Personal Data Protection Policy
Governed by the Singapore Personal Data Protection Act 2012 (as amended in 2020).
This Personal Data Protection and Privacy Policy (“Policy”) describes how Med Alliance Pte. Ltd. collects, uses, and protects personal data in connection with our services and website (www.medalliance.sg). If you are located in the European Union or United Kingdom, our GDPR Privacy Policy at www.medalliance.sg/privacy-policy-gdpr also applies to your interaction with us. |
1. Who We Are
Med Alliance Pte. Ltd. is a Singapore-based medical concierge service that connects local and international patients with the right doctors and specialists. As part of that work, we may handle personal and medical information — and we are committed to treating it with care and discretion.
Our contacts:
Med Alliance Pte. Ltd.
600 North Bridge Rd, #11-08 Parkview Square, Singapore 188778
Email:hello@medalliance.sg · Tel:+65 9737 3777
2. Our Services
We provide two types of service:
– Patient concierge. We connect patients with licensed doctors and clinics in Singapore, coordinate appointments, organise and translate medical documents, and support international travel logistics where requested.
– Services for healthcare providers. We provide project management, business development, and marketing services to doctors and clinics. Where we handle patient data on behalf of a healthcare provider, we do so under their instruction and their own privacy policy governs that processing.
Med Alliance does not make clinical decisions and does not determine or influence medical treatment plans. All clinical decisions rest with licensed healthcare professionals.
3. What We Collect and Why
The table below sets out the personal data we collect, why we collect it, and the basis under the PDPA.
Purpose | Personal data used | Basis for collection, use and disclosure (PDPA) | Retention |
Connecting patients with doctors and coordinating appointments | Name, contact details, health condition or needs as disclosed by patient | Consent (s.13 PDPA) — necessary to provide the service requested | As long as necessary to provide the service and meet applicable legal obligations |
Organising, translating, and transmitting medical documents | Medical records, test results, clinical notes — provided by or with consent of patient | Consent (s.13 PDPA) — explicit consent obtained before handling clinical records | As long as necessary to provide the service and meet applicable legal obligations |
International patient logistics — travel, accommodation, visa | Nationality, passport details, travel dates, emergency contact | Consent (s.13 PDPA) — necessary to provide the logistics service requested | As long as necessary to fulfil the purpose and resolve any related matters |
Responding to website and email enquiries | Name, email address, phone number, content of enquiry | Legitimate interests exception (s.15 PDPA) — responding to a voluntary enquiry | As long as reasonably necessary to manage the enquiry and any resulting relationship |
Services to healthcare providers | Professional contact details, clinic or practice information | Consent and necessary for the provision of agreed professional services | For the duration of the engagement and as long as necessary to meet legal obligations thereafter |
Website operation and security | IP address, browser and device data, pages visited, analytics | Legitimate interests exception (s.15 PDPA) — operating and securing our website | As long as necessary for security and operational purposes |
Compliance with legal obligations | Any data relevant to the applicable requirement | Required or authorised by law (s.17 PDPA) | As required by applicable law |
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, to comply with applicable legal obligations, or to resolve disputes — whichever is longest. When personal data is no longer required, we take reasonable steps to destroy or anonymise it.
4. Medical and Health Information
Health information is among the most sensitive data we handle. We collect it only to the extent needed to provide the service you have requested and do not use it for marketing or unrelated purposes.
We collect health information only with your consent. You may withdraw consent at any time by contacting us. We will inform you of any consequences as required by law. Withdrawal does not affect prior collection and use but may mean we are unable to continue providing certain services.
Providing health information is necessary for us to identify a suitable specialist or coordinate your care. If you prefer not to share it, we can discuss what other assistance may be possible.
Please keep your information accurate and up to date. If anything changes, let us know at hello@medalliance.sg.
5. Who We Share Your Data With
We share personal data only where necessary:
– Healthcare providers. Licensed doctors, specialists, hospitals, and clinics in Singapore — to coordinate your care.
– Translators and interpreters. Engaged to support appointments or document handling, subject to confidentiality obligations.
– Travel and logistics partners. For international patient logistics only, limited to data strictly required.
– IT service providers. Website hosting, CRM, Google Analytics, and similar service providers, and communication platforms — processing data only on our instruction.
– Other third-party service providers, vendors, suppliers, business and collaboration partners. For the provision of such, and related, requested services and products to you, subject to confidentiality obligations.
– Regulatory authorities. Where required by Singapore law or government demand.
We do not sell personal data. We do not share it for third-party marketing.
6. Overseas Transfers
Where service providers are located outside Singapore, we transfer personal data only where the recipient provides a comparable standard of protection, or where the transfer is necessary to provide a service you have requested, in accordance with Part IX of the PDPA.
7. Your Rights
Under the PDPA, you may:
– Request access to personal data we hold about you and information on how it has been used or disclosed.
– Request correction of personal data that is inaccurate or incomplete.
– Withdraw consent for collection, use, or disclosure of your personal data on reasonable notice. We will inform you of the consequences as required by law.
– Register on the Do-Not-Call Registry if you do not wish to receive marketing calls or messages to your Singapore telephone number.
To exercise any right, contact us at hello@medalliance.sg. We will respond within the timeframe required by the PDPA. We may ask you to verify your identity.
8. Children
Services for minors must be requested by a parent or legal guardian who provides consent on the child's behalf. We do not knowingly collect personal data from individuals under 18 without such consent.
9. Cookies
Our website uses cookies. Strictly necessary cookies operate the site without consent. Other cookies are used only with your consent, which you may manage or withdraw at any time via our cookie settings. See our Cookie Policy at www.medalliance.sg/cookie-policy for full details.
10. Security
We maintain reasonable security arrangements appropriate to the sensitivity of the data we hold. In the event of a data breach triggering mandatory notification obligations under the PDPA, we will notify the relevant authorities and individuals as required by law.
11. Changes to This Policy
We may update this Policy from time to time. Where required by law, we will take steps to bring material changes to your attention. Continued use of our services following an update constitutes acknowledgment of the revised Policy.
12. Contact and Data Protection Officer
Med Alliance has designated a Data Protection Officer (DPO) as required under the PDPA. For all privacy queries and data rights requests, please contact our DPO:
Med Alliance Pte. Ltd.— Attention: Data Protection Officer
600 North Bridge Rd, #11-08 Parkview Square, Singapore 188778
Email:hello@medalliance.sg
We will respond within the timeframe required under the PDPA. If you remain unsatisfied, you may contact the Personal Data Protection Commission at www.pdpc.gov.sg.
13. Governing Law
This Policy is governed by the laws of Singapore.
© 2026 Med Alliance Pte. Ltd. · May 2026 ·Singapore PDPA 2012 (as amended 2020)
