Privacy Policy - Everwell Hub
INTRODUCTION
-
This Privacy Policy (“Policy”) lays down the categories and types of Personal Information (defined herein) that we may collect from you, how we may use them and with whom we share it. We, at Everwell Health Solutions Private Limited (“Company”, “we”, “us” and “our”) are committed to safeguarding the information of the Users (defined herein) of the Platform (defined herein). We ensure strict adherence to uniform practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing such Personal Information. All terms that are capitalised and not defined herein shall have the meaning prescribed to it under Terms of Use (“Terms”).
-
Users who avail our Services and all other visitors to the Platform are referred to in this Policy as "you", “your”, “User(s)”. This Policy applies regardless of whether you are using a computer, a mobile device or any other device to visit the Platform. By using the Platform, you agree to provide us your information in accordance with the terms of this Policy and Terms (available at https://www.everwell.org/terms-of-use), or any other agreement that governs your use of our Platform (collectively the “Agreements”). You should not use our Platform if you do not agree with the terms and conditions contained in these Agreements.
-
The Services can be accessed by the User(s) on our Platform at https://hub.everwell.org/ as described on https://www.everwell.org/everwell-hub (“Website”), mobile applications - Everwell Hub App (“Provider App”) and Hub Health Companion (“Patient App”) (hereafter known as “Platform”). The Policy also relates to our use of any Personal Information and/or Sensitive Personal Data or Information you provide to us.
DETAILS ABOUT THIS POLICY:
-
This Policy is published in compliance with inter alia, applicable provisions of the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “Rules”) and Information Technology (Intermediaries Guidelines) Rules, 2011.
-
This Policy provides information with regards to, (a) the type of information collected from the User(s), including Personal Information and Sensitive Personal Data or Information (as defined herein) relating to an individual, (b) the purpose, means and modes of collection, usage, processing, retention and destruction of such information, and (c) the process how and to whom we will disclose such information.
-
This Policy is applicable to:
-
Everyone who accesses and uses the Platform in any form or manner;
-
User(s) who avail our Services.
YOUR CONSENT AND ACCEPTANCE TO THE POLICY:
-
By accessing the Services or by merely vising our Platform, you will be deemed to have read, understood and agreed to the practices and policies outlined in this Policy and agree to be bound by this Policy. You hereby consent to our collection, use, transfer sharing and disclosure of your information as described in this Policy. If you use the Services on behalf of another person or entity, you represent that you are authorised by such person or entity to (i) accept this Policy on such person’s or entity’s behalf, and (ii) consent on behalf of such person or entity to our collection, use and disclosure of such person’s or entity’s information as described in this Policy.
THE COLLECTION AND USE OF PERSONAL INFORMATION BY US:
-
The information collected from you by us may constitute ‘Personal Information’ or ‘Sensitive Personal Data or Information’ under the Rules.
-
“Personal Information” is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
-
The Rules further define “Sensitive Personal Data” or “Information” of a person to mean personal information about that person relating to:
-
passwords;
-
financial information such as bank accounts, credit and debit card details or other payment instrument details;
-
physical, physiological and mental health condition;
-
sexual orientation;
-
medical records and history;
-
biometric information;
-
any detail relating to the above clauses as provided to body corporate for providing service;
-
information received by body corporate under lawful contract or otherwise.
-
Considering the Services involves the use of medical information, the consent of the Users is essential. Therefore, the Users by accepting this Policy, implicitly accepts the use of the medical data in the manner disclosed in the Terms.
WHAT IS THE INFORMATION THAT WE GATHER ABOUT YOU?
-
As you use our Services, you may provide us with a user name and password, as well as basic information such as your name and phone number. For patients on the Platform, data such as their medical history, diagnosed conditions, treatment plans, and so on, are collected and stored on the Platform. Patients can also upload information about their medication adherence, for example, by marking which doses were taken or by uploading videos of themselves ingesting prescribed medications. Such information can be uploaded on the Patient App which can be accessed by the Healthcare Service Provider(s).
-
. We collect information based on the data you submit, or the information about the patients submitted by the patients themselves or by the Healthcare Service Providers, for the limited purpose of providing the Services. Such information shall be solely for personal, informational and internal purposes.
-
The information we learn from you helps us to personalize and continually improve your experience on our Platform. We use your information to assist and provide you with our Services, communicate with you about our Services, update our records and generally maintain your accounts with us. During the account registration process, we will collect Personal Information that you may be required to provide.
WHAT ARE THE TRACKING TECHNOLOGIES WE USE?
-
We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs (which may include your IP address).
-
Cookies are small files that are stored on your browser or device by websites, apps, online media and advertisements. We use cookies and similar technologies for purposes such as:
-
authenticating Users; and
-
determining the relevance of Services on the Platform;
-
A pixel tag (also called a web beacon or clear GIF) is a tiny graphic with a unique identifier, embedded invisibly on a webpage (or an online ad or email), and is used to count or track things like activity on a webpage or ad impressions or clicks, as well as to access cookies stored on Users’ computers. We use pixel tags to measure the popularity of our various features and Services. We also may include web beacons in e-mail messages or newsletters to determine whether the message has been opened and for other analytics.
DISCLOSURE/SHARING OF YOUR INFORMATION:
-
Information collected from patients on the Platform is visible to local Health Service Provider(s) as per their configuration of the system. We are not responsible for the acts/omissions of the Healthcare Service Provider(s) while storing/processing/distributing Information.
-
We may disclose/share your information to following recipients for the purpose of managing, operating, administering our business and for legal purposes:
-
To our other group entities for security purposes;
-
To regulators, government, courts, law enforcement and other authorities acting as processors who require reporting of processing activities in certain circumstances;
-
Otherwise as permitted contractually or required by applicable laws and regulations.
-
Law Enforcement, Legal Process and Compliance: We may disclose information about you (1) if we are required or permitted to do so by applicable law or legal process, (2) to law enforcement authorities or other government officials to comply with a legitimate legal request, (3) when we believe disclosure is necessary to prevent physical harm or financial loss, (4) to establish, exercise or defend our legal rights, (5) in connection with an investigation of suspected or actual fraud or illegal activity or (6) otherwise with your consent. Where we need to collect your information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a service you have booked with us but we will notify you if this is the case at the time.
-
While we take and ensure utmost care of your Personal Information, we are not responsible for the confidentiality, security or distribution of your Personal Information by third-parties and/or Healthcare Service Provider(s) outside the scope of our agreement with such third-parties and/or Healthcare Service Provider(s). Further, we shall not be responsible for any breach of security or for any actions of any third-parties and/or Healthcare Service Provider(s) or events that are beyond the reasonable control of us including but not limited to, acts of government, computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of internet service or telephone service of the User, etc.
HOW DO WE PROTECT YOUR INFORMATION?
-
We are committed to protecting the security of your Information. We have implemented extensive technical security measures, security policies and Company wide regulations to protect the Information that is provided by you to us from time to time to ensure that such Information is kept secure and handled carefully across our Company.
-
We use best -in -class security practices including implementing robust firewalls which are updated with security patches regularly, which ensures that all such Information is protected from public access. Further, we have implemented Company wide security training and regulations to ensure that all Information in our possession is kept secure. This includes monitoring and auditing any access to Information, restricting access to Information based on roles and responsibilities, constantly auditing access and permissions and training and educating our personnel on handling Information.
-
We urge you to take steps and ensure that no one has unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. Finally, to be prudent, please be sure to always close your browsers when you are done using the Platform.
-
We cannot guarantee that our Services and Platform will function in an error free manner and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
-
Data Security Arrangements: We have in place appropriate technical and security measures to secure the information collected by us. As such, we store your data on protected servers and have placed adequate storage measures to deter unauthorized entry, processing, usage, release, copying, alteration, and disposal of your data. However, we cannot be held liable for any unauthorized use of your data by third parties that are entirely attributable to factors outside our control. We hereby acknowledge and are aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through the Platform. Once we have received your information, we will use strict physical, electronic, and procedural safeguards to try to prevent unauthorized access.
LINKS TO ANY EXTERNAL WEBSITES:
-
The Platform may contain links to other external, third party websites over which we do not have any control. Such links do not constitute an endorsement by us of those external websites. Kindly note that the privacy practices on such websites may differ from ours. We encourage you to be aware when you leave our site, to review the privacy policy of any site you visit. By clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the protection and privacy of any information (including Personal Information and cookies), which you provide while visiting such external websites and such sites are not governed by this Policy.
PROCESS RELATED TO OPTING OUT AND UNSUBSCRIBE:
-
If you wish to withdraw your consent for the use and disclosure of your personal information in the manner provided in this Policy or you want your data to be deleted, please write to us at contact@everwell.org. Please note that we may take time to process such requests, and your request shall take effect no later than 21 (twenty-one) business days from the receipt of such request, after which we will not use your personal data for any processing unless required by us to comply with our legal obligations. We may not be able offer you any or all Services upon such withdrawal of your consent.
- In the event, if you have raised a request for withdrawal of your consent for the use and disclosure of your personal information by us, and thereafter you place an order on our Platform via availing our Services, in such cases, you hereby consent to receiving any/all updates or communications limited to your placed order and the status report that shall be sent to you by us over your mail/SMS/WhatsApp/in-app notifications.
CHANGES AND UPDATES MADE TO THIS POLICY:
-
We will review our policies, procedures and processes from time to time as part of our efforts to ensure we properly handle, secure and process your information. We reserve the right to amend, at our sole discretion, the terms of this Policy. We would notify you about revisions to this Policy by publishing the updated Policy on our Platforms with the date it was revised. You are advised to visit the Platform from time to time to ensure that you remain fully aware of our current Policy.
HOW LONG IS YOUR INFORMATION RETAINED?
-
We will only retain your information for as long as contractually obligated. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
CONTACT INFORMATION
-
We welcome your comments or questions about this Policy. You may contact our Grievance Officer at grievanceofficer@everwell.org.
GOVERNING LAW AND JURISDICTION:
-
This Policy shall be governed in all respects by the laws of India.
-
Jurisdiction: The courts at Bangalore, Karnataka, India shall have exclusive jurisdiction and you hereby accede to and accept the jurisdiction of such courts.
OVERRIDING EFFECT
-
In the event of any ambiguity or conflict between this Policy and the terms in the individual agreements entered into with the Healthcare Service Provider(s), the terms in the individual agreements entered into with the Healthcare Service Provider(s) shall override and prevail over this Policy.