Privacy-aware handling of personal data for health and care services.

General Privacy Information

This privacy notice explains how Numora collects, uses and protects personal data when you interact with our website vdrift.digital or receive services at our facility located at Holland Avenue, Singapore, 278997. The policy describes the categories of data processed, the purposes for processing, legal bases where applicable, retention practices, security measures and the rights available to data subjects. Contact details for privacy queries are included below.

04-01-2026 Numora, Business ID S2756383A, Holland Avenue, Singapore, 278997 Numora, Holland Avenue, Singapore, 278997 [email protected]

Key Definitions

The following terms are used in this policy to describe common concepts related to personal data handling and user interactions with our services.

Personal data: any information that identifies or can be used to identify a natural person, such as name, contact details, identification numbers, health-related notes provided for care, and service history. Processing: any operation performed on personal data, including collection, storage, organization, adaptation, retrieval, disclosure, erasure and analysis. User: a visitor to vdrift.digital, a prospective client, a resident or an authorized representative of a resident receiving services at Numora. Service: retirement sanatorium and wellness care offerings provided by Numora, including accommodation, clinical support, rehabilitation services, therapy sessions and related administrative functions. Cookies: small files or identifiers stored by a browser or device used to recognize returning devices, remember preferences and support site analytics and functionality.

Data We Collect

We collect data provided directly by users, data collected automatically during interaction with our website, and data obtained from third-party service providers or partners for specific operational purposes.

Data You Provide Directly

When you contact us, register interest, book a service or complete forms, we may collect the following types of information:

Contact details: full name, email address, postal address and telephone number.
Identification and administrative details: date of birth, emergency contact, national identity where required for records, and Business ID for corporate contacts.
Health and care-related information: medical conditions, medications, care preferences and notes necessary to plan appropriate services. Collection is limited to information relevant to care delivery.
Payment and billing information: payment card data or bank details provided to complete transactions or invoices, processed securely through approved payment processors.
Service interactions and consent records: preferences, consent choices, service agreements and feedback provided about our services.
Communications and support requests: messages, enquiries and correspondence with our staff or support team.

Data Collected Automatically

When you access vdrift.digital we may automatically collect certain technical and usage information to maintain and improve the website and to support security and analytics:

Device and browser information: browser type, operating system, device model and screen resolution.
Usage data: pages visited, time and date of access, referral URLs, click patterns and session duration.
IP address and approximate location data derived from IP.
Analytics and performance data collected through cookies and similar technologies.
Error and diagnostic information used to detect and resolve technical issues.
Security-related events such as failed login attempts or suspicious activity indicators.

Data From Third Parties

We may receive information about you from third parties where permitted or required for service provision and operations. Examples include:

Referrals from healthcare professionals or community partners supplying care-relevant records with appropriate consent.
Payment and billing providers who supply transaction confirmations and fraud prevention signals.
Analytics and advertising partners for aggregated usage reporting and technical performance data.

Purposes of Processing

We use personal data for limited operational, legal and administrative purposes relevant to the delivery of retirement and wellness services and the operation of our website:

To provide, administer and manage bookings, care plans, therapies and accommodation at Numora.
To communicate with you about appointments, service updates, billing and administrative matters.
To process payments, manage invoices and fulfil contractual obligations between you and Numora.
To comply with legal and regulatory requirements related to health, safety and the operation of care facilities in Singapore.
To improve our services and website through aggregated analytics and user feedback, supporting better operational decisions.
To protect the security of our systems, detect and prevent fraud or misuse and maintain records of incidents.
To handle requests, complaints and enquiries from users and regulators in a timely manner.
To keep records for reasonable business, compliance and historical needs where required by law.

Legal Bases for Processing (where applicable)

Depending on the nature of the data and the jurisdiction, processing may rely on one or more lawful bases:

Performance of a contract: processing necessary to provide services you have requested, such as bookings and care delivery.
Legal compliance: processing required to meet statutory or regulatory obligations related to health, safety or record-keeping.
Legitimate interests: processing for security, fraud prevention, internal management and service improvement where these interests are balanced with individual rights.
Consent: where explicit consent is requested to process special categories of data, such as certain health information, consent will be recorded and managed.

Cookies and Tracking Technologies

We use cookies and similar technologies to support site functionality, remember preferences and analyse site performance. You can control cookie settings via your browser or through available preference controls on the site.

Types of cookies used include essential cookies required for site operation, performance cookies for analytics, functional cookies for saved preferences and optional marketing cookies used in aggregated advertising contexts.

Essential: required for core functionality. Performance: used for anonymous analytics. Functional: store language and display preferences. Marketing: used for aggregate audience insights; marketing cookies are not used to profile individuals without consent.

Most browsers allow you to block or delete cookies. Changes may affect site functionality. For cookie preferences offered on the site, adjust settings through the cookie preference tool or consult your browser help for cookie controls.

Full cookie policy and preference management

When We Share Data

We share personal data only as necessary and in alignment with the purposes described. Recipients may include service providers, regulatory authorities and partners involved in care delivery.

Healthcare partners and professionals involved in coordinated care, where sharing is necessary for treatment and where consent or lawful basis exists.
Payment processors and business institutions for billing, refunds and fraud prevention.
IT and cloud service providers who host or maintain our systems and who process data under contract and confidentiality safeguards.
Regulators, auditors or law enforcement when disclosure is required by applicable laws or for public interest reasons.
Professional advisers such as legal or accounting firms for compliance and corporate governance matters.
Aggregate or anonymized datasets shared with research or operational partners where individuals cannot be identified.

International Data Transfers

Personal data may be transferred to service providers or partners located outside Singapore where required to operate the service. Transfers are managed with appropriate safeguards and contractual protections to maintain an adequate level of protection for the data.

Safeguards may include standard contractual clauses, data processing agreements, and assessments of third-party security measures. We seek to ensure that transfers comply with applicable legal requirements.

Data Retention

We retain personal data only for as long as necessary for the purposes described, to meet legal obligations and to maintain records for legitimate business needs.

Account and client records: retained for the duration of the service relationship and for a period thereafter determined by business needs and regulatory requirements, typically several years for business and health records.

Communications: retained for a reasonable period to resolve queries and for record-keeping, normally up to a few years unless longer retention is required by law.

System logs and diagnostics: retained for a limited period to support security, typically months to a few years depending on operational needs and legal obligations.

When data is no longer required, we will securely delete or anonymize it subject to technical feasibility and legal requirements.

Security Measures

Numora employs administrative, technical and physical measures designed to protect personal data against unauthorized access, disclosure, alteration or destruction. Security practices are reviewed periodically to align with current standards and operational needs.

Access controls and role-based permissions limiting access to personal data to authorized staff only.
Encryption for data in transit and where appropriate for stored data, along with secure authentication protocols.
Regular backups, monitoring, vulnerability assessments and incident response procedures to detect and respond to security events.

User Rights and How to Exercise Them

If you wish to exercise any of the rights described in this policy, please contact us with sufficient information to identify the data and the action requested. Requests will be processed in accordance with applicable law and internal procedures.

To make a request, provide details and a copy of a form of identification so we may verify your identity before taking action.
We will acknowledge requests and aim to respond within the timeframe required by applicable law, and may request additional information where necessary to fulfil the request.
If we are unable to comply fully with a request (for example, due to legal obligations or overriding legitimate interests), we will explain the reasons and any available alternatives.
If you remain unsatisfied with our response, you may contact supervisory authorities in the relevant jurisdiction for further guidance.
Right to restriction of processing — you may request limitation of how we use certain personal data while a dispute or verification is in progress.
Right to portability — when applicable, you may request a copy of personal data in a commonly used, machine-readable format to transmit to another provider.
Right to object — you may object to processing based on legitimate interests or direct marketing and we will review the request in accordance with applicable law.
Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time without affecting processing carried out prior to withdrawal.

How to exercise your privacy rights

To submit a request to access, correct, delete, restrict or port your personal data, contact Numora using the contact details below or the web form on vdrift.digital. Please provide enough information to verify your identity and to describe the request clearly. For requests related to specific bookings or program records, include booking reference or program name where available. We will only process requests that are verifiable and limited to the scope described.

[email protected]

We aim to acknowledge receipt of verifiable requests promptly and to provide a substantive response within 30 days. In complex cases or where additional verification is required, the response period may be extended; we will inform you if more time is required and explain the reason.

Marketing communications

Numora may use contact information to send information about relevant programs, offers and events for the Retirement Sanatorium and Wellness Care Programs. Communications are based on legitimate interest, consent where required, and business contact preferences. Marketing messages will include an easy way to opt out.

To stop receiving marketing communications, follow the unsubscribe link in any marketing message, update your preferences in your account on vdrift.digital, or contact us directly. Processing of unsubscribe requests may take up to five business days to take full effect.

Children and minors

Our services are intended for adults. We do not knowingly collect personal information from children under 16 without verified parental or guardian consent. If we become aware that we have collected personal data from a person under the applicable minimum age without authorization, we will take steps to delete the information in accordance with applicable law.

Third-party links

Our website and communications may contain links to third-party sites and services. Numora is not responsible for the privacy practices or content of those third parties. Review the privacy policies of linked sites before providing personal information.

Changes to this privacy policy

We may update this privacy policy to reflect changes in law, our practices, or services. Material changes will be posted on vdrift.digital with an updated effective date. Continued use of our services after publication of changes constitutes acceptance of the revised policy where permitted by law.