MDA LOGO

Privacy Policy

MyDoctor Data Protection Notice

MyDoctor Personal Data Protection Notice (also known as “Privacy Policy”)

Introduction This Personal Data Protection Notice (“Notice”) is published on 22/04/2026 (“Effective Date”). MyDoctor (“we”, “our”, “us”) is committed to protecting Individuals’ (“your”, “you” and “yours”) personal data responsibly and in compliance with applicable data protection related laws. Where personal data is processed in Singapore, only the Singapore Personal Data Protection Act 2012 (“PDPA”) shall apply.

This Notice applies to the Processing of your personal data by us. It explains how we Process your personal data when you interact with us. This Notice may be updated from time to time, with amendments to the PDPA or to provide you with additional information. We strongly encourage you to read this Notice.

MyDoctor is one of the healthcare institutions participating in the National Electronic Health Records System (NEHR) and authorised by MOH to access to the information in the NEHR. When you seek medical treatment or related services at any MyDoctor facility, your personal data may be accessed via, used and/or disclosed to the NEHR. For more information about the NEHR, including rights available to you as a patient, please refer to https://www.synapxe.sg/healthtech/national-programmes/national-electronic-health-record-nehr/.

Personal Data

For purposes of this Notice, Personal Data means any information or combination of information, relating, directly or indirectly to you. Depending on the nature of your interaction with us, the Personal Data we collect may include your personal identification information, health and medical information, account and profile information, network traffic and related data and/or any other information which have been provided to us or we may have access to, in the course of your interaction with us.

Personal Data of Vulnerable Persons: It is our intention and policy to comply with law when it requires parent, guardian or legal representative’s permission before collecting, using or disclosing Personal Data of Vulnerable Persons. If a parent, guardian or legal representative becomes aware that Personal Data of a child or ward has been provided without consent, please contact us. Such Personal Data will be disposed of from our records.

How do we collect Personal Data?

We collect Personal Data from you in the following ways:

Directly:

  • When you create an account, register with us, or benefit from our services.
  • During face-to-face meetings, telephone conversations, and emails.
  • When you sign up for marketing, promotions, or initiatives.
  • When you visit our premises and your images are captured via CCTV or photography.
  • When you submit applications for employment, internships, or accreditation.

 

Indirectly:

  • From other medical service providers (related or third party).
  • From third parties wishing to confer a benefit on you (e.g., employer or insurer).
  • If you act as an intermediary for a third party, you undertake that you have obtained all necessary consents for MyDoctor to process their data.

 

For which purpose is Personal Data processed?

Personal Data may be processed for:

  1. Provision of medical services: To provide medical treatment and reasonably related purposes.
  2. Business Purposes: Invoicing, billing, account management, and internal controls.
  3. Human Resources: Managing employment-at-will relationships and contracts.
  4. Compliance & Safety: Ensuring occupational safety and meeting legal/regulatory obligations.
  5. Marketing: We will obtain your consent or offer an “opt-out” for promotional communications.
  6. Secondary Purposes: Internal audits, research, and creating anonymised data for the optimisation of patient care.

 

Sharing and Transfer of Data

Your Personal Data may be shared with:

  • Employees and Affiliates: On a “need-to-know” basis.
  • Service Providers: Vendors and suppliers necessary for our operations.
  • Business Partners: Accredited doctors, specialists, and corporate clients.
  • Authorities: Public and governmental bodies when required by law or in support of national initiatives (e.g., NEHR, HealthierSG).

 

Protection and Retention

  • Security: We use physical, technical, and organisational measures to prevent unauthorised access or loss.
  • Retention: We retain data only as long as necessary for business purposes or as required by Singapore law. After this period, data is disposed of or de-identified.

 

Contact Us

To request corrections or withdraw consent, please contact MyDoctor:

  • Email: marketing@mydoctorsg.com

 

We aim to respond to all requests within 30 days.