1.1 The Customer consents, agrees and acknowledges that:

(a) the City Osteopathy & Physiotherapy Group Pte Ltd (“Company”) and/or any of its Affiliate(s) may collect, use and/or Process Personal Data relating to the Customer, including, without limitation, the customer’s application, address, references, bank details, health records, next of kin, and other records (which may, where necessary, include data relating to their health and medical condition), for administration, management and/or evaluative purposes, corporate group reporting and administration;

(b) the Company and/or any of its Affiliate(s) may disclose and/or transfer the Customer’s Personal Data, including transfer to foreign jurisdictions outside Singapore, to: (i) advisers and third party service providers for the rendering of goods or services and/or conduct of legitimate business activity (including, without limitation personnel administration, management and/or evaluative purposes), for the purposes set out in sub-paragraph (a) or for Processing of the Customer’s Personal Data; (ii) any competent legal and/or regulatory authority and law enforcement agencies as may be required under applicable law; and (iii) the Company’s and/or any of its Affiliate(s)’ respective successor-in-title, prospective seller or buyer of any part or the whole of our business, in connection with a merger, acquisition or sale of any part or the whole of the Company’s and/or any of its Affiliate(s)’ business;

(c) the Customer’s and/or any of its Affiliate(s)’ right of access to and correction of their Personal Data that is in the possession or control of the Company and/or any of its Affiliate(s) shall be as prescribed by applicable law; and

(d) the Company and/or any of its Affiliate(s) may retain the Customer’s Personal Data as may be necessary or desirable to comply with applicable law, and for such period of time as may be reasonably required by the Company and/or any of its Affiliate(s) in accordance with relevant circumstances, including where required, with third parties appointed by the Company and/or any of its Affiliate(s) under formal agreements to act as custodians of their Personal Data, or for Processing of the same by such third parties, in each case subject to confidential agreements under which the Company and/or any of its Affiliate(s) will exercise control and require standards as to safekeeping.

The foregoing statement where contained in this Agreement as executed by the Customer shall stand as their formal consent to the above arrangements and terms as it relates to their Personal Data.

1.2 The Company reserves the right to update its data protection arrangements including, without limitation, and issuing of further notices, guidelines or policies as may be required by it or by law or as may be relevant from time to time. The Customer agrees to abide by such updates and, generally, where necessary, agree to respond promptly to any requests for further consents (whether by ad hoc request or by way of such updates) as to the use of their Personal Data as required by the Company from time to time whether the same is issued via email, circular or other means, each of which the Customer acknowledges and accepts is a valid method of seeking and obtaining their further consent.

1.3 The following words in this Clause shall be defined as follows:

(a) “Affiliate” means, in relation to the Company, any person directly or indirectly Controlled by, or Controlling of, or under common Control with the Company;

(b) “Control” means the possession by a person directly or indirectly, of (a) the legal and beneficial ownership of more than 50% of the voting shares of another person; or (b) the power to secure, directly or indirectly, (whether by the holding of shares, possession of voting rights or by virtue of any other power conferred by the articles of association, constitution, partnership deed or other documents regulating another person or otherwise) that the affairs of such other person are conducted in accordance with their or its wishes and “Controlled” and “Controlling” shall be construed accordingly;

(c) “Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which the Company has or is likely to have access; and

(d) “Process”, in relation to Personal Data, means: (i) to carry out any operation or set of operations in relation to Personal Data, and includes recording, holding, organisation, adaptation/alteration, retrieval, combination, transmission and erasure/destruction; (ii) to copy, use, access, display, run, store review, manage, modify, transform, translate, extract components into another work, integrate or incorporate as part of a derivative work, and (iii) to permit others to do (i) and (ii).

(e) “Processing” shall have the corresponding meaning as a noun for the same.