AdvaPACS Data Protection Notice

AdvaHealth Solutions Pte. Ltd. (hereafter, ‘we’, ‘us’, ‘our’ or ‘AHS’) has developed AdvaPACS, a software-as-a-service application (the ‘Application’) which hospitals, clinics and other healthcare providers may use to provide PACS (Picture Archiving and Communications System) for storing, indexing and retrieving medical imaging.

In connection with access and use of the Application by our customers, certain personal information, such as those of a customer’s patients, will be collected and processed by us.

If you have or will be registering for an account to use the Application (hereafter ‘Account’), this Data Protection Notice (‘Notice’) explains how we handle personal information when you use the Application, your rights and choices, and how you can contact us about our data protection practices.

  1. Who are we?
    1. We are a company based in Singapore.
    2. We are the provider of the Application which is intended for use by you as our customer. This means that in most cases:
      1. we are collecting and processing personal information on your behalf as a data processor / data intermediary.
      2. you are the controller of the personal information we process and how we use it.
  2. What information do we collect?
    1. Information of our users. In most cases, we collect and process information that you provide to us. These include:
      1. business contact information that you provide when you register for and/or add users under the Account. Such information includes but is not limited to the following: –
        • Name;
        • Email Address;
        • Phone Number;
        • Address;
        • Business Name; and
        • Tax Number.
      2. payment information, such as your billing address.
      3. your marketing preferences.
    2. Information of patients. We collect and process certain personal information about patients (‘Patient Information’) on your behalf and only when provided and instructed by you. Patient Information includes the following:
      1. patient demographic information.
      2. diagnostic reports.
      3. DICOM files (the worldwide standard for medical imaging and communication) that you upload to the Application.
      4. other types of files (text, PDF, etc.) that you upload where the Application allows it.
    3. Information that we collect automatically. When you use or interact with the Application, we automatically collect or receive certain non-personally identifiable information through our system and other technologies (e.g., cookies) about your use of the Application. Such information includes:
      1. Device data about your computer or other device used to access the Application. Device data may include information such as your IP address, device type, and browser type.
      2. Log files from requests for diagnostic and auditing purposes. These may contain information about what was accessed and from which IP addresses.
      3. Location data relating to your device.
    4. Cookies. We currently only use functional cookies which are necessary for the Application to work properly. If you delete the functional cookies, the Application may not work properly.
  3. Where do we store your information?
    1. Patient Information. When you register for an Account, you will be asked to select the region where you want your Account to be located in, for example, Hong Kong, Singapore, Australia, the United Kingdom, or Europe. Your Patient Information will be stored on cloud servers in the selected region. You are responsible for ensuring that your Patient Information may be stored in the selected region and complying with any laws and regulations regarding your Patient Information.
    2. All other information. All other information that you provide, such as user information and payment information, may be stored on servers outside of the selected region, but these will never contain any Patient Information.
  4. How do we use your information?
    1. We use and process the personal information that we collect for the purposes identified below:
      1. providing the Application and its tools and services.
      2. administering your Account.
      3. communicating with you about the Application, such as the sending of service and other notifications.
      4. performing our obligations and enforcing our Terms of Service and other policies.
      5. developing and improving the Application.
      6. sending marketing communications if you have opted to receive the same from us.
      7. for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and features, improving or modifying our products and services, identifying usage trends and other business activities in reliance on our legitimate interests.
      8. complying with our legal obligations under applicable laws.
    2. You are under no obligation to provide personal information to us. However, if you choose to withhold the requested personal information, you may not be able to use certain aspects of the Application.
  5. Who do we share information with? 
    1. We may share personal information with:
      1. our affiliates and third party service providers who assist us in providing the Application and who perform certain functions on our behalf.
      2. parties involved in a transaction involving the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of our business.
      3. other parties if required to do so by law or if we believe that such disclosure is necessary to prevent fraud or crime or to protect the application or the rights, property or personal safety of any person.
      4. any other person provided you have given consent to the disclosure.
  6. International data transfers
    1. Patient Information is stored and processed in your selected region (please see Section 3 of this Notice). Patient Information will never be transferred out of your selected region.
    2. Depending on your location, all other information which you provide to us may be stored and processed in a country other than where you are located. These countries may have data protection laws which are different from the laws of your country. However, regardless of where such information is located, we will take measures to ensure that:
      1. all transfers of personal information comply with application data protection laws
      2. your personal information will be protected to the standard required under applicable data protection laws.
  7. How long do we keep your information?
    We will process and store your information (including any Patient Information) for no longer than necessary. Please refer to our Terms of Use for more information on this point.
  8. Security
    1. We take the security of your personal information seriously. To safeguard personal information against unauthorised access, collection, use, disclosure, modification and other similar risks, we have implemented appropriate and robust administrative, physical and technical measures to protect person information in our possession. In addition, all Patient Information is encrypted at rest and in transit.
    2. While we will make every effort to ensure our system is a secure as possible, no electronic transmission over the internet or information storage technology is 100 percent secure against hackers and other cyber threats. The security of the Application and your Account also depends on you. In this respect, you must and should ensure that users under your Account comply with the following:
      1. take steps to secure your computer and other devices.
      2. that you make full use all of the tools we provide to secure your Account, such as 2 factor authentication, and IP restrictions.
      3. use secure passwords and maintain the confidentiality of such passwords.
  9. Third party sites
    The Application may contain links to platforms and sites which are operated by third parties with different data protection policies from us. We encourage you to read the data protection policies of these platforms and sites. We have no control over any personal information which you choose to submit or receive through these platforms and sites.
  10. Your rights and choices
    1. You may access, review, change and/or delete personal information associated with your Account by signing into your Account and editing such information as desired.
    2. You may opt out of receiving marketing communications from us by using the unsubscribe link in the communication or following the instructions in the communication to unsubscribe. However, we may still send service-related communications and notifications to you and you may not unsubscribe from them, although you may change some settings by signing into your Account and adjusting them as required.
    3. If you have any questions about your rights and choices, please contact us at compliance@advapacs.com. We take each request seriously and will comply with your request to the extent required by applicable law. If you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
  11. Changes to this Notice
    1. We reserve the right to modify this Notice at any time to reflect changes in the Application, any applicable laws or other reasonable grounds. The current version of this Notice will apply each time you access and/or use the Application and you should check for any changes to this Notice when you use the Application.
    2. If we make material changes to this Notice or in how we use personal information, we will post a prominent notice of such change and notify you via email.
    3. We encourage you to review this Notice periodically to remain informed of how we protect your personal information.
  12. Contacting Us
    If you have any questions or comments on this Notice, please email our data protection officer at compliance@advapacs.com.