Privacy Policy
SVASTHIYA PRIVACY POLICY
Effective Date: [ 31st Oct 2020]
SCOPE AND APPLICATION
The Privacy Policy covers the practices for handling and securing your Personal Information (as enumerated below) by Svaim in particular and Svasthiya Technologies Private Limited (the ‘Company’) in general. This Privacy Policy is applicable to persons who procure any products or services provided by or facilitated by Svaim (collectively, the “Services”) through our mobile applications, websites, mobile sites, other online channels (collectively, the “Channel”) and through other interactions and communications you have with us. To the extent data referred to in this Policy pertains to Electronic Health Records, we endeavour to follow the “Electronic Health Record (EHR) Standards for India” as notified by the Ministry of Health & Family Welfare (MoHFW) and changes in these Standards may impact and/or modify this Policy.
COMMITMENT
Svaim intends to protect the privacy of its users, partners and members with respect to the Services accessed or availed on the Channel and the privacy of the data provided by them to Svaim from time to time. We have created this Privacy Policy to demonstrate our commitment to the protection of your Personal Information.
Further, the privacy of our users, partners and members, whether former or existing or a visitor to our Channel, is important to us and we are strongly committed to your right to privacy and to keeping your personal and other information secure. We encourage you to read this Privacy Policy to understand what types of information we collect and how we use such information.
COLLECTION OF INFORMATION
For the purposes of rendering the Services, the Company may collect personal Information from various channels, including, but not limited to, voluntary submission of information in furtherance of the access or usage of the Services, through requests initiated by users, partners and members through the Services and through communication with third parties. The minimum age for users, partners and members to be registered for the Services is the age of contractual consent under applicable law or 18 years, whichever is lower. If you are below the age of 18, please request a responsible person to act in your stead or contact us at [●]. We do not knowingly collect any information from any person under the age of 18, without express authorisation from a legal guardian. If you are aware of a user under the age of 18 using our Services, please contact us at [●].
CONSENT
By accessing our Channel, you expressly consent and confirm to Svaim collecting, maintaining, using, processing and disclosing your Personal Information and other information in accordance with this Privacy Policy and the Svaim Terms of Use. If you do not agree with this Privacy Policy or the Terms of Use at any time, do not use any of the Services or give us any of your information.
WHAT IS THE PERSONAL INFORMATION WE COLLECT FROM YOU, AND HOW DO WE USE IT?
Personal Information
For the purpose of providing you Services, we require you to enrol yourself on our Channel and get yourself registered. In this process of registration and/or use of the Services, we would collect the information under the following categories, which would constitute
Personal Information:
-
To use the Channel and/or avail the Services, you are required to share your name, e-mail address, gender, date of birth, postal address, phone number, profile picture, family details, and other details shared via application form or via email or via any other specified medium. Svaim may also collect other specific information to render the Services such as KYC documents, personal details, family details and other information via application form or via email or via any other specified medium.
-
Svaim is a healthcare electronic record solution and in this connection proposed to collect and host specific information to related to medical history, diagnostic information including reports and other information related to healthcare in genera; via application form or via email or via any other specified medium.
-
Information exchanged by you with Svaim in the form of medical records written communication, responses to emails, surveys, feedback required from you, participation in discussions, etc. will also be available for the use of Svaim .
Please note that Svaim DOES NOT trade or sell your Personal Information in any manner.
Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or Personal Information for the purposes of this Privacy Policy. Any information is anonymised shall no longer be considered Personal Information for the purposes of this Policy.
Non-Personal Information:
This information includes the IP address of the device used to connect to Svaim’ Channel along with other information such as browser details, operating system used, the name of the website or application that redirected the visitor to the Svaim’ Channel, etc. Further, when you browse our Channel or receive one of our emails, Svaim and our affiliated/ authorised entities, use cookies and/or pixel tags to collect information and store your online preferences.
Other Information:
We may from time to time add or enhance the Services available on our Channels. To the extent these Services are provided to and used by you, we will use the information you provide to facilitate the Services. For example, if you email us with a question, we will use your email address, name, nature of the question, etc. to respond to your question. We may also store and publish such information to assist us in making the Channel better and easier to use.
Indicative modes of collection of Information
(a) From a partner sharing the information from their repository: When you visit any of our partners including hospitals, diagnostic centres and other healthcare providers that typically originate healthcare records, in terms of our agreement with such partners, we may receive some of your personal information, including identifiers, healthcare related information, demographic information and contact information.
(b) When you create an account: If you want to access our Services, you must create an account with the Company. When you create an account with the Company, we ask for some personal information, including your email address and date of birth. We will ask permission to access basic information from that email account, such as your name, profile picture, and friend list. We may also access your phone’s contact list for the purpose of letting you identify contacts who are existing users of our Services.
(c) When you add a diagnostic report to your account: You can enhance your account by filing out a complete profile including personal details including but not limited to your medical history, healthcare information and electronic records. Whenever you add this type of data, we collect it and store it in your account. You agree that information you provide on your profile can be seen by others and used by us as described in this Privacy Policy and our Terms of Use.
(d) When you visit our sites: We collect industry standard data from everyone who visits our sites, even if they do not have an account with us. This includes log data that automatically records information about your visit, such as your browser type, operating system, the URL of the page that referred you, the different actions you performed, and the IP address you used to access pages on the sites. We use this type of information to provide you with an experience that is relevant to your location based on the IP address, to enhance the sites, to prevent site misuse, and to ensure the site is working properly.
(e) Customer Service: When you contact our customer support services, we may have to access your posts, Groups and other contributions to our Services and collect the information we need to categorize your question, respond to it, and, if applicable, investigate any breach of our Terms of Use or this Privacy Policy. We also use this information to track potential problems and trends and customize our support responses to better serve you. We do not use this information for advertising.
Please Note: Our Services are a dynamic, innovative environment, which means we are always seeking to improve the Services we offer you. We often introduce new features, some of which may result in the collection of new information. Furthermore, new partnerships or corporate acquisitions may result in new features, and we may potentially collect new types of information. If we start collecting substantially new types of personal information and materially change how we handle your data, we will modify this Privacy Policy and notify you in accordance with this Policy.
USE OF INFORMATION
We will not trade or sell your Personally Identifiable Information (‘PII’) in any manner, except as specified herein, or unless express consent is sought from you. We use the information provided by you and collected from you primarily for the purposes of rendering the Services sought by you. Additionally, we would also be using the information for our internal operational purposes, such as providing, maintaining, evaluating, and improving the Channels and the Services, and also for providing customer support. We would also be sharing the information with others in the manner provided in this Privacy Policy.
In addition to the disclosures reasonably necessary for the purposes identified above, we may disclose your PII to the extent that it is required to do so: (i) by law, (ii) in connection with any legal proceedings or prospective legal proceedings, (iii) in order to establish, exercise or defend OUR legal rights, (iv) on account of a governmental or judicial request, (v) to enforce or apply our terms of use with you, or (vi) to protect the rights or safety of our Company or its users.
Svaim may have presence on various sites, including but not limited to LinkedIn, Facebook, Twitter, YouTube and blogs, which are promotional and business initiatives to connect to a larger group of people. The domain links contained therein may either direct you to our Channel or request your participation by way of feedback, suggestions, etc. Information arising in this manner shall also be collected and used by Svaim to increase user awareness and access and improve the Channel and the Services. Svaim, in this regard, fully disclaims any liability(ies) or claim(s), which may arise by use/misuse of your feedback, suggestions, views, etc. on any such sites or blogs, by any third party, whether or not known to Svaim.
Any Non-Personal Information and/or anonymised information and data and analyses arising therefrom may be shared by Svaim to its existing and potential partners, advertisers, investors, customers, and others.
In the event of a loss, theft or malfunctioning of your device, you are required to promptly inform us of the same, in order for us to disable the Services accessible through such device. You understand and accept that the reporting of such an event is solely your responsibility, contingent to which, we may enable you to access our Services as was previously available to you with the same terms and conditions as was previously applicable.
WHAT ANDROID PERMISSIONS ARE ADDITIONALLY REQUIRED WHILE USING OUR MOBILE APPLICATION?
When Svaim app is installed on your phone, a list of permissions appears. Since there is no option to customize those permissions, below is a description of the permissions that Svaim requires and the data that Svaim shall access and use.
IMPORTANT INFORMATION ABOUT PLATFORM PERMISSIONS
Most mobile platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without your consent. These platforms have different permission systems for obtaining your consent. Android devices will notify you of the permissions that the Svaim app seeks before you first use the app, and your use of the app constitutes your consent. Sometimes these permissions require more explanation than the platforms themselves provide, and the permissions we request will change over time, so we have created these pages to serve as up-to-date resources for our users.
Android permissions:
Device & App history: We need your device permission to get information about your device, like OS name, OS version, mobile network, hardware model, preferred language, installed apps etc. Based on these inputs, we intend to optimize your overall experience by understanding your preferences and by using OS specific capabilities.
Identity: This permission enables us to know about details of your account(s) on your mobile device. We use this info to auto-fill your email ID’s and provide a typing free in-funnel experience. It also allows facilitating your Facebook login.
Contacts: If you allow us to access your contacts, it enables us to make it easy to get referred by your friends and also send across referral links to your friends. This information will be stored on our servers and synced from your phone.
Location: This permission enables us to provide you a personalized experience based on your location. When you plan to make an EMI payment using a nearby collection outlet, we auto-detect your location and suggest you the nearest outlet. This permission also enables us to know more about your popular hanging out areas and factor those in our algorithm.
SMS: If you allow us to access your SMS, we read your SMS to autofill and verify the OTP used to validate your mobile number when creating an account with Svaim- this provides you a seamless experience during that process.
Phone: The app requires access to make phone calls so that you can make phone calls to our customer contact center directly through the app.
Photos/Media/Files: The libraries in the app use these permissions to make it easy for you to upload existing pictures from the gallery or save newly clicked photos for document submission.
Camera: This permission enables us to make it easy for you to click the picture of necessary documents for online submission.
Wi-Fi connection information: When you allow us the permission to detect your Wi-Fi connection, we optimize your experience based on the connection speed.
Device ID & Call information: This permission is used to detect your Android ID through which we can uniquely identify users.
WITH WHOM IS YOUR PERSONAL INFORMATION SHARED?
Any information share by you is used by us and/or authorised service partners and agencies to support your interaction with us, to offer you Services in the best possible manner and to contact you again about other services and products that we may offer. By submitting your Personal Information to Svaim, you expressly acknowledge and consent to Svaim using such information, and to process such information in a manner deemed fit by Svaim. This may also involve conducting data analysis and research using such information.
HOW DOES SVAIM PROTECT MY PERSONAL INFORMATION?
Svaim is committed to protecting the privacy and the confidentiality of your Personal Information. Whenever Svaim obtains Personal Information from you, our Channel uses commercially reasonable efforts and general industry standards to protect it from any unauthorized access or disclosure. Access to your Personal Information is limited to Svaim’s personnel and such authorized third parties who may access your data on our behalf or may assist us in providing the Services. Svaim uses its best endeavors to maintain physical, electronic and procedural safeguards that aim to protect your Personal Information against loss, misuse, damage, modification, and unauthorized access or disclosure. However, Svaim assumes no liability whatsoever for any disclosure of Personal Information due to unauthorized third party access or non-permitted acts of authorised third parties, or any other acts or omissions beyond the reasonable control of Svaim.
WHAT SECURITY PRECAUTIONS ARE IN PLACE TO PROTECT MY PERSONAL INFORMATION AGAINST LOSS OR MISUSE?
Svaim makes every reasonable effort to preserve the privacy and confidentiality of your information shared with us. We implement standard measures to protect against unauthorized access to and unlawful interception of Personal Information. However, no Channel can fully eliminate security risks.
We reserve the right to disclose information shared by you without your consent (express or implied) and without any liabilities to you when required or permitted by law. We also reserve the right to disclose information shared by you without your consent (express or implied) and without any liabilities to you when we have a good-faith belief that such disclosure is necessary or required to: (i) comply with an appropriate law enforcement investigation, current judicial proceeding, a court order or legal process served on us, or (ii) conform to the legal requirements, compliance/reporting to administrative and judicial authorities, (iii) protect and defend the rights or property of the shareholders or management of Svaim, or the users of Svaim, and (iv) enable authorised persons who provide certain support services to us to discharge their functions satisfactorily.
Storage of Information
All information collected in connection with the Services and/or on your device(s) may be stored with us. Information is also stored on your device(s) and is subject to the security and privacy policies of your device and storage providers. Any breach of such security and privacy is beyond our control, and you acknowledge that we cannot, and will not, be held responsible for such breaches security or privacy.
If our Company uses a vendor for storage of Information, all data storage by the vendor will be subject to the vendor’s security systems, and any breach of such privacy or security policies of the vendor will be beyond the reasonable control of our Company, and our Company will not be held responsible for such breaches.
You understand and agree that we may continue to store your Information after you cease use of the Services or disable your use of, access to, or otherwise of the Services or the Channel.
Commitment to Security
We are committed in protecting your privacy and has taken all necessary and reasonable measures to protect your Information and handle the same in a safe and responsible manner in accordance with the terms and conditions of this Privacy Policy. The Company ensures to safeguard the security of your PII by implementing standard electronic and managerial processes to protect against unauthorised access to and unlawful interception of PII.
We will ensure its best efforts to protect your Information available with us in line with commercially reasonable efforts and general industry standards; however, the Company does not represent, warrant, or guarantee that your Information will be protected against unauthorized access, loss, misuse, or alterations beyond our reasonable control, and we do not accept any liability for the security of the Information submitted us or for your or any third parties’ misuse of your Information.
We may provide links to any other website or locations for your convenience, but the provision of such links does not signify our endorsement of such other website or location or its contents. We Have no control over, do not review, and cannot be responsible for these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or location or its contents.
We provide limited access to PII to those persons (including employees and contractors) who have a business need for such access. Please note also that primary data collection points such as Diagnostic Centres, Hospitals and other such establishments and personnel within these would have had access to Personal Information and Non Personal Information prior to the Company securing such information and as such users would be subject to Privacy Policies, if any, that have been committed to by such establishments for such data and that the Company would not be responsible for handling of data by these establishments and their personnel.
THIRD-PARTY SERVICES
-
In general, the third-party providers used and authorised by us will only collect and use your information to the extent necessary to allow them to perform the services authorised by us.
-
However, certain third-party service providers such as payment gateways and other payment transaction processors have their own privacy policies in respect to the information we are required to provide to them for your payment-related transactions.
-
Once you leave our Channel or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Channel’s Terms of Service.
-
When you click on certain links on our Channel, they may direct you away from our Channel. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Payment Related Details
We use payment gateways for processing online payments. We do not store your credit card details or debit card details or your internet banking details on our servers. The payment data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS) when processing your payments. Your transaction data is only used as long as is necessary to complete your transaction and is not saved thereafter.
The payment gateway used by us adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements will help ensure the secure handling of payment data information by the Platform. Payment gateways and other payment transaction processors will have their own privacy policies in respect to the information you are required to provide to them and we are required to provide to them for your payment-related transactions, and as such, those details will be governed by their privacy policies.
CHANGES TO THIS PRIVACY POLICY
-
We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Channel. If we make material changes to this Privacy Policy, we will notify you that it has been updated to enable you to review the modified Privacy Policy.
-
If Svaim is acquired or merged with another entity or if the Services are transferred to any other entity as part of a business arrangement, your information may be transferred to the new entity.
In such an event, to the extent possible, we will notify you and try ensure continuance of the Privacy Policy (albeit in modified forms).
Governing Law
Our Company is incorporated in, and based out of India, and is duty bound to abide by Indian laws. We may not have complied with some privacy laws of other countries and further represents to be unaware of such other legal requirements.
QUESTIONS AND CONTACT INFORMATION
-
If you would like to: access, correct, amend or delete any Personal Information, please register a complaint. If you want more information on this Privacy Policy or have any grievances with respect to the Privacy Policy, please contact us at privacy@svasthiya.in . Svaim will respond to all reasonable concerns or inquiries.
-
Complaint/concern In accordance with the relevant provisions of the Information Technology Act, 2000 and the rules made thereunder, the contact details of the Grievance Officer who can be contacted with respect to any complaints or concerns including those pertaining to breach of Svaas’s Terms of Use, Privacy Policy and other policies or questions are published as under:
Email address: privacy@svasthiya.in
The Grievance Officer can be contacted between 10:30 a.m. to 6:00 p.m. IST from Monday to Friday except on public holidays.