# Privacy Policy — Health-Adjacent Tech Platform (Appointment Booking, No Clinical Records Stored)

> **Sample document &mdash; not legal advice.** This document was drafted by the LawCrew AI agent team and is published at `lawcrew.ai/samples` as a showcase of how our pipeline approaches a common Singapore Privacy Policy scenario. This run completed automated drafting, self-critique, adversarial review and deterministic gates, then routed to lawyer review (Self-critique flagged 1 high issue(s); adversarial flagged 3 high concern(s)). **It is not legal advice and is not tailored to any specific transaction.**
>
> LawCrew is a legal-technology service, not a law firm. For your own matter, run an intake through the product and engage an independent Singapore-qualified lawyer to review before signing.
>
> *Sample Privacy Policy #03 &middot; Agent-drafted; routed to lawyer review &middot; Published 2026-05-26*

---

# Privacy Policy

Last updated: 2026-07-01

## 1. Who We Are

HealthLink Connect Pte. Ltd. operates https://healthlink.sg and related services. This Privacy Policy explains how we collect, use, disclose, retain, protect, and transfer personal data in Singapore.

## 2. Personal Data We Collect

We may collect contact details, location information, identification information from individuals booking healthcare appointments through the platform; authorised representatives booking on behalf of family members; healthcare providers registered on the platform. We collect this personal data only for purposes that a reasonable person would consider appropriate in the circumstances and where consent or another permitted basis applies.

## 3. Purposes and Consent

We collect, use, and disclose personal data for: Creating and managing user accounts; facilitating appointment bookings between users and independent healthcare providers; sending appointment confirmations, reminders, and cancellations; enabling users to view their own booking history; verifying healthcare provider registration and credentials; fraud prevention and platform security monitoring; compliance with applicable Singapore laws and regulations. Note: HealthLink Connect Pte. Ltd. does not collect, store, or process clinical health records, diagnoses, prescriptions, or medical notes. Any clinical information exchanged between users and their healthcare provider is outside the scope of this platform and is governed by the provider's own privacy policy.

Our primary basis is collection and use necessary to provide requested services. Individuals may withdraw consent by contacting our Data Protection Officer, subject to legal or contractual consequences that we explain at the time of withdrawal.

## 4. Disclosure to Third Parties

We may disclose personal data to the following recipients for the stated purposes:

| Recipient | Purpose | Country |
| --- | --- | --- |
| Independent healthcare providers registered on the platform | User name, contact number, and appointment details are shared with the booked healthcare provider solely to facilitate the appointment. Providers are bound by the HealthLink Provider Agreement not to use this data for any purpose other than the booked appointment. | SG |
| Twilio Singapore Pte. Ltd. | SMS delivery of appointment confirmations, reminders, and cancellation notifications to users. | SG |

## 5. Cross-Border Transfers

We do not routinely transfer personal data outside Singapore. If that changes, we will use a transfer basis that provides a standard of protection comparable to Singapore data-protection law.

## 6. Protection and Accuracy

We apply reasonable security arrangements to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, and similar risks. We also take reasonable steps to keep personal data accurate and complete where it is likely to be used to make a decision about an individual or disclosed to another organisation.

## 7. Retention

Account profile data and appointment booking records are retained for the duration of the active account plus 3 years following account closure, for dispute resolution and audit purposes. NRIC or other identification provided for provider credential verification is retained for 5 years from the date of the last verification event, in accordance with PDPC Advisory Guidelines on the Collection, Use and Disclosure of NRIC Numbers (2019). Location data used to surface nearby providers is processed in real time and is not retained beyond the session. Users may request deletion of their account and associated data at any time through the in-app account settings. We stop retaining personal data, or remove the means by which it can be associated with an individual, when retention is no longer necessary for legal or business purposes.

## 8. Access, Correction, and Questions

Individuals may request access to, or correction of, their personal data by contacting our Data Protection Officer:

| Field | Details |
| --- | --- |
| Name | Ms. Ng Hui Xin |
| Email | dpo@healthlink.sg |
| Address | HealthLink Connect Pte. Ltd., 1 Fusionopolis Place, #03-10 Galaxis, Singapore 138522 |
| Phone | +65 6890 1234 |

## 9. Marketing

We do not use personal data for direct marketing unless we obtain consent or another permitted basis applies.

## 10. Cookies

The service uses essential cookies for login, security, and service delivery. We use session authentication and CSRF-protection cookies strictly necessary for secure login and booking session management. No analytics, advertising, or tracking cookies are used. No health or appointment data is accessible to any third-party advertising platform.

## 11. Complaints and Updates

Individuals may contact our Data Protection Officer with privacy questions or complaints. If we are unable to resolve a complaint to the individual's satisfaction, the individual may refer the matter to the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. We may update this Privacy Policy from time to time and will publish the updated version with a new last-updated date.