Privacy Policy
At D4L Data4Life Asia Limited (“Data4Life”) we respect the privacy and confidentiality of the personal data of our Clients, Associates and others whom we interact with in the course of providing our services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us when visiting our website data4life-asia.care, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Privacy Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.
1. Contact Details and Data Protection Officer
The responsible party for processing your personal data is D4L Data4Life Asia Limited, 68 Circular Road #02-01, Singapore 049422.
You may contact our data protection officer if you have any enquiries or feedback on our personal data protection policies and procedures at dataprotection@data4life-asia.care or through our postal address by writing to the attention of “The data protection officer”.
2. How We Collect Your Personal Data
Personal data refers to any information that can uniquely identify an individual person on its own, or when combined with other information. Under the PDPA, business contact information (e.g. full name, business address, business telephone number) is not considered as personal data so long as it is used strictly for business-to-business (B2B) transactions. We collect your personal data when you:
- Visit our website and leave behind your contact details
- Communicate with us via email or written correspondence
3. Types of Personal Data We Collect About You
3.1 When visiting our website
When you visit the website data4life-asia.care, the following data is automatically transferred to the web server of Data4Life:
- IP address of the device used for the retrieval
- Web address (URL) of the page from which the file was requested (referrer)
- Date and time of the request
- Amount of data transmitted
- Description of the type of web browser used
The processing of this data, which contains a (pseudonymized) personal reference via the IP address, is technically necessary and is carried out in order to provide you with the Data4Life offering.
To avert threats to the security of Data4Life’s infrastructure and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack, e.g. in a DDOS attack, the data mentioned above is generally stored in log files for a period of eight weeks. In the event of an attack, log data is retained for the purpose of preserving evidence until the respective incident has been resolved.
3.2 Support/Contact
When you contact us through one of our contact options, for example, email or post, we process the data you provide (for example your email address and the content of your enquiry) necessary for us to answer your question. If your enquiry contains optional personal data, e.g. your name, we will process that data in order to provide improved support.
We anonymize the data arising in this context after the storage is no longer necessary (usually four weeks after we fully answered your request), or restrict the processing if there are legal storage obligations. We systematically evaluate the number of contacts and the reasons for them, the processing time of inquiries and other key figures.
4. How We Use Your Personal Data
We use the personal data you provide us for one or more of the following purposes:
- Analyze your visits to our website
- Communicate with website visitors and interested parties
- Respond to your inquiries
- Carry out our obligations arising from any contracts entered into between you and us
- Comply with or fulfill legal obligations and regulatory requirements
5. Who We Disclose Your Personal Data To
We disclose some of the personal data you provide us to the following entities or organizations outside D4L Data4Life Asia Limited in order to fulfill our services to you:
For the purpose of providing the necessary server infrastructure to run our website and enabling faster loading speeds of our website we use the service IONOS Deploy Now from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
For the purpose of facilitating email communication for general requests and communication through the email address we@data4life-asia.care, Data4Life uses Google Workspace provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes your contact information, for example, email address and the content of your email. Google stores your personal data on servers based in the European Economic Area (EEA). However, we cannot exclude that Google accesses and therefore transfers your personal data to the United States.
We may also share your personal data within the Data4Life company for internal reasons, primarily for business and operational purposes, such as troubleshooting and analysis of visitor behavior, with D4L data4life gGmbH, c/o Digital Health Cluster (DHC) im Hasso-Plattner-Institut (HPI), Rudolf-Breitscheid-Straße 187, 14482 Potsdam, Germany.
In all of the above mentioned cases, D4L Data4Life Asia Limited remains responsible for the processing of personal data.
Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
6. How We Manage the Collection, Use and Disclosure of Your Personal Data
6.1 Obtaining Consent
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.
Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you communicate with us through email.
We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances:
- The personal data is publicly available
- The personal data is disclosed by a public agency or disclosed to a public agency
- The personal data is necessary for any investigation or proceedings
- The personal data is necessary for evaluative purposes (e.g. determining the suitability of a job applicant for the job applied for)
- The personal data is necessary for the purpose of managing or terminating an employment relationship
- The personal data is necessary for a business asset transaction
6.2 Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us.
Your request for withdrawal of consent can take the form of an email or letter to us.
6.3 Third-Party Consent
We do not get consent on behalf of another individual. We only get consent from the individual who will be dealing directly with us.
7. How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.
8. How We Protect Your Personal Data
We have implemented appropriate information security and technical measures to protect the personal data we hold about you against loss; misuse; destruction; unauthorized alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organizational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorized persons on a ‘need to know’ basis.
When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organizational and technical security measures, and have taken reasonable steps to comply with these measures.
9. How We Retain Your Personal Data
We will not retain any of your personal data when it is no longer needed for any business or legal purposes. We will delete or destroy your personal data in a proper and secure manner when the retention limit is reached.
10. How You Can Access and Make Correction to Your Personal Data
You may write to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
11. Transfer of Personal Data
Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.
12. European territory visitors
In compliance with the European General Data Protection Regulation (GDPR), we provide specific additional rights for individuals from European territory areas who interact with Data4Life Asia. European territories include the European Economic Area (EEA), Norway, Liechtenstein, Iceland and Switzerland.
You have the following rights with regard to personal data related to you:
-
Right of access (Art. 15 GDPR),
-
Right to rectification (Art. 16 GDPR),
-
Right to erasure (Art. 17 GDPR, “right to be forgotten”),
-
Right to restriction of processing (Art. 18 GDPR),
-
Right to object to processing (Art. 21 GDPR),
-
Right to data portability (Art. 20 GDPR).
You also have the right to complain to a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data related to you is unlawful. The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany
Telephone: 0049 (0)33203/356-0
Telefax: 0049 (0)33203/356-49
E-Mail: poststelle@lda.brandenburg.de
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of processing your data until revocation remains unaffected by this. For the assertion of your rights or if you have any other data protection concerns, you can contact us at any time via the contact details listed in section 1 above and/or in our imprint.
Please note that if your personal data is processed on the basis of a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and/or if your personal data is processed for the purposes of direct marketing, you have the right to object to the processing of your personal data at any time.
13. Changes to this privacy policy
We may update this Data Privacy Notice from time to time. Please visit our website periodically to note any changes. Changes to this Notice take effect when they are posted on our website.
Last updated: November 2023