Data Privacy & Security Policy
The purpose of this Policy is to explain the types of personal data concerning you is collected from you, when and why we collect the personal data, how we use them, the conditions of our disclosure to third parties, how we secure the stored personal data, and your rights with respect to such personal data.
“You” means any person (including anonymous or registered user) visiting the website or any hospital operated by us or accessing any of our services or any employees, contractors, interns or consultants engaged by us. “We”, “us”, “our”, “Care Hospitals” or “QCIL” refers collectively to Quality Care India Limited and / or its subsidiaries.
All the staff of Quality Care India Limited and its legal subsidiaries are bound by this Policy.
3.1 Personal Information: Personal information is the information through which an individual can be directly identified or accessed. The personal information collected, processed and stored by us, includes but is not limited to:
- Date of Birth / Age
- Contact details including mobile numbers and email id
- Contact/ Permanent Address
- Sexual Orientation
- Medical records and history
- Health status including physical, physiological and mental health condition
- Aadhar/Driving License / PAN or any other identity document.
- Other details provided at time of registration or voluntarily
- Financial information such as Bank account or credit card or debit card or
other payment instrument details
- Biometric information
- Cookies and data such as IP Address, login credentials, type of device, browser details, referring URLs, web pages accessed, time zone etc are logged in case of web site /application /mobile application visitors or users.
3.2 Personal Information Collection: Personal Information or sensitive personal information is collected directly from persons, on our website or web applications or when one visits any of the Care hospitals or avails any of the services offered. Personal information of employees, interns, consultants and contractors is collected and processed during the course of their engagement. The above data is collected by various methods such as those set out below:
- Registration on Care Hospitals website or web applications.
- Registration at any of Care Hospitals unit while availing services.
- Submitting the details to any staff of Care Hospitals.
- Any information provided to us by you through any other channels.
By sharing the information, or clicking on “I agree” or accepting any other documentation provided, you consent to the use of the information for the purposes mentioned in this Policy.
- Usage/Processing of Personal Information: The personal information collected shall be used in the following ways.
- To contact via phone/SMS/email on service updates, payment reminders, send reports, invoices etc.
- To contact you via phone/SMS/email on providing information regarding promotional offers.
- To provide services rendered by us, including medical services
- To analyze and improve our services.
- To respond to any legal summons and processes.
- For legal and compliance requirements.
- For employment related purposes.
Collection and processing of Aadhaar information: We may collect Aadhaar information from you for identification purposes. Please note that it is not mandatory for you to provide your Aadhaar details for [identification purposes], and you may provide other identification documents such as [PAN card, passport or driving license]. However, we shall inform you in case collection of Aadhaar information is mandatory for the purpose of compliance with applicable law. We will not be sharing your Aadhaar details further with third parties without your consent. We do not retain your Aadhaar details longer than required for the purposes mentioned above and will keep such details secure and confidential in accordance with applicable laws.
3.3 Disclosures or Transfers: The data/ personal information may be disclosed or shared with third parties (eg. business associates) for the following purposes
- For insurance services
- For specialized services as part of overall services provided or any schemes
- For analysis and business intelligence services or as part of monetizing or providing better services
- For disseminating the information to the users vide channels including but not limited to email, SMS, WhatsApp etc.
- As required under applicable laws or pursuant to any judicial or governmental proceeding
- In connection with the sale of our business or assets or an acquisition of our business by a third party or any other merger / amalgamation / acquisition / corporate transaction involving us
Any such sharing or disclosure of personal and sensitive personal information is only to entities / individuals who adhere to the same levels of security standards as maintained by us, to ensure the security, integrity, and privacy of your sensitive personal information
3.4 Reasonable Security Practices and Security of Personal Information: The data security is of utmost priority for QCIL/Care hospitals. We adopt adequate measures to prevent unauthorized access to your personal information and have implemented reasonable security practices commensurate to the standards required under applicable laws and industry best practices. These include the following practices:
- All our applications have role-based access to the users ensuring only necessary information is visible to the users.
- All the data storages are protected by multiple layers of security and password protection.
- The information is accessible only on a need to know basis.
- Public display will contain only masked information and the personal information is not revealed at any given point.
- No user can copy the data and take it out of the Care Hospitals network.
Though we try to protect the personal information and prevent any unauthorized access, no system is 100% fool proof and QCIL, its subsidiaries along with its group companies are not liable for unintended breach of data causing disclosure of personal data.
3.5 Timelines of Storage: All the information will be stored as long as may be required under applicable law or the purpose for which it has been collected
3.6 Your Rights: You have the following rights under this Policy in relation to your personal information (subject to applicable law):
- Right of Access and Modification: You can access your personal information at any time to review any such information that you have supplied. You may modify any such information that has been found to be inaccurate or incomplete during such review.
- Right to Withdraw Consent: You may also withdraw your consent in relation to processing of any sensitive personal information that you have provided to us, by contacting our grievance officer, using the details provided below. Please note however that this may affect our ability to provide you with services and may therefore lead to discontinuation of such services for which this information was being used for, at our sole discretion.
3.7 Grievance Officer: QCIL and subsidiaries shall address any discrepancies and grievances of their provider of the information with respect to processing of information in a time bound manner. For this purpose, a Grievance Officer has been designated. Group CFO is also designated Grievance Officer and the details are provided as Annexure to this policy. The Grievance Officer shall redress the grievances or provider of information expeditiously but within one month from the date of receipt of grievance.
3.8 Amendments: We may revise the Policy from time to time. Any such changes will be posted on our website and applications. We may not be able to separately notify you of the revisions each time that we make them. We encourage you to check this page periodically for modifications or revisions to the Policy to understand how it affects the use of your personal information. We will not be responsible for your failure to remain informed about such changes. However, where required under applicable law, we will obtain additional consent from you for such changes.
4. Policy Compliance
4.1 Policy Owner: The grievance officer is responsible for implementation of this Policy.
4.2 Compliance: The Care Hospitals team will verify compliance to this Policy through various methods, including but not limited to monitoring tools, reports, internal and external audits, and feedback to the Policy Owner.
4.3 Non-Compliance: An employee found to have violated this Policy may be subject to disciplinary action, up to and including termination of employment.