PRIVACY POLICY

(Last updated: 11 October 2024)

 

This Privacy Policy (“Policy”) sets out the basis which ThoughtFull World Pte. Ltd. (“we”, “us”, or “our”) may collect, use, disclose or otherwise process Personal Data (as defined below) from our users (“Clients”), to whom we provide mental health services (the “Services”), and mental health professionals engaged by us (“ThoughtFull Professionals”) to provide the Services.

When the terms “you”, “your” or “yours” or such other similar terms are used in this Policy, they refer to the individual Client or ThoughtFull Professional, as the case may be.

We collect, use, disclose and process your Personal Data in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”) in connection with your access and use of the services offered by us through the relevant mobile application(s) made available for download by us (“App”), our website at https://www.thoughtfull.world (the “Website”), or any other applications or software we provide from time to time, including, but not limited to, ThoughtFullChat (collectively, the “Platform”). This Policy applies to Personal Data in our possession or under our control, including Personal Data in the possession of organisations which we have engaged to collect, use, disclose or process Personal Data for the purposes provided in this Policy.

By accessing and using the Platform, you affirm that you have read this Policy, as may be amended, supplemented and/or updated from time to time, and that you understand, acknowledge and agree to all the terms contained herein.

If you do not agree to be bound by the terms of this Policy, you should stop accessing and using the Platform and any other services connected thereto immediately.

 

  1. PERSONAL DATA
    • Unless otherwise stated in this Policy, the term “Personal Data” shall mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or is likely to have access.
    • Depending on the nature of your interaction with us on the Platform, some examples of Personal Data which we may collect from you include your name, identification information such as your personal identification or passport number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio visual information, health information and records, employment information and financial information such as credit card numbers, debit card numbers or bank account information.

  2. COLLECTION OF PERSONAL DATA
    • We may collect your Personal Data in the ways listed below:
    • For Clients:
      • When you voluntarily provide it to us. For example, you may provide your Personal Data to us when you:
        • register for an account with us (such as your name, contact information, email and other identification information where needed and to the extent permitted by law);
        • update your personal details in your account with us;
        • fill up demographic information in surveys (such as your age, gender, and other information you may volunteer such as your marital status, occupation and income information);
        • contact our customer service representatives for technical support or to make business or other enquiries, or to lodge any disputes and/or complaints; and
        • make payment (if any) through a credit card, bank account, and/or any means which involves Personal Data.
      • When you access and use the Platform. Personal Data may be collected through the normal operation of the Platform. Some examples are:
        • your health data and records during our matching process of you to a suitable ThoughtFull Professional; and
        • Personal Data you may provide during your use of the Platform (including ThoughtFullChat and video therapy platform).
      • From other sources. When we collect Personal Data, including but not limited to your name, contact information and other identification where needed from other sources, we make sure that such data is transferred to us in accordance with applicable laws. Such sources include:
        • where you have subscribed through an Employee Assistance Programme (“EAP”), an employer-sponsored benefit plan, or an insurance-backed plan, your employers or administrators of your benefit or insurance plan;
        • the ThoughtFull Professionals on the Platform;
        • referrals from our partners (such as third-party medical practitioners);
      • publicly available sources of data; and
      • governmental sources of data.
    • For ThoughtFull Professionals:
      • We may collect your Personal Data in the course of onboarding you or maintaining our account on the Platform with you such as:
        • your name, contact information, email and other identification information;
        • demographic information (such as your age, gender, and other information you may volunteer;
        • your educational qualifications;
        • practitioner’s licence information;
        • background check results; and
        • payment related information such as bank account numbers.
      • We shall seek your consent before collecting any additional Personal Data and before using or disclosing your Personal Data for a purpose which has not been notified to you (except where permitted or authorised by applicable laws, including the legitimate interests exception in the PDPA, provided that the applicable regulatory safeguards are met). Do note that we may rely on the deemed consent by notification mechanism for new uses or disclosures of the Personal Data as permitted by the PDPA provided that the applicable regulatory safeguards are met.
  1. USE AND DISCLOSURE OF PERSONAL DATA
    • Please refer to Clause 10 on Client Confidentiality to understand the protection for the confidential information that you share with the Thoughtfull Professionals.
    • We may use your Personal Data for any or all of the following purposes:
      • performing obligations in the course of or in connection with our provision of the Platform and the services related to it, including the Thoughtfull Professionals’ services to you;
      • verifying your identity;
      • responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
      • managing your relationship with us;
      • processing payment or credit transactions;
      • sending your marketing information about the Platform and or other goods or services including notifying you or our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;
      • conducting research, analysis, data and development activities, including but not limited to data analytics, surveys, product and service improvements and development, analysis relating to application usage, provided that it is anonymised as set out in Clause 1(c);
      • preventing and/or investigating any suspected violation of our TOU, fraud, unlawful activities, omission or misconduct, whether it is relating to your use of the Platform or any other matter arising from your relationship with us;
      • auditing our services and/or our business;
      • complying with any applicable laws, regulations, codes of practice, guidelines or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
      • transmitting to our subsidiaries or any third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the purposes set out in this Clause 1; and
      • any other incidental business purposes related to or in connection with the above.
    • We may disclose your Personal Data:
      • where such disclosure is required for performing our obligations in the course of or in connection with our provision of the Platform (including but not limited to when we connect Clients and ThoughtFull Professionals for the provision of the Services);
      • to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in Clause 1 above for us;
      • where such disclosure is required by an order of any court or competent jurisdiction or any regulatory, judicial, governmental or similar body;
      • where required by law including, where necessary, to respond to an emergency that threatens your life, health or safety or that of others; or
      • if you are a Client, where your subscription is paid for by an Employee Assistance Programme (“EAP”) or an employer-sponsored benefit plan, to your employer for their own audits on usage volumes. The Personal Data disclosed by us to your employer under this Clause 2(e) shall be limited to your name and email only.
    • Clause 2 may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you, or to manage our contract with your employer if you are under an EAP).

  2. WITHDRAWING YOUR CONSENT
    • The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request via email to our Data Protection Officer whose details are provided at Clause 11 below (“DPO”).
    • Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to such request, including any legal consequences which may affect your rights and liabilities to us.
    • Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing the Platform to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in Clause 1 above.
    • Please note that withdrawing consent does not affect our right to retain or continue to collect, use and disclose Personal Data where such retention, collection, use and disclosure without consent is permitted or required under applicable laws.
    • You may also request for the deletion of all your Personal Data, which we will interpret to mean that you have withdrawn your consent and this Clause 4 shall apply accordingly.

  3. ACCESS OR CORRECTION OF PERSONAL DATA
    • If you wish to make (a) an access request for access to a copy of the Personal Data which we hold about you, or (b) a correction request to correct or update any of your Personal Data which we hold about you or (c) when the applicable PDPA provisions come into force, to port your Personal Data if the PDPA grants such portability rights, you may submit your request in writing or via email to our DPO.
    • Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
    • We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request, we shall inform you in writing of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where are not required to do so under the PDPA or any other applicable laws).

  4. PROTECTION OF PERSONAL DATA
    • Safeguarding your data and privacy is of utmost importance to us and we have implemented reasonable security arrangements to protect client data and privacy. To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
    • The App is designed to incorporate data privacy and protection measures in both the front-end and back-end. On the front-end, two-factor authentication is adopted to provide extra security for client and professional accounts. Clients also have the option to be identified only by their pseudonym on the application for an added layer of confidentiality. On the back-end, all messages between Clients and ThoughtFull Professionals and our databases are secured and encrypted by banking-grade 256-bit encryption. All data connection between our App, our Website and our server are encrypted with Security Sockets Layers following best practices.
    • While we aspire to do our best in this regard, kindly note that no method of transmission over the Internet or method of electronic storage is completely secure. Although security cannot be guaranteed, we strive to protect the security of your Personal Data and are constantly reviewing and enhancing our information security measures.

  5. ACCURACY OF PERSONAL DATA
  • We generally rely on Personal Data provided by you to provide the Platform. In order to ensure that your Personal Data is current, complete and accurate, you may update your particulars either in the App itself or notify us of the changes to your Personal Data by writing to our DPO.

  1. RETENTION OF PERSONAL DATA
    • We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
    • We will cease to retain your Personal Data, or remove the means by which the Personal Data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal, regulatory or business purposes or for such time obligated by any laws.

  2. CROSS-JURISDICTIONAL TRANSFERS OF PERSONAL DATA
  • Where there is a transfer of Personal Data out of Singapore, we will undertake to ensure that the Personal Data will be protected at a standard that is comparable to that under the PDPA.
  1. CLIENT CONFIDENTIALITY
    • For Clients:
      • The Services that we provide to you include, but is not limited to, text-based and/or video counselling, mental wellness related assessments and journals, digital coaching, and webinars by the ThoughtFull Professionals through our Platform.
      • All information provided by you to a ThoughtFull Professional in the course of receiving the Services (“Confidential Information”) will be stored in our servers in accordance with the security measures as set out in Clause 6 above, and will be subject to our obligations to you in this Clause 10.
      • Where appropriate, Confidential Information may be aggregated using computers, artificial intelligence and/or other IT-enabled tools in accordance with our internal organisational procedures and will be anonymised (“Anonymised Data”). Anonymised Data is not Personal Data and you will not be identifiable from Anonymised Data. Anonymised Data may be used for the purpose set out in Clause 1(g).
      • We shall hold your Confidential Information in strict confidence, and we will not use or disclose your Confidential Information save for the following exceptional circumstances:
        • where such disclosure is required by law, any order of any court or competent jurisdiction or any regulatory, judicial, governmental or similar body; or
        • where necessary to respond to any emergency and/or crisis that threatens your life, health or safety or that of others; or
        • if our use or disclosure is or becomes necessary in light of your Thoughtfull Professional’s decision to use or disclose as set out in Clause 2(b).
      • By accessing and using the Platform and receiving the Services, you affirm that you understand, acknowledge, and agree to our collection and use of your Confidential Data as provided for in this Clause 10. If you do not agree to our collection and use of your Confidential Data as provided for in this Clause 10, you should stop accessing and using the Platform and receiving the Services immediately.
    • How ThoughtFull Professionals handle Clients’ Confidential Information:
      • All Personal Data and Confidential Information collected by ThoughtFull Professionals from Clients shall be held in strict confidence and subject to best practice and code of conduct/ethics which the ThoughtFull Professionals would be subject to in the relevant industry, profession and/or organisation.
      • ThoughtFull Professionals will not use or disclose Confidential Information save where permissible pursuant to the best practices and code of conduct/ethics which the ThoughtFull Professionals would be subject to in the relevant industry, profession and/or organisation, or in exceptional circumstances, such as:
        • in times or emergency and/or crisis where it can reasonably be deemed by the ThoughtFull Professional that there is an immediate risk of harm to the Client and/or other individuals or where the Client requires medical attention; and
        • where there are suspicions of physical or emotional abuse on a child or young person as a result of ill-treatment, or subjecting a child or young person to neglect or abandonment.
  1. DATA PROTECTION OFFICER
  • You may contact our DPO named below if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request:
    • Attention: Data Protection Officer
    • Email: Previn.pragash@thoughtfull.world
  1. EFFECTS OF NOTICE AND CHANGES TO NOTICE
    • This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us.
    • We may amend, supplement and/or update this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. Your continued use of the Platform constitutes your acknowledgement and acceptance of such changes.