

This Policy sets out the commitment of Santen Pharmaceutical Asia Pte. Ltd. (“Santen”) to collect and process personal information and sensitive personal information (collectively, "personal data") in accordance with the applicable laws and regulations on data privacy, including the Singapore Personal Data Protection Act 2012 ("PDPA") and its implementing rules and regulations ("PDPA IRA").
Definitions of certain terms used in this Policy are in Schedule 1.
The PDPA exempts from its application or does not apply to certain personal data and their collection and processing (see Schedule 2). These data and activities are not covered by this Policy.
We may be able to obtain personal data in various ways. These include where a natural or juridical person -
Where personal data is publicly available, we may be able to collect the data from such public sources, including any online presence you may have. On the categories of personal data we collect and process, this would be the data that you or other data subjects provide to us, such as your name, address, email address, telephone number, age, marital status, information issued by government agencies, and other information that may be used to enter into or help perform a contract we have with you, provide you with products and services, communicate with you, or meet any of the purposes set out Clause 4.
Insofar as you disclose personal data when accessing or visiting the Santen Pharmaceutical Asia Pte. Ltd. website, we may process such personal data as well. Further, we may collect and process information that is normally collected as a standard part of your browsing activity. This may include your IP-address, access times, system activity, cookies, device identifier and hardware information, and other log information that is collected when you browse or visit our sites and accounts.
We collect and process personal data for the purposes (i) for which you have provided the data or made ii otherwise available to us or to the public, and to enable us to fully and efficiently achieve those purposes, (ii) as allowed by applicable law, and (iii) those purposes specified in Clause 4 (collectively, the "Purposes").
Recipients of personal data that we collect include persons within Santen Pharmaceutical Asia Pte. Ltd. (including any affiliates or related companies), and third parties to whom we have outsourced or may outsource certain business or operating activities, advisers, suppliers, and service providers, in order to achieve the Purposes. Some of these entities may be outside Singapore, so that transfer of data will be cross-border. We may also disclose information, whether intended to be kept confidential or not, upon lawful request by a governmental authority, in response to a court order, or when required by applicable law. Please see Clause 4 for more information about persons to whom personal data may be transferred or shared.
We may amend or update this Policy. You agree to be bound by the prevailing terms of this Policy as updated from time to time, upon the amendment or supplement being published on our website or otherwise advised to you. Please check our website regularly for updated information about, or amendments or supplements to, the Policy.
Under the PDPA, data subjects have the following rights:
We have taken appropriate security measures to protect your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, and processing practices, as well as physical security measures to protect your information against unauthorized access. As part of our efforts to ensure your information is protected, we restrict access to personal data to personnel who would need that information to perform their functions.
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Please note that under applicable law, not all personal data breaches are notifiable.
The Data Protection Officer (DPO) is the individual principally responsible for ensuring Santen Pharmaceutical Asia Pte. Ltd. 's compliance with applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the supervision and enforcement of this Policy, and the relevant contact details are as follows:
Data Protection Officer Email dpo_sg@santen.asia
Definitions
Whenever used in this Policy, the following terms shall have the respective meanings as set forth below:
"Business Day'' means any day that Singapore banks are open for business,
"PDPA" means the Singapore Personal Data Protection Act 2012 and its implementing rules and regulations, as well as the circulars issued by the Personal Data Protection Commission Singapore from time to time.
"Person" means any natural or juridical person.
"Personal data" means personal information and sensitive personal information.
"Personal information" refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual;
"Policy" means this data privacy policy as may be amended, modified or supplemented from lime to lime.
"Processing" refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating, or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
"Sensitive personal information" refers to personal information: (1) about an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (2) about an individual's health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; (3) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; or (4) specifically established by an executive order or an act of Congress to be kept classified.
Construction
Whenever the word, "include," "includes" or "including" are used in this Policy, they shall be deemed to be followed by the words "without limitation".
The meaning assigned to each term used here will be equally applicable to both the singular and plural forms of such term, and the words denoting any gender shall include all genders.
This Policy does not apply to the following information: