medisync (“us”, “we”, or “medisync”, which also includes its affiliates) is the author and publisher of the internet resource www.medisync.org (“Website”) on the world wide web as well as the software and applications provided by medisync, including but not limited to the mobile application ‘medisync’, and the software and applications of the brand names ‘medisync’, (together with the Website, referred to as the “Services”).
- Section 43A of the Information Technology Act, 2000;
- Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
- Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
- The type of information collected from the Users, including Personal Information (as defined in paragraph 2 below) and Sensitive Personal Data or Information (as defined in paragraph 2 below) relating to an individual;
- The purpose, means and modes of collection, usage, processing, retention and destruction of such information; and
- How and to whom medisync will disclose such information.
2.COLLECTION OF PERSONAL INFORMATION
Generally some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, or through any interaction with us via emails, telephone calls or other correspondence, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. You hereby consent to the collection of such information by medisync. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:
- contact data (such as your email address and phone number);
- demographic data (such as your gender, your date of birth and your pin code);
- data regarding your usage of the services and history of the appointments made by or with you through the use of Services;
- insurance data (such as your insurance carrier and insurance plan);
- other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters.
The information collected from you by medisync may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules.
“Personal Information” is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The SPI Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
- financial information such as bank accounts, credit and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- call data records.
medisync will be free to use, collect and disclose information that is freely available in the public domain without your consent.
- 3.1ALL USERS NOTE:This section applies to all users.
- 3.1.3All the information provided to medisync by a User, including Personal Information or any Sensitive Personal Data or Information, is voluntary. You understand that medisync may use certain information of yours, which has been designated as Personal Information or ‘Sensitive Personal Data or Information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates (d) for communication purpose so as to provide You a better way of booking appointments and for obtaining feedback in relation to the Practitioners and their practice, (e) debugging customer support related issues.. (f) for the purpose of contacting you to complete any transaction if you do not complete a transaction after having provided us with your contact information in the course of completing such steps that are designed for completion of the transaction. medisync also reserves the right to use information provided by or about the End-User for the following purposes:
- Publishing such information on the Website.
- Contacting End-Users for offering new products or services.
- Contacting End-Users for taking product and Service feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practice information for commercial use.
- Processing payment instructions including those through independent third party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities.
If you have voluntarily provided your Personal Information to medisync for any of the purposes stated above, you hereby consent to such collection and use of such information by medisync. However, medisync shall not contact You on Your telephone number(s) for any purpose including those mentioned in this sub-section 4.1(iii), if such telephone number is registered with the Do Not Call registry (“DNC Registry”) under the PDPA without your express, clear and un-ambiguous written consent.
- 3.1.5medisync does not control or endorse the content, messages or information found in any Services and, therefore, medisync specifically disclaims any liability with regard to the Services and any actions resulting from your participation in any Services, and you agree that you waive any claims against medisync relating to same, and to the extent such waiver may be ineffective, you agree to release any claims against medisync relating to the same.
- 3.1.6You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through email@example.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or medisync has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, medisync may, at its sole discretion, discontinue the provision of the Services to you. There may be circumstances where medisync will not correct, delete or update your Personal Data, including (a) where the Personal Data is opinion data that is kept solely for evaluative purpose; and (b) the Personal Data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.
- 3.1.7If you wish to cancel your account or request that we no longer use your information to provide you Services, contact us through firstname.lastname@example.org. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytic purposes. Please note that your withdrawal of consent, or cancellation of account may result in medisync being unable to provide you with its Services or to terminate any existing relationship medisync may have with you.
- 3.1.8If you wish to opt-out of receiving non-essential communications such as promotional and marketing-related information regarding the Services, please send us an email at email@example.com.
- 3.1.9medisync may require the User to pay with a credit card, wire transfer, debit card or cheque for Services for which subscription amount(s) is/are payable. medisync will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, medisync provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
- 3.1.10Due to the communications standards on the Internet, when a User or the End-User or anyone who visits the Website, medisync automatically receives the URL of the site from which anyone visits. medisync also receives the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help medisync improve its Service. The linkage between User’s IP address and User’s personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, medisync may share and/or disclose some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.
- 3.1.11The Website uses temporary cookies to store certain (that is not sensitive personal data or information) that is used by medisync and its service providers for the technical administration of the Website, research and development, and for User administration. In the course of serving advertisements or optimizing services to its Users, medisync may allow authorized third parties to place or recognize a unique cookie on the User’s browser. The cookies however, do not store any Personal Information of the User. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use the Website, but the Website may be limited in the use of some of the features.
- 3.1.12A User may have limited access to the Website without creating an account on the Website. Unregistered Users can make appointments with the doctors by providing their name and phone number. In order to have access to all the features and benefits on our Website, a User must first create an account on our Website. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is Personal Information allowing others, including medisync, to identify the User: name, User ID, email address, country, ZIP/postal code, age, phone number, password chosen by the User and valid financial account information. Other information requested on the registration page, including the ability to receive promotional offers from medisync, is optional. medisync may, in future, include other optional requests for information from the User to help medisync to customize the Website to deliver personalized information to the User.
- 3.1.14The Website may enable User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorized medisync representatives or agents, and their opinions or statements do not necessarily reflect those of medisync, and they are not authorized to bind medisync to any contract. medisync hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.
- 3.1.16medisync maintains a strict “No-Spam” policy, which means that medisync does not intend to sell, rent or otherwise give your e-mail address to a third party without your consent.
- 3.1.17medisync has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices through which the User avails the Services, medisync shall not be held liable for any loss whatsoever incurred by the User.
- 3.1.18medisync implements reasonable security practices and procedures and has a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of medisync’s business.
- 3.2PRACTITIONERS NOTE:This section applies to all Practitioners.
- 3.2.1As part of the registration as well as the application creation and submission process that is available to Practitioners on medisync, certain information, including Personal Information or Sensitive Personal Data or Information is collected from the Practitioners.
- 3.2.3Practitioners’ personally identifiable information, which they choose to provide to medisync, is used to help the Practitioners describe and identify themselves. This information is exclusively owned by medisync You will be the owner of your information and you consent to medisync collecting, using, processing and/or disclosing this information for the purposes hereinafter stated .medisync may use such information for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. medisync also reserves the right to use information provided by or about the Practitioner for the following purposes:
- Publishing such information on the Website.
- Contacting Practitioners for offering new products or services subject to the telephone number registered with the DNC Registry.
- Contacting Practitioners for taking product feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practice information including financial, and inventory information for commercial use.
- 3.2.4medisync automatically enables the listing of Practitioners’ information on its Website for every ‘Doctor’ or ‘Clinic’ added to a Practice using its software. The Practitioner information listed on Website is displayed when End-Users search for doctors on Website, and the Practitioner information listed on Website is used by End-Users to request for doctor appointments. Any personally identifiable information of the Practitioners listed on the Website is not generated by medisync and is provided to medisync by Practitioners who wish to enlist themselves on the Website, or is collected by medisync from the public domain. medisync displays such information on its Website on an as-is basis making no representation or warranty on the accuracy or completeness of the information. As such, we strongly encourage Practitioners to check the accuracy and completeness of their information from time to time, and inform us immediately of any discrepancies, changes or updates to such information. medisync will, however, take reasonable steps to ensure the accuracy and completeness of this information.
- 3.2.5medisync may also display information for Practitioners who have not signed up or registered for the Services, provided that the Practitioners have consented to medisync collecting, processing and/or disclosing their information on the Website. Such Practitioners are verified by medisync or its associates, and medisync makes every effort to capture accurate information for such Practitioners. However, medisync does not undertake any liability for any incorrect or incomplete information appearing on the Website for such Practitioners.
- 3.3END-USERS NOTE:This section applies to all End-Users.
- 3.3.1As part of the registration/application creation and submission process that is available to End-Users on this Website, certain information, including Personal Information or Sensitive Personal Data or Information is collected from the End-Users.
- 3.3.3If you have inadvertently submitted any such information to medisync prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is collected, processed, stored, used or disclosed, then you may access, modify and delete such information by using options provided on the Website. In addition, you can, by sending an email to firstname.lastname@example.org, inquire whether medisync is in possession of your personal data, and you may also require medisync to delete and destroy all such information.
- 3.3.4End-Users’ personally identifiable information, which they choose to provide on the Website is used to help the End-Users describe/identify themselves. Other information that does not personally identify the End-Users as an individual, is collected by medisync from End-Users (such as, patterns of utilization described above) and is exclusively owned by medisync. medisync may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. In particular, medisync reserves with it the right to use anonymized End-User demographics information and anonymized End-User health information for the following purposes:
- Analyzing software usage patterns for improving product design and utility.
- Analyzing such information for research and development of new technologies.
- Using analysis of such information in other commercial product offerings of medisync.
- Sharing analysis of such information with third parties for commercial use.
- 3.3.5medisync will communicate with the End-Users through email, phone and notices posted on the Website or through other means available through the service, including text and other forms of messaging. The End-Users can change their e-mail and contact preferences at any time by logging into their “Account” at www.medisync.org and changing the account settings.
- 3.3.6At times, medisync conducts a User survey to collect information about End-Users’ preferences. These surveys are optional and if End-Users choose to respond, their responses will be kept anonymous. Similarly, medisync may offer contests to qualifying End-Users in which we ask for contact and demographic information such as name, email address and mailing address. The demographic information that medisync collects in the registration process and through surveys is used to help medisync improve its Services to meet the needs and preferences of End-Users.
- 3.3.7medisync may keep records of electronic communications and telephone calls received and made for making appointments or other purposes for the purpose of administration of Services, customer support, research and development and for better listing of Practitioners.
- 3.3.8All medisync employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every End-Users’ Personal Information or Sensitive Personal Data and Information. medisync has put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data from the point of collection to the point of destruction. Any third-party data processor to which medisync transfers Personal Data shall have to agree to comply with those procedures and policies, or put in place adequate measures on their own.
- 3.3.10To the extent necessary to provide End-Users with the Services, medisync may provide their Personal Information to third party contractors who work on behalf of or with medisync to provide End-Users with such Services, to help medisync communicate with End-Users or to maintain the Website or independent third party service providers to process payment instructions including providing a payment deferral facility to End-Users in relation to the Services. These third-party service providers have access to information needed to process payments, but may not use it for other purposes. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Website, including the providers of online communications services, may use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies. In such circumstances, you consent to us disclosing your Personal Information to contractors, solely for the intended purposes only.
- 3.4CASUAL VISITORS NOTE:
- 3.4.1No sensitive personal data or information is automatically collected by medisync from any casual visitors of this website, who are merely perusing the Website.
- 3.4.3If you, as a casual visitor, have inadvertently browsed any other page of this Website prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is obtained, collected, processed, stored, used, disclosed or retained, merely quitting this browser application should ordinarily clear all temporary cookies installed by medisync. All visitors, however, are encouraged to use the “clear cookies” functionality of their browsers to ensure such clearing / deletion, as medisync cannot guarantee, predict or provide for the behaviour of the equipment of all the visitors of the Website.
- 3.1ALL USERS NOTE:This section applies to all users.
4.CONFIDENTIALITY AND SECURITY
- 4.1Your Personal Information is maintained by medisync in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time. medisync takes all necessary precautions to protect your personal information both online and off-line, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of medisync’s business.
- 4.2No administrator at medisync will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer and your mobile phone. Be sure to log off from the Website when finished. medisync does not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify medisync by sending an email to email@example.com You shall be liable to indemnify medisync due to any loss suffered by it due to such unauthorized use of your account and password.
- 4.3medisync makes all User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds only its employees to strict confidentiality obligations.
- 4.4Part of the functionality of medisync is assisting the doctors to maintain and organise such information. medisync may, therefore, retain and submit all such records to the appropriate authorities, or to doctors who request access to such information.
- 4.5Part of the functionality of the medisync is assisting the patients to access information relating to them. medisync may, therefore, retain and submit all such records to the relevant patients, or to their doctors.
- 4.6Notwithstanding the above, medisync is not responsible for the confidentiality, security or distribution of your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, medisync shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of medisync including but not limited to, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
If a User uses the Services or accesses the Website after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.
6.CHILDREN’S AND MINOR’S PRIVACY
medisync strongly encourages parents and guardians to supervise the online activities of their minor children and consider using parental control tools available from online services and software manufacturers to help provide a child-friendly online environment. These tools also can prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although the medisync Website and Services are not intended for use by minors, medisync respects the privacy of minors who may inadvertently use the internet or the mobile application.
7.CONSENT TO THIS POLICY
8.ADDRESS FOR PRIVACY QUESTIONS
Indicative List of Information by Nature of Service
1.End-Users using the Website by registering for an account on the Website or ‘medisync’ mobile application:
You can create an account by giving us information regarding your [name, mobile number, email address], and such other information as requested on the End-User registration page. This is to enable us to provide you with the facility to use the account to book your appointments and store other health related information.
2.End-Users using the Website without registering for an account on the Website or ‘medisync’ mobile application (i.e., ‘Guest’ End-User):
You can use the Website without registering for an account, but to book an appointment, you may be asked certain information (including your [mobile number], and such other information as requested when you choose to use the Services without registration) to confirm the appointment.
3.Practitioner availing of the free listing service on the Website or ‘medisync’ mobile application by registering for an account:
As a Practitioner, you may be required to provide us with information regarding your [name, mobile number, email address], and such other information as requested on the Practitioner registration page to create an account. medisync may send email and/or SMS confirmations or other communications to End-Users in connection with their bookings, appointments or other interactions with you, if such interactions have been facilitated by medisync.
4.Practitioner availing of the free listing service on the Website or ‘medisync’ mobile application without registering for an account:
As a Practitioner, you may avail of the listing service without registering for an account by providing information regarding your [name, mobile number, email address], and such other information as requested by any of medisync’s employees or agents who contact you in person or by telephone. In such event, medisync will maintain this information if and until you choose to register for an account, for which medisync may contact you from time to time. medisync will, after such information is collected from you, send you a confirmation email confirming the information provided and the fact that you will be listed on the Website. In the event you do not wish to be so listed on the Website, please inform medisync immediately at firstname.lastname@example.org
5.Practitioners using the ‘Ray’ and/or ‘Tab’ products:
You will be required to create an account and may be required to provide medisync with information regarding your [name, mobile number, email address], and such other information as requested by medisync on the Ray and/or Tab Practitioner registration page, in order to complete your registration.
Upon registration, medisync will access non-personally identifiable information of your patients from your patient records. You agree to make your patients fully aware of such access.
medisync reserves the right to extend and withdraw ‘ABS’ (also known as Instant) functionality to you at its sole discretion, based on the number of End-User appointments being honoured by you. The extension or withdrawal of such facility shall be intimated to you by medisync.
You have an option under these products to switch on ‘End-User Feedback’. This will mean that you are giving one or more patients’ contact details to medisync’s feedback system. End-Users may choose to send feedback anonymously too, in which case you agree that you have no objection to such anonymous feedback. The feedback system will then send an SMS and email to the patient(s) asking for feedback which may then be published on the Website. You agree to make your patients fully aware of the possibility of their receiving such feedback queries.
6.Practitioners using the ‘medisync’ product:
You will be required to create an account and may be required to provide medisync with information regarding your [name, mobile number, email address], and such other information as requested by medisync on the ‘medisync’ Practitioner registration page, in order to complete your registration.