DATA PROTECTION UNDER THE SINGAPORE PERSONAL DATA PROTECTION ACT (PDPA)
To run our business, IMAART LLC processes information about individuals (“Personal Data”), including information about our current and former clients (“you”).
IMAART LLC takes your privacy seriously. This Privacy Notice (“Notice") contains information on what Personal Data the IMAART LLC (“IMAART LLC”, “we”, “our”, or “us”) collect(s), what we do with that information, and what rights you have.
As part of our commitment to protect your Personal Data we want to inform you in a transparent manner:
why and how IMAART LLC collects, uses and stores your Personal Data;
the lawful basis for the use of your Personal Data; and
what your rights are in relation to such processing and how you can exercise them.
1. What does this Notice cover?
This Notice applies to any and all forms of use (“processing”) of Personal Data by us in the United States of America and Singapore if you are a former, current or prospective client of IMAART LLC located in Singapore.
2. What types of Personal Data do we collect?
For prospective clients with whom we have not yet made contact, we may collect (to the extent permitted by applicable law):
Personal identification details (such as name, address, gender, nationality), contact information (such as telephone, e-mail address), and family details (such as marital status);
information related to the professional profile (such as positions and professional networks) and information related to medical and fertility background.
For former and current clients or prospective clients with whom we are taking steps to enter into a contractual relationship, we collect (to the extent permitted by applicable law):
personal details such as your name, identification number, date of birth, identification documents (including a copy of your national identity card or passport), phone number, address and domicile electronic address, and family details such as the name of your spouse or partner;
medical information, such as medical reports, blood test and other examination result;
financial information, including payment and transaction records;
where relevant, professional information about you, such as your job title and work experience;
your knowledge of and experience in fertility matters;
details of our interactions with you and the products and services you use, including electronic interactions across various channels such as e-mails and mobile applications;
any records of phone calls and video footages between you and IMAART LLC, specifically phone log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls;
identifiers we assign to you, such as your client, business relation, partner or account number, including identifiers for accounting purposes;
when you access IMAART LLC websites or our applications, data transmitted by your browser or device you are using and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your device, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our Website if their disclosure is made voluntarily, e.g., in the course of a registration or request). When you visit a IMAART LLC website, that website will contain additional information about how we use your information while you are visiting that website; and
in some cases (where permitted by law), special categories of Personal Data, such as your biometric information, health information, racial or ethnic origin, and, to the extent legally possible, information relating to criminal convictions or offences.
For our usage of cookies and other tracking technologies in relation to IMAART LLC websites please also refer to the IMAART LLC Website Usage and Cookie Notice available here.
In some cases, we collect this information from public registers (which, depending on the product or service you receive and the country of the IMAART LLC entity with which you have a contractual relationship, may include beneficial ownership and other registers), public administration or other third-party or public sources, such as wealth screening services, credit reference agencies, intermediaries that facilitate data portability, and other IMAART LLC.
We might also collect certain of the above Personal Data types in relation to your business relationship, dependants or family members, representatives or agents.
Where you are an institutional or corporate client or investor, we may also ask you for information about your directors, representatives, employees or shareholders or beneficial owner. Before providing IMAART LLC with this information, you should provide a copy of this notice to those individuals.
3. For which purposes do we process your Personal Data and what legal basis do we rely on?
3.1 Purposes of processing
We always process your Personal Data for a specific purpose and only process the Personal Data which is relevant to achieve that purpose. In particular, we process Personal Data, within applicable legal limitations, for the following purposes:
a) Client Onboarding. For example:
to verify your identity and assess your application.
b) Client Relationship Management. For example, to:
manage our relationship with you, including communicating with you in relation to the products and services you obtain from us and from our business partners, handling customer service-related queries and complaints, making decisions regarding credit or your identity, tracing your whereabouts;
help us to learn more about you as a client, the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use from us, how you like to be contacted.
c) Product implementation and execution. For example, to:
provide products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and make payments to and from your accounts in accordance with your instructions and the product terms;
facilitate medical professionals to advice and provide appropriate medical treatments to you;
d) Engaging in prospecting and business development and / or protecting and enhancing the IMAART LLC brand. For example, to:
evaluate whether and how IMAART LLC may offer products, services and events that may be of interest to you;
contact you for direct marketing purposes about products and services we think will be of interest to you, including those offered by us, IMAART LLC, and our other business partners, and facilitating competitions and promotions.
e) Supporting, Enhancing and Maintaining IMAART LLC’s technology. For example, to:
take steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide.
f) Other purposes. For example:
for the IMAART LLC’s prudent operational management (including credit and risk management, technological support services, reporting, insurance, audit, systems and products training and administrative purposes);
to enable a transfer, merger or disposal to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer, merger or disposal of part or all of IMAART LLC’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
testing and calibrating analytical models. In such case only pseudonymized data are used;
to exercise our duties and/or rights vis-à-vis you or third parties.
3.2 Basis for processing of Personal Data
Depending on the purpose of the processing activity (see Section 3.1), the legal basis for the processing of your Personal Data will be one of the following:
necessary to perform our contractual obligations towards you or to enter into or conclude a contract with you or for carrying out our obligations under such a contract;
necessary to comply with our legal or regulatory obligations that are required by law;
necessary to protect the vital interests of the relevant individual or of another natural person, such as responding to an emergency that threatens the health or safety of the individual or another natural person;
necessary for business improvement purposes to the extent permitted under the PDPA, such as to improve new processes for business operations in relation to IMAART LLC’s services;
where we have obtained your prior consent;
necessary for one or more of the specific purposes deemed by law to be in the legitimate interests of organisations (PDPA, First Schedule, Part 3, Para 2-10 — “Prescribed Legitimate Interests”). Some of these Prescribed Legitimate Interests which are necessary for IMAART LLC include the following:
i. for investigation or proceedings (including the establishment, exercise or defence of a legal claim);
ii. for IMAART LLC to obtain legal services.
necessary for the general legitimate interests of IMAART LLC, without unduly affecting your interests or fundamental rights and freedoms (PDPA, First Schedule, Part 3, Para 1 — “General Legitimate Interests”). Examples include processing necessary to:
i. manage our relationship with you and to help us to learn more about you as a client, the products and services you receive, and other products and services you may be interested in receiving (with the exception of direct marketing, i.e., sending of unsolicited marketing material for which we would obtain your consent);
ii. evaluate whether and how IMAART LLC may offer products, services and events that may be of interest to you;
iii. prevent fraud or criminal activity, misuses of our products or services as well as the security of our information, IT systems, architecture and networks and security of IMAART LLC premises;
iv. receive and handle complaints, requests or reports from you or third parties made to designated units within IMAART LLC;
v. take steps to improve our products and services and our use of technology and to conduct market research;
vi. cooperate with a request made in any actual or potential proceedings or the inquiries of a public or judicial authority;
vii. make disclosures for the purposes referred to in Section 5 below, such as providing products and services and assuring a consistently high service standard across the IMAART LLC, and keeping our clients, employees and other stakeholders satisfied.
4. How do we protect Personal Data?
All IMAART LLC employees accessing Personal Data must comply with our internal rules and processes in relation to the processing of your Personal Data to protect them and ensure their confidentiality.
IMAART LLC has also implemented adequate technical and organisational measures to protect your Personal Data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing.
5. Who has access to Personal Data and with whom are they shared?
5.1 Within IMAART LLC
We make available Personal Information to members of our personnel within the IMAART LLC for the purposes indicated in section 3, in order to ensure a consistently high service standard and to provide services and products to you.
5.2 Outside IMAART LLC
5.2.1 Third Parties
When providing products and services to you, we may share Personal Data with persons acting on your behalf of otherwise involved (depending on the type of product or service you receive from us), including where relevant the following types of companies. :
medical institutions, including IVF centres and laboratories;
A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of IMAART LLC’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
payment recipients, beneficiaries, account nominees, intermediaries, escrow agents (including custodian banks);
Third party service providers, who are contractually bound to confidentiality, such as IT system or hosting providers, cloud service providers, database providers, consultants (e.g., lawyer), and other goods and services providers;
Authorities, e.g., regulators, enforcement or exchange body or courts or party to proceedings where we are required to disclose information by applicable law or regulation or at their request, or to safeguard our legitimate interests;
Other medical and fertility advisory services, comparable institutions or other recipients to whom we transfer Personal Data in order to conduct business.
Any legitimate recipient required by applicable laws or regulations.
5.2.2 Service Providers
In some instances, we also share personal data with our suppliers, who are contractually bound to confidentiality, such as IT hardware, software and outsourcing providers, logistics, mail, courier, printing services and storage providers, marketing and communication providers, facility management companies, market data service providers, transportation and travel management providers and others. When we do so we take steps to ensure they meet our data security standards, so that your personal data remains secure.
Where IMAART LLC transfer your data to third party service providers processing data on IMAART LLC behalf, we take steps to ensure they meet our data security standards, so that your Personal Data remains secure. Third party service providers are thereby mandated to comply with a list of technical and organisational security measures, irrespective of their location, including measures relating to: (i) information security management; (ii) information security risk assessment and (iii) information security measures (e.g., physical controls; logical access controls; malware and hacking protection; data encryption measures; backup and recovery management measures).
5.2.3 Public or regulatory authorities
If required from time to time, we disclose personal data to public authorities, regulators, governmental bodies, courts or party to proceedings where we are required to disclose information by applicable law or regulation, under a code of practice or conduct, at their request, or to safeguard our legitimate interests.
A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all IMAART LLC's business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
Any legitimate recipient required by applicable laws or regulations.
5.3 Data transfers to other countries
The Personal Data transferred within or outside IMAART LLC as set out in Sections 5.1 and 5.2, is in some cases also processed in other countries. We only transfer your Personal Data abroad to countries which are considered to provide an adequate level of data protection, or in the absence of such legislation that guarantees adequate protection, based on appropriate safeguards (e.g., standard contractual clauses adopted by the European Commission to the extent recognized by the competent Data Protection Authority or another statutory exemption) provided by local applicable law. As detailed in sections 4 and 5.2 above, IMAART LLC ensures that their third-party service providers take steps to implement, technical and organisational measures to safeguard your Personal Data against unauthorized processing.
6. How long do we store your data?
We will only retain Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your Personal Data depending on its purpose.
As far as necessary, we will keep your data for the duration of our fertility advisory relationship subject to applicable legal and regulatory requirements. In addition, we might process your data after the termination of our fertility advisory relationship for operational purposes in accordance with the applicable laws as well as pursuant to various retention and documentation obligations.
However, if you wish to have your Personal Data removed from our databases, you can make a request as described in Section 7 below, which we will review as set out therein.
7. What are your rights and how can you exercise them?
7.1 Your rights
You have a right to access and to obtain information regarding your Personal Data that we process. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction of your Personal Data. You also have the right to withdraw your consent where IMAART LLC obtained your consent to process Personal Data (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).
IMAART LLC will honour such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute: they do not always apply and exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
In certain circumstances IMAART LLC may process your Personal Data through automated decision-making. Where this takes place, you will be informed of such automated decision-making that uses your Personal Data and be given information on criteria and procedures applied. You can request an explanation about automated decision making carried out and that a natural person reviews the related decision where such a decision is exclusively based on such processing.
7.2 Exercising your rights
To exercise the above rights, please contact IMAART LLC.
If you are not satisfied with how IMAART LLC processes your Personal Data, we would like to discuss it with you to understand how we can rectify the issue. If you would like to speak to us about our use of your Personal Data, please contact IMAART LLC.
If you are not satisfied with IMAART LLC’s response, you have the right to make a complaint to the Data Protection Authority.
8. Changes to your Personal Data
We are committed to keeping your Personal Data accurate and up to date. Therefore, if your Personal Data changes, please inform us of the change as soon as possible.
9. Updates to this Notice
This Notice was updated in July 2022. We reserve the right to amend it from time to time. Any amendment or update to this Notice we will make available to you here. Please visit the IMAART LLC website frequently to understand the current Notice, as the terms of this Notice are closely related to you.
If you have any questions or comments about this Notice, please contact IMAART LLC.
For information on how we use and protect the personal data of our former, current and prospective clients, please read the country specific client privacy notices in select jurisdictions where IMAART LLC entities process personal data. If your country is not listed, please contact IMAART LLC before proceeding further.