>
QR Code

Scan to Download

Privacy Policy

This Privacy Policy describes how Anahat Solutions Pvt. Ltd. manages your Personal Data in compliance with the Indian Laws. We encourage you to read this Privacy Policy so that you know and understand the purposes for which we collect, use, process, store and disclose your Personal Data in a restricted manner.

We may update this Privacy Policy from time to time. Subject to your rights at law, you agree to be bound by the prevailing terms of this Privacy Policy as updated from time to time. We encourage you to check the latest version of this Privacy Policy regularly.

By signing up for or using any services or campaigns offered by Anahat Solutions Pvt. Ltd. or submitting information to or otherwise communicating with Anahat Solutions Pvt. Ltd., you agree and consent to, as well as their respective representatives and/or agents, collecting, using and disclosing your Personal Data in accordance with this Privacy Policy.

This Privacy Policy does not supersede or replace any other consents which you may have previously or separately provided to us in respect of your Personal Data and your consent to this Privacy Policy is in addition to any other rights which any of the Companies may have at law to collect, use or disclose the Personal Data.

This Privacy Policy and your use of this website shall be governed in all respects by the laws of India. 

A few possible privacy issues and concerns for the users are stipulated hereunder:

1. What data do we collect?

Personal data or personal information means any data about an individual from which that person can be identified.

We may collect, use, store and transfer the following kinds of personal data about you:

  1. Personal data: Name, phone number, date of birth;
  2. Address: Email, billing, organization, residential;
  3. Medical: Medical records submitted by you including doctor’s prescriptions, diagnosis records, medicines and drugs, laboratory test reports, patient insurance data, and other data submitted by you while availing the services provided by Anahat Solutions Pvt. Ltd.;
  4. Technical and Analytical data: Username, password, IP address, browser information, registration data, and other data used to identify the ways in which you access to our website;
  5. Profile data: Preferences, feedback and survey responses;
  6. Marketing and Communications data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

2. How do we collect your data?

We use the following methods to collect your data:

  1. You may provide us your data via our website, mobile application, email, phone, by completing a form, correspondence, or other means;
  2. By registering online to use the website or for any other services that we offer;
  3. By completing a survey request or providing feedback via email or other means of contact;
  4. Use or view our website via your browser’s cookies.
  5. Our website and mobile application tracking tools also collect information like your IP, location, website clicks in anonymized format and aggregates this data.

3. How do we use your data?

Anahat Solutions Pvt. Ltd. collects your data for the following purposes:

  1. Providing and administering our medical records storage and consultation services;
  2. Provide you with the information, answers to queries, and/or directions;
  3. Provide you with the services that you have requested;
  4. Manage your membership, including registration;
  5. Processing quotation offers and managing the customer relationship inclusive of providing customer the required services, support and process, evaluate and respond to requests and inquiries, and capturing personal data of potential customers for future communications; 
  6. Conducting and facilitating customer satisfaction surveys, marketing campaigns, market analysis, contests or other promotional activities;
  7. Market services which are of special interest and its relevance;
  8. Furnishing marketing communications by post, telephone, text, emails and other digital methods are products and services (such as alerts, promotional materials, newsletter, etc.);
  9. Analyzing personal data to provide with the relevant marketing offers and information, ensure accuracy of customer contact information; 
  10. Reporting and data analytics such as market research, trend analysis, financial analysis, customer segmentation and profiling of customers in order to improve customers experience with Anahat Solutions Pvt. Ltd. and provide better and more personalized content; 
  11. Improve our website to serve you better;
  12. Any other purpose within the scope of Anahat Solution’s work.

4. Will the data be shared with any third party?

We do not share your data to any third party. Further unless a specific consent is taken, it can never be shared with the third party.

We may be compelled to share your details under following special circumstances such as when we believe in good faith and is required by law:

  1. To prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of service or any other agreement related to the services, or as otherwise required by law.
  2. In the interest of public health or public interest.
  3. Any kind of medical emergency wherein there is a threat to your life or health.
  4. To confirm to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
  5. Personal information may also be shared with the company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will display a prior notice on our website.

5. What happens if you do not provide us with the information, we had asked you for or if you ask us to stop processing your information?

Where it concerns processing operations related to the business relationship with you, Anahat Solutions Pvt. Ltd. will not be able to adequately establish, conduct or terminate a business relationship with you and generally perform the purposes described above without certain data. 

Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect the business relationship in a negative manner, such as not to establish and continue the business relationships you have asked for.

6. How do we safely store your data and for how long?

Anahat Solution takes appropriate security measures to protect your data from being accidentally lost, used or accessed by unauthorized sources. We limit access to your personal data to employees within the organization, medical practitioners, and to those with a legitimate business or industry need.

We will only retain your data for stipulated time to fulfil the purposes, we collected it for, including for the purposes of satisfying any legal, accounting, audit, or reporting requirements or until you notify us that you no longer wish to receive the services and storage/consultation facilities provided by Anahat Solution. 

In general, customer related personal data is kept for the duration of the contractual relationship and for a minimum period or for longer period if required by local laws and regulatory requirements.

For data provided to us by our clients, we are governed by their data retention rules as specified in their privacy notices.

Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted when we no longer need it.

7. What we do not do with your Data?

We strictly refrain from sharing, disclosing, selling, renting or otherwise provide personal information to other companies (other than to specific Anahat Solution marketplace administrators you are interacting with, or to third party apps or service providers being used by the administrators you are interacting with) for the marketing of their own products or services.

If you are a medical practitioner using Anahat Solutions’ services, we do not use the personal information to independently contact or market your patients. However, Anahat Solutions may contact or market your patients, if we obtain their information from another source, such as from the patients themselves.

8. Processing of Personal Data of a Minor

In the event any personal data of a minor, i.e., below 18 years of age, is submitted via our website, mobile application, email form, surveys, etc., the same shall be submitted and collected by us only after obtaining due consent from the minor’s parents or guardian. 

In such circumstances, a valid ID proof of the parent or guardian along with the minor should be mandatorily submitted in order to verify the consent of the parent or guardian.

Anahat Solutions will not collect, use, process or transfer the personal data of a minor in any manner that is likely to cause harm to the minor.

9. What are your data protection rights?

Under data protection law, you have the following rights:

  1. Right to access your data: You are entitled to ask Anahat Solutions Pvt. Ltd. for an overview of or to obtain a copy of the personal data we hold about you.
  2. Right to have your data corrected: You may request immediate rectification of any inaccurate or incomplete personal data we hold about you.
  3. Right to have your data erased: You may request the personal data to be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful. In the event you want your personal data to be erased, please send an email requesting the erasure at [email protected].
    .
  4. Right to restrict data processing: You have the right to restrict the processing of your personal data in specific circumstances.
  5. Right to data portability: You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to share it with a third party.
  6. Right to object to data processing: You have the right to object to our processing of your personal data, where we rely on our legitimate interests, as the basis for our processing, where your data protection rights outweigh our reasoning for legitimate interests.
  7. Right to withdraw consent: Where Anahat Solutions has asked for your consent to process personal data, you may withdraw your consent at any point of time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.Right to be informed about how the data is used which is being collected from you;
  8. Cookies
    Cookies are data files that are placed on your computer or mobile device when you first visit a website or page. They contain information created by a web server, such as IP address, operating system, referring URL that can be stored on a user’s hard disk for use during a session or for future use. Our cookies are session cookies which are only stored temporarily and are deleted from the user’s device when the browser is closed. 

    Anahat Solutions uses cookies to provide you with the best browsing experience on the site and to improve speed/security. We do not use cookies to collect any personal data from you, or to pass data on to a third party, without your permission.

    If your browser enables the use of cookies, we take this, and your continued use of our site as acceptance of our use of cookies. If you do not wish to accept the use of cookies, please go to your browser settings to restrict or block the use of cookies set by our website.

10. Privacy policies of other websites

Anahat Solutions’ website, Health-e, may contain links to external sites. These external sites will have their own privacy policies, and Anahat Solutions holds no direct or indirect responsibility for the privacy policies and/or practices or the content of such third-party websites.

11. Disclosure

Anahat Solutions Pvt Ltd. will not rent or sell your personal data to any individual or entity. We will not disclose your personal data to third parties, except as required in the course of providing our services or for purposes as described above. 

Other than to contractors, medical practitioners associated with Anahat Solutions and affiliated organizations, we disclose personal data only in response to a subpoena, court order or other governmental request or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Anahat Solutions, third parties or the public health or interest at large.

12. Changes to our privacy policy

Changes to our privacy policy will be made occasionally in line with any changes to data protection law. We encourage you to regularly check this notice on our website for updates.

13. How to contact us?

If you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how Anahat Solutions Pvt. Ltd. processes your personal data, please contact us via your registered email or in writing to the:

Email: [email protected]

14. How to make a complaint and contact the appropriate authorities?

If you have any concerns about how Anahat Solutions Pvt. Ltd. uses and stores your personal data, please contact us in the first instance, so that, we can address and rectify the issue.

Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the Courts where you believe an infringement of data privacy laws may have taken place.

It is exclusive property of “Anahat Solutions Pvt. Ltd.”. No part of the same can be reproduced, copied, shared, altered, photocopied, etc., in any direct or indirect manner whether directly or indirectly.

Ayushman Bharat Digital Mission (ABDM) Compliance

What is ABDM?

The Ayushman Bharat Digital Mission (ABDM) aims to develop the backbone necessary to support the integrated digital health infrastructure of the country and to bridge the existing gap amongst different stakeholders of the ecosystem through digital highways.

For the purpose of creating health records and record keeping, the ABDM has also introduced the system of a unified ID for an individual, called Ayushman Bharat Health Account (ABHA) Number. Your ABHA number is a hassle-free method of accessing and sharing your health records digitally. It enables your interaction with participating healthcare providers, and allows you to receive your digital lab reports, prescriptions and diagnosis seamlessly from verified healthcare professionals and service providers.

If you have an ABHA Number, you can easily link this to your medical records and reports on Health-e.

What is the Unified Health Interface (UHI)?

UHI is envisioned as an open protocol for various digital health services, wherein, the UHI Network will be an open one for End User Applications (EUAs) and participating Health Service Provider (HSP) applications. This will enable a wide variety of digital health services between patients and health service providers (HSPs) including appointment booking, teleconsultation, service discovery, and others.

What are we doing at Health-e to be ABDM compliant?

Health-e is mindful of the vision and framework set forth by the Government of India through the Ayushman Bharat Digital Mission (ABDM). We are happy to declare that we are already in compliance with the draft Health Data Management Policy published by ABDM so far and will strive to be one of the first ones to implement the necessary compliances when the final policy is published.

The Health-e app is also being submitted to ABDM for integration with its ecosystem and we are constantly working on making our app future ready for whenever UHI (the health equivalent of UPI) testing and implementation is initiated by the concerned authorities.

We, at Health-e strongly believe that UHI will transform the entire healthcare ecosystem by making it more affordable and accessible throughout the country, especially the rural areas. We intend to be a part of this enormous and visionary initiative that will make healthcare easier for the service giver and seeker.

Application Security For Health-e

In an ‘always on’ world where users are constantly engaged with their mobile devices for different purposes, be it work emails, reading the news, shopping, bank transactions, or even watching their favourite shows, there is a lot of data being collected and exchanged on various levels. Businesses utilise data such as adoption and usage statistics, preferences, location, phone number, etc. that can help them make more strategic decisions to improve their service or product. During this time, if the data shared falls in the wrong hands, it could make a user’s life very vulnerable. 

We at Health-e realise that mobile security has become the need of the hour. With some of the Big Tech companies recently taking concrete steps towards data privacy, we endeavour to join and fully support them in their attempt to respect user privacy, enable transparency and ethical data collection.

Here are some basic app security protocols that we have put in place at Health-e and why:

Authentication 

Developers usually include authentication procedures while developing the app to verify that the user is who they claim to be and is not using a false identity. This is usually put in place by asking the user to enter their username and password as soon as they log into the application. For an added layer of security, some apps also enable multi-factor authentication which could range from asking a user to input something they know (a password), something they have (a mobile device) or something they are (a biometric).

The team at Health-e has implemented both – Two-factor and biometric authentication to mitigate risks.

Authorisation 

Once authenticated, the user may be able to access the app but only after the system verifies the user’s permission to access the platform. This is done by matching the user’s identification to a list of authorised users. At this stage, authentication must take place before authorization for the application to be able to compare user credentials to their approved user list.

To facilitate this, we at Health-e have used OAuth Token in all API calls to ensure that only authorised users have access.

Encryption 

Once a user is authenticated and authorised, further security measures can be adopted within the app framework to safeguard their data from being a victim to cyber-attacks. This can easily be put into place by encrypting the traffic containing sensitive data that flows between the user and the cloud (in cloud-based applications).

At Health-e, we have adopted the practice of storing user data in an encrypted format on a non-SQL Database.

On-going security practices at Health-e:

Security protocols are never a one-time task, they have to be updated and continuously worked on for them to be effective at different stages of the app’s developmental cycle. Multiple aspects of the application’s security flaws will come to surface at various stages of development and will reflect the time, effort, cost, and vulnerability trade-offs. Here are some of the practices that we have in place as part of our on-going checks:

  1. Design Review:
    Before the application is coded, the architecture and design should be examined for security flaws. A popular choice is to construct a threat model at this stage.
  2. White-box Security Review or Code Review:
    Manual inspection of the source code is undertaken by a dedicated security engineer to identify issues of any kind. By doing this, it is easier to discover any vulnerabilities which are unique to the application.
  3. Black-box Security Audit:
    This audit can only serve its purpose through the use of the application which can help recognize security flaws.