Data Protection Policy (DPP)

This Data Protection Policy ("DPP") will provide you with a summary of how the data processing activities of Transmedic Pte Ltd being the party that responsible for processing your data with respect to individually identifiable information ("Personal Data") about users of our products and services (including sale of products like medical equipment, tools, consumer products that bundle with our products or services ("Products and Services").

Section 1: Introduction about the DPP

1. We conduct our business in compliance with the Personal Data Protection Act (PDPA) and have implemented additional measures to protect your Personal Data. Transmedic's DPP Policy aims to help you understand how we collect, use, share and protect your Personal Data.

2. Transmedic collects personal data to understand your needs better. This helps us to improve our Products and Services and the way we communicate with you. We know that privacy is important to you and we strive to be as open and transparent as possible in how we serve you.

3. It is important that you read this policy together with any other policy notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This policy supplements the other notices and is not intended to override them.

4. This DPP are subject to change. You will be notified adequately of any such changes. Further, you will be notified adequately through further relevant privacy notices (e.g. for specific purposes) in case such is not covered by this policy.

5. If you wish to exercise your data subject rights or if you have any other questions concerning this policy, please address your request to us. We can be contacted at pdpaenquiry@transmedicgroup.com.

Section 2:

1. Categories of Personal Data

In this DPP, Personal Data refers to any data/or information about you from which you can be identified by, either (a) from that data; or (b) from that data and other information to which we may have legitimate access to. Examples of such Personal Data include but are not limited to:

• Identity Data: Name, NRIC/FIN, national identity card numbers or passport number, date of birth, photographs, iris image, thumbprint, DNA profile, employment history, education background, family information, ethnicity, religion, and health information.
• Contact Data: Telephone number, address, e-mail address, emergency contact.
• Technical Data: Device ID and IP address, usernames and passwords, digital footprints, browser, time zone setting and location, and similar data
• Financial Data: Bank account information, card details.
• Pictures/Video from live or virtual events or other video recordings (such as CCTV at our offices and warehouses).

2. Generally, we collect Your Data in the following ways:

Direct interactions such as when you

• Register for a specific Product and/or Service (e.g. to create implant card);
• Contact us with a question or request for assistance or submission of complaint form;
• Visit our websites and applications (through the use of cookies / mobile advertising IDs and other technologies);
• Interact with us on the telephone or in person;
• Register for webinars;
• Attend a conference, exhibition or meeting (e.g. from business cards).

3. Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources as set out below:

• Contact data, financial data and transaction data from providers of technical, payment and delivery services; and
• Identity and contact data from publicly available sources (such as public social media profiles).

4. Collection and Processing purposes

We’ll collect or process your data to the extent permitted or required under applicable law, for the following purposes:

• from you directly, and any information from family members, associates or beneficiaries of products and services;
• information generated about you when you use our products and services;
• when you submit an application or registration form, or any other forms relating to any products and services offered and/or distributed by us;
• when you enter into any agreement or provide other documentation or information in respect of your interactions and transactions with us, or when you use our services;
• when you interact with our sales/clinical/services officers, representatives, (for example, via telephone calls, letters, face-to-face meetings, social media platforms, surveys, workshops and/or e-mails);
• when you use our electronic services, or interact with us via mobile services, social media accounts, digital platforms, any of our websites or web services;
• when you request us to contact you (whether pursuant to a request for more information, complaints, or any other purposes);
• questionnaire and contact details when you attend surveys, investor conferences, roadshows or when you update contact us form on our website;
• when your images are captured by us via CCTV cameras while you are within any of our premises, or via photographs or videos taken by us, our representatives or our agents when you attend our events;
• when we receive references from business partners or third parties (for example, where you have been referred by them);
• when we receive information from third parties about you when you make payment through (including but not limited to physical and digital payment kiosks).
• when we seek information from third parties about you in connection with the products and services you have applied for; including but not limited to healthcare institutions, clinics, investigators, ex-employer and the relevant authorities;
• when you submit your personal data to us for any other reason; and/or
• other publicly available sources where relevant and appropriate.

5. Data transfers and recipients and legal justification for such transfers

We transfer your Personal Data to our service providers, and, in accordance with applicable law, other governmental authorities, external advisors, or similar third parties.

• Other group companies: We transfer your data to other Transmedic group companies, as permitted under applicable data protection law pursuant to Legitimate Interest Justification of Transmedic to facilitate the contact with you and your queries.

• Third parties: We may transfer your data to governmental agencies and regulators, and government authorities, all in accordance with applicable law based on Legal Obligation Justification and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.) based on Legitimate Interest Justification.

• Service providers: We contract with third party service providers as part of our normal business operations to provide the Products and Services you have subscribed to (i.e., business partners, vendors, financial institutions to facilitate electronic direct debit payments, credit reference bureaus for preparing credit reports or evaluation of creditworthiness).

A list of data recipients can be requested via our contact details set out below.

6. Retention periods for and deletion of Your Data

Your Data processed for the purposes hereunder will be stored only to the extent necessary. If a judicial or disciplinary action is initiated, Your Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.

In principle, we will retain Your Data as long as required or permitted by applicable law. Afterwards, we will remove Your Data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.

7. Your statutory rights

You have a number of rights with regard to the processing of your Personal Data, each as per the conditions defined in applicable law, such as the right to have access to your Personal Data, to have them corrected, erased or handed over. Please refer any of your questions to pdpaenquiry@transmedicgroup.com.

Under the conditions set out under applicable law (i.e., the PDPA), you have the following rights:

• Right of access - You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.
• Right to rectification - You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
• Right to erasure (right to be forgotten) -You have the right to ask us to erase your Personal Data.
• Right to restriction of processing - You have the right to request the restriction of processing your Personal Data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
• Right to data portability - You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit that Personal Data to another entity without hindrance from us.
• Right to object - You have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. Such a right to object may not exist, in particular, if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded. Please note that the aforementioned rights might be limited under the applicable national data protection law. We remain the universal point of contact for your execution of these rights.
• Right to withdraw – You have the right to withdraw your consent to any use or disclosure of your Personal Data as set out in this Personal Data Protection Policy, you may contact our DPO with the email provided. Please note that if you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, we may no longer be in a position to continue to provide administrative support and services to you.

Published on 03 Apr 2021

• Share: