Privacy Policy

5 Health Pte Ltd ("5 Health," "we," "our," or "us") provides Services (as defined below) to Customers (as defined below) through the Bot MD Interface (as defined below) or Third Party Bot MD Messaging Platforms (as defined below).

The Customer is paying for you (i.e. Patient-Users (as defined below) and/or Clinical-Users (as defined below)) to use the Services. This account registration is based on the contact information and work-registered email address and/or mobile number that the Customer provides to us. Only the Customer will open an account with us. Patient-Users and Clinical-Users will not open an account with us but may create profiles to access the Services.

Patient-Users or Clinical-Users may access the Services either via the Bot MD Interface or Third-Party Messaging Platforms. Patient-Users interact on the Bot MD Interface via messaging or chat channels, while Clinical-Users access the Bot MD Interface through web-based interfaces.

The Customer shall be primarily responsible for directing you to this Privacy Policy and for obtaining your consent to the provision of your Personal Data (as defined below) in order for you to use the Services (whether through the Bot MD Interface or via Third Party Bot MD Messaging Platforms).

By providing your consent to the Customer, you consent to or shall be deemed to have consented to the collection, use, disclosure and processing of Personal Data in accordance with and subject to the terms of this Privacy Policy and the MSA (as defined below).

As the Customer, you will provide all notices and disclosures, including notice of 5 Health's Privacy Policy and obtain from all Patient-Users and Clinical-Users, all consents, waivers and authorizations required to permit 5 Health to collect, use, process, retain, maintain and disclose any information from such Users that 5 Health requires in order to provide them with access to the Services, and to permit 5 Health to collect, use, process, retain, maintain, and disclose Gathered Data in accordance with the terms of the MSA.

If you wish to use or access the Services (whether as Customer, Patient-User or Clinical-User), you shall have agreed to or shall be deemed to have agreed to the terms of this Privacy Policy and the Terms of Use. If you do not agree to this Privacy Policy or the Terms of Use, you would not be able to access and use the Services or the Bot MD Interface.

In this Privacy Policy, the following defined terms shall have the meanings set out below:

Other terms used in this Privacy Policy shall have the meanings given to them in the PDPA and the MSA (where the context so permits).

This Privacy Policy sets out the basis and explains how we collect, use, disclose, or otherwise process Personal Data of those who use Services or is otherwise provided by you and/or the Customer.

We may revise this Privacy Policy from time to time without any prior notice to you. You may determine if any such revision has taken place by referring to the date on which this Privacy Policy was last updated. Your continued use of our Services constitutes your acknowledgement and acceptance of such changes.

All content within the Bot MD Interface, including reference materials, workflow configurations, appointment schedules, pre-configured messages, and patient details, is provided to us by the Customer. Patient-facing data is always handled under the Customer's authorization and with the deemed consent of the Patient-User.

All query information is anonymized and aggregated into usage statistics that helps us to improve our AI agents' understanding of workflows and queries. It is also analyzed for us to help you determine which new content to add that is relevant to address unanswered questions.

We generally do not collect Personal Data unless it is provided by you to us voluntarily either (a) when you interact with the Bot MD Interface or (b) access the Services or (c) when you authorise a representative of the Customer (an "Authorised Representative") to disclose your Personal Data to us for the specific purposes which have been notified to you by the Authorised Representative or by us.

We do not collect any Personal Data which is not reasonably necessary for the purpose for which it is collected. Some examples of the Personal Data which we may collect include the queries we received from you or through the Customer, the responses returned by or through the Services, as well as aggregated and statistical data derived from the use of the Services.

We collect Personal Data where the collection and use of Personal Data is permitted or required under the PDPA, such as where there is deemed consent, or other applicable laws.

We shall seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted under or authorised by applicable law).

If you provide us with any Personal Data relating to a third party, by submitting such information to us either directly or through a Customer, you represent to us that (a) you are authorised to act on the individual's behalf for the collection, use and disclosure of such Personal Data; and (b) you (as guardian on behalf of the individual) or the individual accepts that the individual's Personal Data will be subject to this Privacy Policy.

You must ensure that all Personal Data submitted to us, including those relating to third parties, is complete, accurate and up to date. Please update us as soon as reasonably practicable, if there are any changes to the Personal Data submitted to us by informing the Data Protection Officer named in this Privacy Policy below. Alternatively, please provide the update to the Customer representative.

You acknowledge that Personal Data transmitted through Third Party Messaging Platforms is subject to the terms of use and privacy policies of such Third Party Messaging Platforms. 5 Health does not control and is not responsible for the data handling practices and/or retention of Third Party Messaging Platforms. We strongly recommend that you avoid sharing Personal Data that contain sensitive or personally identifiable health information through Third Party Messaging Platforms.

We may collect and use Personal Data for any or all of the following purposes ("Purposes") and you hereby consent to or are deemed to consent to the use of Personal Data for the Purposes:

1. performing obligations in the course of or in connection with the provision of or access to or use of the Services or of the Bot MD Interface;
2. marketing and promoting the Services and/or Bot MD Interface where you have provided your consent to us or are deemed to have provided your consent, when you have provided your consent to the Customer;
3. responding to, handling, and processing enquiries, requests, complaints, and feedback;
4. for audit, accounting, administration, risk management and record keeping purposes;
5. for emergency contact of next-of-kin or persons listed as your emergency contact;
6. conducting investigations and proceedings in the event of any disputes, possible fraud, misconduct, unlawful action or omission;
7. responding to requests for information from government or public agencies, ministries, statutory boards or other similar authorities or non-government agencies authorised to carry out specific government or regulatory services or duties;
8. meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);
9. managing your or the Customer's relationship with us, either directly or indirectly, which will include managing the information generated or disseminated when providing the Services or when using the Bot MD Interface;
10. processing payment transactions;
11. conducting surveys, research, and evaluations to obtain feedback;
12. verifying your identity (including using any form of digital verification processes) and ensuring that you are eligible to access and use the Services or the Bot MD Interface;
13. evaluating whether to, temporarily or permanently, suspend, revoke, or terminate the Customer's account or access to the Services or Bot MD Interface;
14. verifying and approving (or conversely, rejecting or removing) materials posted or delivered through the Services or the Bot MD Interface;
15. maintaining or improving the quality of the Services including the Bot MD Interface (its content, appearance, design or utility) through the performance of quality reviews and similar activities;
16. converting Personal Data into anonymised data for the purposes of analytics, business intelligence and statistical research, including generating aggregate insights for industry research, benchmarking and publication;
17. creating anonymised information which is information which is not used or intended to be used to personally identify an individual (e.g., aggregate statistics relating to the use of the Services);
18. using anonymised and aggregated data (not data that may identify an individual) to develop, train and improve 5 Health's artificial intelligence ("AI") model, AI agents, and machine learning models used by us in connection with the provision of or access to the Services or the Bot MD Interface;
19. notifying you when the Services or Bot MD Interface updates and upgrades are available;
20. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
21. any other incidental business purposes related to or in connection with the above including managing employees or contractors in connection with the business;
22. any other specific purposes which we may inform you or the Customer in writing from time to time, but for which separate consent will be sought;
23. transfer of Personal Data to any third-party service providers and agents, whether in Singapore or overseas, for the aforementioned specified purposes. Where Personal Data is transferred overseas, we will take appropriate steps to ensure that the overseas recipients are bound by legally enforceable obligations or specified certifications to provide the transferred Personal Data, a standard of protection comparable to that under the PDPA. In this regard, you consent to the transfer of your Personal Data to such jurisdictions as may be agreed to between 5 Health and the Customers.

As you use our Services, certain non-personally identifiable information about an individual may be passively collected:

1. Site Activity Information: We may keep track of some of the actions that you take on the Bot MD Interface, such as the content of searches you perform on the Bot MD Interface.
2. Access Device and Browser Information: When you access the Services through a website from a computer or another device, we may collect anonymous information from that device, such as your Internet protocol address, browser type, connection speed and access times.
3. Cookies (i.e., small pieces of information that a site sends to your browser while you are viewing a website): We may use both session Cookies (which expire once you close your web browser) and persistent Cookies to make the Services easier to use, to make our advertising better, and to protect both you and 5 Health. You may instruct your browser, by changing its options, to stop accepting Cookies or to prompt them before accepting a Cookie from the websites they visit. If you do not accept Cookies, however, you will not be able to stay logged in to our Bot MD Interfaces.
4. Real-Time Location: Certain features of the Bot MD Interface use technology to collect real-time information about the location of your device. This is because many Clinical-Users may practice in more than one location. We use your device location to provide relevant information from or to the Customer depending on your physical location. You can choose to disallow access to your device location or to notifications simply by turning these off within your settings page.
5. Device information: We may also collect non-personal information from your mobile device or computer. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer that you use. In addition, in the event our application(s) crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).

Subject to applicable laws, we may retain Personal Data for such period as may be permitted under the PDPA for legal or business purposes (including, where applicable, a period to enable us to enforce our rights under any contract with you).

This Privacy Policy does not apply to information collected by any third party when you click on links on the Bot MD Interface which may enable you to leave the Bot MD Interface. We are not responsible for the privacy practices of other interfaces, and we encourage you to read their privacy statements carefully.

Without prejudice to the foregoing, we may also disclose your Personal Data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

1. disclosure is required or compelled under the applicable laws and/or regulations (for example, required pursuant to a court order);
2. the purpose for such disclosure is in your interests and consent cannot be obtained in a timely way; in such instances, we will, as soon as it is practicable, notify you of the collection, use or disclosure and the purpose for the collection, use or disclosure, as the case may be;
3. disclosure is necessary to respond to an emergency that threatens your life, health or safety or that of another individual or there are reasonable grounds to believe that your health or safety or that of another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practical, notify you of the disclosure and the purposes of the disclosure, as the case may be;
4. disclosure is necessary for any investigation or proceedings;
5. Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that such Personal Data is necessary for the purposes of the functions or duties of the office;
6. disclosure is made to a public agency and such disclosure is necessary in the public interest; and/or
7. disclosure is made to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of 5 Health's assets, whether as a going concern or as part of a bankruptcy, liquidation or similar proceedings, where such Personal Data forms part of the assets transferred and subject to applicable law.

The instances listed above are not exhaustive, and may be amended under the applicable laws. For an exhaustive list of exceptions, you are encouraged to refer to the PDPA. In all other instances of disclosure of Personal Data to third parties with your express consent, we will put in place reasonable security arrangements, when disclosing your Personal Data by such third parties in compliance with the PDPA.

You may, at any time, withdraw your consent (or deemed consent under the PDPA) to the collection, use, disclosure, transfer and/or processing of your Personal Data in accordance with the procedure set out below:

1. Where consent was provided to 5 Health directly, by giving written notice of the withdrawal of your consent to the Data Protection Officer named below and by sending the written notice of the withdrawal to the contact details provided below.
2. Where consent was not provided to 5 Health directly but to the Customer, please provide written notice of your withdrawal of consent to the Authorised Representative. However, 5 Health will only process the notice of withdrawal of consent upon receipt of the written notice from the Customer.
3. In general, we shall respond to or process the notice for withdrawal of consent within ten (10) business days of receipt of the written notice. If we are unable to respond to or process the notice withdrawal of consent within ten (10) business days after receiving the said written notice, we shall inform you or the Customer (as the case may be) of the time by which we are able to respond to or to process the withdrawal of consent.

Following the withdrawal of your consent, we shall cease (and cause our data intermediaries and agents to cease) collecting, using or disclosing your Personal Data, as the case may be, unless such collection, use or disclosure, without the consent of the individual is required, permitted or authorised under the PDPA or the applicable laws.

Whilst we respect your decision to withdraw your consent, please note that we may not be able to continue to provide you with or allow access to the Services or the Bot MD Interface. Should you decide to cancel your withdrawal of consent, please write to us or the Authorised Representative.

Please contact our Data Protection Officer if Personal Data was provided directly to 5 Health, or the Authorised Representative, if Personal Data was provided to the Customer, if you wish to make:

1. a request for access to your Personal Data or information about the ways in which we use or disclose your Personal Data; or
2. a request to correct any of your Personal Data. Such a request shall include the details of the requestor, description of the Personal Data, the date and time range when the Personal Data was believed to be collected by the Customer or 5 Health, and where Personal Data was provided to the Customer, the name of the Customer.

Please note that a reasonable fee may be charged for an access request. We will inform you or the Customer of the fee before processing your request. We will respond to your access request as soon as reasonably possible.

We will respond to your correction request as soon as reasonably practicable from the time the correction request is made.

If we are unable to respond to your access or correction request within thirty (30) days after receiving the said request, we shall inform you in writing of the time by which we will be able to respond to your request.

We shall protect the Personal Data in our possession or under our control by implementing reasonable and appropriate administrative, physical and technical measures to prevent any unauthorized access to, use, modification or disclosure of the Personal Data. You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While absolute security cannot be guaranteed, we strive to protect your Personal Data and are constantly reviewing and enhancing our information security measures.

We do not represent or warrant that the Bot MD Interface or Third Party Bot MD Messaging Platforms are free of errors, infection by computer viruses, and/or other harmful or corrupting code, program, macro and such other unauthorized software. We do not assume responsibility for any unauthorised use of your Personal Data by third parties.

We will only retain your Personal Data for the period necessary to fulfil the Purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. When the purpose for which your Personal Data was collected is no longer served by the retention of your Personal Data, we shall take steps to destroy or anonymise the documents containing your Personal Data, or remove the means by which your Personal Data can be associated with particular individuals. For the avoidance of doubt, data that has been anonymised would no longer be considered Personal Data and may be retained and used by us without restriction.

We generally rely on personal data provided by you or the Authorised Representative. In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by writing to our Data Protection Officer named below. Otherwise, we will assume that your Personal Data is complete and accurate as at the date of receipt of your Personal Data from you or the Customer.

The Personal Data that you provide will be provided to our affiliate partners and third parties service provider, in connection with the services provided by these parties. In some cases, this may require us to transfer your Personal Data outside of Singapore for the purposes of maintaining or monitoring the activities on the Bot MD Interface. These jurisdictions may have varying legal protections applicable to Personal Data.

Where your Personal Data is transferred overseas, we will take steps to comply with the PDPA. This includes taking appropriate steps to ascertain that the overseas recipient of the Personal Data is bound by legally enforceable obligations such that the transferred Personal Data is accorded a standard of protection that is at least comparable to the protection accorded under the PDPA.

You consent to the provision of your Personal Data to these affiliate partners and third parties service providers for the Purposes set out in this Privacy Policy or as notified to you by the Customer.

You may contact our Data Protection Officer if you have any questions or feedback relating to this Privacy Policy or how your Personal Data is used, or if you wish to make any withdrawal, access or correction request(s) (please refer to the paragraphs above under "Request to Access or Correct Personal Data").

The contact details of the Data Protection Officer are:

Name: Yan Chuan Sim

Email: privacy@botmd.io

Alternatively, please contact the Customer via the Authorised Representative directly.

This Privacy Policy is governed by the laws of Singapore. You agree to submit to the exclusive jurisdiction of the Singapore courts in any dispute relating to this Privacy Policy.