PRIVACY POLICY : iOS - Save all STEMI's
Scope and Purpose of this Privacy Policy
>>
This Privacy Policy explains how STEMI Care India Private Limited (“STEMI Care”) collects,
uses and discloses data obtained from Users of the STEMI India Application Save all STEMIs (“Application”).
It states the following:
>> The type of information collected from the Users of the Application and the Users, including sensitive personal data or information
>> The purpose, means and modes of usage of such information, and
>> How and to whom STEMI Care may disclose such information
>> The Application, comprising ‘Save all STEMIs’ (iOS App) is an internet-based software application for Apple mobile phones developed and owned by the STEMI India Charitable Trust (“STEMI India”). The application is a platform to facilitate the efficient diagnosis and treatment of ST-Elevation Myocardial Infarction as per the proprietary protocol (“STEMI India Protocol”) developed and owned by STEMI India.
>> The full usage rights of the Application, assigned to STEMI Care, a company duly incorporated under the provisions of the Companies Act, 1956 (2013), for a period of five years under Deed of Assignment dated 8th of November 2017 for the purpose of implementing and running the STEMI Programme at User Institutions.
>> The users of the Application include the doctors, nurses, emergency medical technicians, paramedics and registrants (“Users”) who are employed by the medical institution (“User Institution”) that has entered into a Memorandum of Understanding executed by and between the User Institution and STEMI Care to implement the STEMI Protocol to diagnose and treat patients (“Patients”) of the User Institution.
>> By using the Application and/or its services, the User consents to the collection, use and disclosure of Patients’ personally identifiable information in accordance with this Privacy Policy.
>> STEMI Care will not use or share Users’ or Patients’ data or information with anyone except as described in this Privacy Policy and shall be limited to the purposes under this Privacy Policy and the Terms of Use.
>> This Privacy Policy does not apply to information STEMI Care collects by other means (including offline) or from other sources.
Personal Information
STEMI Care may collect Personal Information, including Sensitive Personal Information from or through the Users of the Application as described in this Privacy Policy and accompanying Terms of Use.
>> “Personal Information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
>> “Sensitive Personal Information” means such personal information which consists of information relating to:
(i) mental health condition,
(ii) sexual orientation,
(iii) medical records,
(iv) any detail relating to the above clauses as provided to body corporate for providing service, and
(v) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise,
provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information.
Data collected from Users
User Data:
>> For providing its Services, STEMI Care will host and process data pertaining to the User’s registration and use, and data voluntarily submitted by the User on the Application.
>> As part of the registration process, STEMI Care collects the following personal information from the Users:
(i) Name
(ii) Age
(iii) Gender
(iv) ECG(Electro Cardiogram) in the form of a picture (Image)
>> STEMI Care will not review, share, distribute, or reference any User data except as provided in the Terms of Use, or as may be required by law.
>> Individual records of User data may be created, viewed or accessed only for resolving a problem i.e., diagnosis of ‘ST Elevation of Myocardial Infarction’ (STEMI) using the Image. We would take all reasonable precautions for maintaining confidentiality of data.
Patient Data:
>> The User and User Institutions acknowledge that STEMI Care will have access to the Sensitive Personal Information of patients (“Patient Data”), as provided by the User through the use of the Application. Patient Data will include the following:
(i) Name
(ii) Age
(iii) Gender
(iv) Health Condition
(v) Past Medical History (ECG)
(vi) Current Medical Condition – ECG
>> The User and User Institutions acknowledge that STEMI Care shall only retain and use Patient Data that has been obtained by the User/User Institution upon receiving their express and informed written consent to share their sensitive information with STEMI Care.
>> The User and User Institutions acknowledge that Patient Data may be collected from patients prior to obtaining their consent, for the purpose of providing emergency medical care, in cases where the patient is unconscious or unable to provide consent. However, the User and User Institution is solely responsible for obtaining such consent as required under 2.2.2 from the patient or their next of kin/guardian as soon as possible. Patient Data collected through the Application prior to obtainment of consent shall be deleted in its entirety from the Application if such consent is not given, within 24 hours of intimation to STEMI Care by the User or User Institution by the means described in Clause 9, in the absence of which STEMI Care assumes that the User and User Institutions have obtained said consent.
Compliance with Applicable Laws
This privacy policy is published in compliance of:
>> Section 43A of the Information Technology Act, 2000,
>> Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the "SPI Rules"); and
>> Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011 (the “IG Rules”).
Privacy Statements
>> A condition of each User's use of and access to the Application and services provided by STEMI Care to Users is their acceptance of the Terms of Use, published at www.stemicare.com and also communicated to the Users at the point of registration, which also involves acceptance of the terms of this privacy policy. Users are therefore required to read and understand the privacy statements set out herein prior to submitting any sensitive personal data or information to STEMI Care, failing which they are required to stop using this Application immediately.
>> A User/User Institution will be provided a secure password in order to have access to the features and benefits on our Application. The password will be periodically changed as and when STEMI Care deems fit.
>> Without the User Institution's agreement, STEMI Care will not share, rent or sell any personal information with third parties in any way other than what is disclosed in this privacy policy.
>> All Patient Data provided to the User by the patient, including sensitive personal information, is voluntary. The patient has the right to withdraw his/her/its consent at any time, in accordance with the terms of this privacy policy and the Terms of Use, following which the User/User Institution shall intimate this withdrawal to STEMI Care through the channels set down in Clause 9. STEMI Care shall delete that patient’s data in its entirety from the Application within 24 hours of receipt of such intimation.
>> STEMI Care may automatically collect and analyse information about the general usage of the Application and services to track which features are most commonly used, site traffic volume, frequency of visits, type and time of transactions, type of browser, browser language, IP addresses and operating systems. STEMI Care will only collect, track and analyse such information in an aggregated manner that does not personally identify the users. Such data may be used by STEMI Care in operating the Application and the services.
>> Information that does not personally identify the Users as an individual that is collected by STEMI Care from Users, such as usage data, is exclusively owned by STEMI Care. STEMI Care may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates unless specifically mentioned otherwise in STEMI Care’s agreement with the User Institution or its representative. If STEMI Care wishes to use any User's personal data for a new purpose, it will seek the User/User Institution's permission before doing so.
>> The Application may enable the User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. STEMI Care hereby expressly disclaims any liability for any misuse of such information that is made available by Users in such a manner.
>> STEMI Care does not collect information about the Users of the Application from other sources, such as public records or bodies, or private organisations, save and except for the purposes of registration of the Users (the collection, storage and disclosure of which each User must agree to under the terms of use in order for STEMI Care to effectively render the Services).
>> STEMI Care does not knowingly collect personal data from children except in the unlikely event that they report at the User Institution with chest pain and are diagnosed with STEMI (ST-Elevation Myocardial Infarction).
>> STEMI Care has implemented Indian legal industry standard security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
>> STEMI Care will not disclose any personal information or data to governmental institutions or authorities unless such disclosure is requisitioned under any Indian law or judicial decree or when STEMI Care, in its sole discretion, deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to in force or apply our terms of use.
>> All STEMI Care employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of all User and Patient Data.
>> STEMI Care may also disclose or transfer User and Patient Data that a User provides, to another third party as part of reorganization or a sale of the assets of a STEMI Care corporation division or company. Any third party to which STEMI Care transfers or sells its assets will have the right to continue to use the personal and other information that a User provides.
>> To the extent necessary to provide Users with the services on the Application, STEMI Care may provide their Personal Information to third party contractors who work on behalf of or with STEMI Care to provide Users with such services, to help STEMI Care communicate with Users or to maintain the Application. Generally, these contractors do not have any independent right to share this information, however certain contractors who provide services on the Application, including the providers of online communications services, will have rights to use and disclose the personal information collected in connection with the provision of these services in accordance with their own privacy policies.
>> STEMI Care addresses any discrepancies and grievances of all Users with respect to processing of information in a time bound manner. For this purpose, STEMI Care has designated a Grievance Officer, who will redress the grievances of the Users expeditiously but within one month from the date of receipt of grievance, and who can be reached by:
(i) Sending a letter marked to the attention of Grievance Officer, STEMI Care to Ms. Varshini Neethi Mohan, First Floor, AGT Business Park, 25, Electronics Estate, Avinashi Road, Coimbatore, Tamil Nadu 641014, India; or
(ii) Sending an email to info@stemicare.com
Data Storage
>> All the information listed in S.3 of this privacy policy is maintained by STEMI Care in electronic form on its equipment, in encrypted form on secure servers, and on the equipment of its employees. User Information may also be converted to physical form from time to time.
Confidentiality
Regardless of the manner of storage, STEMI Care will keep all personal information collected from Users and Patients confidential, and will only disclose it in the following manner:
>> STEMI Care makes all User and Patient Information accessible to its employees only on a need-to-know basis and binds all such employees to strict confidentiality obligations.
>> Notwithstanding the above, STEMI Care shall not be responsible for any breach of security or for any actions of any third parties that receive Users' personal data or events that are beyond the reasonable control of STEMI Care including, acts of government, computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, etc.
Change to privacy policy
>> STEMI Care may update this privacy policy at any time, with or without advance notice.
>> In the event there are significant changes in the way STEMI Care treats Users’ or Patients’ personally identifiable information, STEMI Care will display a notice on the Website or send Users an email, as provided for above.
>> Unless stated otherwise, STEMI Care current privacy policy applies to all information that STEMI Care has about Users and Patients and their account. Notwithstanding the above, STEMI Care shall not be required to notify the Users of any changes made to the privacy policy.
>> If a User uses the Service after notice of changes have been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed practices.
Contacting Us
STEMI Care can be reached, for all questions and directions related to this privacy policy, by:
>> Sending a letter marked to the attention of Ms. Varshini Neethi Mohan, First Floor, AGT Business Park, 25, Electronics Estate, Avinashi Road, Coimbatore, Tamil Nadu 641014, India; or
>> Sending an email to info@stemicare.com.
