Somnus Sleep Wellness
Effective Date: 01 October 2025
Version: 1.0

1. Introduction

This Privacy Policy explains how Somnus Sleep Wellness ("we," "us," "our," or "Somnus") collects, uses, discloses, and protects your personal data when you use our website at somnuswellness.com, our online learning platform at somnuswellness.launchlms.com, and our sleep health screening and wellness services at somnuswellness.com.sg (collectively, the "Services").

Legal Entity: Somnus Sleep Wellness Pte. Ltd. (UEN 202230343W)

We are committed to protecting your privacy and handling your personal data in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection laws.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

  • Personal Data: Information about an individual who can be identified from that data, or from that data combined with other information.

  • Sensitive Personal Data / Health & Wellness Data: Information relating to your physical or mental health, sleep patterns, screening responses, risk assessments, psychological evaluations, and any other health-related information you provide to us.

  • User / Client / Participant: Any person who accesses or uses our Services.

  • Data Intermediary: A third party that processes personal data on our behalf.

  • Third Party: Any person or entity other than you or us.

  • Consent: Your voluntary agreement to the collection, use, or disclosure of your personal data for specified purposes.

3. Data Protection Officer & Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

Email: eric@somnuswellness.com
Phone: +65 9834 0308
Address: 33 Oxford Road #03-02, Singapore 218816

4. Personal Data We Collect

We collect the following categories of personal data:

4.1 Basic Identifiers

  • Full name

  • Email address

  • Phone number

  • Date of birth

  • Gender

  • Postal address (if provided)

4.2 Health, Wellness & Sleep Data

  • Sleep screening questionnaire responses

  • Sleep patterns, habits, and history

  • Information about sleep difficulties or disorders

  • Risk assessment results

  • Mental health and psychological wellness information

  • Therapy session notes (if you engage our therapy services)

  • Any other health information you voluntarily provide

This is sensitive personal data. We only collect this information with your explicit consent and for the specific purposes outlined below.

4.3 Usage Data

  • IP address

  • Browser type and version

  • Pages visited and time spent

  • Referring website

  • Device identifiers

  • Cookies and similar tracking technologies (see Section 7)

4.4 Payment & Billing Information

  • Credit/debit card details (processed by third-party payment processors)

  • Billing address

  • Transaction history

4.5 Communications & Feedback

  • Messages you send us

  • Feedback, reviews, and testimonials

  • Support inquiries

4.6 Sources of Data

We collect personal data:

  • Directly from you (registration forms, questionnaires, communications)

  • Automatically through your use of our website (cookies, analytics)

  • From third parties (payment processors, analytics providers) as necessary to provide Services

5. Purpose of Collection, Use & Disclosure

We collect and use your personal data for the following purposes:

5.1 Service Provision

  • To provide sleep health screening services and generate personalized reports

  • To deliver therapy, counseling, and psychological support services

  • To provide access to our online courses and learning materials

  • To monitor your progress and wellness outcomes

  • To communicate with you about your services and appointments

5.2 Analytics & Service Improvement

  • To analyze usage patterns and improve our Services

  • To conduct research and development (using anonymized or aggregated data)

  • To ensure the security and proper functioning of our website and systems

5.3 Marketing & Communications

  • To send you newsletters, updates, and promotional materials (only with your consent)

  • To inform you of new services, features, or offerings

  • You may opt out of marketing communications at any time

5.4 Legal & Administrative

  • To comply with legal obligations and regulatory requirements

  • To enforce our Terms & Conditions

  • To protect our rights, property, and safety, and that of our users

5.5 Disclosure to Third Parties

We may disclose your personal data to:

  • Service Providers & Data Intermediaries: Cloud hosting providers, analytics platforms (e.g., Google Analytics), payment processors, email service providers, and IT support services that help us operate our Services

  • Healthcare Professionals: If you engage our therapy services and we need to consult with or refer you to other licensed clinicians (only with your consent or as legally required)

  • Legal Authorities: When required by law, court order, or regulatory authority

  • Business Transfers: In the event of a merger, acquisition, or sale of assets (your data may be transferred subject to equivalent privacy protections)

We do not sell your personal data to third parties. All third-party service providers are contractually bound to protect your data and use it only for the purposes we specify.

6. Legal Basis & Consent

6.1 Consent for Sensitive Data

Because we collect and process sensitive health and wellness data, we rely on your explicit consent as our primary legal basis.

When you register for our Services or complete a sleep screening, you will be asked to provide clear, affirmative consent by:

  • Checking a consent box

  • Completing an online form with consent language

  • Signing a consent document (for in-person services)

6.2 What Happens Without Consent

If you do not provide consent for us to collect and process your sensitive personal data, we will not be able to provide you with our sleep screening, therapy, or personalized wellness services. You may still access general informational content on our website.

6.3 Withdrawal of Consent

You may withdraw your consent at any time by contacting our Data Protection Officer (see Section 3). Upon withdrawal:

  • We will cease processing your sensitive personal data for the purposes you've withdrawn consent for

  • We may retain certain data as required by law or for legitimate legal purposes

  • You may lose access to certain Services that require this data

7. Cookies, Tracking & Analytics

7.1 What We Use

Our website uses cookies and similar tracking technologies, including:

  • Essential Cookies: Required for the website to function (e.g., session management, security)

  • Analytics Cookies: Google Analytics and similar tools to understand how users interact with our site

  • Marketing Cookies: To deliver relevant advertisements (only with your consent)

7.2 Your Choices

You can control cookies through your browser settings. However, disabling essential cookies may affect your ability to use certain features of our website.

To opt out of Google Analytics: Google Analytics Opt-out Browser Add-on

8. Data Retention, Deletion & Archival

8.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Screening Results & Health Data: 7 years from your last interaction with our Services, or as required by applicable healthcare record-keeping regulations

  • Account Information: Until you request deletion or 3 years of inactivity

  • Usage Logs: 18 months

  • Financial Records: As required by Singapore tax and accounting laws

8.2 Anonymization & Deletion

After retention periods expire:

  • We will anonymize data for research and statistical purposes (removing all identifiable information), or

  • Permanently delete data from our systems

8.3 User-Requested Deletion

You may request deletion of your personal data at any time by contacting us (see Section 3). We will respond within 30 days. Note that we may retain certain data where legally required or for legitimate legal claims.

9. Access & Correction Rights

9.1 Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a commonly used format.

9.2 Right to Correction

If your personal data is inaccurate, incomplete, or outdated, you may request that we correct it. You can update most information directly through your account settings.

9.3 How to Request

Submit requests to our Data Protection Officer (see Section 3). We will respond within 30 days and may charge a reasonable fee for complex or repeated requests, as permitted by law.

10. Cross-Border Data Transfers

10.1 International Transfers

Your personal data may be transferred to, stored, or processed outside of Singapore, including in countries that may not have equivalent data protection laws. This may occur when:

  • Our cloud hosting providers operate servers in other jurisdictions

  • We use international analytics or service providers

10.2 Safeguards

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses approved by data protection authorities

  • Adequacy decisions (transfers to countries with adequate data protection)

  • Encryption in transit and at rest

  • Contractual obligations requiring third parties to maintain equivalent protections

11. Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest

  • Access Controls: Role-based access restrictions; only authorized personnel can access sensitive data

  • Infrastructure Security: Secure servers, firewalls, intrusion detection systems

  • Regular Audits: Penetration testing and security audits

  • Staff Training: All staff with access to personal data are trained on confidentiality and data protection obligations

  • Third-Party Compliance: Our service providers are required to maintain equivalent security standards

While we take all reasonable precautions, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

12. Data Breach Notification

12.1 What Constitutes a Breach

A data breach occurs when there is unauthorized access, collection, use, disclosure, copying, modification, or disposal of personal data.

12.2 Our Response

In the event of a data breach that is likely to result in significant harm to you:

  • We will notify the Personal Data Protection Commission (PDPC) as soon as practicable, and no later than 3 days after becoming aware of the breach

  • We will notify affected individuals without undue delay if the breach is likely to result in significant harm or impact

12.3 What We'll Tell You

Notifications will include:

  • The nature of the breach

  • The personal data involved

  • Steps we are taking to mitigate harm

  • Recommended actions you should take

  • Our contact information for further inquiries

13. Your Rights Under the PDPA

You have the following rights regarding your personal data:

13.1 Right to Withdraw Consent

You may withdraw consent for the collection, use, or disclosure of your personal data at any time (see Section 6.3).

13.2 Right to Object to Direct Marketing

You may opt out of receiving marketing communications by:

  • Clicking "unsubscribe" in our emails

  • Contacting us directly

  • Updating your communication preferences in your account settings

13.3 Right to Erasure

You may request deletion of your personal data, subject to legal retention requirements.

13.4 Right to Data Portability

You may request your personal data in a structured, commonly used, machine-readable format (where technically feasible).

13.5 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with the PDPA, you may lodge a complaint with:

Personal Data Protection Commission (PDPC)
Website: https://www.pdpc.gov.sg
Email: info@pdpc.gov.sg

14. Third-Party Services & External Links

14.1 Third-Party Providers

We use third-party services to support our operations:

  • Website Analytics: Google Analytics

  • Payment Processors: HitPay

  • Email Service: MailChimp

  • Website Hosting: Squarespace, Acadle, domainregistration Singapore

Each third party has its own privacy policy governing how they handle your data. We encourage you to review their policies.

14.2 External Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to read their privacy policies before providing any personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services.

15.1 How We'll Notify You

  • We will post the updated Privacy Policy on our website with a new "Effective Date"

  • For material changes, we will notify you via email or a prominent notice on our website

  • Continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy

15.2 Version History

You can request previous versions of this Privacy Policy by contacting us.

16. Limitations & Disclaimers

16.1 Not a Contract

This Privacy Policy describes our data handling practices but does not create any contractual rights or obligations beyond those required by law.

16.2 No Absolute Security

While we implement robust security measures, we cannot guarantee that unauthorized access, hacking, data loss, or breaches will never occur. You use our Services at your own risk.

16.3 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.

17. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of the Republic of Singapore. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the Singapore courts.

Privacy Policy