Last Updated: 5th December 2025

This Privacy Policy (“Policy”) sets out how Roffe International Holdings Pte Ltd and BUZUD Pte Ltd (“BUZUD”, “we”, “us”, or “our”) collects, uses, discloses, stores, and protects personal data in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”) and all applicable healthcare, medical device, and data protection regulations.

This Policy applies to all individuals (“you” or “your”) who interact with BUZUD, including users of BUZUD’s medical devices, digital health applications, cloud services, websites, and customer support channels.

By accessing or visiting BUZUD online, or by registering as a user, or using BUZUD’s products or services, you consent to the collection, use, and disclosure of your personal data as described in this Policy.

1. Scope of this Policy

1.1 Application of this Policy

This Policy governs personal data collected through:

  • BUZUD medical devices, including but not limited to continuous glucose monitoring systems (“CGMS”), diagnostic devices, wearables, and associated accessories;
  • BUZUD mobile applications and web-based platforms;
  • BUZUD Medical System (BMS / iHIS) and related enterprise healthcare systems;
  • BUZUD websites, e-commerce platforms, and online services; and
  • Customer service interactions, including technical support and warranty claims.

This Policy applies regardless of whether the data is collected directly from you or through your authorised representative.

1.2 Third-Party Websites and External Services

BUZUD websites and applications may contain links to third-party websites or services that are not operated or controlled by BUZUD. This Policy does not apply to such external sites or services, and BUZUD is not responsible for their privacy practices or content. You are encouraged to review the privacy policies of those third parties separately.

2. Types of Personal Data Collected

2.1 General Personal Data

This includes, without limitation:

  • Full name, identification details (where applicable), and date of birth;
  • Contact information (telephone number, email address, residential address);
  • Account registration details and login credentials;
  • Payment information and transactional records;
  • Communications with BUZUD (emails, messages, call logs).

2.2 Health and Medical Device Data

When you use BUZUD medical devices or applications, we may collect and process health-related information and device-generated data, including:

  • Continuous glucose readings, trends, and historical data;
  • Physiological parameters (e.g., blood pressure, oxygen saturation, temperature);
  • Sensor identifiers, calibration data, usage metrics, and error logs;
  • Timestamped device logs, event markers, alerts, and predictive indicators;
  • User-entered notes or health information;
  • Device pairing and synchronisation records.

BUZUD treats health data and medical device data as requiring enhanced protection, and applies stricter access and security controls to such information.

2.3 Technical and Usage Data

Collected to ensure system performance, security, and compliance, including:

  • IP address, browser type, operating system, and mobile device identifiers;
  • Application usage logs, connectivity information (Bluetooth, Wi-Fi), and crash diagnostics;
  • Performance telemetry necessary for device and application reliability.

2.4 Cookies and Similar Technologies

When you access BUZUD websites or certain online services, we may use cookies, web beacons, and similar technologies to collect technical and usage information. These technologies help us:

  • Recognise you as a returning user;
  • Understand how our websites and services are used;
  • Improve site performance, security, and user experience;
  • Support certain features such as shopping cart, login sessions, and language preferences.

Most web browsers allow you to control cookies through your browser settings, including blocking or deleting cookies. However, disabling cookies may affect the functionality or availability of certain features on BUZUD websites.

2.5 Location Information (Android System Requirements)

Certain BUZUD applications may request access to location information. This is required primarily by the Android operating system to enable Bluetooth, Wi-Fi, and network-based functionalities necessary for connecting to BUZUD medical devices such as continuous glucose monitors (CGMs), insulin delivery devices, diagnostic devices, and other compatible equipment.

BUZUD does not use location information to track your movement, determine your physical location, or perform any form of geolocation analytics.

The types of location information processed may include:

  • Approximate or precise device location solely to satisfy Android system requirements for Bluetooth scanning and Wi-Fi operations;
  • Temporary system-level indicators needed to identify nearby medical devices for pairing and communication;
  • Network-related identifiers used for maintaining stable connectivity between BUZUD apps and registered medical devices.

BUZUD does not store, log, or retain location information, and does not share location information with any third parties. Location access is used strictly for functional device connectivity and not for advertising, analytics, or marketing purposes.

You may disable location permissions at any time through your device settings; however, doing so may prevent certain BUZUD devices from pairing or functioning properly on Android platforms, as such permissions are required by the operating system and not by BUZUD.

3. Purposes for Collection, Use, and Disclosure of Personal Data

BUZUD may collect, use, and/or disclose your personal data for the following purposes:

3.1 Provision of Medical Device and Digital Health Services

  • Operating, maintaining, and supporting BUZUD medical devices and applications;
  • Delivering glucose trends, alerts, analytics, and personalised health insights;
  • Synchronising data across devices and secure cloud platforms.

Use of Location Information for Device Connectivity

Where required by the Android operating system, BUZUD applications may use location permissions solely to enable Bluetooth and Wi-Fi scanning for the purpose of identifying, pairing, and maintaining communication with BUZUD medical devices. This use is strictly limited to functional connectivity and does not involve tracking, storing, or sharing your physical location. No location data is used for analytics, advertising, or any unrelated purpose.

3.2 Safety, Performance, and Regulatory Compliance

  • Ensuring the accuracy and proper functioning of medical devices;
  • Conducting post-market surveillance and incident reporting as required by the Health Sciences Authority (HSA);
  • Performing quality assurance, device improvements, and clinical evaluations.

3.3 Account and Customer Management

  • Setting up user accounts and managing device registrations;
  • Processing payments, orders, warranty claims, and customer support requests;
  • Communicating service updates, safety advisories, and important notices.

3.4 Internal Analytics and Product Development

  • Analysing anonymised or aggregated data for statistical, research, or operational purposes;
  • Improving device algorithms, software features, and system performance.
  • Complying with applicable laws, regulations, and lawful requests;
  • Investigating and resolving technical or security issues;
  • Enforcing BUZUD’s terms, conditions, and policies.

3.6 Marketing Communications

With your consent, BUZUD may use your contact information to send you marketing or promotional communications relating to BUZUD products, services, events, or initiatives. You may withdraw your consent or opt out of such communications at any time by using the “unsubscribe” facility in the communication or by contacting our Data Protection Officer (“DPO”).

Withdrawal of consent for marketing does not affect your use of BUZUD devices or core services.

Personal data will not be used for purposes other than those for which it was collected, unless you provide further consent or such use is permitted or required by law.

4. Data Storage and Hosting

All personal data and health data are stored exclusively on secure cloud infrastructure located in Singapore, specifically within AWS Singapore data centres.

BUZUD does not transfer personal data outside Singapore unless strictly necessary and in accordance with PDPA requirements.

5. Disclosure of Personal Data

BUZUD may disclose personal data to the following parties, only to the extent necessary for the purposes described:

5.1 Service Providers

Authorised third parties who support our operations, such as:

  • Cloud hosting providers;
  • Technical and maintenance service providers;
  • Data analytics, software, and cybersecurity vendors.

BUZUD does not disclose or share location information with any service providers or third parties, as the App does not store or process such information beyond what is required for device functionality.

Where you have authorised the sharing of your data with healthcare practitioners, caregivers, or third-party applications, BUZUD may disclose relevant data in accordance with your consent and instructions.

5.3 Regulatory and Governmental Authorities

Where required for compliance with safety reporting obligations, adverse event investigations, audits, or legal processes, including those undertaken by HSA or other competent authorities.

To protect your vital interests, enforce legal rights, respond to claims, or comply with applicable laws, regulations, or court orders.

5.5 Business Transfers

In the event of any merger, acquisition, restructuring, sale of assets, or other corporate transaction involving BUZUD or its related entities, personal data may be transferred as part of the transaction, subject to PDPA requirements and continued protection under this Policy or an equivalent policy providing comparable protection.

5.6 E-Commerce Transactions and Payment Processing

For purchases made via BUZUD’s online platforms, payment information may be processed by third-party payment processors or financial institutions. These parties process your payment data securely in accordance with industry standards.

6. Security of Personal Data

BUZUD implements robust administrative, physical, and technical safeguards, including:

  • Encryption of data at rest and in transit;
  • Strict role-based access controls;
  • Multi-factor authentication for administrative systems;
  • Secure coding practices and data segregation;
  • Continuous monitoring for vulnerabilities or unauthorised access;
  • Regular cybersecurity assessments and disaster recovery measures.

Despite these safeguards, no system can guarantee absolute security. You are encouraged to:

  • Keep login credentials confidential;
  • Use updated and authorised devices;
  • Avoid using rooted or jailbroken mobile devices;
  • Apply all firmware and software updates promptly.

7. Data Retention

BUZUD retains personal and health data only for as long as reasonably necessary to:

  • Fulfil the purposes for which the data was collected;
  • Support device functionality and clinical safety;
  • Comply with regulatory or legal obligations, including HSA post-market surveillance requirements.

Upon request, data may be anonymised or deleted, subject to regulatory constraints and BUZUD’s internal retention policies.

You may withdraw consent to the collection, use, or disclosure of your personal data at any time by contacting our DPO (see Section 12).

Withdrawal of consent may affect or disable:

  • The functionality of BUZUD apps or devices;
  • Data synchronisation and backups;
  • Access to health analytics, safety alerts, and customer support.

BUZUD will inform you of the likely consequences before processing your withdrawal request.

9. Access, Correction, Accuracy, and Portability

You may request:

  • Access to your personal data under our possession or control;
  • Correction of any inaccurate or incomplete personal data;
  • Export of your personal data in a machine-readable format, where technically feasible.

Such requests will be handled in accordance with PDPA requirements and may be subject to reasonable administrative fees permitted by law.

Accuracy of Personal Data

You are responsible for ensuring that any personal data you provide to BUZUD is accurate, complete, and up to date. You should promptly notify BUZUD of any changes to your personal data, so that our records remain current and accurate.

10. Anonymised Data

BUZUD may process anonymised or aggregated data for:

  • Research and development;
  • Statistical analysis;
  • Device performance evaluation;
  • Clinical and safety improvement initiatives.

Such data does not identify any individual and is not considered personal data under PDPA.

11. Children’s Data

For users under 18 years of age, parental or legal guardian consent is required before BUZUD collects, uses, or discloses personal or health data through BUZUD devices or applications.

BUZUD does not knowingly solicit or collect personal data directly from children without appropriate adult consent.

12. Contact Information – Data Protection Officer

For questions, requests, or concerns regarding your personal data or this Policy, please contact:

Data Protection Officer (DPO)
BUZUD Pte Ltd
Email: dpo@buzud.com

13. Updates to This Policy

BUZUD reserves the right to amend this Policy at any time. Any revisions will be published on the BUZUD website and/or notified through BUZUD applications.

Your continued use of BUZUD’s products and services after any changes to this Policy will constitute your acknowledgement and acceptance of the updated Policy.