柒师傅养生馆 | Qishi Wellness

Privacy Policy Last Updated: May 2026 Effective Date: 1 May 2026 --- 1. Organisation Identity This Privacy Policy is issued by [CLINIC LEGAL NAME] (UEN: [UEN NUMBER]), operating as Qishi Wellness TCM Therapy ("we", "us", "our"), with registered address at [REGISTERED ADDRESS], Singapore. For data protection enquiries, please contact our designated Data Protection Officer (DPO): Email: dpo@[yourdomain.com] --- 2. Data We Collect When you make a booking or create an account, we may collect the following information: - Full name - Contact number - Email address - Appointment records and service preferences - Session notes completed by therapists (e.g. treatment areas, feedback records) We do not collect medical diagnoses, prescriptions, or clinical records. --- 3. Purpose of Collection We collect and use your personal data solely for the following purposes: - Processing and managing your appointments - Sending booking confirmations and reminder notifications - Improving service quality - Complying with applicable laws and regulations We will not use your data for any other purpose without your prior consent. --- 4. Data Retention We retain your personal data for a maximum of 2 years from the date of your last appointment. Upon expiry of the retention period, your data will be permanently deleted or anonymised in accordance with the Personal Data Protection Act 2012 (PDPA). --- 5. Cross-Border Data Transfers Your personal data may be stored on servers located outside Singapore. In such cases, we will take reasonable measures — including contractual arrangements or adherence to recognised data protection frameworks — to ensure that the recipient provides a comparable level of protection to that under the PDPA. --- 6. Third-Party Disclosure We do not sell, rent, or share your personal data with any third party for marketing purposes. Exceptions include: - Our authorised staff and therapists (on a need-to-know basis only) - Service providers assisting in the operation of the booking system (bound by confidentiality obligations) - Government authorities or law enforcement agencies as required by law --- 7. Cookies and Tracking Technologies This website may use essential cookies to support booking functionality and session management. We do not use third-party advertising or behavioural tracking cookies. This policy will be updated if that changes. --- 8. Your Rights Under the PDPA and its 2020 amendments, you have the right to: - Access the personal data we hold about you - Request correction of inaccurate data - Withdraw consent to data collection at any time (note: withdrawal may affect our ability to provide services to you) - Request deletion of your personal data (subject to statutory retention obligations) - Data Portability: where eligible, request that we transmit your personal data to you or to another organisation in a commonly used, machine-readable format To exercise any of the above rights, please email dpo@[yourdomain.com]. We will respond within 30 calendar days of receiving your request. --- 9. Data Security and Breach Notification 9.1 We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, modification, or destruction. 9.2 In the event of a data security incident that is likely to result in significant harm to you, we will: - Notify the Personal Data Protection Commission (PDPC) within 3 business days of discovery; - Notify affected users within 30 calendar days where reasonably practicable. --- 10. Supervisory Authority The Personal Data Protection Commission (PDPC) is the official authority responsible for administering the PDPA in Singapore. If you believe we have not handled your personal data appropriately, you may, after raising the matter with us, file a complaint with the PDPC: Website: www.pdpc.gov.sg Helpline: +65 6377 3131 --- 11. Policy Updates We may update this Privacy Policy periodically to reflect changes in our business or legal requirements. The updated policy will be published on this page with a revised effective date. For material changes, we will endeavour to notify registered users by email. --- 12. Contact Us For any questions regarding this Privacy Policy or our data protection practices, please contact: [CLINIC LEGAL NAME] Data Protection Officer (DPO) Email: dpo@[yourdomain.com] Address: [REGISTERED ADDRESS], Singapore