigate crime or offences or uncover non-conforming processes;
monitoring or recording phone calls and customer-facing interactions for quality assurance, and identity verification purposes;
in connection with any claims, actions or proceedings (including but not limited to the drafting and reviewing of documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
with consents specifically obtained through (or in connection with) national systems such as MyInfo, collecting your profile to compile demographics, user preferences (e.g. likes, topics of interests) and other Personal Data to facilitate your future / further requests in HealthHub and increase your ease of use of HealthHub;
(where necessary) sending a personalised notification to you in relation to your login and use of HealthHub whether this is in-app or (where you consent) for your usage of other apps connected with HealthHub;
complying with any request or direction of any government authority or public agencies, ministries, statutory boards or similar authorities or non-governmental agencies authorised to carry out specific Government services and duties; and
any other purpose reasonably related to the aforesaid.
To conduct our operations more smoothly, we may disclose the Personal Data you have provided to us to our third-party services providers, agents and/or affiliates or related corporations (“External Parties”) for such External Parties to process your Personal Data based on your requested services for one or more of the above stated reasons or purposes. An External Party may be sited locally or outside Singapore.
If we need to use your Personal Data for any other purposes, we will notify you and obtain your consent beforehand in accordance with the requirements of applicable data protection laws.
4. Accuracy of Personal Data
We will take appropriate and reasonable steps to ensure the accuracy and correctness of the Personal Data that we collect, use and/or disclose. To enable us to ensure the quality and accuracy of Personal Data, you have an obligation to provide accurate and up-to-date information to us.
5. How We Protect Your Personal Data
We will take reasonable efforts to protect the Personal Data in our possession or under our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, e.g. that no harmful code (such as viruses, bugs, Trojan horses, spyware or adware) will enter our website.
6. How Long Do We Retain Your Personal Data
We retain Personal Data as may be required for business, legal, regulatory or compliance purposes, and such purposes do vary according to the circumstances. We will take reasonable steps to dispose or anonymise Personal Data that is no longer needed. With regard to medical data that we process, we will retain medical records in accordance with the duration stipulated by the Ministry of Health or/and in adherence with contractual agreements.
7. Transfer of Personal Data Outside Singapore
Generally, we do not transfer Personal Data out of Singapore, except to our approved third party services providers for applicable services. Should we do so, we will ensure there is compliance with the requirements under the PDPA.
8. Third Party Sites
This site may contain links to sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to check the privacy notices of these other websites to determine how they will handle any information they collect from you.
9. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data
You are entitled to withdraw your consent for the collection, use and disclosure of your Personal Data at any time. However, depending on the nature of the withdrawal, it may become impossible for IHiS to provide services such as processing or providing services offered by HealthHub. IHiS may also not be in a position to administer any contractual relationship in place, which in turn may also result in the termination of any agreements with IHiS, and your being in breach of your contractual obligations or undertakings. IHiS’ legal rights and remedies in such event are expressly reserved.
would like to obtain access and make corrections to your Personal Data records, you can contact our Data Protection Officer by emailing us at
10. Governing Law
In partnership with