This policy applies to Osteopore International Pte. Ltd. (UEN 200311327H) in Singapore (referred to below as Osteopore, we, us or our). This policy outlines our obligations and practices in the handling of the personal information we collect and hold in Singapore about our customers, prospects, vendors, suppliers, partners, and all others who come into contact with us and our related companies, across all touch points of our business operations.
Types of Personal Information we collect
The Personal Information we collect in the course of and as a result of providing products and services to our customers includes but may not be limited to your name, telephone number(s), email address, mailing address, employer company/institution, job title, medical specialty, date of birth and social media handles.
We also collect Personal Information about patients for the purpose of making tailored implants using our technology. This may include the patient's name, contact details and/or other identifiers provided by the customer, as well as the patient's date of birth and information about any illnesses, medical conditions and disabilities they may have and relevant CT scans or medical records.
Purpose of collection
Generally, we collect Personal Information from existing and prospective customers and suppliers for purposes relating to the products and services we offer or require, or in assessing your suitability for employment with us. These purposes include, but are not limited to:
- Making and supplying implants tailored to patients' needs;
- Communication with you in relation to products and services we provide which are relevant to your relationship with us;
- Responding to your enquiries regarding training courses and any other services we offer;
- Processing requests, orders and administering accounts;
- Providing customer support including account servicing (order confirmations, reminders, delays, cancellations, etc.);
- Administering and performing any contracts with service providers;
- Offering you updated marketing and promotional packages you can benefit from, including products and services offered by our selected partners;
- Providing course and product updates and upgrades;
- Receiving feedback;
- Conducting surveys;
- Meeting regulatory and legal obligations;
- Processing applications for employment; and
- As otherwise required to manage our business.
We may, for these purposes, contact you via mail, email, telephone, SMS, smartphone applications, facsimile or other communication (including sending electronic messages).
Personal Information about patients such as age, illnesses, medical conditions and disabilities may affect tissue regeneration. We collect such Personal Information in order to tailor implants suitable to each patient's individual needs. The other Personal Information we collect about a patient's identity is dependent on the level of detail provided by the relevant company/institution to enable them to associate our work with the correct patient.
Collection of Personal Information
Where possible, we will collect your Personal Information directly from you and secure the relevant consent from you, generally by completing forms.
Alternatively, we may collect Personal Information from our distributors and customers, including Personal Information obtained from questionnaires regarding patients wanting to receive treatment using our products and services. Where possible, we request this information is provided to us in de identified form, for example, by associating the details with a unique identifier used by the relevant hospital or clinic instead of the patient's name or contact details. We request that personally identifiable information about patients only be provided to us with the patients' consent.
In some cases, we may collect Personal Information from publicly available sources and third parties such as suppliers, recruitment agencies, employers, contractors, customers and business partners.
Regardless of how we collect it, we will handle Personal Information in accordance with the PDPA and the relevant Regulations.
Disclosure of Personal Information
In the normal course of conducting our business, we may disclose your Personal Information to:
- Our related bodies corporate, including Osteopore Limited (ABN 65 630 538 956) and Osteopore Australasia Pty Ltd (ABN 11 644 114 698) (who may use Personal Information in the same way we do);
- Our accountants, insurers, lawyers, auditors and other professional advisers;
- Regulatory bodies and agencies;
- Funding agencies;
- Partners and service providers who assist us in providing services or who perform functions on our behalf (eg mailing houses of letters or printers for our marketing materials);
- Third parties to whom you have directed or permitted us to disclose your Personal Information;
- In the unlikely event that Osteopore or its assets are acquired or considered for acquisition by a third party, that third party and its advisors;
- Government agencies, courts or other third parties where required by law.
We do not allow these external organisations to use your Personal Information for anything other than the purposes for which we supplied it to them, or as permitted or required by law. We will take reasonable steps to ensure such external organisations are required to protect the privacy of your Personal Information.
Some of those to whom we disclose Personal Information may be located overseas, including our related entities and service providers in Australia and distributors around the world. We may also use overseas service providers to store Personal Information, such as cloud-based storage solutions, although this may not involve a disclosure of Personal Information to those providers. By providing your Personal Information to us, you consent to us disclosing your Personal Information to any such overseas recipients for purposes necessary or useful in the course of operating our business. For the avoidance of doubt, foreign recipients will not be bound by the PDPA and the relevant Regulations and you will not be able to seek redress for a breach by those foreign recipients under the PDPA and the relevant Regulations.
Please note that we may collect, use and disclose Personal Information without your consent under certain circumstances, including where it pertains to your vital interests, matters affecting the public, where our legitimate interests outweigh any adverse effect on you, business improvement and research purposes, subject to the provisions of the PDPA.
From time to time, we may contact you via mail, email, telephone, SMS, facsimile or other methods (including electronic messages) to inform about our products and services, or about special offers and promotions that we think may be of interest to you. You can let us know at any time if you no longer wish to receive marketing material (by contacting us at the details below) and we will remove your details from our direct marketing database.
We will not disclose your Personal Information to external organisations outside Osteopore for the purposes of allowing them to directly market their products and services unless expressly authorised by you.
Ensuring Personal Information is up to date
We rely on the Personal Information we hold in conducting our business. Therefore, it is very important that the Personal Information we hold is accurate, complete and up to date.
We will do our best to ensure that the Personal Information we hold is accurate, complete and up to date whenever we collect or use it. This means that from time to time, we may ask you to tell us if there are any changes to your Personal Information. If you find that the Personal Information we hold about you is incorrect at any time, please contact us immediately so that we can correct it as soon as practicable. We shall correct the Personal Information in our possession or under our control unless we are satisfied on reasonable grounds that the correction should not be made. We may also, with your consent, send the corrected Personal Information to specific organisations to which the Personal Information was disclosed by Osteopore within a year before the date the correction was made.
Access to Personal Information by individuals
You can access most of the Personal Information we hold about you and information about the ways in which the Personal Information has been or may have been used or disclosed by us within a year before the date of your request. We will require a formal written request from you to our Data Protection Officer (details under the section “Resolving concerns” below).
An administrative fee will be charged to you to cover the reasonable cost of retrieving the information and supplying it to you. We will respond to all requests for access to Personal Information within a reasonable time.
Access to Personal Information may be refused under certain circumstances as specified in the PDPA, including where the provision of such Personal Information could reasonably be expected to threaten the safety or physical or mental health of any other individual, would cause immediate or grave harm to your safety or your physical or mental health, reveal personal data about another individual and where it would be contrary to national interest. If we deny or restrict your access, we will explain why as required by applicable laws.
The security of your Personal Information is important to us and we take all reasonable precautions to protect your Personal Information from unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks and to prevent the loss of any storage medium or device on which your Personal Information is stored.
Some of the ways we protect Personal Information include:
- External and internal premises security;
- Restricting access to Personal Information only to staff who need it to perform their day-to-day functions;
- Maintaining technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls, and anti-virus software; and
- Maintaining physical security over paper records.
We will retain your Personal Information for a reasonable period for the intended purposes, or as required by law. We will destroy or de-identify Personal Information once the purpose for which it is collected is no longer being served by retention of the Personal Information and is no longer necessary for legal or business purposes.
On giving reasonable notice to us, you may at any time withdraw any consent given to us, or deemed to have been given to us, in respect of the collection, use or disclosure by Osteopore of your Personal Information for any purpose.
We will thereafter inform you of the likely consequences of withdrawing your consent and shall not prohibit you from withdrawing your consent to the collection, use or disclosure of your Personal Information, unless such collection, use or disclosure is required or authorised under the PDPA or other written law.
Websites and cookies
When visiting our sites, you will not be required to provide us with any Personal Information unless you request information about our product or service, or respond to a contest or promotion, or provide feedback. In which case, we will ask you to provide contact details along with other information required for us to fulfil or respond to your request.
The Personal Information provided may also be retained for product planning purposes, and we may use your Personal Information to contact you for direct marketing purposes with your consent (as discussed in the 'Direct marketing' section above).
Our website may contain links to other websites which are owned or operated by third parties independent of Osteopore. Those websites should contain their own privacy statements and their owners or operators are responsible for informing you about their security and privacy practices. Osteopore will not be responsible for the privacy policies and practices of other websites even if you access them using links from our websites. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
In addition, if you are linked to our websites from a third-party website, Osteopore will not be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
If you send us an email containing your Personal Information, we will take reasonable steps to protect the confidentiality of that information. The content of emails is sometimes monitored by our internet host for maintenance and fault detection purposes.
Although we take steps to protect Personal Information and other data sent by email, email is not a secure method of communication. If you are concerned about sending your Personal Information to us in this manner, you may prefer to contact us by any of the other means set out below.
If you have any concerns about our handling of your Personal Information or you believe a data breach may have occurred, please contact us and we will take the relevant steps to address your concerns. The contact details for our Data Protection Officer are as follows:
Data Protection Officer, Osteopore International Pte. Ltd.
2 Tukang Innovation Grove
JTC Medtech Hub
Telephone: +65 6250 2817
When contacting us please provide as much detail as possible in relation to your question, concern or complaint. We take all complaints seriously and will respond to your complaint within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
Where we have identified and assessed a data breach as one that results in, or is likely to result in, significant harm to an affected individual or is, or is likely to be, of a significant scale, we will notify the Info-communications Media Development Authority, being the designated Personal Data Protection Commission under the PDPA, as soon as is practicable, but in any case no later than 3 calendar days after the day we make that assessment.
The last update to this document was 22 October 2021.