Health Arx Technologies Pvt. Ltd. (‘The Company’) is the author and publisher of the mobile/tablet application ‘BeatO’ (‘Application’) and its website www.beatoapp.com (‘Website’) (Collectively ‘BeatO’). The Company owns and operates the services provided by BeatO. The Company is committed to the protection of your privacy and your personal information in accordance with applicable law.
- Section 43A of the Information Technology Act, 2000;
- Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the ‘SPDI Rules’); and
- Information Technology (Intermediaries Guidelines) Rules, 2011.
- The type of information collected from the Users, including sensitive personal data or information;
- The purpose, means and modes of usage of such information;
- How and to whom such information will be disclosed; and
- How the information collected is going to be protected?
- WHAT IS THE PERSONAL INFORMATION COLLECTED BY THE COMPANY?
- Information Collection
Users will be asked to provide BeatO certain information (‘User Information’). User Information includes, among other things without limitation:
- Contact data (personally identifiable information, such as Your name, email address and phone number) of the End-Users, visitors, Partnered Laboratories, Partnered Pharmacies and Registered Doctors/Hospitals;
- Demographic data (such as gender, birthday, zip code, city, country);
- Health data (information about End-User’s use of the Services including height, weight, lifestyle and exercise frequency, blood sugar levels, caloric intake, nutritional statistics, fitness activity, weight loss/gain, renal function data and blood work analysis);
- Data regarding your usage of the services and history of the Partnered Laboratories appointments and doctor/hospital appointment made by or with you through the use of Services;
- Medical data such as medical reports of any nature including every diagnostic test results, blood or urine analysis reports, either uploaded by the End-User or through the service of the Partnered Laboratories, prescriptions, electrocardiogram(ECG) tests, echocardiogram tests, ultrasound tests, health charts or other medical reports of the End-User provided by the Registered Doctors/Hospitals or otherwise;
- With respect to the Registered Doctors/Hospitals data regarding the End-Users who are the patients of the Registered Doctors/Hospitals;
- With respect to the Partnered Laboratories data regarding the End-Users who are the clients of the Partnered Laboratories;
- With respect to the Partnered Pharmacies data regarding the End-Users who are the customers of the Partnered Pharmacies;
- Medical History of the End-User including the current and previous doctors/hospitals of the End-User along with current and previous medication and other treatment provided by the Registered Doctors/Hospitals; and
- Other information that you voluntarily choose to provide to the Application.
- Nature of Information
The information collected from you by the Company may constitute ‘Personal Information’ or ‘Sensitive Personal Data or Information’ under the SPDI Rules.
‘Personal Information’ is defined under the SPDI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
‘Sensitive Personal Data or Information’ is defined under the SPDI Rules to mean Personal Information about that person relating to:
- financial information such as bank accounts, credit and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- call data records.
Information that is freely available in the public domain or accessible under the Right to Information Act, 2005 or any other law will not be regarded as Personal Information or sensitive personal data or information.
- Collection for lawful purpose
You hereby also give your consent to the Company to store the User Information on the Company’s servers even if the servers are located outside India.
- Information Collection
- HOW IS THE INFORMATION COLLECTED GOING TO BE USED?
- Additional Use
BeatO also reserves the right to use the User Information provided by or about the User for the following purposes:
- Publishing such information on the End-User Account in the Application and for listing of the Partnered Laboratories, Partnered Pharmacies or Registered Doctors/Hospitals on the Application or Website;
- Contacting Users for offering new products, features or services;
- Contacting Users for taking service feedback;
- Analyzing software usage patterns for improving product design and utility;
- Analyzing anonymized practice information for commercial use;
- Monitoring and improving the content and usage of BeatO;
- Customizing the advertising and content you see; and
- any other purpose for which the information was collected.
Information that does not personally identify the Users as an individual, is collected by the Company from Users, stored in a non-personally identifiable aggregated form (such as, patterns of utilization described above) and is exclusively owned by the Company.
You hereby consent to such use of such information by the Company.
- Third Party Site
The personally identifiable information of the Registered Doctors/Hospitals, Partnered Pharmacies and Partnered Laboratories is not generated by the Company and is provided by the Registered Doctors/Hospitals, Partnered Pharmacies and Partnered Laboratories who wish to enlist themselves on BeatO. The Company displays such information on its Application on an ‘as-is’ basis making no representation or warranty on the accuracy or completeness of the information. The Company will, however, take reasonable steps to ensure the accuracy and completeness of this information.
We may also draw upon this Personal Information for commercial purposes and in an aggregated or non- personally identifiable form for research, advertising including advertising by third parties, statistical analysis and business intelligence purposes, for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates.
- WHAT IS THE MODE AND MANNER OF USING THE INFORMATION?
- The Company may require the User to pay with a credit card, wire transfer, debit card, cash on delivery or cheque for Services including but not limited to Services with respect to Partnered Laboratories conducting diagnostic tests. The Company will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, the Company provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof or safe and the User should exercise discretion on using the same.
- Due to the communications standards on the Internet, when a User or anyone visits the Website or Application, the Company automatically receives the URL of the site from which anyone visits. The Company also receives the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s Internet Service Provider (ISP). This information is used to analyze overall trends to help the Company improve its service. The linkage between User’s IP address and User’s personally identifiable information is not shared with third parties. Notwithstanding the above, the Company may share some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.
- If you wish to request that we no longer use your information to provide you services or to cancel your End-User Account, contact us via email on email@example.com. We will retain your information for as long as your End-User Account with the Services is active and as needed to provide you the Services or for as long as your partnership/ affiliation with the company is active and is needed to provide listing, appointment and other services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytic purposes.
- The Company may keep records of electronic communications and telephone calls received and made for making appointments or other purposes for the purpose of administration of Services, customer support, research and development and for better listing of Partnered Laboratories, Partnered Pharmacies and registered Doctors/Hospitals.
- All the Company’s employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every End-Users’ sensitive personal data and information.
- HOW AND TO WHOM IS THE INFORMATION SHARED AND DISCLOSED?
- The company will share the End-User’s User Information to the extent necessary for providing the Services with the Registered Doctors/Hospitals selected by the End User through the Website, with the Partnered Lab that is conducting the diagnostic tests and the Partnered Pharmacies to the extent that User Information such as contact data or demographic data is needed for providing the Services. The company will share the User Information related to the Partnered Pharmacies, Partnered Laboratories and Registered Doctors/Hospitals with the End User for purposes including listing and booking of appointments. Any recipients of the User Information shall not further disclose such information to any other person.
- The Company may share User Information in an aggregated non-personally identifiable manner with its partners and third parties for the purposes set out in paragraphs 3.2 and 3.3 above. The Company maintains a strict ‘No-Spam’ policy, which means that the Company does not intend to sell, rent or otherwise give your e-mail address to a third party without your consent.
- To the extent necessary to provide End-Users with the Services the Company may provide their Personal Information to third party contractors who work on behalf of or with the Company to provide End-Users with such Services, to help the Company communicate with End-Users or to maintain the Application and/or Website. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Application, including the providers of online communications services, will have rights to use and disclose the Personal Information collected in connection with the provision of these Services in accordance with their own privacy policies.
- HOW IS THE USER INFORMATION PROTECTED?
- The Company implements reasonable security practices and procedures and has a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of the Company’s business. The reasonable security practices and procedures implemented by the Company include but are not limited to: encrypting data when it is on the move using industry standard practices, keeping all the data within private cloud, regularly changing production keys and password, secure and very limited access to all production servers, performing regular security updates on our servers and more.
- Your Personal Information is maintained by the Company in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time. The Company takes all necessary precautions to protect your Personal Information both online and off-line, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of the Company’s business.
- It is important for you to protect against unauthorized access to your password, your computer and your mobile phone. The Company does not undertake any liability for any un-authorised use of your login to BeatO including Account and password. If you suspect any unauthorized use of your login to BeatO including Account, you must immediately notify the Company by sending an email to firstname.lastname@example.org. You shall be liable to indemnify the Company due to any loss suffered by it due to such unauthorized use of your login to BeatO including Account and password.
- The Company makes all User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds all such employees to strict confidentiality obligations.
- Notwithstanding the above, the Company is not responsible for the confidentiality, security or distribution of your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, the Company shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
- HOW CAN YOU CONSENT TO THIS POLICY ?
- Address for Privacy Questions and Grievance Officer
Mr. Gautam Chopra
A-1 Kehar Singh Estate, Ground Floor
Near Saket Metro Station
Saidulajab Lane No. 2
New Delhi 110017