Innoquest Diagnostics is committed to ensuring the proper protection of all information assets within our possession, and doing so in accordance with the Singapore Personal Data Protection Act (No. 26 of 2012) (the “PDPA”), the Private Hospitals and Medical Clinics Act, the Ministry of Health’s guidelines, directives and other relevant legislation.

This Personal Data Protection Policy explains how we collect, hold, use, disclose, secure, and otherwise manage all personal information. It describes the types of information we collect and hold, as well as the reasons and methods of accessing and correcting such information.

When you provide us with your personal data, directly or indirectly, you expressly grant consent to Innoquest Diagnostics to collect, use, and disclose your personal data to all relevant third parties as laid out in our Personal Data Protection Policy.

The policy herein serves as a supplement and therefore does not supersede or act as a substitute to any other prior consent that you may have provided to Innoquest Diagnostics with regard to your personal data. Innoquest Diagnostics also reserves all rights granted by the law to collect, use, or disclose your personal data.

What personal information do we collect and hold?
Personal data is any data about an identified individual or an individual who is reasonably identifiable, whether that information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Examples of personal data that we may collect include an individual’s name, NRIC number, passport number, contact number, date of birth, mailing address and email address.

In this policy, references to personal information include sensitive information.

How do we collect personal data?
We may collect personal data in any of the following scenarios:-

• when you submit a form, including but not limited to laboratory request forms
• when you provide us with your tissue specimens or any other organic materials such that it is linked with other data in a way that you can be identified
• when you interact with our staff, including customer service officers, phlebotomists, medical technologists and other Innoquest Diagnostics representatives via telephone calls (which may be recorded), letters, fax, in-person meetings, and email
• when our CCTV cameras capture your images while you are in our premises, or when you attend events hosted or sponsored by us during which photographs or videos are taken by us or our representatives
• when you use our services provided through online platforms, such as our website, including any other online platforms, technologies, or tools (e.g. eQuest)
• when you request that we contact you, be included in an email or other mailing list, or when you respond to our request for additional personal data as part of our promotions or other initiatives
• when you are contacted by, and respond to any Innoquest staff or our representative
• when we receive your personal data from referral parties, public agencies, your employer, or any other third party
• when you make payment or provide details to facilitate payment
• when we seek information from third parties about you in connection with your relationship with us, including from next-of-kin
• when you interact with us on our websites, your information may be automatically recorded on our server logs from your browser. E.g. We may employ cookies in order for our server to recognise a return visitor as a unique user.
• when you submit your personal data to us for any other reasons

For what purposes do we use and disclose personal information?
Innoquest Diagnostics uses the personal information it collects and holds to:

• contact individuals to respond to enquiries, to follow up, for authorisation in relation to any service
• enable the provision of education and training to intern students in the health profession
• effectively administer, manage, monitor and improve our services
• planning, evaluation and complaint-handling
• communicate with individuals by various means about our available services
• charging, billing, processing health insurance claims and collecting debts
• assess job applications
• verify an individual’s identity
• ensure the health and safety of our staff and individuals who use our services
• comply with quality assurance or clinical audit activities
• undertake accreditation activities
• respond to feedback
• address liability indemnity arrangements and reporting
• prepare the defence for anticipated or existing legal proceedings
• undertake research and the compilation or analysis of statistics relevant to public health and safety
• enable our facilities and our service providers to comply with their legal and regulatory obligations.

We may also use personal data in circumstances where we are required or authorised by law to do so or where we otherwise have consent of the individual or their representative.

To whom do we disclose personal information?
By contacting or dealing with us, you herein agreed unilaterally that we may disclose an individual’s personal information to the following third parties (including but not limited to) to:

• other health service providers involved in the individual’s treatment or diagnostic services
• private health insurers (some of which are located overseas) and other insurers
• students of health professions undertaking clinical placements, but not when an individual has opted out of student teaching activities
• our insurers and legal representatives
• service providers engaged to provide services to our laboratories including manufacturers and vendors, some of which might be located overseas; 

How do we store and secure personal information?
We store personal and health information in both paper and electronic form. The security of personal and health information is very important to us and we take reasonable steps to protect it from misuse, interference and loss and from unauthorised access, modification or disclosure.
Some of the ways we do this include:

• requiring our staff to maintain confidentiality
• implementing document storage security
• imposing security measures for access to our computer systems
• providing a discreet environment for confidential discussions; and
• allowing access to personal and health information only where the individual seeking access to their own information has satisfied our identification requirements.

Personal and health information is retained for the period of time determined by Innoquest Diagnostics and/or stipulated by law after which it is de-identified or disposed of in a secure manner.

How do we keep personal information accurate and up-to-date?
We take all reasonable steps to ensure that the personal information we collect is accurate, complete and up-to-date, and also when we use or disclose it, that it is relevant.
We will also take reasonable steps to correct the personal information we hold if we are satisfied that it is inaccurate, incomplete and out of date, irrelevant or misleading. However, the accuracy of that information depends largely on the quality of the information provided to us.

How can personal information we hold be accessed?
Individuals have a right to access the personal information that Innoquest Diagnostics holds about them. We will endeavor to give access to an individual’s personal information in the form they request.

How can we be contacted?
Should you have any feedback or enquiries relating to our Data Protection Policy or need clarifications related to data protection, please contact us at:

Data Protection Officer
67 Ubi Avenue 1 #02-08/09
South Wing, Starhub Green
Singapore 408942
Email: dpo@innoquest.com.sg

Changes to this policy
Innoquest Diagnostics reserves the right to review, change and update this policy from time to time to reflect our current practices and obligations and changes in technology. We will publish our current Personal Data Protection Policy on our website at www.innoquest.com.sg and the changes will take effect at the time of publishing. You should review this policy regularly and remain familiar with its terms.