Xcellen PTE. LTD. Privacy Policy
Effective date: June 25, 2020
- General
- This is the privacy policy (“Policy”) of Xcellen Pte. Ltd. (Company Registration No. 201503037E), a private company limited by shares incorporated in Singapore and having its registered address at 30 Cecil Street, #19-08, Prudential Tower, Singapore 049712 (hereinafter referred to as “Xcellen”, “we,” and “us”).
- This Policy outlines the personal data of the respective Individuals that Xcellen and the Clients may collect for the purpose of the Platform and Website, how the personal data may be used, how it is stored and retained, whom it may be transmitted to as well as the responsibilities in relation to such uses and disclosures.
- All the data, including personal data, of the Client Customers that are collected, processed, transmitted and stored on and through the Platform remains in the possession and under the control of the Client and/or the applicable cloud storage server provider (“Cloud Provider”). Clients and Client Customers should also refer to the privacy policy of the Cloud Provider. For the avoidance of doubt, Xcellen only supplies the Platform and is not acting as the data controller or data intermediary in respect of the personal data of the Client Customers that are collected, processed, transmitted and stored on and through the Platform.
- We recognize the privacy of the Individuals and have adopted this Policy which is compliant with the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”) and the European Union General Data Protection Regulation (“GDPR”) to reflect our commitment to respecting and protecting the Individuals’ privacy and personal data.
- In the course of operating the Platform and Website and providing the Services, we and our employees may handle the personal data of individuals such as the Clients’ administrators and sales representatives (collectively, “Client Staff”) as well as Visitors. Also, Clients, in using the Platform, are likely to handle the personal data of individuals including, but not limited to, doctors, nurses, pharmacists, other healthcare professionals and service providers, and other customers of the Clients (“Client Customers”). Client Staff, Visitors and Client Customers are hereinafter collectively referred to as “Individuals”.
- Users are to read this Policy carefully and to refer to it as and when required. By accessing the Platform and/or Website, using the Platform and/or Website and/or accepting Xcellen’s provision of the Services, you are deemed to have consented to and accepted the terms and conditions of this Policy and undertaken to comply with the Users’ obligations under this Policy. Xcellen will ensure its own compliance to the standard of this Policy with regard to any personal data that may come into its possession or control or that which it may process in relation to the operation of the Platform and Website and provision of the Services.This Policy governs the operation by Xcellen of the cloud-based application called the Xpower Customer Targeting platform (“Platform”), the provision by Xcellen of the services (“Services”) on the Platform, the usage of the services on the Platform by clients (“Clients”) and the access to Xcellen’s website (xcellen.com) (“Website”) by visitors generally (“Visitors”). Clients and Visitors are hereinafter collectively referred to as “Users” and “you”.
- The PDPA recognises the rights of individuals to protect their personal data (including rights of access and correction) and the requirement for organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
- Collection of personal data
- Clients may collect and process the following information or data (including personal information and information that can be uniquely identified with individual persons) about the Client Customers:
(a) Full name, including any aliases;
(b) Unique identification number (such as an identity card number, birth certificate number or passport number);
(c) Residential address;
(d) Office address;
(e) Date of birth;
(f) Gender;
(g) Nationality;
(h) Copy of identification document;
(i) E-mail address(es) and other contact information that the Individuals may provide to you;
(j) A record of any correspondence between the Individuals and you;
(k) A record of the activities of the Individuals;
(l) Patient load in general and in respect of certain diseases or therapy areas;
(m) Prescription behavior;
(n) Timing to meet your sales representative;
(o) Channel preferences;
(p) Information that you may require from the Individuals when there is a problem with the Platform or the registration process; and
(q) Any other information about the Individuals that you may require for your usage of the Platform for your business purposes. - Clients may collect only the information listed in paragraph 2.1 above that is reasonable to use the Platform.
With regard to the Client Staff, Xcellen may collect, in accordance with applicable laws and, where required, with the Client Staff’s consent, information relating to the devices that they use and the networks that they are connected to when using the Platform, in order to perform data analytics and enhance the Platform. This may include the following information: their IP address, log-in information, smartphone device brand and type, browser type and version, browser plug-in types and versions, operating system and platform, advertising identifier, information about their visit including the URL clickstream to, through and from our Platform, products they viewed or searched for, download errors, length of visits to certain pages, and page interaction. We may collect this information through the use of various technologies including cookies. - Xcellen may also collect the following personal data from the Visitors:
(a) Email address for the purpose of subscription to Xcellen’s newsletter;
(b) Name, job title, company, country and email address for the purpose of subscription to Xcellen’s mailing list; - Name, email address, company, job title, mobile phone number and country/region for the purpose of scheduling a meeting via the third party service provider Hubspot; and
- Name, company, email address, job title, region, country, mobile phone number for the purpose of contacting Xcellen.
- Xcellen may collect only the information listed in paragraphs 2.3 and 2.4 above, which the Client Staff and Visitors hereby agree are reasonable for the specified purposes.
- Xcellen and the Clients will make a reasonable effort to ensure that the personal data collected is accurate and complete.
- Xcellen and the Clients will only collect such information when the respective Individuals choose to supply the same. The respective Individuals do not have to supply any personal information but they may not be able to take advantage of all our Services if they do not do so.
- In the event that any of the Clients’ accounts in respect of the Platform is suspended or blocked, we will keep their data for a period of between 2 and 10 years in order to prevent them from circumventing the rules applying to the Platform, after which we shall cease to retain their personal data.
- Clients may collect and process the following information or data (including personal information and information that can be uniquely identified with individual persons) about the Client Customers:
- Google analytics/cookies
- We use cookies in the operation of the Website in order to ensure its proper functioning. Cookies are small text files that are stored on a user’s computer, tablet or smartphone by an online portal when you visit it. Cookies are used to provide a better user experience when using the Website and for record keeping, analyzing trends, administering the Website, tracking users’ movements on the Website, and gathering demographic information about the users. Xcellen may receive reports based on the use of cookies on an aggregated basis. This is in order for Xcellen to track and target the interests of the users using Google analytics and improve the Website.
- It is not mandatory for users to enable the Website’s cookies and users may delete or block these cookies. However, the users’ browsing experience may be negatively affected as some features of the Website may not work as intended. The session ID cookie will be stored on a user’s computer for the period of one (1) month.
- By using the Website, the users consent to Xcellen’s use of the cookies in the abovementioned ways and for the abovementioned purposes.
- The types of cookies used on this Website are as follows:
(a) Mandatory cookies: The cookies which are essential for enabling users to access and use the Website and their services.
(b) Preference cookies: The cookies which collect information about how users use the Website in order for Xcellen to improve the Website’s design and accessibility.
(c) Statistics cookies: The cookies which provide statistics and reporting on the performance of the Website, through Google Analytics. No personally identifiable data will be collected through these cookies.
(d) Marketing cookies: The cookies which track users’ behaviour on the Website and potentially across other websites, in order to target content that are relevant for the users. Users would not be personally identified through this information. - Xcellen gathers certain information and stores them in log files automatically in order to improve the Website’s services. This information includes operating system, internet protocol addresses, internet service provider, referring/exit pages, files viewed on the Website, date/time stamp, clickstream data and/or browser type. This information may be combined with other information Xcellen collects about users.
- Xcellen and/or its service providers may use local storage to store content information and preferences.
- Use of personal data by Clients
- By using the Platform, the Clients represent and warrant to Xcellen that the Client Customers have expressly authorized and consented to the Clients gathering, reviewing, retaining and transmitting their personal data to the Clients and the Cloud Provider, and, where reasonably required, other entities for the proper and reasonable purpose of them storing and using the data responsibly and in accordance with the PDPA and GDPR.
- The Clients shall notify the Client Customers that the Clients may use their personal data for the following purposes, as applicable, and obtain their consent for the same:
(a) Profile and segment the Client Customers to provide appropriate services according to their needs;
(b) Determine right sales force size and structure to optimally promote new and established brands;
(c) Design fair, workable and balanced territories to provide similar opportunities across sales force;
(d) Set unbiased and fair targets; and
(e) Accommodate any analytics request on sales force and marketing effectiveness.
- Use of personal data by Xcellen
- By using the Platform, Website and/or Services, the Client Staff and the Visitors expressly authorize and consent to Xcellen gathering, reviewing, retaining and transmitting their personal data as is proper and reasonable for the purposes enumerated in Clause 5.2. below, in accordance with the PDPA and GDPR.
- We may use the Client Staff and Visitors personal data to:(a) Troubleshoot any technical issues faced by the Client Staff and Visitors in the course of usage of the Platform and Website;(b) Ensure that the content on the Platform and Website is presented in the most effective manner for the Client Staff and Visitors and for their personal computers, smartphones and other devices and customise the Platform and Website to their preferences, understand their activities interests, optimize the Platform’s and Website’s display of information, and manage our business;
(a) Assist in making general improvements to the Platform, Website and Services;
(b) Carry out and administer any obligations arising from any agreements entered into with us;
(c) Administer the Client’s account and to provide the Services;
(d) Allow the Client Staff and Visitors to access features of the Platform, Website and Services, such as to schedule a meeting via Hubspot;
(e) Communicate with Client Staff and Visitors by email or other chosen means to send relevant notifications and updates about our Services, Website and Platform, as well as other products and services, that may be of use to them;
(f) Send newsletters, marketing materials and other correspondence to or otherwise make contact with the Client Staff and Visitors;
(g) Respond to queries and requests for information on the Services of the Platform and Website;
(h) Contact the Client Staff and Visitors and notify them about changes to the Platform, Website or the Services (except where they have expressly requested for us not to do so);
(i) Analyse how Client Staff and Visitors are making use of the Platform and Website for our internal marketing and research purposes;
(j) Ensure that the Client Staff and Visitors comply with our terms and conditions and the applicable law; and
(k) Send the Client Staff and Visitors important notifications that they will require in order to use the Platform and/or Website.
- With whom the Individuals’ information may be shared
- The Clients should not share the personal data of the Client Customers with any third parties unless the Client Customers have otherwise consented in accordance with the PDPA and GDPR.
- We do not share the Client Staff’s and Visitors’ personal information with others except as indicated in this Privacy Policy or when we inform them and give them an opportunity to opt out of having their personal information shared. We may share the personal information with:
(a) Service providers such as our customer relationship management system, Hubspot, and our mailing provider, Mailchimp: We may share information, including personal information, with third parties that perform certain services on our behalf. These services may include, without limitation, server hosting, marketing and supporting our notification service functionality. These service providers may have access to personal information needed to perform their functions but are not permitted to disclose or use such information for any other purposes.
(b) We do not provide any non-anonymized personal information to third parties. We will adhere strictly to the provisions in the PDPA and GDPR in relation to any disclosure and dissemination of information to any third parties. - We may disclose the Client Staff’s and Visitors’ information, including personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency, to establish or exercise our legal rights, to defend against legal claims, or as otherwise required by law.
- We will not transfer any of the Client Staff’s and Visitors’ personal data to a country or territory outside the country or territory where the personal data is collected, except to organisations that provide a standard of protection to personal data that is comparable to the protection under the PDPA.
- Third Party Sites
The Platform and Website may be integrated with the Users’ Customer Relationship Management (“CRM”) systems, including but not limited to Hubspot, Mailchimp, Veeva and Salesforce.com, that do not operate under this Privacy Policy. For example, users may provide and receive data to and from the Platform and Website through their integrated CRM systems. These third-party CRM systems may independently solicit and collect information, including personal information, from you and, in some instances, provide us with information about the users’ activities on those CRM systems. You should consult the privacy statements of all third-party CRM systems that you use. - How we protect personal information
- We will take security measures to help safeguard any and all personal data in our possession or under our control from unauthorised access, collection, use, copying, modification, disposal and disclosure. However, no system can be completely secure. Therefore, although we take steps to secure the personal data in our possession or under our control, we cannot guarantee that the personal data, activities on the Platform and Website, or other communications will always remain secure.
- If any Client Staff or Visitor wishes to delete all of their personal data in our possession, they are to email us at Techsupport@xcellen.com. The specified personal data in our possession will be deleted within 24 hours.
- Children’s privacy
Although our Platform and Website are for a general audience, we restrict the use of our Platform and Website to individuals age 18 and above. We do not knowingly collect, maintain, or use personal information of children under the age of 18. It is the Client Staff’s and Visitor’s sole responsibility to provide their correct birth date. - No Third-party Rights
This Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Platform and Website to third parties. - Notification of changes to our Privacy Policy
We will post details of any changes to this Policy on the Platform and Website to help ensure that the Clients are always aware of the information that we collect, how we use it, and in what circumstances, if any, that we share it with other parties. - Specific provisions related to the European Union General Data Protection Regulation (GDPR)
- Xcellen and the Clients acknowledge that the GDPR will apply if we process or hold any personal data of individuals residing in the EU (“EU Individuals”) or if we offer goods or services to EU Individuals.
- Xcellen and the Clients will process personal data of EU Individuals only if consent is provided by the EU Individuals for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for compliance with a legal obligation.
- Xcellen and the Clients will process personal data of EU Individuals lawfully, fairly and transparently, collect and apply the personal data only for specified, explicit and legitimate purposes, limit the personal data to only what is required, ensure the accuracy of the personal data, not keep the personal data in personally identifiable form for longer than is necessary and secure and protect them in accordance with the GDPR.
- Xcellen and the Clients will uphold the following rights of EU Individuals in accordance with the GDPR:
(a) Right to access and obtain a copy of the EU Individuals’ personal data, including the purposes of processing and who the personal data has been disclosed to;
(b) Right to rectify inaccurate personal data concerning the EU Individual;
(c) Right to erasure of personal data concerning the EU Individual except in certain circumstances;
(d) Right to restriction of processing of personal data in certain circumstances, such as where the accuracy of the personal data is contested, or the processing is unlawful;
(e) Right to data portability by receiving personal data concerning the EU Individual or data which has been provided, in a structured, commonly used and machine-readable format, and the right to transmit that data to another organisation;
(f) Right to object to the processing of personal data in certain circumstances, including for the purposes of direct marketing; and
(g) Right not to be subject to automated decision-making (including profiling) where this has a legal effect on the EU Individual or significantly affects him/her. - Xcellen and the Clients agree to act on a request from an EU Individual without undue delay (within one month). Xcellen and the Clients will maintain records of how personal data is processed, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of data processors.
- Contact & Data Protection Officer
If at any time any person would like to contact us with their views about our privacy practices, or with any enquiry or request relating to their Personal Data, including but not limited to, the following:
(a) Any request to provide them with their personal data that is in our possession or control;
(b) Any enquiry on the ways in which their personal data has been or may have been used or disclosed by us within one year prior to the date of the enquiry; and
(c) Any request to correct an error or omission in their personal data,they should use one of the following means:
🢒 Email to our Data Protection Officer at smalhotra@xcellen.com or
🢒 Post to: Data Protection Officer
Xcellen Pte. Ltd. | 30 Cecil Street | #19-08 | Prudential Tower | 049712 | Singapore