PRIVACY & DATA PROTECTION POLICY

Updated on: [7 October 2019]

We at Galen Growth Asia Pte. Ltd. (UEN: 201540833C), a company incorporated under the laws of Singapore, and its subsidiaries, affiliates and related corporations (“Company”, “we”, “us”, or “our”), seek to build a stronger, better and faster HealthTech ecosystem in Asia. This can only be achieved by bringing together relevant information on one platform, representing the heart of Asia’s HealthTech innovative community. Our solution, the HealthTech Alpha analytics platform, is the only place for all stakeholders to go to and get all the relevant information to understand the real players that are improving healthcare in Asia.

Whilst building this ecosystem and making sure that the community of HealthTech innovators in Asia are known to global stakeholders, we want you to trust us with your information and therefore believe that building and maintaining your trust is an important part of our mission.

We recognise the importance of safeguarding your personal data and take our responsibility to properly manage, protect and process your personal data seriously. We will comply with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (the “PDPA”) and other applicable data protection and privacy laws, such as the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (the “GDPR”).

We are a controller of the personal data collected from you through the Website and/or during the process of the registration as a User of the Services.

This Privacy & Data Protection Policy (the “Privacy Policy”) explains how we collect, use, disclose or process your personal data through your interactions with our services, websites, platforms, devices, applications, programmes, servers, software including the following properties which are owned and operated by us:

  • The Platform (as defined in paragraph 1.1 below);
  • Websites owned and operated by us, including healthtechalpha.asia and the associated applications and services (the “Website”);
  • Mobile applications (“Apps”) on the iPhone, the iPad, and mobile devices operating with the Android, iOS and other operating systems; and
  • All other properties which reference this Privacy Policy in a link or otherwise,

(collectively, the “Services”).

This Privacy Policy applies to all our interactions with you as well as other of the Services that has a reference or link to this Privacy Policy.

Unless otherwise defined herein, capitalised terms used in this Privacy Policy shall have the same meanings as those defined in the Terms & Conditions (accessible at: healthtechalpha.asia/terms-conditions).

Please read this Privacy Policy carefully and should you have any queries about how we may manage, protect or process your personal data, please do not hesitate to contact our Data Protection Officer at info@galengrowth.com. By continuing to use our Services, you are deemed to have consented to the terms of this Privacy Policy. Please note that certain features of the Platform, Website and Apps require the provision of your personal data, and where you do not provide such requested information, we may not be able to provide you with the Services. Please notify us and stop using our Services immediately if you do not consent to this Privacy Policy.

 

  1. PERSONAL DATA COLLECTED BY US
    • We are a HealthTech company that is in the business of fostering a sustainable and vibrant HealthTech ecosystem across Asia in order to enable improved health outcomes, by facilitating collaboration to encourage innovators to build the next generation of healthcare solutions and services. We own and operate the HealthTech Alpha analytics platform which provides a score and distinct indices for each HealthTech startup to users, with information sourced or provided by the startups themselves, and other research sources obtained by us (the “Platform”).
  • Collection – Whose personal data is collected?: In this Privacy Policy, “personal data” means personally identifiable information that you provide us, or we collect about or from you, through your use of any of the Services. By using our Services, whether as a: (i) visitor of the Website; (ii) User of the Services; or (iii) regulated third parties (duly authorised by the Users), we may collect your personal data.
  • Collection – What personal data is collected?: In using the Services, you may be asked to provide us with personal data such as your name, passport or ID number, email address, residential or business address, contact phone number, any information you choose to provide when filling in a contact form on our Website, IP address or any other technical information that tells us how you use the Website, and we may collect your personal data either directly from you, your authorised representatives, and/or through our third-party service providers (e.g. partners or third-party applications) to personalise your experiences and improve our Services. In addition, during the onboarding process and for the purposes of our Know-Your-Customer (“KYC”) checks, we may have obtained information about your race and ethnicity (which are defined as special categories of personal data under the GDPR), as well as other details that may have been contained in the KYC documents you had provided to us, such as the copy of your passport.
  • Consent: By accessing or using our Services or otherwise providing us with your personal data, we shall be entitled to assume that you understand and agree to the terms of this Privacy Policy and consent to the collection, use and disclosure of your personal data by us. If you do not consent to any of these terms, please do not access or use any of our Services or provide us with any of your personal data.
  1. PURPOSES FOR COLLECTION, USE, DISCLOSURE & PROCESSING OF PERSONAL DATA
    • We use your personal data to provide you with relevant Services and to operate its business. We may also use the data collected to communicate with you, for instance, to inform you about new features of the Services, security updates, or to inform you about your account. Your personal data may also be used to show you more relevant information, content, advertisements, whether through the Services or third-party applications and in combination with information from other sources.
  • Some examples of how we use your personal data include:
  • to process, record, monitor and fulfil your transactions or your requests;
  • facilitating our provision of the Services, including but not limited to the provision of the Licensed Materials;
  • communicating with you for research, marketing, advertising and promotional purposes;
  • administrative matters on your purchases and/or subscriptions to the Services, managing your accounts, processing your sign-ups/registrations for mailing lists, etc.;
  • diagnosis and maintenance of the Services;
  • maintaining the security of the Services;
  • to protect you and other users;
  • enforcement of our policies and procedures;
  • to permit you to submit questions, feedback or complaints; and/or
  • such other purposes notified to you from time to time. When we notify you on these purposes separately, we will also provide you with the legal basis for processing of your personal data and, if necessary, will obtain your consent for such processing.
  • We process your personal data for these purposes listed above on the following legal basis:
  • to comply with our legal and regulatory obligations;
  • to protect our legitimate interest in: (i) responding to your queries; (ii) providing services and / or information to you.
  • You can indicate your objection to our processing, based on our legitimate interests, at any time by contacting us at: info@galengrowth.com. Please also refer to paragraph 5.9 below, for more details.
  • The way your personal data is used will depend on the circumstances at hand, and it will be used in compliance with applicable laws and regulations.
  • We may process and use your personal information to facilitate a change of control or sale of the Company or to facilitate a restructuring or other corporate rearrangement.

 

  1. SHARING YOUR PERSONAL DATA WITH THIRD PARTIES; INTERNATIONAL TRANSFERS
    • It may also be necessary in certain circumstances for us to share your personal data with third parties such as our subsidiaries, affiliates, related corporations, service providers, vendors, regulatory authorities or other third parties. Such third parties processing your personal data either on our behalf or otherwise may be located in a different country from the point of collection of your personal data (e.g. transfer to servers located outside of the country you are accessing the Services from), or may have multiple physical locations and backups (e.g. cloud based services). We have carefully selected these third-party service providers and have taken steps to ensure that when we share your personal data with them, it is adequately protected. All of our service providers are bound by written contract to process personal data provided to them only for the purpose of providing the specific service to us and to maintain appropriate security measures to protect your personal data.
  • Where your personal data must be shared with third parties in circumstances that are not reasonably contemplated within the normal course of our dealings with you, we would usually first seek your consent unless the disclosure:
  • is required or authorised based on the applicable laws and/or regulations;
  • is clearly in your interests, and if consent cannot be obtained in a timely way;
  • is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
  • is necessary for any investigation or proceedings;
  • is required by a law enforcement agency;
  • is to a public agency and necessary in the public interest; and/or
  • where such disclosure without your consent is permitted by law.
  • Where we disclose your personal data to third parties, we will employ our best efforts to require such third parties to protect your personal data and meet our data security standards, including ensuring they are bound by legally enforceable obligations to comply with all applicable personal data protection requirements while such personal data remains in its possession or under its control.
  • By using our Services, you agree that the transfer of your personal data to various countries is reasonably necessary for us to provide you with these Services.
  • If you resident or citizen of the European Union (“EU”), and if we do store any of your personal data in the European Economic Area (“EEA”), when we transfer the data outside the EEA under this paragraph 3, this is done either on the basis that it is necessary for the performance of our agreement(s) with you, or that the transfer is subject to the applicable laws in the EU or under the GDPR. We will only transfer your personal data outside of the EEA:
  • where the transfer is to a place that is regarded by the European Commission (the “EC”) as providing adequate protection for your personal data;
  • where we have put in place appropriate safeguards to ensure that your personal data is protected (e.g. where both parties involved in the transfer have signed standard data protection clauses adopted by the EC); or
  • the above does not apply but we are still legally permitted to do so (e.g. if the transfer is necessary for (i) for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request; or (ii) the establishment, exercise or defence of legal claims).
  • You may request for further details about the safeguards we have in place in respect of transfers of personal data outside of the EEA and where applicable a copy of the standard data protection clauses that we have in place, by contacting us at: info@galengrowth.com.
  • We may also elect to anonymise your personal data before sharing it with third parties. The legal basis for such anonymisation is set out at paragraph 2.3. The terms of this Privacy Policy do not apply to such anonymised data.

 

  1. THIRD PARTY LINKS
  • Our Website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's website. These third-party websites have separate and independent privacy policies. We strongly advise you to review the privacy policy of every website you visit.

 

  • We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.
  1. RIGHTS IN RELATION TO YOUR PERSONAL DATA
  • This will depend on whether the PDPA or the GDPR is applicable to you. You should obtain independent legal advice on your rights. Details of general rights which may be applicable to you are set out below. The following is not legal advice to you and should not be construed or relied upon as such.

 

Rights under the PDPA

  • Under the PDPA, you may, by a written request to us, ascertain whether the information we hold about you is accurate and current, and you may also access and correct your personal data.
  • Right to access and / or to correction of personal data:
  • You may request access to or correct the personal data held by us by submitting a written request at any time to info@galengrowth.com.
  • We may require further information from you to verify your identity as well as the nature of your request, to deal with your request. Handling and processing fees may be payable before we can proceed with your request.
  • Once we have sufficient information to deal with your request, we will seek to provide you with the relevant personal data or information within thirty (30) days of your request, unless otherwise stated.
  • There are certain circumstances in which we will decline to comply with your request under paragraph 5.3(a), which include (to the extent allowable under applicable law) situations where: (i) a government agency in Singapore or regulator with jurisdiction over us direct us not to comply with a customer’s request; (ii) the information may, in our discretion, affect the safety of any person or persons; and (iii) the data may be relevant to a regulator or official investigators as part of an investigation into criminal conduct or breach of applicable laws.
  • Withdrawal of consent to use your personal data:

(a)     Should you wish to withdraw your consent to our use of your personal data, please stop using the Services immediately and notify us in writing at info@galengrowth.com to inform us that you wish for us to stop collecting, using or sharing your personal data and we will process your request within a reasonable time from such a request. You may also elect to withdraw your consent to the use of your personal data for a specific purpose, so please ensure that your notification contains sufficient and specific information to enable us to comply with your request.

(b)     However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us.

Rights of residents of the EU

  • If you are a resident in the EU, you may have the following rights under the GDPR in relation to your personal data, including: (i) the right to be informed about how we use the Users’ Information what is what we are doing in this Privacy Policy; (ii) the right of data portability; (iii) the right of erasure/deletion; (iv) the right to restrict processing; (v) the right to object; and (vi) the rights in relation to automated decision making and profiling. These rights will be subject to ongoing obligations imposed on the Company under any applicable laws or regulation and the Company’s legitimate and legal rights to continue processing your information or to refuse that request.
  • The right of data portability:
  • You may request to receive the data we collect from you in a structured, commonly used and machine-readable format if processing of the data had been carried out by automatic means, and a right to request that we transfer such data to another party. The relevant subset of your data is data you provide us with your consent and will not include any data of any other person.
  • If you wish for us to transfer your personal data to another party, you must give us the details we need about that party. You acknowledge that the exercise of your rights is subject to such transfer being technically feasible. We are not responsible for the security of the data or its processing once received by the third party. We also may not provide you with certain data if providing the data would reveal information about another person, or otherwise infringe on his or her right to privacy.
  • The right of erasure or deletion:
  • You may request that we delete the data we hold about you in the following circumstances: (i) our continued holding of your personal data is no longer necessary for the purposes for which such data had been collected; (ii) having provided your consent earlier, you now wish to withdraw your consent to our processing your data, and there is no other legal ground under which we can process the data; (iii) you do not wish to receive updates, news about promotions or marketing materials from us that have been customised using data we have about you; or (iv) the data we hold about you have been unlawfully processed in a manner not in accordance with applicable laws.
  • You may exercise your right to restrict our processing of the data while we consider your request.
  • Notwithstanding your requests, we may retain the data if there is a legal basis under applicable laws for us to do so although we will notify you of such a legal basis. You agree and acknowledge that if we do delete your data, you will be forgotten, and we will not be able to provide you services that are customised to your preferences.
  • If we have made your personal data public, and there are grounds for deletion, we will take reasonable steps to tell others to whom we had earlier transferred your data to also delete the data.
  • The right to restrict processing to storage:
  • You have a right to require us to stop processing the data we hold about you other than for storage purposes in certain circumstances. However, if we stop processing the data, we may use it again if there are valid grounds under applicable laws for us to do so.
  • You may request that we stop processing and only store the data we hold about you if: (i) you contest the accuracy of the data, for the period it takes for us to verify whether the data is accurate; (ii) you are of the view that the processing of your data is unlawful, and you only want us to restrict its use; (iii) we wish to erase the data as it is no longer necessary for our purposes, but you require it to be stored for the establishment, exercise or defence of legal claims; or (iv) you have objected to us processing the data we hold about you, pending verification whether our legitimate grounds override yours.
  • The right to object:

You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party. We will be allowed to continue to process your personal data if we can demonstrate “compelling legitimate grounds for the processing which override your interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims.

  • The right in relation to automated decision making and profiling:
  • You have the right not to be subject to a decision by us based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you unless you have given your explicit consent or unless otherwise permitted under the GDPR.
  • To exercise any of your rights set out in this paragraph 5 or under the GDPR, please write to us at the email address set out in paragraph 7 below. We will need to know the specific rights that you want to exercise, or the reasons for your objections, so that we can assess whether there are compelling legitimate grounds which override your interests, rights and freedoms, or so that we can determine if you have a valid basis to restrict our processing of your data. You must also provide us with proof of identity before we will respond to any requests to exercise your rights. We will respond to a request by you to exercise those rights without undue delay and at least within one (1) month (although this may be extended by a further two (2) months in certain circumstances).
  1. RETENTION, ADMINISTRATION & MANAGEMENT OF PERSONAL DATA
    • We will take reasonable efforts to ensure that your personal data is accurate and complete, based on the information that you have provided us with. Please ensure that all information provided to us is up to date and keep us informed of any relevant changes.
  • We value your privacy and have security arrangements to ensure that your personal data is adequately protected and secured. We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that: (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes. Otherwise, personal data collected by us is generally only retained for as long as it is reasonably necessary for the purpose for which the data provided and we may destroy or delete any information or personal data provided by you thereafter, unless required by law, regulation or other business or audit requirements. For EU residents, we will endeavour to delete data within thirty (30) days of a request for deletion or contact you if it will take longer.
  • Where your personal data is to be transferred out of Singapore or such other jurisdiction in which it is collected, we shall take reasonable steps to ascertain that the recipient of the personal data is bound by legally enforceable obligations to protect your personal data in accordance with this Privacy Policy and the PDPA. If you are an EU resident, please refer to paragraphs 3.5 to 3.7 for information on how we fulfil our obligations to safeguard your personal data when we transfer it outside of the EEA.
  1. COMPLAINTS / QUERIES

If you do not consent to any of the terms of this Privacy Policy, our use of your personal data or have any complaint or grievance regarding about how we handle your personal data, we welcome you to contact us with further details at:

E-mail address: info@galengrowth.com

Office address: HealthTech Hub, Found8, 100 Amoy Street, Singapore 069920

Att: Data Protection Officer

  1. UPDATES ON DATA PROTECTION POLICY
    • As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes and may update, at our absolute discretion, update the terms of this Privacy Policy from time to time. Any revised Privacy Policy will be posted on our Website and can be accessed at healthtechalpha.asia/privacy.
  • You are encouraged to visit the above Website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
  1. COOKIE POLICY
    • We may collect information from you (or others on your behalf) de-identified information to help us in our business and provide you with the relevant Services. Such anonymised and de-identified information may be transferred, disclosed, assigned, leased, licensed, sold and otherwise shared with and by our partners, service providers, advertisers and/or other third parties for purposes permitted under law.
  • Cookies (small text files placed on your device that record information about your preferences and enable log-ins, provide interest-based advertising, analyse how our Services are performing) are an example of such anonymised data which we collect. While compiling information about your browsing habits, cookies can also enhance your user experience. There may also be third party cookies on our Websites. For more information on cookies, please refer to allaboutcookies.org/manage-cookies/.
  • You can control cookies through your web browser settings. This allows you to determine which cookies to allow and which to refuse. If you disallow the use of cookies on our Website, please note that you may not be able to access the full range of functions that our Website offers.
  • Our advertising partners may also transmit cookies to your browser or device, when you click on advertisements that appear on the Services. Further, if you click on a link to a third-party website or service, a third party may also transmit cookies to you. For the avoidance of doubt, this Privacy Policy does not cover the use of cookies by any third parties, and we are not responsible for their privacy policies and practices.  Please be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honour ‘Do Not Track’ requests that you have set using your browser or device.
  • If you do not consent to our use of cookies, you should adjust your browser settings accordingly or not use any of the Services.

Where you are below 18 years of age (or the applicable age required for you to legally access or use the Services), the rights to consent, access and correction can only be granted by their guardians. By using the Services, you are representing that you agree to the terms and conditions contained in this Privacy Policy and our Terms & Conditions (accessible at: healthtechalpha.asia/terms-conditions), and this agreement supersedes any other agreement that we might have with you concerning the use of your personal data. If you do not agree to any of these terms and conditions, and do not have consent from your parent(s) or legal guardian(s), you must stop using/accessing the Services. This Privacy Policy is governed by the laws of Singapore.