- Section 43A of India’s Information Technology Act, 2000;
- Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); and
- Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
- The type of information collected from the Users, including sensitive personal data or information;
- The purpose, means and modes of usage of such information; and
- How and to whom Medfone will disclose such information.
2.Collection of Personal Information
Generally, some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:
- Your full name, email address, postal code, password and other information you may provide with your account, such as your gender, mobile phone number and Platform.
- Your preferences and settings such as time zone and language.
- Information you provide through our Services, including (but not limited to) your health advisory, health tips, blogs, reviews, ratings and other information.
- Your search and browsing activities.
- Data regarding your usage of the services and history of the appointments made by or with you through the use of Services;
- Other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters).
- Details of your use of our Services.
- Our Platform may collect real-time information about the location of your device, as permitted by you.
The information collected from you by Medfone may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules. Personal information is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
The SPI Rules further define “sensitive personal data or information” of a person to mean personal information about that person relating to:
- Financial information such as bank accounts, credit and debit card details or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information;
- Information received by body corporate under lawful contract or otherwise;
- Visitor details as provided at the time of registration or thereafter; and
- Call data records.
Information that is freely available in the public domain or accessible under the Right to India’s Information Act, 2005 or any other law will not be regarded as personal information or sensitive personal data or information.
3.1 All User Notes
This section applies to all Users.
3.1.3 All the information provided to Medfone by a User, including sensitive personal information, is voluntary. You understand that Medfone may use certain information of yours, which has been designated as ‘sensitive personal data or information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for internal research, statistical analysis and business intelligence purposes, for (c) continuous improvement of customer satisfaction. Under no circumstance, sensitive personal data thus categorized shall be shared with a third party, affiliate for either commercial or non-commercial purposes other than in response to an inquiry by government agencies and regulators within India.
3.1.4 Medfone also reserves the right to use information provided by or about the End-User for the following purposes:
- Publishing such information on the Platform for the purpose of efficient service delivery.
- Contacting End-Users for offering new products or services.
- Contacting End-Users for taking product and service feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practice information.
3.1.5 You hereby consent to such use of such information by Medfone:
- You are responsible for maintaining the accuracy of the information you submit to us, such as your demographic information, contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through firstname.lastname@example.org. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Medfone has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Medfone may, at its sole discretion, discontinue the provision of the Services to you.
- You may choose to unsubscribe from promotional communications that you receive from Medfone by clicking the ‘unsubscribe’ link provided at the end of every such promotional communication.
- If you wish to cancel your account or request that we no longer use your information to provide you services, contact us through “email@example.com”. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytics purposes and shall not be disseminated to third parties and affiliates.
- Medfone may require the User to pay with a credit card, debit card, NEFT, RTGS, Netbanking, mobile wallets or cheques for Services for which subscription amount(s) is/are payable. Medfone will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, Medfone provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
- Due to the communications standards on the Internet, when a User or the End-User or anyone who visits the Platform, Medfone automatically receives the URL of the site from which anyone visits. Medfone also receives the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help Medfone improve its Service. The linkage between User’s IP address and User’s personally identifiable information is not shared with third parties and affiliates. Notwithstanding the above, Medfone may share some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business. Such data may also be shared with government owned law enforcement agencies and regulators in response to inquiry from them.
- The Platform may use temporary cookies on users’ mobile phone to store certain data (which may include user sensitive personal data) that is used by Medfone for the technical administration of the Platform, for User administration and data analytics. Nonetheless, data stored in cookies shall not be transported to other servers, applications, mobile phones administered by Medfone.
- In order to have access to all the features and benefits on the Platform, a User must first create an account on the platform. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is personal information allowing others, including Medfone, to identify the User: name, User ID, email address, country, ZIP/postal code, age, phone number, password chosen by the User and valid financial account information. Other information requested on the registration page, including the ability to receive promotional offers from Medfone, is optional. Medfone may, in future, include other optional requests for information from the User to help Medfone to customize the Platform to deliver personalized information to the User.
- Medfone provisions an IT enabled service to bring together Practitioners and Patients on one common platform for exchange of personal information. During interactions, both parties may reveal sensitive personal information to each other to which Medfone may not be privy. In such cases, Medfone cannot be held liable for dissemination, misuse or any other unlawful use of the sensitive personal information without the consent of the affected party or parties.
- Medfone maintains a strict “No-Spam” policy, which means that Medfone does not intend to sell, rent or otherwise give your email address, telephone number to a third party without your consent.
- Medfone has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices through which the User avails the Services, Medfone shall not be held liable for any loss whatsoever incurred by the User.
- Medfone implements reasonable security practices and procedures and has a comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Medfone’s business. The reasonable security practices and procedures implemented by Medfone include but are not limited to: encrypting data when it is on the move using industry standard practices, keeping all the data within private cloud, regularly changing production keys and password, secure and very limited access to all production servers, performing regular security updates on our servers and more.
3.2 Practitioners’ Note
This section applies to all Practitioners.
3.2.1As part of the registration as well as the application creation and submission process that is available to Practitioners on Medfone, certain information, including sensitive personal data or information is collected from the Practitioners.
3.2.3Practitioners’ personally identifiable information, which they choose to provide to Medfone, is used to help the Practitioners describe, identify and promote themselves. Information thus provided is exclusively owned by Medfone. Medfone may use such information for efficient delivery of services to its users, statistical analysis and business intelligence purposes. Under no circumstance shall such information be transferred to third parties and affiliates. However, in response to enquiry by government owned law enforcement agencies and regulators the information shall be made available even without the consent of the practitioner.
3.2.4Medfone also reserves the right to use information provided by or about the Practitioner for the following purposes:
- Publishing such information on the Platform.
- Contacting Practitioners for offering new products or services.
- Contacting Practitioners for taking product feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practice information including financial, and inventory information for commercial use.
- Medfone automatically enables the listing of Practitioners’ information on its Platform for every ‘Doctor’ added to a Practice using its software. The Practitioner information listed on Platform is displayed when End-Users search for doctors on Platform, and the Practitioner information listed on Platform is used by End-Users to request for doctor appointments. Any personally identifiable information of the Practitioners listed on the Platform is not generated by Medfone and is provided to Medfone by Practitioners who wish to enlist themselves on the Platform. Medfone displays such information on its Platform on an as-is basis making no representation or warranty on the accuracy or completeness of the information. Medfone will, however, take reasonable steps to ensure the accuracy and completeness of this information.
- Medfone does not display information for Practitioners who have not signed up or registered for the Services.
3.3End User Note
This section applies to all End-Users.
3.3.1As part of the registration/application creation and submission process that is available to End-Users on this Platform, certain information, including sensitive personal data or information is collected from the Users for the purpose of service enablement and efficient delivery.
3.3.3 If you have inadvertently submitted any such information to Medfone prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is collected, stored or used, then you may access, modify and delete such information by using options provided on the Platform. In addition, you can, by sending an email to firstname.lastname@example.org, inquire whether Medfone is in possession of your personal data, and you may also request Medfone to delete and destroy all such information.
3.3.4 End-Users’ personally identifiable information, which they choose to provide on the Platform is used to help the End-Users describe & identify themselves. Other information that does not personally identify the End-Users as an individual, is collected by Medfone from End-Users (such as, patterns of utilization described above) and is exclusively owned by Medfone. Medfone may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes. Under no circumstance, such information shall be sold or otherwise transferred for research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. In particular, Medfone reserves with it the right to use anonymized End-User demographics information and anonymized End-User health information for the following purposes:
- Analyzing software usage patterns for improving product design and utility.
- Analyzing such information for research and development for improvement of customer information.
- Using analysis of such information in other commercial product offerings of Medfone.
3.3.5 Medfone will communicate with the End-Users through email, phone and notices posted on the Platform or through other means available through the service, including text and other forms of messaging. The End-Users can change their e-mail and contact preferences at any time by logging into their “Account” on the Platform and changing the account settings.
3.3.6From time to time, Medfone may conduct User surveys to collect information about End- Users’ preferences. These surveys are optional and if End-Users choose to respond, their responses will be kept anonymous. Similarly, Medfone may offer contests to qualifying End-Users in which we ask for contact and demographic information such as name, email address and mailing address. The demographic information that Medfone collects in the registration process and through surveys is used to help Medfone improve its Services to meet the needs and preferences of End-Users. This may include targeting advertising to End-Users about our Services.
3.3.7Medfone may keep records of electronic communications and telephone calls received and made for making appointments, consultations or other purposes for the purpose of administration of Services, customer support, research and development and for better listing of Practitioners.
3.3.8All Medfone employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every End-Users’ sensitive personal data and information. Such resources are onboarded only subsequent to acceptance of terms with respect to confidentiality stated in their employment terms.
3.3.10 In the case of minors as End Users, Medfone strongly encourages parents and guardians to supervise their mobile phone activities and consider using parental control tools available from mobile services and software manufacturers to help provide a child-friendly mobile environment. These tools may be used to prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although the Platform and Services are not intended for use by minors, Medfone respects the privacy of minors who may inadvertently use the mobile application.
- Usage of the Data/Information we collect
We use the information we collect from and about you for a variety of purposes, including to:
- Process and respond to your queries
- Understand our users (what they do on our Services, what features they like, how they use them, etc.), improve the content and features of our Services.
- Administer our Services and diagnose technical problems.
- Send you communications that you have requested or that may be of interest to you.
- Generate and review reports and data about, and to conduct research on, our user base and Service usage patterns.
- Provide you with customer support.
- Provide you with notices about your account.
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- Notify you about changes to our Services.
- Allow you to participate in interactive features offered through our Services.
- In any other way we may describe when you provide the information.
- For any other purpose ONLY with your consent.
4.Confidentiality & Data Security
4.1. Personal Information is maintained by Medfone in electronic form on its equipment operating under secure conditions. Such information may also be converted to physical form from time to time. Medfone takes all necessary precautions to protect your personal information both online and offline, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Medfone’s business.
4.2. No administrator at Medfone will have knowledge of Practitioners’ or End Users’ passwords. Instead, Medfone expects that Practitioners and End Users protect their mobile devices against unauthorized access and virus/ Trojan attacks. In the event a compromise is detected on the users’ device, Medfone business operations team may be informed immediately through an email to email@example.com for initiating necessary preventive actions. In such circumstances, Practitioners and End Users shall keep Medfone completely indemnified against any loss suffered by them.
4.3. Medfone makes all User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds all such employees to strict confidentiality obligations stated in their terms of employment with Medfone.
4.4. Further, Medfone shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Medfone including, acts of government, computer hacking, unauthorised access to server data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
7.0 General provisions
7.2 Unless stated otherwise, the Policy applies to all information that Medfone has about You and Your account.
By using this Platform, content and services provided on the Platform, You agree and acknowledge that
8.0 Governing Law
8.1 This policy and the use of this Platform are governed by Indian laws. Any claim related to the Site or this policy shall be brought in a court in New Delhi, India, within one year after the claim arises. Users of our Platform consent to the jurisdiction and venue of such court as the most convenient and appropriate for the resolution of disputes concerning this policy.
9.0 Address for Privacy Related Enquiries
We request you to please provide the following information in your complaint: –
a) Identification of the information provided by you;
b) Clear statement as to whether the information is personal information or sensitive personal information;
c) Your address, telephone number or e-mail address;
d) A statement that you have a good-faith belief that the information has been processed incorrectly or disclosed without authorization, as the case may be;
e) A statement, under penalty of perjury, that the information in the notice is accurate, and that the information being complained about belongs to you;
The company shall not be responsible for any communication, if addressed, to any non-designated person in this regard.