Privacy
Privacy Policy
Updated as of 6 June 2024
1. Introduction
Core Collective Pte. Ltd. and its affiliated companies and subsidiaries (collectively referred to as “we” or “us”) respect the privacy and confidentiality of the personal data of our clients, service providers, job applicants, and other individuals with whom we interact with in the course of providing our products and services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain the personal data in our possession.
Definitions:
Customers:
-
Residents: Personal Trainers, Chiropractors, Pilates instructors, physiotherapists, etc., are a few examples of our residents who comprise our community of health, wellness, medical, and lifestyle professionals who conduct their services at our premises.
-
Members: Any individuals receiving services from Core Collective Residents at any Core Collective centres.
Job Applicants: People who seek to be recruited through us
2. How We Collect Your Personal Data
Personal data refers to any information that can uniquely identify a person either (a) on its own (e.g., NRIC No., FIN No.) or (b) when combined with other information (e.g., Full Name + Full Address).
We collect your personal data:
-
When you purchase our products and/or use any of the services available at Core Collective.
-
When you register to use our facilities or participate in our activities and events.
-
When you visit us at our premises to use our facilities, receive treatment or services from our Residents, or attend our activities and events.
-
When you submit an enquiry, register your interest and sign up to become a Resident at Core Collective.
-
When you interact with us on our digital/online/social media platforms (including but not limited to our website, Facebook account, Instagram handle, and TikTok account).
-
When you provide us with goods and services as our service providers.
-
When you provide feedback to us on our products and/or services.
-
When you apply for a job.
-
When you communicate with us via email or written correspondence (e.g. if you send an enquiry to us from our website or get in touch with us by chat, email, or phone).
3. Types of Personal Data We Collect About You
The types of personal data we collect about you include:
-
Personal Contact Information (such as Name, Residential Address, Phone Number, Email Address)
-
Personal Details (such as Birthdate, Nationality, Gender, NRIC/ Work Permit / Passport information, Emergency Contact details, photographs, and videos)
-
Transactional Data (such as Name, Company/Organisation, Designation, Mailing Address, payment dates, renewal dates, and details of your package or membership)
- Appointment Data (such as Appointment Date and Time*, Service Name*, Service Pricing, Service Provider*, Service Companion)
-
Public and Professional Profile (such as Job Title, Certification, Educational Qualification, Professional Qualification, Employment History, Employment References)
- Image or video footage of you through our CCTV for security purposes
- Other personal data that we may indirectly collect when a Resident records information about a Member such as NRIC, health insurance numbers and/or appointment notes on system-generated invoices and receipts for insurance claims, and medical certificates or other proof for late appointment cancellation waiver requests
- This information can include names, genders, dates of birth, countries of birth, residential addresses, telephone numbers, email addresses, a person’s emergency contacts, health insurance numbers, and patient treatment notes and records. This can include sensitive information such as health records
Note: Information marked with an asterisk (*) indicates that it is mandatory.
4. How We Use Your Personal Data
We use the personal data you provide us for one or more of the following purposes:
-
Manage membership and applications
-
Provide customer care and manage customer relationships
-
Provide services in accordance with your Residency Agreement
-
Manage marketing communication and promotion activities regarding the products or services of Core Collective or its business partners, including information about promotions, offers, surveys or events. (Note that by default, all members are opted-out of our mailing list, and only those who opt-in in will be sent marketing content.)
-
Manage Member account details on the MindBody App (such as member profile, purchases, preferences, upcoming and historical appointment bookings)
-
Manage Resident account details on the Mindbody App (such as Resident company profile, Resident team member profile, service pricings and services offered, schedule availability, upcoming and historical appointment bookings, associated clients and business reports.)
-
Ensure safety and security on our premises
-
Respond to enquiries, update requests and provide feedback on user experience
-
Carry out our obligations arising from any contracts entered into between you and us
-
Comply with legal obligations and regulatory requirements
-
Enforcing legal rights and remedies
-
Fulfilling your requests and processing your payments
-
Contacting you about change of policies
-
Update and back-up customer information for administrative and security purposes
-
Assess suitability, process job applications and selection for employment
-
Manage passes and permits for employment purposes
5. Who We Disclose Your Personal Data To
We disclose some of the personal data you provide us to the following entities or organisations outside Core Collective Pte. Ltd. to fulfil our services to you:
- Providers of Professional Services such as Auditors, Lawyers, Consultants
- Banks, Payment Card Processing Companies, and other Financial Institutions
- Data Processing and Hosting Companies such as IT Service Providers, Webhosting Companies and Cloud Service Providers
- Government Agencies & Regulatory Authorities such as the Ministry of Manpower and Central Provident Fund
- Other service providers, as required from time to time
Where required to do so by law, we may disclose personal data about you to the relevant authorities or law enforcement agencies.
6. How We Manage the Collection, Use and Disclosure of Your Personal Data
6.1 Obtaining Consent
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek your fresh consent if your original purpose for collecting, using or disclosing your personal data has changed.
6.2 Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g., without your personal contact information, we may be unable to provide you access to our premises or utilise our products and services.
Your request for withdrawal of consent can take the form of an email to dpo@corecollective.sg.
7. How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.
From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us on any changes to your personal data (such as a change in your phone number, email address or emergency contact details).
8. How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.
9. How We Retain Your Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data properly and securely when the retention limit is reached.
10. How You Can Access and Make Corrections to Your Personal Data
You may write to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before accepting your request, we may need to verify your identity by checking your NRIC or other legal identification documents. We will respond to your request as soon as possible or within 30 days of receiving your request. If we cannot do so within 30 days, we will let you know and estimate how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date, you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible or within 30 days from the date we receive your request.
11. How We Transfer Your Personal Data
If there is a need for us to transfer your personal data to another organisation outside of Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
12. Use of Cookies and Tags
12.1 Use of Cookies
A cookie is a file containing an identifier (a string of letters and numbers) sent by a web server to a web browser or mobile device and stored by the browser or mobile device The identifier is then sent back to the server each time the browser or mobile device requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser or mobile device and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser or App is closed.
Cookies do not typically contain any information that personally identifies a user. Still, personal information we store about you may be linked to the information stored in and obtained from cookies.
How do we use cookies?
We use cookies in a range of ways to improve your experience on our website, including:
-
Auto filling forms
-
Understanding how you use our website or Apps (which may include but is not limited to pages visited, time spent on pages, language preferences, and other anonymous traffic data)
What types of cookies do we use?
There are several different types of cookies which our website uses:
Functionality – Our Company uses these cookies so that we recognise you on our website and remember your previously selected preferences. These could include what language you prefer and the location you are in. A mix of first-party and third-party cookies is used.
Google Analytics - We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use through cookies. The information gathered relating to our website is used to create reports about the use of our website.
Google's privacy policy is available at: https://policies.google.com/privacy
How to Manage Cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function.
12.2 Use of Tags
Tags are code segments inserted onto our website to track user behaviour. They may consist of technologies such as web beacons or tracking pixels. Tags can be grouped into two large categories:
-
Statistical Tags
-
Advertising Tags
We only employ tags of a statistical nature and do not use any marketing tags within our website.
Some of the tags we use set cookies which may collect data from our users to compile our statistics. For such tags, please refer to our section about cookies on how to manage them.
We also employ tags that use images or similar mechanisms to track certain browser behaviour. You cannot opt out of these unless you blacklist all requests from Google.
About Google Tag Manager
Google Tag Manager is used on our website to manage these tags. Other than data in standard HTTP request logs, all statistics collected at Google are deleted within 14 days of being received.
Our Usage of Google Tag Manager
We do not use any 3rd party tags not provided by Google. We do not upload any data to Google Tag Manager that might be used to personally identify an individual (e.g. a name, email address or billing information). Information collected is anonymised and collected purely for statistical purposes. We only keep statistical reports and do not make any backups of the raw data that Google Tag Manager collects on our behalf.
13. Contacting Us
If you have any query or feedback regarding this Data Protection Notice or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at dpo@corecollective.sg.
Any query or complaint should include at least the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within a reasonable time.
14. Changes to this Data Protection Notice
We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes. Changes to this Notice take effect when they are posted on our website.