Privacy Statement

Last Updated: 15 August 2025

This Privacy Statement applies to Longevity & Lifestyle Medical Pte. Ltd. and Morrow Health Pte. Ltd. (collectively referred to as “we”, “our” or “us”), companies incorporated in Singapore. We are committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA).

This Privacy Statement explains how we collect, use, disclose, store and protect your personal data when you use our websites, applications and services.

1. Scope

This Privacy Statement applies to

  • Visitors to our websites

  • Individuals who register or use our services

  • Users of our applications

This Privacy Statement does not apply to individuals who liaise with us purely in the course of business, such as vendors or suppliers.

2. Personal Data We Collect

We collect only the personal data necessary for our purposes, including

(a) Website visitors

  • Name, if provided

  • Email address, if provided via forms

  • IP address, browser or device type, cookies

(b) Customers booking or receiving services

  • Full name, email address, mobile number, postal address

  • Date of birth, gender

  • Information such as questionnaires, results, relevant data

  • Booking and payment details

(c) App users

  • All customer information above

  • Device ID, app usage data

  • Optional self-reported wellness metrics or wearable data, if provided

(d) Transactional data

  • Service bookings and history

  • Payment method, stored only in tokenised form

  • Invoices and receipts

We may collect Singapore NRIC numbers where required by law or where it is necessary to accurately verify identity for safety, operational accuracy or service fulfilment. This includes, for example, identification for laboratory requests and specimen labelling to ensure correct matching of results.

3. How We Use Your Personal Data

We may use your personal data for the following purposes

  1. To provide and manage our services to you

  2. To personalise recommendations and programmes

  3. To process bookings, payments and customer support requests

  4. For internal analytics, service improvement and quality assurance

  5. To send service-related communications

  6. To send marketing messages where you have given consent

  7. To support research and development purposes, including innovation in our services, subject to appropriate oversight and safeguards

  8. To comply with legal and regulatory requirements

4. Disclosure of Personal Data

We may share your personal data with

  • Our related companies and affiliates

  • Service providers such as IT hosting, payment processing, analytics and marketing platforms

  • Professional advisers including legal, accounting and compliance professionals

  • Government authorities, if required by law

  • Partners who support or contribute to the delivery, improvement, or advancement of our services

We do not sell your personal data. We remain the data controller at all times, and any sharing with third parties is subject to PDPA-compliant safeguards and appropriate oversight.

5. Storage and Cross-Border Transfers

Your personal data is primarily stored in Singapore, including on Microsoft 365 and Amazon Web Services (AWS) Singapore data centres.

For disaster recovery purposes, certain data may be securely stored in AWS United States. In such cases, we ensure the recipient provides a standard of protection comparable to that under the Singapore PDPA.

6. Retention of Personal Data

We retain personal data as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal, operational and safety obligations. In some cases, data may be retained longer when needed to support follow-up services, long-term records, or research, subject to appropriate safeguards.

When no longer needed, we securely delete or anonymise it in a secure manner.

7. Your Rights

Under the PDPA, you have the right to

  • Access your personal data

  • Correct your personal data

  • Withdraw consent for our use or disclosure of your personal data

  • Request deletion of your personal data, where applicable

You may submit these requests through our electronic form at https://wkf.ms/4oDLCwW.

We aim to respond within 30 days. Certain requests may be subject to a reasonable administrative fee or lawful exceptions.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website, analyse traffic and improve your experience. You can adjust your browser settings to block or delete cookies, but some features may not function as intended.

9. Security of Personal Data

We take reasonable physical, technical and administrative measures to protect your personal data. These include

  • Encryption of data in transit and at rest where appropriate

  • Access controls and authentication measures

  • Staff training on data protection obligations

  • Regular review of security practices

In alignment with Singapore Ministry of Health guidance, we also follow best practices such as prompt software updates, controlled access to sensitive data, regular backups, incident preparedness, secure data disposal and periodic security reviews.

While we strive to protect your personal data, no method of storage or transmission is completely secure.

10. Changes to This Privacy Statement

We may update this Privacy Statement from time to time by posting the revised version on our website, with the “last updated” date clearly indicated.

Your continued use of our websites, applications and services after any changes means you accept the revised Privacy Statement.

11. Contact Us

For questions about this Privacy Statement or our personal data practices, please submit an enquiry via our electronic form at https://wkf.ms/4oDLCwW.

Get Started

Get Started

Get Started