Privacy Policy

1. Introduction

DAS Skin Clinic Pte Ltd (“DAS Skin Clinic”, “we”, “us” or “our”) is committed to protecting the privacy and confidentiality of your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard your personal data in accordance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore, the Healthcare Services Act 2020 (“HCSA”), and applicable guidelines issued by the Ministry of Health (“MOH”) and the Personal Data Protection Commission (“PDPC”).

As a licensed healthcare provider in Singapore, we take additional care with your medical and health-related data, in line with the PDPA’s heightened requirements for sensitive personal data and MOH’s clinical governance standards.

2. Personal Data We Collect

We may collect the following categories of personal data:

• Identity data: Full name, NRIC/FIN/Passport number (where required for medical records), date of birth, nationality, gender
• Contact data: Address, email address, telephone/mobile number
• Medical and health data: Medical history, diagnosis, treatment records, prescriptions, laboratory and test results, clinical photographs (with your explicit consent), allergy information
• Appointment data: Preferred date and time, clinic location, consulting physician, reason for visit
• Financial data: Insurance information, payment records, billing details
• Digital data: IP address, browser type, pages visited on our website, cookies and usage analytics

3. How We Collect Your Data

We collect personal data through:

• Appointment booking forms on this website and in-clinic registration
• Patient intake and consent forms completed at our clinics
• Consultations with our dermatologists, TCM physicians and allied health professionals
• Telephone calls, emails, WhatsApp messages and other correspondence
• Third-party referrals from other healthcare providers (with your consent or under deemed consent provisions)
• Cookies and analytics tools when you browse our website

4. Purpose of Collection and Use

Your personal data is collected for the following purposes:

• Medical care: Providing dermatological, aesthetic, wellness and Traditional Chinese Medicine (TCM) consultations, treatments, diagnoses and follow-up care
• Appointment management: Scheduling, confirming and managing your appointments
• Billing and payment: Processing payments, insurance claims and generating invoices
• Regulatory compliance: Meeting obligations under the HCSA, MOH guidelines, and professional regulatory requirements
• Communication: Sending appointment reminders, treatment-related updates and health advisories
• Quality improvement: Internal clinical audits, service improvement and staff training (using de-identified data where possible)
• Legal obligations: Complying with court orders, regulatory investigations or statutory reporting requirements

We will not use your personal data for marketing purposes unless you have given separate, explicit consent. Any marketing communication will include a clear opt-out mechanism, in compliance with the PDPA and the Do Not Call (“DNC”) Registry provisions.

5. Consent

Under the PDPA, we are required to obtain your consent before collecting, using or disclosing your personal data, unless an exception applies. By submitting your personal data through our booking forms, registration forms or by using our services, you consent to the collection, use and disclosure of your personal data as described in this Policy.

In certain circumstances, deemed consent may apply — for example, when personal data is shared between healthcare providers for the purpose of continuity of care, or where disclosure is necessary for the performance of a contract. We may also rely on deemed consent by notification where you have been informed of the purpose and given a reasonable opportunity to opt out.

You may withdraw your consent at any time by contacting our Data Protection Officer. Please note that withdrawing consent for specific medical data may affect our ability to provide you with healthcare services.

6. Disclosure to Third Parties

We may disclose your personal data to:

• Other healthcare providers involved in your care (including referral specialists, hospitals, laboratories and the National Electronic Health Record system)
• Insurance companies for the purpose of processing your claims (with your consent)
• Our affiliated clinics within the DAS Group (including Qing TCM Clinic), where necessary for continuity of care
• Authorised third-party service providers who assist with IT systems, data hosting, payment processing or appointment management, subject to strict data protection agreements
• Government agencies, regulatory bodies or law enforcement where required by law

We require all third parties to maintain appropriate security measures and to process your personal data only for the specified purposes and in accordance with the PDPA.

7. Data Protection and Security

We implement reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification or disposal of your personal data. These measures include:

• Encrypted storage and transmission of electronic medical records
• Access controls and role-based permissions for staff and systems
• Multi-factor authentication for administrative access
• Regular security audits and vulnerability assessments
• Staff training on data protection obligations and protocols
• Physical security measures for hardcopy records at our clinic premises

8. Retention of Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. In accordance with MOH guidelines and professional standards, medical records are retained for a minimum of six (6) years from the date of the last treatment, or longer where required by specific clinical or legal circumstances.

When personal data is no longer needed, we will dispose of it in a secure manner — electronic records will be permanently deleted and hardcopy records will be securely destroyed.

9. Access and Correction

Under the PDPA, you have the right to request access to your personal data held by us and to request corrections to any inaccurate or incomplete data. Requests may be submitted to our Data Protection Officer and will be processed within a reasonable timeframe. A nominal administrative fee may apply for access requests.

Please note that certain exceptions under the PDPA may apply where we are unable to provide access or make corrections — for example, where doing so could cause harm to the safety or health of any individual, or where the data is subject to legal privilege.

10. Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals, or that involves the personal data of 500 or more individuals, we will notify the PDPC within three (3) calendar days of completing our assessment of the breach. We will also notify affected individuals as soon as practicable if the breach is likely to result in significant harm.

11. Cookies and Website Analytics

Our website uses cookies and similar technologies to enhance your browsing experience and to understand website usage patterns. These may include essential cookies (required for site functionality), analytics cookies (to understand traffic and usage) and preference cookies (to remember your settings such as language).

You may manage your cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

12. Transfer of Data Outside Singapore

In the event that your personal data needs to be transferred outside of Singapore (for example, to cloud service providers with overseas data centres), we will ensure that the receiving party provides a standard of protection comparable to that under the PDPA, in compliance with the Transfer Limitation Obligation.

13. MOH Advertising Compliance

All content on this website complies with the advertising guidelines issued by the Ministry of Health under the Healthcare Services Act 2020 and the guidelines of the Singapore Medical Council. We do not make unsubstantiated claims, display before-and-after photographs, or use laudatory or comparative language in relation to our medical services.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated effective date. We encourage you to review this Policy periodically.

15. Contact Our Data Protection Officer

If you have questions, concerns or requests regarding your personal data or this Privacy Policy, please contact: