BoxMD (“us”, “we”, or “BoxMD”, which also includes its affiliates) is the author and publisher of the internet resource www. boxmd.in (“Website”) on the world wide web as well as the software and applications provided by BoxMD, including but not limited to the mobile application „BoxMD‟, and the software and applications of the brand names „BoxMD, (together with the Website, referred to as the “Services”).
i. Section 43A of the Information Technology Act, 2000;
ii. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
iii. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
i. The type of information collected from the Users, including Personal Information (as defined in paragraph 2 below) and Sensitive Personal Data or Information (as defined in paragraph 2 below) relating to an individual;
ii. The purpose, means and modes of collection, usage, processing, retention and destruction of such information; and
iii. How and to whom BoxMD will disclose such information. ∙
2. COLLECTION OF PERSONAL INFORMATION
Generally some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, or through any interaction with us via emails, telephone calls or other correspondence, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. You hereby consent to the collection of such information by BoxMD. Without prejudice to the generality of the above, information
collected by us from you may include (but is not limited to) the following:
i. contact data (such as your email address and phone number);
ii. demographic data (such as your gender, your date of birth and your pin code);
iii. data regarding your usage of the services and history of the appointments made by or with you through the use of Services;
iv. insurance data (such as your insurance carrier and insurance plan);
v. any other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters.
The information collected from you by BoxMD may constitute „personal information‟ or „sensitive personal data or information‟ under the SPI Rules.
“Personal Information” is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The SPI Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
ii. financial information such as bank accounts, credit and debit card details or other payment instrument details;
iii. physical, physiological and mental health condition; ix. sexual orientation;
iv. medical records and history;
v. biometric information;
vi. information received by body corporate under lawful contract or otherwise;
vii. visitor details as provided at the time of registration or thereafter; and
viii. call data records.
BoxMD will be free to use, collect and disclose information that is freely available in the public domain without your consent.
3. PRIVACY STATEMENTS
o 3.1 ALL USERS NOTE:
This section applies to all users.
▪ 3.1.3All the information provided to BoxMD by a User, including Personal Information or any Sensitive Personal Data or Information, is voluntary. You understand that BoxMD may use certain information of yours, which has been designated as Personal Information or „Sensitive Personal Data or Information‟ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates (d) for communication purpose so as to provide you a better way of booking appointments and for obtaining feedback in relation to the Practitioners and their practice, (e) debugging customer support related issues.
(f) for the purpose of contacting you to complete any transaction if you do not complete a transaction after having provided us with your contact information in the course of completing such steps that are designed for completion of the transaction. BoxMD also reserves the right to use information provided by or about the End-User for the following purposes:
i. Publishing such information on the Website.
ii. Contacting End-Users for offering new products or services.
iii. Contacting End-Users for taking product and Service feedback.
iv. Analyzing software usage patterns for improving product design and utility.
v. Analyzing anonymized practice information for commercial use.
vi. Processing payment instructions including those through independent third party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities.
If you have voluntarily provided your Personal Information to BoxMD for any of the purposes stated above, you hereby consent to such collection and use of such information by BoxMD. However, BoxMD shall not contact you on Your telephone number(s) for any purpose including those mentioned in this sub-section 4.1(iii), if such telephone number is registered with the Do Not Call registry (“DNC Registry”) under the PDPA without your express, clear and un-ambiguous written consent.
▪ 3.1.4 Collection, use and disclosure of information which has been designated as Personal Information or Sensitive Personal Data or Information‟ under the SPI Rules requires your express consent. By affirming your assent to this Privacy
Policy, you provide your consent to such use, collection and disclosure as required under applicable law.
3.1.5 BoxMD does not control or endorse the content, messages or information found in any Services and, therefore, BoxMD specifically disclaims any liability
▪ with regard to the Services and any actions resulting from your participation in any Services, and you agree that you waive any claims against BoxMD relating to same, and to the extent such waiver may be ineffective, you agree to release any claims against BoxMD relating to the same.
▪ 3.1.6 You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through email@example.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or BoxMD has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, BoxMD may, at its sole discretion, discontinue the provision of the Services to you. There may be circumstances where BoxMD will not correct, delete or update your Personal Data, including (a) where the Personal Data is opinion data that is kept solely for evaluative purpose; and (b) the Personal Data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.
▪ 3.1.7 If you wish to cancel your account or request that we no longer use your information to provide you Services, contact us through firstname.lastname@example.org. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the
purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytic purposes. Please note that your withdrawal of consent or cancellation of account may result in BoxMD being unable to provide you with its Services or to terminate any existing relationship BoxMD may have with you.
▪ 3.1.8 If you wish to opt-out of receiving non-essential communications such as promotional and marketing-related information regarding the Services, please send us an email at email@example.com.
▪ 3.1.9 BoxMD may require the User to pay with a credit card, wire transfer, debit card or cheque for Services for which subscription amount(s) is/are payable. BoxMD will collect such User‟s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User‟s credit
card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, BoxMD provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
▪ 3.1.10 Due to the communications standards on the Internet, when a User or the End-User or anyone who visits the Website, BoxMD automatically receives the URL of the site from which anyone visits. BoxMD also receives the Internet Protocol (IP) address of each User‟s computer (or the proxy
server a User used to access the World Wide Web), User‟s computer operating system and type of web browser the User is using, email patterns, as well as the name of User‟s ISP. This information is used to analyze overall trends to help BoxMD improve its Service. The linkage between User‟s IP address and User‟s personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, BoxMD may share and/or disclose some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.
▪ 3.1.11 The Website uses temporary cookies to store certain (that is not sensitive personal data or information) that is used by BoxMD and its service providers for the technical administration of the Website, research and development, and for User administration. In the course of serving advertisements or optimizing services to its Users, BoxMD may allow authorized third parties to place or recognize a unique cookie on the User‟s browser. The cookies however, do not store any Personal Information of the User. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use the Website, but the Website may be limited in the use of some of the features.
▪ 3.1.12 A User may have limited access to the Website without creating an account on the Website. In order to have access to all the features and benefits on our Website, a User must first create an account on our Website. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is Personal Information allowing others, including BoxMD, to identify the User: name, User ID, email address, country, ZIP/postal code, age, phone number, password chosen by the User and valid financial account information. Other information requested on the registration page, including the ability to receive promotional offers from BoxMD, is optional. BoxMD may, in future, include other optional requests for information from
the User to help BoxMD to customize the Website to deliver personalized information to the User.
▪ 3.1.14 The Website may enable User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorized BoxMD representatives or agents, and their opinions or statements do not necessarily reflect those of BoxMD, and they are not authorized to bind BoxMD to any contract. BoxMD hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.
▪ 3.1.16 BoxMD maintains a strict "No-Spam" policy, which means that BoxMD does not intend to sell, rent or otherwise give your e-mail address to a third party without your consent.
▪ 3.1.17 BoxMD has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User‟s electronic devices through which the User avails the Services, BoxMD shall not be held liable for any loss whatsoever incurred by the User.
▪ 3.1.18 BoxMD implements reasonable security practices and procedures and has a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of BoxMD‟s business.
o 3.2 PRACTITIONERS NOTE:
This section applies to all Practitioners.
▪ 3.2.1 As privy to the personal information of the end user submitted and available to Practitioners on BoxMD, certain information, including Personal Information or Sensitive Personal Data or Information is collected from the Practitioners.
▪ 3.2.3 Practitioners‟ personally identifiable information, which they choose to provide to BoxMD, is used to help the Practitioners describe and identify themselves. This information is exclusively owned by BoxMD. You will be the owner of your information and you consent to BoxMD collecting, using, processing and/or disclosing this information for the purposes hereinafter stated. BoxMD may use such information for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. BoxMD also reserves the right to use information provided by or about the Practitioner for the following purposes:
i. Publishing such information on the Website.
ii. Contacting Practitioners for offering new products or services subject to the telephone number registered with the DNC Registry.
iii. Contacting Practitioners for taking product feedback.
iv. Analyzing software usage patterns for improving product design and utility.
v. Analyzing anonymized practice information including financial, and inventory information for commercial use.
▪ 3.2.4 BoxMD makes no representation or warranty on the accuracy or completeness of the information. As such, we strongly encourage Practitioners to check the accuracy and
completeness of their information from time to time, and inform us immediately of any discrepancies, changes or updates to such information. BoxMD will, however, take reasonable steps to ensure the accuracy and completeness of this information.
▪ 3.2.5 BoxMD may also display information for Practitioners who have not signed up or registered for the Services, provided that the Practitioners have consented to BoxMD collecting, processing and/or disclosing their information on the Website. Such Practitioners are verified by BoxMD or its associates, and BoxMD makes every effort to capture accurate information for such Practitioners. However, BoxMD does not undertake any liability for any incorrect or incomplete information for such Practitioners.
o 3.3 END-USERS NOTE:
This section applies to all End-Users.
▪ 3.3.1As part of the registration/application creation and submission process that is available to End-Users on this Website, certain information, including Personal Information or Sensitive Personal Data or Information is collected from the End-Users.
▪ 3.3.3If you have inadvertently submitted any such information to BoxMD prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is collected, processed, stored, used or disclosed, then you may access, modify and delete such information by using options provided on the Website. In addition, you can, by sending an email to firstname.lastname@example.org, inquire whether BoxMD is in possession
of your personal data, and you may also require BoxMD to delete and destroy all such information.
▪ 3.3.4End-Users‟ personally identifiable information, which they choose to provide on the Website is used to help the End Users describe/identify themselves. Other information that does not personally identify the End-Users as an individual, is collected by BoxMD from End-Users (such as, patterns of utilization described above) and is exclusively owned by BoxMD. BoxMD may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. In particular, BoxMD reserves with it the right to use anonymized End-User demographics information and anonymized End-User health information for the following purposes:
i. Analyzing software usage patterns for improving product design and utility.
ii. Analyzing such information for research and development of new technologies.
iii. Using analysis of such information in other commercial product offerings of BoxMD.
iv. Sharing analysis of such information with third parties for commercial use.
▪ 3.3.5BoxMD will communicate with the End-Users through email, phone and notices posted on the Website or through other means available through the service, including text and other forms of messaging. The End-Users can change their e
mail and contact preferences at any time by logging into their "Account" at www.BoxMD.com and changing the account settings.
▪ 3.3.6At times, BoxMD conducts a User survey to collect information about End-Users' preferences. These surveys are optional and if End-Users choose to respond, their responses
will be kept anonymous. Similarly, BoxMD may offer contests to qualifying End-Users in which we ask for contact and demographic information such as name, email address and mailing address. The demographic information that BoxMD collects in the registration process and through surveys is used to help BoxMD improve its Services to meet the needs and preferences of End-Users.
▪ 3.3.7BoxMD may keep records of electronic communications and telephone calls received and made for making appointments or other purposes for the purpose of administration of Services, customer support, research and development and for better communication with Practitioners.
▪ 3.3.8All BoxMD employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every End-Users‟ Personal Information or Sensitive Personal Data and Information. BoxMD has put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data from the point of collection to the point of destruction. Any third-party data processor to which BoxMD transfers Personal Data shall have to agree to comply with those procedures and policies, or put in place adequate measures on their own.
▪ 3.3.10To the extent necessary to provide End-Users with the Services, BoxMD may provide their Personal Information to third party contractors who work on behalf of or with BoxMD to provide End-Users with such Services, to help BoxMD communicate with End-Users or to maintain the Website or
independent third party service providers to process payment instructions including providing a payment deferral facility to End-Users in relation to the Services. These third-party service providers have access to information needed to process payments, but may not use it for other purposes. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Website, including the providers of online communications services, may use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies. In such circumstances, you consent to us disclosing your Personal Information to contractors, solely for the intended purposes only.
o 3.4CASUAL VISITORS NOTE:
▪ 3.4.1No sensitive personal data or information is automatically collected by BoxMD from any casual visitors of this website, who are merely perusing the Website.
▪ 3.4.3If you, as a casual visitor, have inadvertently browsed any other page of this Website prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is obtained, collected, processed, stored, used, disclosed or retained, merely quitting this browser application should ordinarily clear all temporary cookies installed by BoxMD. All visitors, however, are encouraged to use the “clear cookies” functionality of their browsers to ensure such clearing / deletion, as BoxMD cannot guarantee, predict or provide for the behaviour of the equipment of all the visitors of the Website.
▪ 3.4.4You are not a casual visitor if you have willingly submitted any personal data or information to BoxMD through any means, including email, post or through the
4.CONFIDENTIALITY AND SECURITY
o 4.1Your Personal Information is maintained by BoxMD in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time. BoxMD takes all necessary precautions to protect your personal information both online and off-line, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of BoxMD‟s business.
o 4.2No administrator at BoxMD will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer and your mobile phone. Be sure to log off from the Website when finished. BoxMD does not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify BoxMD by sending an email to email@example.com You shall be liable to indemnify BoxMD due to any loss suffered by it due to such unauthorized use of your account and password.
o 4.3BoxMD makes all User information accessible to its employees, agents or partners and third parties only on a need to-know basis, and binds only its employees to strict confidentiality obligations.
o 4.4Part of the functionality of BoxMD is assisting the doctors to maintain and organise such information. BoxMD may, therefore, retain and submit all such records to the appropriate authorities, or to doctors who request access to such information.
o 4.5Part of the functionality of the BoxMD is assisting the patients to access information relating to them. BoxMD may,
therefore, retain and submit all such records to the relevant patients, or to their doctors.
o 4.6Notwithstanding the above, BoxMD is not responsible for the confidentiality, security or distribution of your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, BoxMD shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of BoxMD including but not limited to, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
If a User uses the Services or accesses the Website after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.
6.CHILDREN'S AND MINOR'S PRIVACY
BoxMD strongly encourages parents and guardians to supervise the online activities of their minor children and consider using parental control tools available from online services and software manufacturers to help provide a child-
friendly online environment. These tools also can prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although the BoxMD Website and Services are not intended for use by minors, BoxMD respects the privacy of minors who may inadvertently use the internet or the mobile application.
7.CONSENT TO THIS POLICY
8.ADDRESS FOR PRIVACY QUESTIONS
Indicative List of Information by Nature of Service ∙ 1.End-Users using the Website by registering for an account on the Website or „BoxMD‟ mobile application:
You can create an account by giving us information regarding your [name, mobile number, email address], and such other
information as requested on the End-User registration page. This is to enable us to provide you with the facility to use the account to book your appointments and store other health related information.
2.End-Users using the Website without registering for an account on the Website or „BoxMD‟mobile application (i.e., „Guest‟ End-User):
You can use the Website without registering for an account, but to avail our services, you may be asked certain information (including your [mobile number], and such other information as requested when you choose to use the Services without registration) to confirm the appointment.
3. In case of practitioners, BoxMD may send email and/or SMS confirmations or other communications to End-Users in connection with their interactions with the practitioners, if such interactions have been facilitated by BoxMD.
BoxMD reserves the right to extend and withdraw „ABS‟ (also known as Instant) functionality to you at its sole discretion, based on the number of End-User appointments being honoured by you. The extension or withdrawal of such facility shall be intimated to you by BoxMD.
You have an option under these products to switch on „End User Feedback‟. This will mean that you are giving one or more patients‟ contact details to BoxMD‟s feedback system. End Users may choose to send feedback anonymously too, in which case you agree that you have no objection to such anonymous feedback. The feedback system will then send an SMS and email to the patient(s) asking for feedback which may then be published on the Website. You agree to make your patients fully aware of the possibility of their receiving such feedback queries.