BRIGHTLINE PRIVACY POLICY

This Data Protection and Privacy Notice ("Notice") sets out the basis which the MOH Office for Healthcare Transformation ("We", "Us", or "Our") may collect, use, disclose or otherwise process Personal Data of Our Users in accordance with the Personal Data Protection Act 2012, including any re-enactment, supplement and amendments thereto from time to time ("PDPA"). This Notice applies to User-provided data, Personal Data in Our possession or under Our control, including Personal Data in the possession of organisations which We have engaged to collect, use, disclose or process Personal Data for Our Purposes.

  1. PERSONAL DATA

    1. As used in this Notice:
      "User" means an individual who (a) has contacted Us through any means to find out more about any goods or services We provide, or (b) may, or has, entered into a contract with Us for the supply of any goods or services by Us. "Personal Data" means data, whether true or not, about a User who can be identified: (a) from that data; or (b) from that data and other information to which We have or are likely to have access. "User-provided data" means data about a User that is created in the course of or as a result of his/her use of Brightline.
    2. Depending on the nature of your interaction with Us, some examples of Personal Data which We may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and medical records.
    3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
    4. By providing Us with your Personal Data, you consent to Our collection, use, and disclosure (including transfer) of your Personal Data in accordance with this Notice and the PDPA. You further accept and agree to comply with the terms of this Notice. Please DO NOT provide us with any Personal Data if you do not accept this Notice.
    5. You represent and warrant that you will comply with the PDPA and/or any other applicable laws relating to data privacy and/or confidentiality, and will not cause Us to be in breach of such laws.

  2. COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA

    1. The "Brightline platform" refers to the digital phenotyping data collection and processing infrastructure underlying Brightline, including its mobile application ("App").
    2. Brightline does not proactively collect any data that directly identifies you ("Personally Identifiable Information"). You are not required to provide, and the Brightline platform is not intended to collect, any data that may identify you. Upon registration on the Brightline platform, you will be given an anonymised serial number, and only your research study coordinator at Nanyang Technological University (NTU) will have knowledge of your serial number. We will not be able to identify you from this serial number.

  3. COLLECTION, USE AND DISCLOSURE OF YOUR DATA

    1. We may use, disclose and retain your User-provided data, your Personal Data (if we receive your Personal Data) and other data and information pertaining to you for any or all of the following purposes (collectively the “Purposes”):
      1. performing obligations in the course of or in connection with Our provision of the Brightline research study;
      2. verifying your identity;
      3. setting up your account with Us and managing your use and access of Brightline;
      4. providing you and other Users with the services or functions of Brightline;
      5. responding to, handling, and processing queries, requests, applications, complaints, feedback, and facilitating communications;
      6. managing your relationship with Us;
      7. informing you about service upgrades and updates;
      8. performing network or service enhancements;
      9. corporate governance (including internal and company audits) and policy reviews;
      10. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
      11. any other purposes for which you have provided the information;
      12. transmitting to any unaffiliated third parties including Our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes;
      13. in an aggregated or de-identified form for the purposes of improving Our systems, or for research, statistical and planning purposes;
      14. uploading onto computer systems operated or managed by third parties (including payment systems, the National Electronic Health Record system managed by the Ministry of Health, the NUHS Online Appointment System, the SingHealth Online Appointment System and NHG Online Appointment System, NUP Online Appointment System, the SHP Online Appointment System and NHGP Online Appointment System) in order to provide you with use of Brightline and the App;
      15. sharing your User-provided data and your Personal Data and other related data with NTU and other public universities in Singapore, public healthcare institutions in Singapore or Singapore government agencies, to enable Us to provide you with better healthcare support. We may also share such data with the Ministry of Health, the relevant regulatory authority for healthcare professionals, other ministries, statutory bodies and public agencies for the purpose of complying with their respective requirements, policies and directives;
      16. accounting and record keeping;
      17. personalising Our services and recommending content related to Our services and your health;
      18. managing Our day-to-day business and administrative operations;
      19. security and risk management;
      20. administering and managing the relevant relationships to conduct and further our business and administrative operations;
      21. facilitating communications with individuals in connection with the services provided by us; and
      22. any other incidental purposes related to or in connection with the above.
    2. We may disclose your User-provided data, your Personal Data and other data and information received from you:
      1. where such disclosure is required for performing obligations in the course of or in connection with Our provision of the Brightline research study; or
      2. to non-government agencies, non-public healthcare institutions, third party service providers, agents and other organisations, including to Our Affiliates, where:
        1. We have engaged them to perform any of the Purposes listed in paragraph 8 above for Us;
        2. they have been authorised to provide services on behalf of government agencies or public healthcare institutions;
        3. they are our service providers who provide Us with necessary services including but not limited to IT services, hosting and maintenance services, organising of Our events, accounting, data analytics services, email messaging services, marketing etc.;
        4. they are Our consultants or professional advisers including but not limited to accountants, lawyers and auditors; and/or
        5. they are authorised users of public health systems operated and/or initiated by the government of Singapore.
    3. The Purposes may continue to apply even in situations where your relationship with Us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable Us to enforce Our rights under any contract with you).
    4. If you provide Us with another person's Personal Data (including your family members), by submitting such information to Us, you warrant that:
      1. you are authorised to act on his/her behalf; and
      2. he/she accepts that his/her Personal Data will be subject to this Notice (as amended from time to time).
    5. We may use “cookies”, where a small data file is sent to your browser to store and track information about you when you enter Brightline or use the App. The cookie is used to track information such as the number of Users, their profiles and their frequency of use. While this cookie can tell us when you enter Brightline or use the App and what pages you visited, it cannot read data off your hard disk. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from making full use of Brightline.

    4. Appendix A

    List of Data that may be Collected

    Data Collected

    Explanation

    Brightline Application

    Motion Data - Pedometer, Accelerometer, Gyroscope and Magnetometer

    Phone movement is used to determine your steps and patterns of physical activity.

    Ambient Light

    Ambient light sensors allow Us to understand the lighting conditions in your environment.

    GPS Data (Obfuscated)

    GPS Data (Obfuscated) GPS Data is obfuscated by adding a random displacement to your location, and this data is not collected in real time but aggregated daily. We also track the number of visits to frequently visited locations.

    We will NOT be able to find out your exact location at any immediate point in time.

    Sociability Indices

    We will find out the number of different individuals you message and/or call, and in the context of calls the duration of each call.

    We will NOT be able to see who you called, the contents of your messages and/or collect recordings of your calls.

    Finger Taps

    The interval between taps will be recorded.

    We will NOT be able to identify or collect the exact location of each tap.

    Keyboard Metrics (iOS only)

    Keyboard metrics such as number of words typed, deleted, autocorrected, typing speed, etc provided by iOS.

    We are NOT able to see the exact words or content.

    App Usage

    App Usage such as usage frequency and time spent on each app category (e.g. social media, communication, games, etc)

    Power State

    We will collect data on whether the phone is turned on, and when this is so.

    Fitbit Charge 6

    Sleep

    Your sleep data is derived by Fitbit which determines your time spent asleep.

    Steps

    Fitbit collects your number of steps taken

    Heart Rate

    Fitbit collects your heart rate at predefined intervals

    Heart Rate Variability

    Fitbit measures the interval between heartbeats to derive a measure of variability between beats in milliseconds

  4. WITHDRAWING YOUR CONSENT

    1. The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request Us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request in writing or via email to your research study coordinator at NTU.
    2. Upon receipt of your written request to withdraw your consent, We may require reasonable time (depending on the complexity of the request and its impact on Our relationship with you) for your request to be processed and for Us to notify you of the consequences of Us acceding to the same, including any legal consequences which may affect your rights and liabilities to Us. In general, We shall seek to process your request within ten (10) working days of receiving it.
    3. Please note that withdrawing consent does not affect Our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.

  5. PROTECTION OF DATA

    1. To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, We have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data to and from Us, and disclosing Personal Data both internally and to Our authorised third party service providers and agents only on a need-to-know basis.
    2. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, We strive to protect the security of your information and are constantly reviewing and enhancing Our information security measures. For the avoidance of doubt, We are not liable for any claims, losses, damages and expenses arising from any damage, loss or corruption to your Personal Data. We do not accept any liability for the authenticity, confidentiality, integrity, and security of any communications and other transactions made through Brightline.
    3. While Brightline takes extensive measures to obfuscate and anonymise transmitted User-provided data, given the nature of said data, We cannot guarantee that you will not be identified due to the uniqueness of your User-provided data. For the avoidance of doubt, We are not liable for any claims, losses, damages and expenses arising from such event.

  6. RETENTION OF DATA

    1. We shall retain your Personal Data for as long as it is necessary to fulfil the purpose(s) for which it was collected, or as required or permitted by applicable laws, whichever is the later.
    2. We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose(s) for which the Personal Data was collected, or is no longer necessary for legal or business purposes, whichever is the later.

  7. TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

    1. We generally do not transfer your Personal Data to countries/locations outside of Singapore. However, if We do so, We will obtain your consent for the transfer to be made and We will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

  8. HYPERLINKS AND THIRD-PARTY SYSTEMS

    1. Brightline may contain links to other websites, applications or materials whose terms of use, data protection and privacy practices may differ from Ours. We are not responsible for the content and privacy practices of these other websites or applications and encourage you to review the privacy policies or notices of those websites, applications, or materials. You shall be solely responsible for all decisions and actions taken or not taken resulting from or in any way related to the use of such other websites, applications or materials. We shall not be liable to you or any third party for any damages, losses, claims and/or expenses, whatsoever arising from your access to or use of such other websites, applications or materials.

  9. DATA PROTECTION OFFICER

    1. You may contact Our Data Protection Officer if you have any enquiries or feedback on Our Personal Data protection policies and procedures, or if you wish to make any request, in the following manner:

      Data Protection Officer
      Email Address: MOHT.DPO@moht.com.sg
      1 North Buona Vista Link
      #09-02
      Singapore 139691

  10. EFFECT OF NOTICE AND CHANGES TO NOTICE

    1. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by Us. For the avoidance of doubt, this Notice is not intended to supersede or replace any consent previously provided to Us.
    2. We may revise this Notice from time to time without any prior notice to you. Should there be any modification to this Notice, we will post the updated version on the relevant webpage relating to Brightline. The updated Notice will supersede earlier versions and will apply to Personal Data provided to Us previously. Each time you use Brightline, the App and any updates, upgrades, new versions, documentation, content and services provided by or through Brightline, or contact, interact or transact with Us, you acknowledge and agree that the latest version of this Notice shall apply.