Camtech Laboratory Data Protection Policy

1. Purpose

The purpose of this document (“Data Protection Policy”, or “DPP”) is to sets out the basis which THE LABORATORY may collect, use, disclose or otherwise process personal data of our client and personnel in accordance with the Personal Data Protection Act (“PDPA”). The PDPA is a baseline law that ensures a common standard of protection for individuals’ personal data across organizations in Singapore. This DPP applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

For the healthcare sector, existing laws, such as the Healthcare Services Act, Human Organ Transplant Act (HOTA), Termination of Pregnancy Act, the Singapore Medical Council Ethical Code and Ethical Guidelines (ECEG), National Registry of Diseases Act, the Infectious Diseases Act, or Human Biomedical Research Act 2015 (“HBRA”), etc. will continue to apply concurrently with the PDPA. THE LABORATORY will need to ensure that it complies with current sectoral laws and regulations as well as the PDPA. Where there are inconsistencies between the PDPA and existing sectoral laws and regulations in respect of the collection, use or disclosure of personal data, the provisions of the other written laws shall prevail. Other compliance obligations may include where health information is to be collected, used, disclosed or process to meet requirements under other ministries including the Ministry of Home Affairs, Ministry of Community, Youth & Sports (MCYS), the Immigration Checkpoint Authority, the Singapore Police Force, the Singapore Medical Council (or other vocational regulatory bodies), or to comply with court orders.

Collection, use, disclosure or otherwise processing of personal data of our service users on behalf of government ministries or statutory boards will be in accordance with guidelines set out in the government’s data management policy. THE LABORATORY will comply with the relevant requirements under the government’s data management policy. Please note that though THE LABORATORY tries, as per legal requirements, to provide reasonably adequate information concerning our policies as it pertains to personal data, this DPP is not an exhaustive list of all the situations or scenarios concerning personal data.

2. Scope

2.1    The Laboratory Manager/ designee shall ensure all laboratory personnel adheres to the guidelines listed in this DPP. Laboratory personnel and third parties (including third party partners, service providers, or affiliates) whom we work with and who have agreed to abide by this DPP shall adhere to this policy.

3. Reference

3.1    Personal Data Protection Act 2012 (“PDPA”)

3.2    Advisory Guidelines for the Healthcare Sector (revised 20 September 2023)

3.2    Advisory Guidelines for the Healthcare Sector (revised 20 September 2023)


4. Definition

4.1    THE LABORATORY means “Camtech Laboratory” located at 217 Henderson Road, #03-08, Henderson Industrial Park and operated by Camtech Biomedical Pte Ltd.

5. Policy

5.1    THE LABORATORY is committed to ensuring the protection of all information assets in THE LABORATORY’s possession, in accordance with the Singapore Personal Data Protection Act (No. 26 of 2012) (the “PDPA”), the Healthcare Services Act, the Ministry of Health’s guidelines, directives and other relevant legislation

5.2    This DPP explains details the way data is collected, used, stored, disclosed and protected. Moreover, it describes the types of information collected, as well as the reasons and methods of accessing and correcting such information.

5.3    The policy herein serves as a supplement and therefore does not supersede or act as a substitute to any other prior consent that have been provided to THE LABORATORY regarding personal data provided. THE LABORATORY also reserves all rights granted by the law to collect, use, or disclose personal data.

5.4    Definition of Personal Data

5.4.1    Personal data is any data about an identified individual or an individual who is reasonably identifiable, whether that information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. Examples of personal data that we may collect include an individual’s name, NRIC number, passport number, contact number, date of birth, mailing address and email address.

5.4.2    Types of Personal Data that may be provided to or collected by THE LABORATORY include but are not limited to:    Name;    NRIC, passport or other personal identification number;    Telephone number;    Fax number;    Mailing address;    E-mail address; and    any other information relating to the individual that has been provided to Camtech Laboratory

5.4.3    Personal data does not include data about a data subject which has been anonymised. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual. Techniques can include pseudonymisation, aggregation, replacement, data reduction, data suppression, data shuffling, or masking.

5.5    Collection of Personal Data

5.5.1    THE LABORATORY may collect personal data in any of the following scenarios:    when a form is submitted, including but not limited to laboratory request forms    when tissue specimens or any other organic materials is provided such that it is linked with other data in a way that an individual can be identified    when interacting with customer service officers, phlebotomists, medical technologists and other Camtech Laboratory representatives via telephone calls (which may be recorded), letters, fax, in-person meetings, and email    when on Camtech Laboratory premises, or when attending events hosted or sponsored by Camtech Laboratory during which photographs or videos are taken by Camtech Laboratory representatives by CCTV    when services are engaged through online platforms, such as Camtech Laboratory website, including any other online platforms, technologies, or tools    when a request is made to contact the individual, be included in an email or other mailing list, or when one responds to request for additional personal data as part of promotions or other initiatives    when contacted by, and respond to any Camtech Laboratory staff or Camtech Laboratory representative    when personal data from referral parties, public agencies, employer, or any other third party is received    when a payment is made or provide details to facilitate payment    when on Camtech Laboratory websites, information may be automatically recorded on Camtech Laboratory server logs from the browser used    when personal data is submitted to THE LABORATORY for any other reasons    when personal data, directly or indirectly, an individual expressly grant consent to THE LABORATORY to collect, use, and disclose personal data to all relevant third parties as laid out in this DPP.

5.6    Purposes for the Collection, Retention, Process, Use, Disclosure and Transfer of Personal Data

5.6.1    THE LABORATORY uses the personal information it collects and holds to:    contact individuals to respond to enquiries, to follow up, for authorisation in relation to any service    enable the provision of THE LABORATORY’s products and/or services to party requesting such product/service    effectively administer, manage, monitor and improve services    planning, evaluation and complaint-handling    communicate with individuals by various means about available services    charging, billing, processing health insurance claims and collecting debts    assess job applications    verify an individual’s identity    comply with quality assurance or clinical audit activities    undertake accreditation activities    respond to feedback and/or queries    address liability indemnity arrangements and reporting    prepare the defence for anticipated or existing legal proceedings undertake research and the compilation or analysis of statistics relevant to public health and safety    enable THE LABORATORY’s service providers to comply with their legal and regulatory obligations    administering and processing requests for services offered by THE LABORATORY, including creating and maintaining profiles of THE LABORATORY’s customers in THE LABORATORY’s system database for administrative purpose

5.6.2    NRIC, passport and other state issued numbers (national identification numbers, or “NIN”) are requested for and handled in accordance with applicable PDPA guidelines. Handling of NIN is necessary where the establishment of identity to a high degree of fidelity is needed – this is particularly so for healthcare related purposes given the need for safety, security, prevent of risk of fraud, and accuracy.

5.6.3    We may also use personal data in circumstances where we are required or authorised by law to do so or where we otherwise have consent of the individual or their representative.

5.7    Withholding / Withdrawing Consent

5.7.1    You are entitled under applicable law to withhold / withdraw consent to the collection, use or disclosure of personal data, and THE LABORATORY will respect your choices in this regard. You may withhold consent at any juncture that you are asked for consent, and you may also apply the process / method to withdraw consent as stated in this DPP.

5.7.2    Your consent may not be necessary or required in some situations as there may be applicable law or regulation which renders this unnecessary, or where certain permissions or rights or duties have been accorded to the THE LABORATORY which enable / require us to handle the personal data. Where such law or regulation applies, we will act in accordance with those other laws and regulations.

5.8    Disclosure of Personal Data

5.8.1    By contacting or dealing with us, the individual herein agreed unilaterally that we may disclose an individual’s personal information to the following third parties (including but not limited to) to:    other health service providers involved in the individual’s treatment or diagnostic services    insurers and legal representatives    service providers engaged to provide services to laboratories including referral laboratories, some of which might be located overseas    relevant government ministries, regulatory bodies, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or directives imposed by any governmental authority; and/or    any other party to whom Camtech Laboratory is given authorization to disclose Personal Data to

5.9    Retention of Personal Data

5.9.1    We store personal and health information in both paper and electronic form.

5.9.2    THE LABORATORY shall retain Personal Data as may be required for its legal or business purposes until such time that THE LABORATORY reasonably determines that such Personal Data is no longer necessary for its legal, business purposes or in compliance with PDPA laws.

5.9.3    THE LABORATORY is committed to maintaining the confidentiality of Personal Data, and under no circumstances shall THE LABORATORY sell, rent or share Personal Data with any unrelated third parties.

5.9.4    The security of personal and health information is very important to us, and we take reasonable steps to protect it from misuse, interference and loss and from unauthorised access, modification or disclosure.

5.9.5    Personal and health information is retained for the period determined by THE LABORATORY and/or stipulated by law after which it is de-identified or disposed of in a secure manner.

5.10    How do we keep personal information accurate and up to date?

5.10.1    The accuracy of that information depends largely on the quality of the information provided to us.

5.10.2    We take all reasonable steps to ensure that the personal information we collect is accurate, complete and up-to-date, and when we use or disclose it, that it is relevant.

5.11    How can personal information we hold be accessed?

5.11.1    Individuals have a right to access the personal information that THE LABORATORY holds about them. We will endeavour to give access to an individual’s personal information in the form they request.

5.11.2    However, if the situation doesn’t permit us doing so, we will, with reasonable means, provide alternative means of access or discuss how access can be given through a mutually agreed intermediary.

5.11.3    We will disclose the personal information and give access to the individual’s Authorized representative or legal adviser whom we have been given written authority to do so.

5.11.4    Please be aware that if the personal data has been provided to us by a third party, the induvial need to contact that individual or organization directly for any related query or complaint.

5.12    Camtech Laboratory PDPA Policy and Data Protection Officer

5.12.1    Any feedback or enquiries relating to Camtech Laboratory DPP, need clarifications related to data protection, withdraw consent to any use of personal data, or obtain access and make corrections to personal data records, to contact THE LABORATORY at:

5.12.2    Data Protection Officer: Samuel Lim

5.12.3    Email:

5.13    Changes to this policy

5.13.1    Camtech Laboratory reserves the right to review, change and update this policy from time to time to reflect current practices and obligations and changes in technology. THE LABORATORY will publish current DPP on and the changes will take effect at the time of publishing. Please review this policy regularly and remain familiar with its terms.

Effective Date:    03 June 2024

Camtech™     Data Protection Policy