Fortis Healthcare Limited (referred to as “we”, us”, “Fortis“) is the author and publisher of the internet resource www.fortismumbai.com and its sub domain’s (together referred to as “Websites”) on the world wide web as well as other software and applications provided by Fortis, including but not limited to the mobile applications (referred to as “App”, and together with Websites referred to as “Services”). Fortis provides the Services in partnership with its agents, affiliates, associates, representatives or other third parties (together referred to as “Partners”)
- Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); and
- Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
- The type of information collected from the Users, including sensitive personal data or information;
- The purpose, means, and modes of usage of such information; and
- How and to whom we will disclose such information.
2. COLLECTION OF PERSONAL INFORMATION
Generally, some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:
- Contact data (such as your email address and phone number);
- Demographic data (such as your gender, your date of birth and your pin code);
- Data regarding your usage of the services and history of the appointments and other transactions made by or with you through the use of Services;
- Health or medical data (such as your past medical history and conditions, diagnostic reports, prescriptions and medication history)
- Insurance data (such as your insurance carrier and insurance plan); and
- Other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters, your work details, your family details)
The information collected from you by Fortis may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules. Personal information is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
The SPI Rules further define “sensitive personal data or information” of a person to mean personal information about that person relating to:
- financial information such as bank accounts, credit, and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- Call data records
Information that is freely available in the public domain or accessible under the Right to Information Act, 2005 or any other law will not be regarded as personal information or sensitive personal data or information.
3. PRIVACY STATEMENTS
You hereby consent to such use of such information by Fortis and our Partner
- All the information provided to us by a User, including sensitive personal information, is voluntary. You understand that Fortis, either itself or with its Partners, may use certain information of yours, which has been designated as ‘sensitive personal data or information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non- personally identifiable form for research, statistical analysis and business intelligence purposes, for (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to our Partners. Fortis also reserves the right to use the information provided by or about the User for the following purposes:
- Publishing such information on the Website.
- Contacting Users for offering new products or services.
- Contacting Users for taking product and Service feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized information for commercial use.
- Users’ personally identifiable information, which they choose to provide on the Website or App is used to help the Users describe/identify themselves. Other information that does not personally identify the Users as an individual, is collected by Fortis or our Partners from Users (such as, patterns of utilization described above) and is exclusively owned by Fortis or its partners. We or our Partners may also use such information in an aggregated or non personally identifiable form for research, statistical analysis, and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties. In particular, we and our Partners reserve with us the right to use anonymized User demographics information and anonymized User health information for the following purposes:
- Analyzing software usage patterns for improving product design and utility.
- Analyzing such information for research and development of new technologies.
- Using analysis of such information in other commercial product offerings of Fortis or our Partners.
- Sharing analysis of such information with third parties for commercial use.
- You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on your profile information page on the Websites or App or by contacting us at enquiry.mulund@
fortishealthcare.com. We will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Fortis has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Fortis may, at its sole discretion, discontinue the provision of the Services to you.
- If you wish to cancel your account or request that we no longer use your information to provide you services, contact us through enquiry.mulund@
fortishealthcare.com. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then maybe held by us or our Partners as long as necessary for us to provide our Services effectively or improve the Services, but our use of the anonymized data will be solely for analytic purposes.
- Fortis may require the User to pay with a credit card, debit card, net banking or other online payment mechanisms for Services for which an amount(s) is/are payable. Fortis will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process offered by a third party payment gateway. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
- Due to the communications standards on the Internet, when a User or anyone who visits the Website, we automatically receive the URL of the site from which anyone visits. We also receive the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer/ device operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help Fortis improve its Service. The linkage between User’s IP address and User’s personally identifiable information may be available to us or our Partners but is not shared with other third parties. Notwithstanding the above, we may share some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow our business.
- In order to have access to all the features and benefits on our Website or App, a User must first create an account on our Website or App. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is personal information allowing others, including Fortis, to identify the User: name, User ID, email address, address, date of birth, gender, phone number and password chosen by the User. Other optional information may be requested on the registration page. We may, in future, include other optional requests for information from the User to help us to customize the Services to deliver personalized information to the User. However, We assume your consent in relation to various matters, once you complete the registration process.
- The Services may enable a User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorized Fortis representatives or agents, and their opinions or statements do not necessarily reflect those of Fortis, and they are not authorized to bind Fortis to any contract. Fortis hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.
- Fortis may periodically ask users to complete surveys asking about their experiences with features of the Websites, App and Services. Our surveys may ask visitors for demographic information such as age, gender, and education. We use survey information for evaluation and quality improvement purposes, including helping Fortis to improve information and services offered. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.
- Comments or questions sent to us using email or secure messaging forms will be shared with our employees and health care professionals who are most able to address the comment or question. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. Some of our services such as our automated appointment selection and prescription refill for Fortis generated prescriptions interact directly with other Fortis data systems. Data about your transaction may be stored in these systems, and available to people who test and support these systems. When you use a service on the Websites or the App to interact directly with Fortis health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.
- Our Websites and the App may include social media features, such as the Facebook button. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Your interactions with these Features are governed by the privacy statement of the company providing them.
- If you are using the Websites or App, with your permission, we will use the geolocation feature of your mobile device or same or similar feature of the device you are using to access the Websites. When you download and use the App, we automatically collect information on the type of device you use, operating system version, and the device identifier. Fortis and our Partners do not share your location information with other any third party. You may opt-out of location-based services on your mobile phone by changing the relevant/ applicable setting at your device level.
- Fortis has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices through which the User avails the Services, Fortis or its Partners shall not be held liable for any loss whatsoever incurred by the User.
- Fortis ensures it and its partners implement reasonable security practices and procedures that are commensurate with respect to the information being collected and the nature of Fortis’s business. The reasonable security practices and procedures implemented by us include but are not limited to: encrypting data when it is on the move using industry-standard practices, regularly changing production keys and password, secure access to all production servers, performing regular security updates on our servers and more.
- To the extent necessary to provide Users with the Services, Fortis may provide their personal information to third party contractors who work on behalf of or with Fortis to provide Users with such Services, to help Fortis communicate with Users or to maintain the Website or App. Generally, these contractors do not have any independent right to share this information, however, certain contractors who provide services on the Website, including the providers of online communications services, will have rights to use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies.
4. CASUAL VISITORS NOTE:
- No sensitive personal data or information is automatically collected by Fortis from any casual visitors of this website, who are merely perusing the site.
- If you, as a casual visitor, have browsed any page of this Website prior to reading the privacy statements set out herein, and you do not agree with them, normally quitting the browser should ordinarily clear any temporary cookies installed by Fortis. We, however, encourage you to use the “clear cookies” functionality of your browsers to ensure such clearing/deletion, as Fortis cannot guarantee, predict or provide for the behavior of the equipment of all the visitors of the Website.
5. CONFIDENTIALITY AND SECURITY
- Your Personal Information is maintained by Fortis in electronic form on its or its employees and Partners equipment. Such information may also be converted to physical form from time to time. We take necessary precautions to protect your personal information both online and off-line and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Fortis’s business.
- No administrator at Fortis will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer, and your mobile phone or device. Be sure to log off from the Website when finished. Fortis and its Partners do not undertake any liability for any unauthorized use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify Fortis by sending an email to enquiry.mulund@
fortishealthcare.com. You shall be liable to indemnify Fortis, its employees, and Partners due to any loss suffered by them due to such unauthorized use of your account and password.
- Fortis makes all User information accessible to its employees only on a need-to-know basis.
- Part of the functionality of the Services is assisting the patients, customers and other stakeholders (like doctors, labs, pharmacies, customer care executives and others) to access information relating to them. Fortis may, therefore, retain and submit all such records to the relevant patients, their doctors or other stakeholders.
- Notwithstanding the above, Fortis is not responsible for the confidentiality, security or distribution of your personal information by our Partners and third parties outside the scope of our agreement with such Partners and third parties. Further, Fortis and its Partners shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Fortis and its Partners including, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
If a User uses the Services or accesses the Website or uses the App after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.
7. CHILDREN’S AND MINOR’S PRIVACY
Fortis strongly encourages parents and guardians to supervise the online activities of their minor children and consider using parental control tools available from online services and software manufacturers to help provide a child-friendly online environment. These tools also can prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although the Fortis Website, App and Services are not intended for use by minors, Fortis respects the privacy of minors who may inadvertently use the internet or the mobile application.
8. CONSENT TO THIS POLICY
9. ADDRESS FOR PRIVACY QUESTIONS
If you have any grievance with respect to our use of your information, you may communicate such grievance to:
The Grievance Officer,
Fortis Healthcare Ltd.,
Tower A, Unitech Business Park,
Block – F, South City 1, Sector – 41,
Gurgaon, Haryana – 122001