Introduction to the PDPA
- “Personal Data” as defined under the PDPA refers to data, whether true or not, about an individual who can be identified from that data, or from the data and other information to which an organisation has or is likely to have access.
- You will be notified herein of the purposes that personal data is collected, used, disclosed and/or processed and obtain consent, unless an exception under the law permits in certain circumstances that no prior consent is needed by Discovery to collect and process personal data.
Purposes for Collection, Use, Disclosure and Processing Of Personal Data
Discovery generally does not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
The personal data which Discovery collects may be used, disclosed and/or processed for:
- Assessing the Individuals’ suitability for treatment;
- Providing information such as full name, identification number, email address, contact address, contact number, credit card details etc. related to Discovery’s treatments, products and services, marketing campaigns, promotions, benefits and events by SMS, phone, email, fax, mail, website, social media and/ or any other appropriate communication channels;
- Administering and processing of any payments, refunds and waivers related to products and/or services requested;
- Responding to any enquiries, requests or complaints and resolving any issues and disputes which may arise from any relationships with Discovery;
- Conducting market research or surveys on Discovery’s treatments, products and/or services;
- Sharing of personal data with Discovery’s business or corporate partners for development of programmes, products and/or services or launch of marketing campaigns;
- Sharing of personal data with financial institutions for processing of payment instructions, as well as applying and obtaining credit facilities;
- Maintaining and updating of company records;
- Audit, risk managements and security purposes;
- Detecting, investigating and preventing fraudulent, prohibited or illegal activities and analysing and managing of commercial risk;
- Enabling Discovery to perform its obligations, and to transfer, assign and enforce rights, interests and obligations under any agreements or documents that Discovery is a party of or has entered into;
- Meeting or complying with any applicable legal or regulatory requirements and making disclosures under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to Discovery;
- Enforcing or defending Discovery and the Individuals’ rights, and to comply with obligations under the applicable laws, legislations and regulations; and/or
- Other purposes which Discovery notifies at the time of obtaining the Individuals’ consent and/or any purpose which are reasonably related to the aforesaid, (collectively referred to as “Purposes”).
As the Purposes for which Discovery may or will collect, use, disclose or process the Individuals’ personal data depends on the circumstances at hand, such purpose may not appear above. However, Discovery will notify you of such other purposes at the time of obtaining consent, unless in certain circumstances where processing of personal data without consent is permitted by the PDPA or by law.
You agree that the collection of the information for the purposes as listed above is reasonable taking into account the services that we offer.
Specific Issues for the Disclosure of Personal Data to Third Parties
Discovery respects the confidentiality of the personal data that you have provided. Discovery will not disclose your personal data to third parties without first obtaining consent to do so. However, there are situations that Discovery may disclose your personal data to third parties without first obtaining your consent including, without limitation, the following:
- Cases in which disclosure is required or authorised based on the applicable laws and/or regulations;
- Cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
- Cases in which the disclosure is necessary to respond to an emergency that threatens your life, health or safety or that of another individual;
- Cases in which the disclosure is necessary for any investigation or proceedings;
- Cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- Cases in which the disclosure is to a public agency and such disclosure is necessary in your interests;
- Cases where such disclosure is required for performing obligations in the course of or in connection with our provision of goods or services requested by you;
- Cases in which disclosure is to third party service providers, agents and other organisations we have engaged to perform any of the functions listed above; and/or
- Where such disclosure without your consent is permitted by the PDPA or by law.
The instances listed above are not intended to be exhaustive. For more information, please visit https://sso.agc.gov.sg/ and refer to the Fourth Schedule of the PDPA.In the event where by Discovery discloses your personal data to third parties with your consent, Discovery will employ the best efforts to safeguard your personal data.
Access and Correction
You may request to be provided with your personal data that is in the possession or under the control of Discovery and information about the ways in which your personal data has been or may have been used or disclosed by Discovery within a year before the date of the request, by submitting a written request to the DPO through email or letter. Discovery will provide such personal data and information as soon as reasonably possible, except in circumstances as specified in the PDPA.
You may request to correct your personal data in Discovery’s records by submitting a written request to the DPO through email or letter.
For a request to correct your personal data, once Discovery has received sufficient information from you, Discovery will:
- Provide or correct your relevant or personal data within 30 days. If Discovery is unable to do so within the said 30 days, Discovery will notify you of the soonest practicable time within which correction can be made. (Note: The PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situations when correction need not be made by Discovery despite your request); and
- Send the corrected personal data to third party service providers, agents and other organisations to which the personal data was disclosed by Discovery within a year before the date the correction was made, unless the other third party service providers, agents and other organisations do not need the corrected personal data for any legal or business purpose. However, Discovery may, if you give consent, send the corrected personal data only to specific third party service providers, agents and other organisations to which the personal data was disclosed by Discovery within one (1) year before the date on which the correction was made.
Request to Withdraw Consent
- You may withdraw your consent for the collection, use and/or disclosure of your personal data by submitting your request to Discovery’s DPO through email or letter.
- Discovery will process your request within ten (10) working days from the date on which the request for withdrawal of consent was made, and will thereafter not collect, use and/or disclose your personal data.
- However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. Depending on the extent of the withdrawal of consent, it may mean that Discovery will not be able to continue with the existing relationship with you and the contract that you have with Discovery will have to be terminated.
Management of Data (Accuracy, Completeness, Protection and Retention)
- Discovery will take reasonable efforts to ensure that your personal data is accurate and complete. You represent and warrant to us that your personal data provided to us is accurate and complete. Discovery will not be responsible for relying on inaccurate or incomplete data arising from your failure to notify Discovery of any changes or inaccuracies in your personal data that was initially provided.
- Discovery will also put in place reasonable security arrangements to ensure that all personal data is adequately protected and secured from unauthorised access, collection, use, copying, modification, disposal and disclosure. However, Discovery cannot guarantee that your personal data will always remain secure and Discovery cannot assume responsibility for any unauthorised use of your personal data by third parties.
- Discovery will also put in place measures such that your personal data in Discovery’s possession or under Discovery’s control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
- If your personal data is to be transferred out of Singapore, Discovery will comply with the PDPA in doing so. Discovery will also take appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations that are in-line with the requirements under the PDPA.
You may contact Discovery’s DPO through email or letter if you have any complaints or grievances with regard to the handling of personal data or Discovery’s compliance with the PDPA.
- As part of Discovery’s efforts to ensure that Discovery properly manages, protects and processes your personal data, Discovery will review our policies, procedures and processes from time to time.
- You are encouraged to visit Discovery’s website from time to time to ensure that you are well informed of Discovery’s latest policies in relation to personal data protection.
Data Protection Officer
Discovery SME Business Coaching
The Adelphi, 1 Coleman Street,