- Medical (clinical) digital data, herein referred to as “data” refers to health-related information that is associated with regular patient care, which may be relevant to decisions about current or future health or illness.
- Dexium Technologies Private Limited (the “Company”) respects your data privacy and acknowledges that you have certain rights related to any personal and medical data we collect from you and we have certain obligations in respect of the same. The Company supports the local privacy laws, and has procedures in place to meet the requirements of those laws.
- References to “us” or “we” shall refer to the Company.
DATA OWNERSHIP AND DATA SHARING
- We understand that you are the owner of your data and have all the rights to privacy, confidentiality, and security of your digital health data.
- Your health data shall be accessed or disclosed only after taking your informed consent.
- As a data owner, you have the right to give or refuse consent for the storage, generation, collection and transmission of your digital health data.
- As a data owner, you have the right to know as which research entities has access to your digital health data, and the recipients to whom your data is transmitted or disclosed.
- Your sensitive health related information shall not be transmitted or disclosed to any third party, prior to your given consent.
- In case of death of the owner of digital health data, the legal heirs or representative of such owner may have access to such data, only upon the application of such heirs or representatives in such form and manner.
INFORMATION WE COLLECT, USE OR DISCLOSE
- In order for us to provide our services and for the operation of our business, we collect patient medical data, prescriptions, doctor’s notes, lab tests, radiology reports, patient experience, patient outcomes etc.
- Your anonymized and de-identified data can be used
- To advance the delivery of patient cantered medical care
- To provide insights into patient health and wellness
- To improve the coordination of care and information among hospitals, laboratories, medical professionals, and other entities
- To improve public health activities
- To facilitate health and clinical research
- To promote early detection, prevention, and management of chronic diseases
- To carry out public health research, review and analysis, and policy formulation
- To make patients part of clinical surveys and research
- To undertake academic research and other related purpose to improve patient outcomes.
- We may share your aggregated information and non-identifying information with third parties including pharmaceutical, medical device manufacturing, insurance, re-insurance companies, public or private healthcare systems, private or public corporations, associations, NGOs, wellness companies, pharmacies, diagnostic companies, other healthcare service providers to conduct industry research and analysis, demographic profiling, clinical discussions, publishing scientific papers and other similar purposes.
- We may engage third-party services providers to work with us to administer and provide the Service. These third-party services providers have access to your personal information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your information for any other purpose.
- There shall be no access to, or disclosure of your personally identifiable information including name, address, contact information, date of birth, Aadhar and PAN card details, health insurance policy details, to any third party for marketing purposes and other related activities without your prior consent.
- As we collect your digital health data, we remain the custodian of such data, and shall be duty bound to protect the privacy, confidentiality and security of such data. We will ensure through regular trainings and oversight that our personnel comply with the security protocols and procedures.
- Information that we collect from our users, including personal medical records, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your information, may be disclosed or transferred to a third party acquirer in connection with the transaction.
- We cooperate with Government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Terms of Service, (ii) to respond to claims, legal process; (iii) to protect our property, rights and safety and the property, rights and safety of a third party, our users, or the public in general; (iv) to stop any activity that we consider illegal, unethical or legally actionable activity.
THE PURPOSES FOR WHICH WE COLLECT, USE AND DISCLOSE YOUR PERSONAL DATA
- You hereby acknowledge, agree and consent that we are permitted to disclose your personal data to such third parties (whether located within or outside India) for one or more of the above purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above purposes. Without limiting the generality of the foregoing or of the immediately preceding paragraph setting out the purposes, such third parties include :
- our associated or affiliated organisations or related corporations
- any of our agents, contractors or third party service providers that process or will be processing your personal data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres;
- third parties to whom disclosure by the Company is for one or more of the purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.
- We hold our employees, agents, and suppliers accountable for maintaining the trust that you place in us with your personal data. Your personal data will not be used or shared except as in accordance with applicable law relating to personal data.
YOUR RIGHTS AND CHOICES
- The amount of personal data you are required to supply when requesting our services will be limited to that which is relevant to and reasonable for the supply of such services or for the purposes for which such personal data is being collected.
- Where you have asked us to do the following, or have otherwise given us your consent to do the following, we may periodically use your contact information to send you updates via e-mail in order to alert you about patient centred services relevant to your interactions with us. Each notification will provide instructions on how to opt out of receiving similar e-mails from the registered service or resource. At the point where we request personal data about you, our site also gives you the opportunity to decide which communications you wish to receive. The database is automatically updated with your preferences when you opt out. When your interactions with the Company have resulted in your registration for multiple services or resources it may be necessary to opt out from each service separately.
- Additionally, you have the right to request access to, to withdraw your consent to the use and processing of, and request the correction of inaccuracies of, personal data that the Company maintains about you, or that is in the Company’s possession or under its control. We may limit or deny requests for access or charge reasonable fees for access, in accordance with applicable data protection law.
- Where you seek access to and/or seek to correct the personal data currently in our possession or control, we will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request.
- For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested.
- We will process your request to withdraw your consent within a reasonable time from such a request being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue providing our services such as updates on health related services.
ADMINISTRATION, MANAGEMENT, PROTECTING AND RETAINING YOUR INFORMATION
- We will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by the Company to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your personal data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us of any changes in your personal data that you had initially provided us with.
- We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
- We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.