ALPS Pte Ltd (collectively “ALPS”, “us”, “we” or “our”) are committed to protecting the rights and privacy of individuals in accordance with the Singapore Personal Data Protection Act 2012 (the “PDPA”).

ALPS provides drug ordering and delivery services (“Services”) to public healthcare institutions, CHAS-approved clinical practices, and other ALPS-approved user organisations (collectively, "Users", "you", or "your"), to enable you to place bulk orders and prescription orders and delivery details for your individual patients (“Patients”) through the ALPS’s ordering portals (“System”).

This privacy policy (“Policy”) describes how we may collect, use, disclose, and process the personal data of: (i) Patients in the course of provision of Services and operation of the System; and (ii) any individuals designated by Users to use the System on its behalf (“User staff”).

By using the Services, using the System, interacting with us and submitting data to us, you agree and consent to ALPS (and our respective agents and authorised service providers) processing Personal Data in the manner set forth in this Privacy Policy.

This Privacy Policy was last updated on 27 October 2023.

1. Your / Another Person's Personal Data

1.1. “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. A reference to “Personal Data” also includes such data that may be provided by you on behalf of another person pursuant to Clause 2 below.

1.2. The exact type of personal data that may apply in your case will vary depending on how you have interacted with us. Some examples include the following categories of Personal Data:

(a) Patients’ name, contact details, residential / delivery address, email address, prescription details, dosage, medicine usage instructions, particulars (and verification details) of authorised recipients of deliveries / caregivers of Patients, and any data about or relating to Patients (collectively, “Patient Data”);

(b) Personal details (e.g. name, NRIC, FIN, passport or other identification number), contact details, numbers of User staff, security credentials for User staff, including account ID, passwords, answers to security questions, biometrics and other means to identify you / authorise access to your account or the System; and

(c) Other electronic data or information relating to the usage of our Services, or deliveries to Patients (e.g. location data, IP address, activity logs, cookies, device carrier/operating system and connection type).

1.3. To the extent that any Patient Data is collected, used or disclosed to us through the use of the Services, the System, or in interacting with us (including or engaging with us) in connection with the Services, the Systems, or in connection with any Patients, and by submitting any Personal Data to us in any way, you acknowledge and warrant that:

(a) You have procured full consents and legal permission or authorisation of the Patient (and/or his / her duly authorised legal representatives including any parent, guardian) to disclose the Patient Data to us for the purposes of the delivery of the Services and operation of the System, and other purposes identified in this Policy; and

(b) You have reviewed this Policy as updated, the System, the Services, and you have requested and received sufficient information regarding the purpose of the collection of such Personal Data by ALPS that would allow you to determine whether such purposes are in accordance with the PDPA and this Policy, and have determined as such.

1.4. References to “include,” “includes”, “including,” “including but not limited to,” “including without limitation” and words or phrases of similar import are not to be construed as terms of limitation but rather be deemed to be followed by the words “without limitation.”

2. Collection of Personal Data

2.1. Generally, ALPS may collect your (or Patients’) Personal Data in the following ways:

(a) when you use the System, interact with us (or engage with us in connection with the Services, the System, or in connection with any Patients) and by submitting any Personal Data to us;

(b) when you submit forms, applications, requests or feedback to us;

(c) when you enter into any agreement or provide other documentation or information in respect of your interactions with us;

(d) when you interact with our customer service officers, for example, via telephone calls, letters, face-to-face meetings, social media platforms and emails;

(e) when you use our Services, mobile and web-based applications or interact with us via any of our websites or mobile or web-based applications or use the Services on any of our websites or mobile or web-based applications which may utilise various technologies to collect data (which may include Personal Data) automatically either by us or by third parties on behalf of us;

(f) when you respond to our requests for additional Personal Data; and

(g) when you submit Personal Data to us for any other reason.

2.2. Examples of some of technologies which may be used (either by us or by third parties on behalf of us) by or in our electronic services, websites and mobile and web-based applications to collect, use and/or disclose Personal Data include:

(a) Cookies. A number of places on our website and our mobile and web-based applications make use of cookies. Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website or enjoy full access to all of our applications; and

(b) Local Storage. We may collect and store information (including Personal Data) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches. Such information may include your self-added medication list and medication reminders.

3. Purposes for the Collection, Use and Disclosure of Personal Data

3.1. Generally, ALPS may collect, use and/or disclose your Personal Data for the following purposes:

(a) setting up your account, managing your use and access of the Services and System;

(b) fulfilling (including engaging any third party contractors) any requests, orders, deliveries or transactions, generating worklists, creating labels, picking and packing medications, assembling medications and deliveries, scheduling deliveries, engaging couriers, creating delivery manifests, updating records / systems on delivery outcomes, rescheduling deliveries, stock replenishment, transmission of data to relevant systems, and handling queries and communications in connection with each of the foregoing;

(c) managing your relationship with us by personalising / customising the Services and informing you about Service upgrades and updates;

(d) integrating the Services or System and applications operated or managed by ALPS, MOH, MOHH or any public healthcare institution with your systems in order to provide the Services or operate the System or perform updates, upgrades, maintenance, troubleshooting and tests of the System;

(e) carrying out security and safety measures and services such as performing network or service enhancement and steps;

(f) verifying your identity, including but not limited to the relationship between Users, User Staff and a Patient, or a third party caregiver of a Patient;

(g) managing the administrative and business operations more effectively such as to attend to your queries, feedback, complaints and to comply with our internal record keeping policies;

(h) carrying out evaluation or research and analysis for our operational strategy and policy planning purposes, including providing data to authorised external parties for any purpose to review, develop, and improve the quality of healthcare products and services;

(i) exercising any legal rights, including where needed, to prevent harm or loss;

(j) complying with any legal or regulatory requirements including requests or directions of any government authority or public agencies, ministries, statutory boards or similar authorities or non-governmental agencies; and

(k) any other purpose reasonably related to the aforesaid.

3.2. If we need to use Personal Data for any other purposes, we will notify you via an update to this Policy.

4. Accuracy of Personal Data

4.1. We depend on the accuracy of the Personal Data submitted to us by you (or from your clinical management systems or other databases used in submitting Personal Data) and are unable to feasibly conduct independent checks including with your Patients. You therefore agree to ensure that all Personal Data submitted to us is up to date, complete, accurate, true and correct. Failure to do so may result in us not performing the Services properly, or result in unauthorised disclosure of Personal Data (including Patient Personal Data), death or physical harm.

5. How We Protect Personal Data

5.1. We will take reasonable efforts to protect the Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or other similar risks. You are responsible for the security of the data and systems you use when interfacing or interconnecting with the System.

6. How Long Do We Retain Personal Data

6.1. We will retain Personal Data as may be required for business, legal, regulatory or compliance purposes, and such purposes do vary according to the circumstances. With regard to medical data that we process, we retain such records in accordance with MOH’s requirements.

7. Transfer of Personal Data

7.1. Generally, we do not transfer personal data out of Singapore except under collaboration with External Parties or our approved third-party services for application services. Should we do so, we ensure there is data protection of a standard that is at least comparable to that under PDPA.

8. Feedback, Withdrawal of Consent, Access and Correction of Personal Data

8.1. Your consents may be withdrawn in relation to the collection, use, disclosure or processing of Personal Data at any time. However, depending on the nature of the withdrawal, it may become impossible for ALPS to provide Services or enable the use of the System. ALPS may not be in a position to fulfil any contractual relationship in place which in turn may also result in the termination of any agreements with ALPS in connection with the Services or the use of the System through no fault of ALPS, and you being in breach of contractual obligations or undertakings. ALPS’s legal rights and remedies in such event are expressly reserved.

9. Miscellaneous

9.1. This Privacy Policy is governed in all respects by the laws of the Republic of Singapore.

9.2. This Privacy Policy supplements but does not supersede nor replace any other consents which you may have previously provided to us nor does it affect any rights that we may have at law in connection with the collection, use and/or disclosure of your Personal Data.

9.3. We may from time to time update this Privacy Policy to ensure that this Privacy Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. As and when the contents of the Privacy Policy are updated or amended, the changes will be uploaded into our website at https://oms.alpshealthcare.com.sg. Each time you use the Services or access the System interfaces (including any mobile and web-based applications, and any updates, upgrades, and new versions) or contact, interact or transact with us, you acknowledge and agree that the latest version of this Privacy Policy shall apply. It is your duty to keep yourself updated as to the latest version of the Privacy Policy.

10. CONTACT US / QUERIES / NOTICES

If you have any questions or feedback relating to this Privacy Policy, would like to manage any of the Personal Data as referred to in this Privacy Policy, or would like to obtain access and make corrections to your Personal Data records, you can contact our Data Protection Officer by email at dpo@alpshealthcare.com.sg.

NOTE FOR PATIENTS & OTHER MEMBERS OF THE PUBLIC:

ALPS is an agency for the public healthcare sector in Singapore. It is a wholly-owned subsidiary of MOHH Holdings Pte Ltd (“MOHH’), the holding company through which Singapore government owns the corporatised institutions in the public healthcare sector. Generally, ALPS acts as a data intermediary for public healthcare institutions, CHAS-approved clinical practices, and other ALPS-approved user organisation, and where so, our processing of personal data is subject to stringent contractual controls and oversight including appropriate legal, regulatory, operational and technical requirements and safeguards. As data intermediaries we will perform data processing activities, the details of which are confidential. For queries concerning the practices relating to personal data of public healthcare institutions, CHAS-approved clinical practices, and other ALPS-approved user organisations themselves (e.g. your clinic, your hospital, etc) and you should refer to their privacy policy and direct any queries concerning the same to the appropriate contact stated therein.