Skip to Content

Privacy Policy

Our Privacy Policy

Clinico Hearing Asia Pte. Ltd.

Privacy Policy

Version: 1.0


This Privacy Policy explains how Clinico Hearing Asia Pte. Ltd. ("Clinico Hearing", "we", "us", "our") collects, stores, uses, discloses and otherwise processes personal data in Singapore pursuant to the Personal Data Protection Act 2012 (the "PDPA", as amended). 

It applies to personal data in our possession or under our control, including personal data held by third parties that process personal data on our behalf (our "data intermediaries").


  • Scope and relationship with other terms


    • This Privacy Policy applies to customers, prospective customers and other individuals whose personal data we process in connection with our hearing-care services, including assessments, device sales, fittings, repairs and after-sales support services.
    • This Privacy Policy operates in conjunction with any other relevant contractual terms, service forms, consent clauses and/or fair processing statements presented to you. In the event of any inconsistency, the more specific terms relating to the relevant product/service will prevail to the extent of the inconsistency.
    • This Privacy Policy does not limit or exclude your rights under the PDPA.


  • Key definitions


    • Customer: an individual who has contacted us to learn about our products or services, or who has entered, or may enter into a contract with us for such products or services.
    • Personal data: any data about an individual who can be identified (a) from that data, or (b) from that data and other information to which we have or are likely to have access.
    • Processing: any operation performed on personal data, including its collection, use, disclosure, storage, transfer, retention, deletion, and/or anonymization.
    • Data intermediary: a third party that processes personal data on our behalf and for our purposes.


  • What we collect


Depending on your interactions with us, we may collect, store and process the following categories of personal data:


  • Identity & contact: full name, NRIC/FIN/passport number (only where strictly necessary), date of birth, gender, nationality, addresses, email, and phone numbers.
  • Hearing-care & service: presenting concerns, audiological test results (e.g., audiograms), case notes, device fitting parameters, device models and serial numbers, warranty/repair history, and relevant lifestyle information you provide.
  • Transaction & logistics: order details, invoices, billing records, payment method identifiers (masked where practicable), delivery instructions, and appointment history.
  • Digital interactions: cookie or analytics identifiers, IP address, device/browser information, and usage data from our websites or online forms.
  • CCTV and call recordings: recordings from monitored premises and service lines for safety, training and dispute resolution.


NRIC policy: We avoid collecting full NRIC/FIN numbers or copies unless mandated  by law, or necessary to accurately verify identity to a high degree of fidelity (e.g., fraud prevention, high-value warranty claims /repairs, insurance processing), or otherwise permitted under the PDPA or other applicable laws/regulations including the PDPC’s Guidelines on NRIC and Other National Identification Numbers.

  • How we collect your data


We may collect your personal data: 

    • directly from you (e.g., booking forms, consultations, phone/WhatsApp/email communications, or in-store visits);
    • from your authorized representative (with appropriate authority);
    • from our systems/devices and services  that you use (e.g., hearing-aid service logs where applicable); and
    • from third parties (e.g., payment processors, logistics partners, manufacturers/repair centers) where permitted by applicable laws/regulations.
  • Purposes of processing


We may collect, store, process, use and/or disclose personal data for the following purposes:

    • Service delivery: scheduling and performing hearing assessments, fittings, device programming, repairs, servicing and after-sales support services.
    • Customer care: managing accounts, responding to enquiries/feedback, and maintaining ongoing relationship and communications.
    • Identity & eligibility checks: verifying identity; eligibility for warranties, recalls, support programs or promotions.
    • Payments & billing: processing orders, invoices, refunds, fraud control and chargeback handling.
    • Reminders & notifications: appointment confirmations, follow-ups, service recalls and maintenance reminders.
    • Quality, training & safety: call/CCTV review, staff training, incident investigation, security monitoring and fraud prevention.
    • Analytics & improvement: service quality measurement, product and process improvement using de-identified or aggregated data where feasible.
    • Marketing (with consent): informing you about relevant products/services, events, promotions and membership/rewards programs via channels you have consented to.
    • Compliance & risk management: complying with laws, regulations, professional standards, legal directory, codes and law-enforcement requests; audits; asserting and defending legal claims; enforcing our legal or contractual rights.
    • Other purposes: any other purpose notified to you and to which you have consented, or which are permitted or required by the PDPA or other applicable laws/regulations.
  • Legal bases under the PDPA


    • We generally rely on your consent for processing personal data.
    • We may process personal data without consent where permitted by the PDPA, including: (a) to comply with law or for investigations; (b) where clearly in your interests and consent cannot be obtained in a timely way; (c) deemed consent (by conduct or by notification) in accordance with statutory requirements and assessments; (d) the legitimate interests, after conducting the requisite assessment and implementing appropriate safeguards; or (e ) business improvement and research exceptions where applicable; where we rely on the business improvement or research exception under the PDPA, personal data will not be used to make decisions affecting any identifiable individual, and appropriate anonymisation or pseudonymisation measures will be implemented.
    • Where we rely on deemed consent or the legitimate interests, we will conduct and document the required assessment and implement reasonable measures to eliminate or mitigate likely adverse effects.
  • Marketing and Do-Not-Call (DNC)


    • We send marketing messages only with your consent, through channels you have selected  (e.g., email, SMS/MMS, phone, WhatsApp).
    • For voice calls, SMS/MMS or fax, we will check the relevant DNC Registers unless an exemption applies or you have provided clear and unambiguous consent to be contacted for such messages.
    • You may withdraw consent at any time (see Section 13).


  • Disclosures to third parties


We may disclose personal data to the following, for the purposes set out in Section 5:


  • Service providers and agents: IT hosting/maintenance, cloud providers, payment processors, logistics/delivery partners, call-center, marketing support, repair labs, or analytics support.
  • Affiliates and partners assisting in appointments, device repairs or after-sales support.
  • Professional advisers (including lawyers, auditors, insurers) and banks.
  • Public agencies, regulators and law-enforcement where required or authorized by laws or regulations.


We contractually require our data intermediaries to protect your personal data and process it only on our documented instructions and subject to appropriate confidentiality, security and deletion/return obligations. We conduct due diligence and periodic reviews of our service providers’ data-protection practices to ensure continued compliance with the PDPA.

  • Cross-border transfers


Where personal data is transferred outside Singapore (e.g., to overseas manufacturers/repair centers or cloud providers), we will ensure recipients provide a  comparable standard of protection =as required under the PDPA (e.g., through contractual clauses, certifications or other legally recognized transfer mechanisms) or otherwise ensure the transfer is permitted by applicable laws or regulations. We will obtain your consent where required.

  • Accuracy


We generally rely on the accuracy of the personal data you provide. Please keep us informed of any changes so that your data remains accurate and complete in relation to the purposes for which it is used.

  • Protection


We implement appropriate administrative, physical and technical safeguards to protect personal data, including

role-based access controls, encryption (where appropriate), secure configuration and patching, anti-malware,

network/application security, secure disposal, privacy-by-design practices, staff training and “need-to-know” restrictions with our personnel and service providers. While no method of transmission or system of storage is completely secure, we review and enhance our security practices on a regular basis.

We maintain an internal Data Protection Management Programme (DPMP) and conducts periodic staff training, risk assessments, and audits to ensure ongoing compliance with the PDPA.

  • Retention


We retain personal data only as long as necessary to fulfil the purposes in this Policy, or to satisfy legal, regulatory, tax, accounting or business requirements (including establishing, exercising or defending legal claims). When retention is no longer needed, we will delete, anonymize or de-identify the personal data in a reasonable manner.

  • Your choices: withdrawing consent / opting out


    • You may withdraw consent (including marketing consent) by writing to our DPO (see Section 19).
    • We will process your request as soon as reasonably practicable, generally within 30 calendar days, and inform you of any likely consequences (e.g., our inability to provide certain services).
    • Your withdrawal does not adversely affect our right to retain or process your personal data where permitted or mandated by the PDPA (e.g., to complete transactions, meet legal obligations or file legal claims).
  • Access and correction


    • You may request (a) access to your personal data in our possession or information about how it has been used or disclosed in the preceding 12 months; and/or (b) correction of inaccurate personal data.
    • Submit requests to our DPO (Section 19). We will respond as soon as reasonably possible. If we cannot respond within 30 calendar days, we will inform you in writing of the time by which we can respond.
    • We may charge a reasonable fee to process an access request.
    • In certain situations permitted under the PDPA, we may refuse access/correction (e.g., unreasonable, frivolous or vexatious requests; requests that would reveal another person’s data or confidential commercial information; or where prohibited by law). Where we are permitted to do so, we will provide our reasons.
  • Notifiable data breaches


    • We maintain and regularly test a data breach response plan.
    • If a data breach occurs, we will assess whether it meets the PDPA notification criteria  (e.g., significant harm or large-scale impact).
    • Where notifiable, we will report the data breach to the Personal Data Protection Commission (PDPC) as soon as practicable but no later than three (3) calendar days of determination , and notify affected individuals where required, as soon as practicable (at the same time or after notifying the PDPC).
    • We will document our assessment and actions taken, and implement appropriate remedial measures.


  • Cookies and online technologies


We may use cookies and similar technologies on our websites/forms to enable core functionality, remember preferences and perform analytics. You may adjust your browser settings to block or disable cookies, though this may affect site functionality.


  • CCTV and call recordings


Our premises may be monitored by CCTV and our calls may be recorded for safety, training, quality assurance and dispute resolution. Recordings are protected and retained in line with Sections 11–12 and disclosed only where permitted by applicable laws or regulations.

  • Minors and representatives


If you are under 18, please ensure your parent or legal guardian provides or authorizes consent where required. We do not knowingly collect data from minors without such consent. If

you submit another person’s personal data to us, you confirm you are duly authorized to do so.


  • Contacting our Data Protection Division

Clinico Hearing Asia Pte. Ltd.

Email: [email protected]

Postal: Level 42, Suntec Tower Three, 8 Temasek Boulevard, Singapore 038988


  • Changes to this Privacy Policy


We may amend this Privacy Policy from time to time to reflect legal or operational changes. The effective date above shows the latest revision. Your continued engagement with us after changes take effect constitutes your acknowledgement and acceptance of the updated Privacy Policy.


By submitting this form, you acknowledge that you have read and understood our Privacy Policy herein.