Privacy Policy

DATA PRIVACY CONSENT NOTICE

1. What is Personal Data?

1. “Data” refers to any representation of information, facts, concepts, opinions, or instructions in a format suitable for communication, interpretation, or processing, whether by humans or automated systems.
2. “Personal data” means any information relating to an individual who can be identified, directly or indirectly, by that data.

2. Legal Requirements for Consent under the Digital Personal Data Protection Act, 2023

1. The Digital Personal Data Protection Act, 2023, along with its associated rules (“Act”), is the primary legislation governing data privacy in India.
2. According to the Act, a data fiduciary may only process personal data in digital form if it adheres to the Act's provisions and is done for a lawful purpose. This lawful purpose requires either:
   1. Consent from the data principal, or
   2. Specific legitimate uses or exemptions as defined within the Act.
3. Legitimate use, as defined by the Act, pertains to the originally specified purpose for which the data principal willingly provided their personal data to the data fiduciary, and to which the data principal has not expressed any dissent.
4. All consents obtained by data fiduciaries must be:
   1. Free, specific, informed, unconditional, and unambiguous, indicated through clear affirmative action, and limited to the personal data necessary for the specified purpose.
   2. Accompanied or preceded by a consent notice that conforms to the format and manner detailed in the Act.

3. Data Fiduciary and Data Principal Defined

1. A “data fiduciary” is defined as any entity (person, company, etc.) who, either independently or jointly with others, determines the purposes and methods of processing personal data.
2. A “data principal” is the individual to whom the personal data pertains. This includes:
   1. Children: For data principals who are children, the term includes their parents or legal guardians.
   2. Persons with disabilities: For data principals who are persons with disabilities, it includes their legal guardians acting on their behalf.
3. For the context of this Privacy Policy, you are considered the data principal, and the Company is the data fiduciary.

4. What is “Processing” of Personal Data?

“Processing”, concerning personal data, encompasses any operation or set of operations, whether fully or partially automated, performed on digital personal data. This includes actions such as: collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment, combination, indexing, sharing, transmission, dissemination, making available, restriction, erasure, or destruction of personal data.

5. Data Collection and Processing Responsibility

For your use of the Platform and our services, the Company is responsible for the collection and processing of your personal data.

6. Types of Information Collected

During your interaction with the Platform, the Company may collect certain types of personal data, including but not limited to:

1. Contact Information: This may include your name, email address, phone number, postal address, and similar contact details.
2. Other Information: Technical data such as your IP address and browser type may be collected automatically as you interact with the Platform.
3. Anonymized Data: For research, analytics, and statistical purposes, we may anonymize your data. This involves removing personally identifiable information to ensure that the data cannot be linked back to you. This anonymized data is used for service improvement without compromising your privacy.
4. Children's Data: We are committed to complying with applicable laws regarding the collection of data from children. Our Platform is not intended for individuals under 18 years of age (“children”), and we do not knowingly collect personal data directly from children without parental/guardian consent, where applicable. We request that children not use our Platform or provide personal information without appropriate consent.

You acknowledge and agree that any information you provide on the Platform is voluntary and at your own risk. While we take extensive measures to ensure data security, the Company is not liable for data loss or theft. Information you provide may be retained to: (i) deliver services and (ii) comply with legal obligations.

You are responsible for the accuracy of the data you provide for Platform use and service requests. Any inaccuracies or changes should be immediately reported to the Company at [email protected].

To discontinue Platform use or withdraw consent for data collection and processing, please contact us at [email protected]. Once you withdraw your consent, the Company shall retain the personal information provided by you on the Platform for such time period as may be mandated by applicable law and thereafter erase the same in full.

7. Methods of Information Collection

We collect information through various methods:

1. Active Collection: Information you actively provide when registering or using services on the Platform.
2. Passive Collection: Information automatically gathered using tools like Google Analytics, Google Webmaster, and browser cookies to analyze Platform usage. This data helps us understand user demographics, preferences, and behaviors to improve the Platform's functionality, personalize user experience, provide updates, offer new services, deliver customer support, and inform you about content, offers, and products.
3. Social Networking Platforms: Our Platform may allow connections to social networks. By connecting, you permit us to access, use, and store information as allowed by your social network settings, in accordance with this Policy. You can revoke our access at any time via your social media account settings.
4. Automated Data Collection: We automatically collect data such as ISP, browser type, operating system, device type, time spent on the Website, pages viewed, accessed information, IP address, and related statistics. This web analytics and clickstream data, along with cookies and action tags, help us monitor your visits, preferences, and profile information.

Regardless of the collection method, all personal data is protected with the same privacy measures.

8. Use of Personal Information

The Company uses your personal information for various purposes:

1. Communication: To contact you regarding services, relationship management, and to facilitate your access to and use of the Platform.
2. Marketing: To inform you about promotions, offers, new features, and other marketing communications.
3. Transactional Updates: To send emails or SMS messages regarding service-related actions and updates.
4. Security and Improvement: To enhance website security, evaluate and improve our services, track website usage, and analyze traffic and user behavior.
5. Legal and Administrative Processes:
   1. To support legal claims or defenses, cooperate with legal authorities, and comply with legal obligations.
   2. To enable data access requests, grievance submissions, and respond to your queries and requests for clarification.

Additionally, your data may be processed for digital infrastructure maintenance, internal audits, compliance with laws, cybersecurity measures, and financial system operations, as well as for legitimate uses or exemptions under the Digital Personal Data Protection Act, 2023, and other applicable laws.

9. Data Processing Details

The Company processes all data shared on the Platform. Personally identifiable data is used solely for service delivery and communication. Currently, personal data is not outsourced for processing, except for storage and hosting by Namecheap Inc. and its affiliates (“Storage Outsourcing”). We retain personal information as long as necessary for the purposes defined in this Policy, or as legally required.

You may withdraw your consent at any time by emailing [email protected]. We will respond in accordance with applicable law and may request identity verification for security purposes. We will notify you upon completion of your request.

Even after removal requests, residual data may remain in our databases, subject to legal standards.

You can authorize an agent to manage your rights. We will require verification of your agent's identity and authorization and may deny requests from unverified agents.

10. Information Sharing with Third Parties

We may share your information with:

1. Service Providers: Third-party contractors who provide services on our behalf, such as doctors, medical boards, and transactional message processors.
2. Legal Compliance: When required by law, such as in response to court orders, subpoenas, or government agency requests.
3. Business Transfers: In the event of a merger, acquisition, or sale of business assets, personal information may be transferred to the new entity.
4. Third-Party Data Handling: The Company is not responsible for how third parties handle data collected or received through the Platform, including medical information, and is not liable for any loss or damage resulting from their data handling practices.
5. Cross-Border Data Transfers: For Storage Outsourcing, we may transfer your Personal Data outside India, ensuring:
   1. Adequate Safeguards: Data recipients adhere to data protection standards at least as high as those in the DPDP Act.
   2. Government Permissions: Transfers are limited to countries or entities approved by the Indian Government for cross-border data sharing.
   3. Consent for Further Processing: Explicit consent will be obtained for any data processing beyond Storage Outsourcing that involves transferring data to foreign jurisdictions, where required.

11. Data Security Measures

The Company implements industry-standard security practices to protect your personal information but is not liable for security breaches caused by third-party actions or events beyond our reasonable control, including governmental acts, hacking, unauthorized access, hardware failures, or encryption breaches.

When transferring data to external entities or processors, we ensure they maintain data protection standards equivalent to or higher than those required by Indian law and this Policy.

Cookies:

Cookies are small files placed on your computer to help analyze web traffic and site visits. They do not personally identify you but recognize your device. We use traffic log cookies to analyze webpage usage and improve our Platform. This data is used for statistical analysis and then removed. We are not responsible for cookies placed by third-party links on our Platform, and their privacy policies are not endorsed by us.

We use the following types of cookies:

• Necessary Cookies: Essential for website functionality, security, and navigation. Disabling them may affect website functions.
• Analytics Cookies: Used to collect data on website usage to improve user experience.
• Google Analytics: We use Google Analytics for website analysis. Google's privacy practices are detailed at https://support.google.com/analytics/answer/6004245. You can opt out of Google Analytics tracking at http://tools.google.com/dlpage/gaoptout.
• Social Media Cookies: Enable interaction with social media plugins and content sharing.
• Advertising Cookies: Used for ad placement, effectiveness measurement, and content personalization.

Most browsers allow cookie control in settings, including deletion and rejection. Rejecting cookies may affect website functionality. Instructions for managing cookies can typically be found on your browser's homepage.

Additionally, your IP address is automatically logged to track usage levels, diagnose server issues, and manage the Website. We may use IP addresses to communicate with or block users who violate our Terms of Use.

12. Third-Party Website Links

Clicking on third-party links on our Platform may redirect you to external websites not controlled by the Company. This Privacy Policy does not extend to these external sites, and we are not liable for their privacy practices or misuse of your personal information by these sites.

The Company may use third-party advertising companies, which may use your visit information to provide targeted ads for goods and services.

13. Redressal of Grievances:

If a user has any questions or grievances regarding the Platform, the contents thereof, or the manner in which personal data is being collated or processed by the Platform, the user may reach out to our Grievance Officer, Ms. Aishwarya Rao at [email protected]. The Grievance Officer will address complaints within 15 days of receipt. If additional information is needed, we will notify you.

14. Grievance Redressal Mechanism:

1. Complaints will be acknowledged within 24 hours and resolved within 15 days.
2. Complaints related to nudity, sexual content, or impersonation will be resolved within 24 hours.

15. Miscellaneous Provisions

1. Force Majeure: The Company is not liable for performance delays or failures caused by events like natural disasters, pandemics, war, or strikes. We may also cease Platform operation at any time without notice.
2. Policy Amendments: We will process your data according to this Policy unless legitimate uses under the Digital Personal Data Protection Act, 2023, or other laws permit processing without explicit consent. For new purposes, we will seek additional consent.
3. This Policy may be updated to reflect business changes or legal requirements. The latest version can be requested via the channels in paragraph 13. Material changes affecting consent will be communicated to you, and additional consent will be sought if required.
4. No Waiver: Failure to enforce any provision of this Policy does not constitute a waiver of that provision.
5. Notices: All notices must be written in English and sent via email or prepaid courier to the addresses below:

   Notice to the Company:
   B10 Health Technologies Private Limited
   Survey No. 110, Phase IV, Plot 184, HIG-B, DLF Rd, Gachibowli, K.V. Rangareddy,
   Seri Lingampally, Telangana 500032
   Email: [email protected]

   Notice to User:
   To the email address you provided during Platform registration.

6. Governing Law and Jurisdiction: This Policy is governed by Indian law. By using the Platform, you consent to the jurisdiction of courts in Telangana, India, and agree to the exclusive jurisdiction of Indian courts and the Data Protection Board of India for any disputes related to this Policy.

   You agree that all information is disclosed willingly. We are not liable for the authenticity, misrepresentation, or negligence of disclosed information. In case of policy-agreement conflicts, this Policy prevails unless otherwise agreed in writing.

16. Data Principal Rights Under the Act

1. Under the Digital Personal Data Protection Act, 2023, you have rights including:
   1. Right to a summary of your personal data being processed and related activities.
   2. Right to know the identities of data fiduciaries or processors with whom your data has been shared.
   3. Right to correct, complete, update, and erase your personal data for which you've consented to processing.
   4. Right to grievance redressal regarding your personal data rights.
   5. Right to nominate someone to exercise these rights on your behalf in case of death or incapacity.
2. You can review your personal data anytime and request corrections, updates, or erasure via email to the channels in paragraph 13.
3. You may withdraw your consent under this Policy at any time.
4. Please note that even after withdrawal of consent, we may still be entitled to process your personal data under other legal or contractual obligations.