Privacy Policy

Solara Medical Pte Ltd ("Solara Medical", "we", "us", or "our") is committed to protecting the personal data of our patients, visitors, and users of this website in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore and all subsidiary regulations made thereunder.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our website at www.solaramedical.sg or when you engage our medical services.

1. Personal Data We Collect

We may collect the following categories of personal data from you:

• Identity data: full name, NRIC/FIN/passport number, date of birth, gender
• Contact data: residential address, email address, telephone number
• Medical data: medical history, diagnoses, prescriptions, test results, consultation notes, and other health-related information
• Financial data: billing and payment information (processed securely; we do not store full card details)
• Technical data: IP address, browser type, pages visited, and cookies when you use our website
• Communications data: messages submitted via our contact form or sent to our email addresses

Medical data is classified as sensitive personal data under the PDPA and is handled with heightened care.

2. How We Collect Personal Data

We collect personal data directly from you when you register as a patient, book an appointment, submit our contact form, correspond with us by email, or visit our website. We may also receive data from third parties such as referring healthcare providers, insurance companies (where applicable), or government health agencies (e.g., MOH, HealthHub) where you have authorised such sharing.

3. Purposes of Collection and Use

We collect and use your personal data for the following purposes:

• Providing medical consultation, diagnosis, treatment, and follow-up care
• Scheduling and managing appointments
• Processing billing and payments
• Communicating with you about your health, appointments, or enquiries
• Complying with legal and regulatory obligations, including reporting requirements under the Private Hospitals and Medical Clinics Act (PHMCA) and the Infectious Diseases Act
• Maintaining accurate and up-to-date medical records
• Improving our services and website through anonymised analytics
• Sending administrative notices and, where you have consented, health-related updates or appointment reminders

We will not use your personal data for purposes beyond those stated above without your prior consent, unless permitted or required by law.

4. Disclosure of Personal Data

We may disclose your personal data to:

• Healthcare providers: specialists, hospitals, or laboratories to whom we refer you for further care
• Service providers: third-party vendors who process data on our behalf (e.g., IT systems, email delivery services) under contractual data protection obligations
• Government authorities: the Ministry of Health (MOH), Health Sciences Authority (HSA), or law enforcement agencies where required by law
• Insurance companies: only with your express consent or where required for claims processing

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

5. Retention of Personal Data

Medical records are retained for a minimum of 6 years from the date of the last consultation, in compliance with the Private Hospitals and Medical Clinics (Medical Records) Regulations. Other personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, whichever is longer. When personal data is no longer required, it is securely deleted or anonymised.

6. Protection of Personal Data

We implement reasonable organisational, physical, and technical security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Access to personal data is restricted to authorised personnel on a need-to-know basis. All staff handling personal data are trained on data protection obligations under the PDPA.

7. Cookies and Website Analytics

Our website uses cookies and Google Analytics (GA4) to collect anonymised data about how visitors use the site. This data helps us improve the website experience and does not identify you personally. You may disable cookies through your browser settings; however, some features of the website may not function correctly as a result.

8. Your Rights Under the PDPA

Under the PDPA, you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate or incomplete personal data
• Withdraw consent for the use of your personal data for specific purposes (subject to legal and contractual restrictions)
• Data portability — request that your personal data be transmitted to another organisation in a commonly used machine-readable format, where technically feasible

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days of receipt.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically. Continued use of our website or services after any changes constitutes your acceptance of the updated policy.