Who we are

This privacy policy (the “Policy”) is intended to inform you of the types of information Rakabi World Pte. Ltd. (UEN: 202101675Z), a company incorporated under the laws of Singapore (“we” or “us” or “Company”), collects, as well as our policies and practices regarding the collection, use, and disclosure of that information through the NOWCHAYN Application and Services in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”), and other applicable laws.

Unless otherwise defined herein, capitalised terms used in this Policy shall have the same meanings as those defined in the NOWCHAYN Terms of Use (accessible at: www.nowchayn.com/privacy-policy) (“Terms”).

Please read this Policy carefully, because by using the Application and Services, you are acknowledging that you understand and agree to the terms of this Policy, and consent to the types of information and the manner in which we may collect, use and disclose such information. If you do not agree to the terms of this Policy, please do not use the Application and Services.

We reserve the right to change the provisions of this Policy at any time. We will alert you that changes have been made by indicating on the Policy the date it was updated. We encourage you to review this Policy from time to time to make sure that you understand how any information you provide will be used. Each time you access the Application and Services, the most recent version of the Policy will apply. Your continued use of the Application and Services following the posting of changes to these terms will mean you accept those changes.

We will ensure that all Personal Information (as defined below) that we collect and maintain will be (i) processed lawfully, fairly, and in a transparent manner; (ii) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (iii) adequate, relevant, and limited to what is necessary; (iv) accurate and kept up to date; and (v) processed in a manner that ensures appropriate security of the Personal Information, including protection against unauthorised or lawful processing and against accidental loss, destruction or damage.

I. Information We Collect

Personal Information You Provide to Us

When you register for a User Account and access or use the Application and Services, depending on the nature of your interactions with us, we may collect information including but not limited to:
• your name, email address, username, demographic information (such as age range, gender, occupation);
• billing information which you provide us (e.g. credit card information), information about the Device(s) you are using, your geographical location; and
• any other information that you may provide while accessing or using the Application and Services, which comprises “personal data” within the meaning of the PDPA (i.e. data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access), and other applicable laws,
(collectively, “Personal Information”).

We only have access to and collect Personal Information that:
• you voluntarily provide to us by filling out our online forms and surveys which are part of the Application and Services, or via email or other direct contact with you.
• you voluntarily provide to us via a third party which you have authorised to disclose Personal Information to us (e.g. your employer if they process medical care claims) (“Authorised Representative”).
• we are permitted to collect, or authorised under applicable laws to collect, without seeking your consent.

We shall seek your consent before collecting any additional Personal Information and before using your Personal Information for a purpose which has not been notified to you (except where permitted or authorised by law).

If you do not want this information to be shared with our employees, service providers and subcontractors, upon your request, we will not share your information. However, your ability to access and use the Application and Services, and request services, may be limited or interrupted.

Information Collected by Automated Means

Whenever you use the Application and Services, we and/or our service providers, may use a variety of technologies that automatically collect information about how the Application and Services are accessed and used (“Usage Information”). Usage Information may include, in part, browser type, operating system, the page viewed, the time, how many users visited the Application and Services, and the website you visited immediately before the Application and Services. This statistical data provides us with information about the use of the Application and Services, such as how many visitors visit a specific page on the Application and Services, how long they stay on that page, which websites they are coming from and which hyperlinks, if any, they “click” on. Usage Information helps us to keep the Application and Services user friendly and to provide users with readily accessible and helpful information. We may also use your Usage Information to troubleshoot issues with access or use of our Application and Services. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we treat it as Personal Information.

We believe that such technology usage is fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

II. How Do We Use Your Information?

We will use your information to respond to you regarding the reason you contacted us.

We will also use your information as follows:
• onboarding you to the Application to utilise the Services by registering for a User Account and verifying your identity;
• contacting you about the products/services on our Application and Services in which you have expressed interest or subscribed to and allows you to easily update your contact information;
• managing your relationship with us, responding to, handling, and processing queries, requests, applications, complaints, and feedback from you, and notifying you about changes to our Application or this Policy;
• processing or facilitating the processing of your claims and payment transactions;
• improving the quality of our mental health and wellness fitness programs and information services through the performance of quality reviews and similar activities;
• creating Anonymised Information (e.g. aggregate statistics relating to the use of the Application and Services) for the purposes of analytics and market research;
• notifying you when updates to the Application are available;
• marketing and promoting the Application and Services, and the services and products offered on the Application and Services to you;
• promoting third party advertisements or promotion information (including commercial and non-commercial information) on the Application, the manner, mode and extent of which are subject to change without prior notice to you;
• conveying mental health and wellness information to you;
• complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
• for any other purposes for which you have provided the information;
• transferring or transmitting to any unaffiliated third parties including our third party service providers and agents, whether in Singapore or abroad, for the aforementioned purposes. The third party services will be integrated within the Application to specifically capture user-specific usage information which will allow the Company to configure a rule-based message and notification to the User, for the purposes, including but not limited to, meditation reminders and discount offers;
• transferring or transmitting to any relevant governmental and/or regulatory authorities, whether in Singapore or abroad, based on regulatory requirements; and/or
• any other incidental business purposes related to or in connection with the above.

You hereby explicitly consent for us to use your information for the purposes set out above. Where we do contact you in connection with any of the purposes set out above, you agree that we may contact you directly (by email, text messaging, calls, post) using the information provided to us by you or through your Authorised Representative. If at any time you wish that we cease communication with you, please notify us using the contact information provided below in the “Contact Us” section.

We may rely on the “legitimate interests” exception under the PDPA (and similar exceptions under other applicable laws) to collect, use and disclose personal data without your consent for the purposes of detecting and preventing fraud and misuse of our services. Such disclosures may be made to your employer, where relevant for such purposes.

III. Do We Share Your Information?

Except as provided herein, we will not trade, rent, share or sell your Personal Information to third parties, unless you ask or provide your consent to do so, we will not share your Personal Information with any third party outside of our organisation, provided always that we may disclose your Personal Information to third parties (who process your Personal Information on our behalf or otherwise) where such disclosures are required for performing our obligations in connection with providing you with the Application and Services, in the following circumstances:
• to our subsidiaries, related companies, affiliates, or partners;
• to the relevant parties who may process your claims for your medical care (which may include your employer if you are making claims under your employee benefits scheme).
• to our service providers and subcontractors in order to troubleshoot issues you may have with the Application, the Services or your User Account, or to assist us in our provision of the Application and Services. Only employees, service providers (including data service providers) and subcontractors who need the Personal Information to perform a specific job are granted access to Personal Information. The computers/servers in which we store Personal Information are kept in a secure environment, and these third parties are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them;
• when we believe in good faith that such disclosures (a) are required by law, including, for example, to comply with a court order or subpoena, or (b) will help to: enforce our policies; protect your safety or security, including the safety and security of property that belongs to you; and/or protect the safety and security of the Application and Services, us, our employees, our service providers, our subcontractors, other third parties, or equipment that belongs to us, our service providers, or our subcontractors. Disclosures in this limited scenario would be made to a court of law, law enforcement, or other public or government authority;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained on the Application and Services is among the assets transferred; and/or
• to any other person or organisation disclosed by us when you provide the information.

International Transfers:

By using our Application and Services, you agree that any transfer of your Personal Information to various countries is necessary and reasonable for us to provide you with the Application and Services, and acknowledge that such third parties processing your Personal Information either on our behalf or otherwise may be located in a different country from the point of collection of your Personal Information (including transfers to servers from other countries as determined by the Company from time to time) which may be outside of the country you are accessing the Application and Services from), or may have multiple physical locations and backups (e.g. cloud based services).

Where we disclose your Personal Information to third parties, we will employ our best efforts to ensure such third parties protect your Personal Information and meet our data security standards, and process Personal Information provided to them only for the purpose of providing the specific service to us.

We may use non-identifiable anonymous data that is based on users’ access or use of the Application and Services that may be used by us to improve the Application and/or Services. We may also use anonymised data based on your use of the Application and Services, including de-identified health data and combine such de-identified data with data or other anonymous data (“Anonymised Information”). Anonymised Information may include information that describes the habits, usage patterns, survey responses and/or demographic information of users as a group, but does not identify any particular users. We may provide Anonymised Information to our third party collaborators and partners. Such Anonymised Information does not comprise of and does not constitute Personal Information protected by law. Such Anonymised Information is not subject to data privacy laws, and may be transferred, disclosed, assigned, leased, licensed, sold and otherwise shared with and by our partners, service providers, advertisers and/or other third parties for any purposes permitted under applicable law.

Your Access to and Control Over Your Information

We offer you choices regarding the collection, use, and sharing of your Personal Information. Our Application and Services do not currently respond to browser-based do-not-track signals. You can choose to have your computer warn you each time a cookie is being set, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is different, so look at your browser’s Help menu to learn the proper way to modify your browser’s cookies setting.

If you disable cookies, some features may be disabled that make your user experience more efficient and some of our services may not function properly.
You may do the following at any time by contacting us via the email address provided on our Application and Services, or to our Data Protection Officer whose details are set out below:
• Accessing and updating your Personal Information
• Withdraw your consent

Accessing and Updating your Personal Information

You may access and correct your Personal Information that is in the possession or under the control of the Company at any time by way of the Application and Services. You may also request for a copy of such information. Please note that a reasonable fee may be charged for an access request or where a copy of your information is so requested. If so, we will inform you of the fee before processing your request. No fee is payable for any request to correct your Personal Information (including any incomplete or inaccurate information).

To access, review, correct, or remove your Personal Information or part thereof, please submit a request to our DPO via the contact information provided below. While we will try our best to accommodate your request, we reserve the right to reject or limit any such requests in accordance with the provisions of any applicable laws or regulations.

Unless the Company is satisfied on reasonable grounds that a correction should not be made, the Company shall correct the Personal Information as soon as practicable, and send the corrected information to every other organisation to which such information had been provided to within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within twenty-one (21) days after receiving your request, we will inform you in writing of the time by which we will be able to respond to your request. If we are unable to accede to any request for access to or to correct any of your information, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under any applicable law or regulations).

If you do not want your information to be shared with our employees, service providers and subcontractors, upon your request, we will not share your information. However, your ability to access and use the Application and Services may be limited or interrupted.

Withdrawing your consent

The consent that you provide for the collection, use and disclosure of your Personal Information will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Information for any or all of the purposes listed above at any time by submitting your request via email to our DPO via the contact information provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time to process your request and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing you with access to our Application and Services and we shall, in such circumstances, notify you of the same before completing the processing of your request. You may cancel your withdrawal of consent by submitting your request via email to our DPO via the contact information provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Information where such collection, use and disclosure without consent is permitted or required under applicable laws (please see Section VII – Retention of Personal Information below).

IV. What Steps Do We Take to Protect Your Information?

We take measures designed to protect your Personal Information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We provide physical, electronic, and procedural safeguards to protect Personal Information we process and maintain. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other types of misuse. To protect the confidentiality of Personal Information maintained in your account, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Application and Services by any person using your password. Please advise us immediately if you believe your password has been misused. If you have reason to believe that your interaction with us is no longer secure, if you feel that the security of any account you might have with us might have been compromised, or if you suspect that someone else is using your account, please contact us immediately using the contact information provided below in the “Contact Us” Section.

You agree that the Company shall have no liability for any kind or form of cyber damage resulting from a denial of service attacks, theft or corruption of data, or other data denials, hacking, operation of malware or other harmful agents, and any other electronic interference with equipment, databases, software, operating systems, networks, or other facilities, adversely affecting or with the potential to adversely affect your Personal Information, caused in whole or part by third parties (“Cyber Attack”).

In the occurrence of a Cyber Attack, the Company will take its best endeavours to remedy the Cyber Attack directed against the Company’s systems, networks, property, Application or other facilities that adversely affect the User’s Personal Information.

V. Does This Policy Apply to Other Websites Linked to Or from the Application and Services?

The Application and Services may contain links to other websites. Any Personal Information you provide on linked pages or sites is provided directly to that third party and is subject to that third party’s privacy policy. This Policy does not apply to such linked sites, and we are not responsible for the content or privacy and security practices and policies of these websites or any other sites that are linked to or from the Application and/or Services. We encourage you to learn about their privacy and security practices and policies before providing them with Personal Information.

VI. Do We Collect Information from Persons Under the Age of 18?

The Application and Services are intended for use by individuals at least or above the age of 18 or the age that the law in the country you reside in requires for you to legally access and/or use the Application and Services (whichever is higher). If you are below 18 years of age, but you are 13 years of age or older, your parent or legal guardian shall agree to the terms of this Policy on your behalf. Any such parent or legal guardian is responsible to the Company and is legally bound to this Policy as if he or she had agreed to the terms of this Policy itself. You may not use the Services if you are under 13 years of age.

The Company does not knowingly collect or use any Personal Information from persons below the age of 13. If we become aware that we have unknowingly collected Personal Information from a person under the age of 13 or the age that the law in the country you reside in requires for you to legally access and/or use the Application and Services (whichever is higher), we will make commercially reasonable efforts to delete such Personal Information from our database.

VII. Retention of Personal Information

We may allow you to delete some of the records that are stored on the Application or Services, by way of your User Account. However, please note that such deletion(s) shall only delete your records from the Application. A back-up copy shall be retained by our Company for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your Personal Information, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Information was collected, and is no longer necessary for legal or business purposes.

VIII. Miscellaneous

By using the Services, you are representing that you agree to the Terms and this Policy, and this agreement supersedes any other agreement that we might have with you concerning the use of your Personal Information. If you do not agree to any of these terms and conditions, you must stop using/accessing the Application and Services immediately. Except as otherwise specified in this Policy, this Policy shall be governed by and construed in accordance with the laws of Singapore.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, the Application and Services, and your information as collected, processed and maintained through our Application and Services may be included in the assets sold or transferred to the acquirer. You agree that we may transfer or assign the information we have collected about you in connection with any such event. In the event of a bankruptcy, insolvency, reorganisation, receivership or assignment for the benefit of creditors, we may not be able to control how your Personal Information is treated, transferred, or used.

IX. Contact Us

If you have any questions about this Policy, please contact our Data Protection Officer (“DPO”) via email at: [email protected] To exercise any of your rights in this Privacy Policy please contact us in writing, via email as indicated above, so that we may consider your request under applicable law. Please be aware that to facilitate our review and processing of your request you will be required to provide the following details:
• The name, user ID, pseudonym, email address, or other identifier that you have used to use the Application and Services, or if you are not a registered user of the Application and Services, or have not otherwise previously interacted with us, your first and last name and an address where we can correspond with you.
• State or Country in which you are located.
• Clear description of the nature of your request and the action you wish to be taken.
• Sufficient information to allow us to assess and carry out your request (if applicable).

For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request.
In addition, please note that, depending on the nature of your query, request or complaint, we may need to verify your identity before implementing your request and may require proof of identity, such as in the form of a government issued ID and proof of geographical address.

Further, please note that while we will endeavour to respond to your request as soon as reasonably practicable, you may first receive just an automated reply to any query sent to the Company. The Company reserves the right to only provide the User with a customised reply after examining the query and only if deemed necessary, as determined at the Company’s sole and absolute discretion.