Privacy Notice

for Healthpass

As of 29 July 2019

This privacy notice forms part and parcel of our general Terms of Service.

  1. Why we are excited to protect your data?

  2. We are excited that you are entrusting us with your personal data because Healthpass would not be able to exist without your trust!

    At Healthpass, we fully recognize that you will only use our App and entrust us with your personal data if we treat it to the strictest confidentiality standards. Quite like a bank where you would only deposit your money if you trust the bank.

    The below gives you more details on how we go about it.

  3. Who is the data controller and what does this notice contain?
  4. Data Controller is a legal term for the company that controls what happens with your personal data. Since Healthpass is a brand of Medicount Healthcare Private Limited, we at Medicount Healthcare Private Limited are the data controller.

    Although we are the Data Controller, you remain the key decision maker when it comes to your own personal data. With Healthpass, you always stay in control of what happens to your data. For example, you can decide how much data you want to share with us. You can also withdraw your data again. The below “rights” section tells you more about your rights.

  5. What is the connection to iCashCard by GI Technologies?
  6. For the wallet function of Healthpass we are partnering with iCashCard by a Chennai-based company called GI Technologies Private Limited. GI Technologies is properly licensed to operate the Healthpass wallet by the Reserve Bank of India under their PPI (Pre-paid Payments Instrument) license. Some of your personal data, especially financial data, will therefore be shared between Healthpass and GI Technologies as a separate Data Controller. GI Technologies has its own privacy notice which we encourage you to study carefully and which you will also need to agree to for the full functioning of the Healthpass App.

  7. What personal data will we collect from you?
  8. While registering and using Healthpass, we may collect, access and process several categories of personal data from you as given below. Some of that data is classified as “sensitive”. So please study the following list carefully before giving your explicit consent:

    • Name and surname
    • Gender
    • Date of birth
    • Identification document number - Aadhaar number, Voter’s ID or PAN number
    • Contact details - address, mobile number, email
    • KYC status (Know-Your-Customer status)
    • Your Healthpass wallet balance and transactions, including billing details for payments
    • Your loan eligibility and loan status information if you are applying for or have received a medical loan from our cooperation partner Zest Money (Camden Town Technologies Pvt. Ltd). However, we will not capture any of the information that you provide directly to Zest Money, such as your bank account information and/or bank statement, during the loan eligibility and loan application process since this data is collected on systems controlled by Zest Money and not shared with us. Please see the Zest privacy notice for further details.
    • Location of your mobile phone, to show you the distance to the empanelled medical service providers
    • Camera of your mobile phone, to enable you to scan the QR code to make payments through the Healthpass wallet
    • Information about your mobile phone such as device type, operating system, software version etc. to facilitate the functioning of Healthpass on your phone
    • Information about your Healthpass sessions’ duration, pages viewed etc., to monitor your Healthpass application usage and improve the services of Healthpass.
    • Your calls with our customer service hotline
    • Sensitive Data: The following sensitive data may be collected from you in your use of Healthpass:
      • (a) password - for registering and accessing your account with Healthpass
      • (b) medical check-up results
      • (c) information that you pass to our doctor-on-call service about you or your dependants
      • (d) financial information including credit/debit card details, bank account details and other related personal when you load the Healthpass wallet through Self-Service

    Please note that whenever you share personal data of other persons with us, like your spouse, children or friends, you confirm that you are fully authorized to do so on their behalf.

  9. How will we collect your personal data?
  10. We collect your personal data in the following instances:

    • when you register as a user
    • when you login in and browse through the Healthpass app
    • when you make payments through the Healthpass wallet
    • when you test your loan eligibility or receive a medical loan from our cooperation partner Zest Money (Tyche Wellness Pvt Ltd)
    • when you make phone calls on the Doctor-on-Call Service
    • when you make phone calls on our customer service line
    • when you otherwise actively send data to Healthpass (e.g. by email or letter)

    Please note that calls may be recorded for analytics and quality assurance.

  11. How will we use your personal data?
  12. We use your personal data for the following purposes

    • To verify your identity during the registration process and during transactions
    • To provide you with the full functionalities and services of Healthpass
    • To contact you when necessary
    • To conduct client surveys
    • For quality assurance purposes
    • To exchange your financial information with GI Technology (the Healthpass wallet operator) for a seamless operation and integration of the Healthpass wallet with the rest of Healthpass
    • To facilitate the checking of your loan eligibility and processing your medical loan by our medical lending partner Zest Money (Camden Town Technologies Pvt. Ltd), however, only after you have accepted Zest Money’s Terms and Conditions and privacy notice.
    • To find out how you make use of Healthpass and its features (e.g. doctor on call) to improve our service and develop new solutions. We may also combine your personal data with that of other Healthpass users to discover larger trends and new service opportunities. For example, if your personal data and that of other users indicates that many of you suffer from a particular chronic illness, we may develop a new service around that illness
    • To promote and market our services to you and to inform you of special offers, promotions or competitions, including by way of direct mail and telemarketing, unless you have registered under the national “Do Not Call” registry.
    • To prevent fraud and money laundering and as required by law or regulation

    It is not a statutory or contractual requirement that you share your personal data with us. However, where you fail to provide us with this data, we will be unable to give you access to Healthpass and its various services. We therefore rely on your consent to this data privacy notice as the legal basis for data collection and usage for the above purposes.

    We will not utilize your data for any purpose not known and disclosed to you.

    We will never share or sell your personal data to third parties outside the Medicount group for advertising purposes.

  13. Who will have access to your personal data?
  14. The staff of the Medicount group will be granted access to your personal data on a strict need-to-know basis, in order to allow you to use and benefit from Healthpass and its associated services. For example, our doctor-on-call has access to your medical records on file to be able to address your health concerns. A clerical staff in our accounting department would not get such access.

    In addition, we employ security systems such as password encryption that meet or exceed industry standards to protect your data from unlawful access, hacks and misappropriation. However, sadly, no method of transmission of data over the internet, or method of electronic storage can be guaranteed to be 100% secure.

    For the performance of certain services of Healthpass, e.g. call center, we work with contracted companies, so called “data processors”. Also for the storage and processing of your personal data, we may rely on the data processing services of contracted companies. This is similar to a torch (Healthpass as data controller) that needs batteries from a third-party battery factory (data processors) to work properly. We ensure that our data processors are bound by this data privacy notice, including giving data access to their staff on a strict need-to-know basis only. In case of data processors, you don’t need to agree to any additional Terms and Conditions and privacy notices, since they are fully covered by our T&Cs and privacy notice.

    For service partners that are independent data controllers, e.g. our medical lending and telehealth partners, we will only share the required personal data for their services with them after you have accepted their separate T&Cs and privacy notices. After sharing is complete, responsibility for your shared personal data then fully rests with those independent partners.

    Lastly, if required by law enforcement agencies or any regulator to share personal data, through a valid order, we will share your personal data with such public authorities.

  15. Where will my personal data be stored and processed?
  16. Your personal data may be stored and processed within India and outside India, e.g. in the European Union, depending on legal requirements and where the best suited data storage processing facilities exist.

    If we transfer your personal data outside India, we will ensure that it is stored and processed according to standards at least as good as those required in India and only used for the purposes set out in this privacy notice.

  17. What are your rights in respect of your personal data?
  18. You are the key decision maker on how we handle your personal data. At any point in time you have the following rights in respect of your personal data:

    • The right to access all personal data that we hold about you
    • The right to have your personal data rectified where it is inaccurate or incomplete
    • The right to have your personal data erased
    • The right to data portability, i.e. to receive your personal data in a structured, commonly used and machine-readable format so you may store it privately or take it to another company
    • the right to withdraw your consent to this data privacy policy at any time

    Please note that exercising your above rights is free of charge, but it may temporarily or permanently render Healthpass partly or entirely unusable.

    For exercising any of the above rights please contact our Grievance Officer at the contacts given below in the “Contact” section.

    In each case, we will try to contact you within 72 hours, utilizing your latest given contact details, to arrange the next steps, e.g. correction of data, erasure of data, export of data or full closure of account and refund of any balance.

    We will also inform our wallet operator GI Technologies and any other relevant partners of your exercising of your rights so that they can take the appropriate actions under this privacy notice or their own privacy notices as applicable.

  19. How long do we keep your personal data?
  20. We will keep your personal data for as long as you keep using Healthpass, unless we are legally required to delete it even earlier. If you withdraw your consent, close your account or request an erasure of your personal data, we will retain your data for a maximum of four more weeks to allow us to properly wind down your account. After those four weeks we will completely delete your personal data from our records.

    However, in a few cases we may need to keep your data for longer:

    • If required by law
    • If required to defend any legal claims
    • If required for a proper winding down of your account where that process takes longer than four weeks (e.g. if we fail to reach you in that period of time)

  21. How can you contact us?
  22. For any query regarding your personal data, or for any execution of your above rights, you can contact our Grievance Officer at:

    Healthpass (Medicount Healthcare Pvt. Ltd.)

    attn. Data Privacy Officer

    7, Diamedica Plaza

    4th Cross, Pappaiah Garden Road

    Banagiri Nagar, Banashankari 3rd Stg

    Bangalore 560085


  23. How often do we update this data privacy notice?
  24. We will update the privacy notice from time to time as required. Any updates of our privacy notice will be reflected on our website. We therefore recommend that you check back into our privacy notice from time to time. Your continued use of Healthpass following any such modification constitutes your agreement to the privacy notice so modified.