Privacy Notice

for Healthpass

  1. Why we are excited to protect your data?

  2. We are excited that you are entrusting us with your personal data because Healthpass would not be able to exist without your trust!

    At Healthpass, we fully recognize that you will only use our App and entrust us with your personal data if we treat it to the highest confidentiality standards. Quite like a bank where you would only deposit your money if you trust the bank.

    The below gives you more details on how we go about it.

  3. Who is the data controller and what does this notice contain?
  4. Data Controller is a legal term for the company that controls what happens with your personal data. Since Healthpass is a brand of Medicount Healthcare Private Limited, we at Medicount Healthcare Private Limited are the data controller.

    Although we are the Data Controller, you remain the key decision maker when it comes to your own personal data. With Healthpass, you always stay in control of what happens to your data. For example, you can decide how much data you want to share with us. You can also withdraw your data again. The below “rights” section tells you more about your rights.

  5. What is the connection to iCashCard by GI Technologies?
  6. For the wallet function of Healthpass we are partnering with iCashCard by a Chennai-based company called GI Technologies Private Limited. GI Technology Private Limited is properly licensed to operate the Healthpass wallet by the Reserve Bank of India under their PPI (Pre-paid Payments Instrument) license. Some of your personal data, especially financial data, will therefore be shared between Healthpass and GI Technology Private Limited. GI Technology Private Limited has its own data privacy notice which we encourage you to study carefully and which you will also need to agree to for the full functioning of the Healthpass App.

  7. What personal data will we collect from you?
  8. While registering and using Healthpass, we may collect, access and process several categories of personal data from you as given below. Some of that data is classified as “sensitive”. So please study the following list carefully before giving your explicit consent:

    • Name and surname
    • Gender
    • Date of birth
    • Identification document number - Aadhaar number, Voter’s ID or PAN number
    • Contact details - address, mobile number, email
    • KYC status (Know-Your-Customer status)
    • Your Healthpass wallet balance and transactions, including billing details for payments
    • Your loan eligibility and loan status information if you are applying for or have received a medical loan from our cooperation partner Zest Money (Camden Town Technologies Pvt. Ltd). However, we will not capture any of the information that you provide directly to Zest Money, such as your bank account information and/or bank statement, during the loan eligibility and loan application process since this data is collected on systems controlled by Zest Money and not shared with us. Please see the Zest privacy notice for further details.
    • Location of your mobile phone, to show you the distance to the empanelled medical service providers
    • Camera of your mobile phone, to enable you to scan the QR code to make payments through the Healthpass wallet
    • Information about your mobile phone such as device type, operating system, software version etc. to facilitate the functioning of Healthpass on your phone
    • Information about your Healthpass sessions’ duration, pages viewed etc., to monitor your Healthpass application usage and improve the services of Healthpass.
    • Your calls with our customer service hotline
    • Sensitive Data: The following sensitive data may be collected from you in your use of Healthpass:
      • (a) password - for registering and accessing your account with Healthpass
      • (b) medical check-up results
      • (c) information that you pass to our doctor-on-call service about you or your dependants
      • (d) financial information including credit/debit card details, bank account details and other related personal when you load the Healthpass wallet through Self-Service

    Please note that whenever you share personal data of other persons with us, like your spouse, children or friends, you confirm that you are fully authorized to do so on their behalf.

  9. How will we collect your personal data?
  10. We collect your personal data in the following instances:

    • when you register as a user
    • when you login in and browse through the Healthpass app
    • when you make payments through the Healthpass wallet
    • when you test your loan eligibility or receive a medical loan from our cooperation partner Zest Money (Camden Town Technologies Pvt. Ltd).
    • when you make phone calls on the Doctor-on-Call Service
    • when you make phone calls on our customer service line
    • when you otherwise actively send data to Healthpass (e.g. by email or letter)
  11. How will we use your personal data?
  12. We use your personal data for the following purposes

    • To verify your identity during the registration process and during transactions
    • To provide you with the full functionalities and services of Health\pass, such as sharing your profile with the doctor-on-call team when you request a call back from them
    • To facilitate the checking of your loan eligibility and processing your medical loan by our medical lending partner Zest Money (Camden Town Technologies Pvt. Ltd), however, only after you have accepted Zest Money’s Terms and Conditions and privacy notice.
    • To contact you when necessary
    • To conduct client surveys
    • To find out how you make use of Healthpass and its features (e.g. doctor on call) to improve our service and develop new solutions. We may also combine your personal data with that of other Healthpass users to discover larger trends and new service opportunities. For example, if your personal data and that of other users indicates that many of you suffer from a particular chronic illness, we may develop a new service around that illness
    • To promote and market our services to you and to inform you of special offers, promotions or competitions, including by way of direct mail and telemarketing, unless you have registered under the national “Do Not Call” registry.
    • To prevent fraud and money laundering and as required by law or regulation

    It is not a statutory or contractual requirement that you share your personal data with us. However, where you fail to provide us with this data, we will be unable to give you access to Healthpass and its various services. We therefore rely on your consent to this data privacy notice as the legal basis for data collection and usage for the above purposes.

    We will not utilize your data for any purpose not known and disclosed to you.

    We will never share or sell your personal data to third parties outside the Medicount group for advertising purposes.

  13. Who will have access to your personal data?
  14. The staff of the Medicount group will be granted access to your personal data on a strict need-to-know basis, that will allow you to use and benefit from Healthpass and its associated services. For example, our doctor-on-call has access to your medical records on file to be able to address your health concerns. A clerical staff in our accounting department would not get such access.

    For the storage and processing of your personal data, we may rely on the data processing services of contracted companies, so called “data processors”. This is similar to a torch (Healthpass) that needs batteries from a third-party battery factory (data processors) to work properly. We ensure that our data processors are bound by this data privacy notice, including giving data access to their staff on a strict need-to-know basis only.

    In addition, we employ security systems such as password encryption that meet or exceed industry standards to protect your data from unlawful access, hacks and misappropriation. However, sadly, no method of transmission of data over the internet, or method of electronic storage can be guaranteed to be 100% secure.

    Lastly, if required by law enforcement agencies or any regulator to share personal data, through a valid order, we will share your personal data with such public authorities.

  15. Where will my personal data be stored and processed?
  16. Your personal data may be stored and processed within India and outside India, e.g. in the European Union, depending on legal requirements and where the best suited data storage processing facilities exist.

    If we transfer your personal data outside India, we will ensure that it is stored and processed according to standards at least as good as those required in India and only used for the purposes set out in this privacy notice.

  17. What are your rights in respect of your personal data?
  18. You are the key decision maker on how we handle your personal data. At any point in time you have the following rights in respect of your personal data:

    • The right to access all personal data that we hold about you
    • The right to have your personal data rectified where it is inaccurate or incomplete
    • The right to have your personal data erased
    • The right to data portability, i.e. to receive your personal data in a structured, commonly used and machine-readable format so you may store it privately or take it to another company
    • the right to withdraw your consent to this data privacy policy at any time

    Please note that exercising your above rights is free of charge, but it may temporarily or permanently render Healthpass partly or entirely unusable.

    For exercising any of the above rights please contact our Grievance Officer at the contacts given below in the “Contact” section.

    In each case, we will try to contact you within 72 hours, utilizing your latest given contact details, to arrange the next steps, e.g. correction of data, erasure of data, export of data or full closure of account and refund of any balance.

    We will also inform our wallet operator GI Technologies and any other relevant partner of your exercising of your rights so that they can take the appropriate actions under this privacy notice or their own privacy policies as applicable.

  19. How long do we keep your personal data?
  20. We will keep your personal data for as long as you keep using Healthpass, unless we are legally required to delete it even earlier. If you withdraw your consent, close your account or request an erasure of your personal data, we will retain your data for a maximum of four more weeks to allow us to properly wind down your account. After those four weeks we will completely delete your personal data from our records.

    However, in a few cases we may need to keep your data for longer:

    • If required by law
    • If required to defend any legal claims
    • If required for a proper winding down of your account where that process takes longer than four weeks (e.g. if we fail to reach you in that period of time)

  21. How can you contact us?
  22. For any query regarding your personal data, or for any execution of your above rights, you can contact our Grievance Officer at:
    Medicount Healthcare Pvt. Ltd.

    attn. Data Privacy Officer

    7, Diamedica Plaza

    4th Cross, Pappaiah Garden Road

    Banagiri Nagar, Banashankari 3rd Stg

    Bangalore 560085


  23. How often do we update this data privacy notice?
  24. We will update the data privacy notice from time to time as required. In addition, once a year we perform a comprehensive review of the notice which may also lead to updates and changes.

    We will announce any notice change to you in the notification section of Healthpass. We will specifically highlight what has changed so that you don’t have to read the entire notice again.

    Lastly, every time we update our data privacy notice we will ask you for your renewed consent before you can continue using Healthpass.