ONSEN MEDICAL TOURISM PRIVATE LIMITED (“we”) are committed to safeguarding the privacy of our website visitors and registered users of the Medserg platform; this Policy sets out how we will treat your personal data when we act as the custodian of that data and when its processing is governed by various regulations including the following: i. Section 43A of the Information Technology Act, 2000; ii. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); iii. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011; iv. The EU General Data Protection Regulation (GDPR).
We use the term “personal data” to refer to any information collected or processed by, or in connection with, this website or the platform, that directly, or indirectly, identifies you or factors specific to you, such as your name, IP address or user preferences. Below we describe “lawful grounds” for processing your personal data. These lawful grounds (sometimes also referred to as “legal basis”) are the justification under GDPR for the processing of your personal data. If there are no lawful grounds for processing your personal data neither we, nor anyone else, is permitted to access or process your personal data.
We may collect, store and use the following kinds of information and personal data (“Collected Information”): a. information and personal data about your visits to and use of this website and our platform. We collect personal data about your computer and your visits to this website or the platform, including your IP address, geographical location, browser type, referral source, length of visit and number of page views, all of which are also Collected Information. b. information about any transactions carried out between you and us on this website, including information relating to any purchases you make of our goods or services. We collect:
First and last name
Contact information (email, phone)
Professional life data
Personal life data
Application usage data
Email communication data
Call recording data
c. information that you provide to us for the purpose of registering with us on the website or platform and/or subscribing to our website services and/or email notifications. We collect first and last name, email address, and phone number for these purposes.
Collected Information, including personal data, will be used to:
a. administer and improve this website’s and the platform’s usability;
b. improve your browsing experience by modification and replacement of text, images,
videos or links to increase relevance to the visitor;
c. send to you marketing and other communications relating to our business or the businesses of carefully selected third parties which we think may be of interest to you by post or, where you have specifically consented, by email or similar technology.
d. provide other companies with statistical information about our users. Information we provide to other companies will not identify any individual user.
e. allow us to see what enquiries made through our system get responded to, though we restrict who can see the text of the responses.
If you are a registered platform user, or a website user, the lawful grounds for processing your Collected Information is our legitimate interest in understanding how users interact with this website and the platform, and to improve how we promote our products and services.
We may share Collected Information about you:
a. to enable our service providers (third party sub-processors) to provide data centre hosting services, database hosting services, dialer infrastructure services, email sync services and to enable our third party processors to provide sales and marketing operations services;
b. to the extent that we are required to do so by law;
c. in connection with any legal proceedings or prospective legal proceedings;
d. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
e. in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We will take reasonable precautions to prevent the loss, misuse or alteration of your personal data. Data transmission over the Internet is inherently unsecure and we cannot guarantee the security of data sent over the Internet. We will store all the personal data you provide or that we collect about you on our secure servers. You are responsible for keeping your passwords confidential. We will not ask you for your passwords.
We are located in New Delhi, India. Submitting your personal data via this website or the platform will transfer your personal data to us. We will process transferred personal data pursuant to India and the EU-US. We may transfer your personal data to third parties, as described in Sharing Collected Information, pursuant to the onward transfer principles of the IT rules and regulations for data privacy. We use these third-parties to perform certain functions offered as part of our products and services, e.g. data centre hosting services, CRM Management, Group Email Services, SaaS survey solutions and SaaS IT service management software. These providers all certify compliance with the latest data privacy rules and regulations and are restricted from direct access to your personal data but, if necessary, may be granted access to your personal data only to the extent necessary to permit them to perform their contracted services. They are bound by confidentiality agreements and are restricted from using the personal data for other purposes.
We retain your personal data until data is requested to be purged from our systems by you or an authorized member of your organization.
The website contains links to other websites. We are not responsible for the privacy policies of third party websites or such site operators’ actions including the collection or use of your personal data.
If you use this website, upon request, Medmonks will grant you access to your personal data and allow you to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. See Contact Us details on our website. If you are a platform user, we depend on you to update and correct your personal data to the extent necessary for the purposes for which that data was collected, such as contact information you provide to us so that we can provide you with invoicing information.
You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified). You also have the right to request access to your personal data (including receiving a copy thereof) as well as additional information about how the data was processed. If we ever process your personal data, with the lawful grounds of your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Furthermore, you are entitled to have your personal data erased under certain circumstances. As of May 25, 2018, you also have the following additional rights:
Data portability – if ever we rely (as the lawful grounds for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party (such as making an enquiry), and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided us in a structured, commonly used and machine-readable format, and also to require that it be transmitted to another controller where this is technically feasible.
Right to erasure – you are entitled to have your personal data erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see below) or where personal data is unlawfully processed, provided that applicable law does not provide otherwise.
Right to restriction of processing – you have the right to restrict the processing of your personal data (that is, allow only its storage) where: o you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy; o where the processing is unlawful but you do not want us to erase the personal data; o where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defence of legal claims; or o where you have objected to processing, justified on lawful grounds (see below), pending verification as to whether we have your permission to continue processing. Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
Right to object to processing (including profiling) based on lawful grounds – where we rely upon legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defense of legal claims, or an applicable law requires otherwise.
Right to object to direct marketing (including profiling) – you have the right to object to our use of your personal data for direct marketing purposes (including profiling).
You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes an applicable law. You may contact us if you wish to exercise any of your rights in respect of your personal data processed by this website or the platform. Contact Us for any further information.