Privacy Policy

1. Introduction

AffEx Healthcare Private Limited ("AffEx," "we," "us," or "our") is committed to protecting the privacy and security of personal information, including sensitive health data, entrusted to us by patients, healthcare providers, clinics, and corporate social responsibility (CSR) teams using our platform.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use the AFFEX mobile application, web platform, and related services (collectively, the "Services"). This policy complies with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India.

By using our Services, you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

• Full name (first name, middle name, last name)
• Date of birth and age
• Gender
• Contact information (mobile phone number)
• Address details (area, district, state, pincode)
• Government-issued identification numbers (if voluntarily provided)

2.2 Health Information (Sensitive Personal Data)

As a healthcare platform, we collect sensitive health-related information, including:

• Medical symptoms and chief complaints
• Vital signs (blood pressure, heart rate, temperature, oxygen saturation, height, weight, BMI)
• Medical history and known medical conditions
• Allergies and adverse reactions
• Family medical history
• Lifestyle information (smoking, alcohol consumption, tobacco use)
• Clinical observations and examination findings
• Diagnostic test results and laboratory values
• Prescriptions and medication history
• Clinical impressions and treatment plans

2.3 Technical Information

• Device information (device type, operating system, unique device identifiers)
• Log data (access times, pages viewed, app crashes)
• IP address and approximate location (derived from IP)
• App usage statistics and interaction data

2.4 Information from Healthcare Providers

Healthcare practitioners using our platform may input clinical notes, diagnoses, and treatment information as part of patient care delivery.

3. How We Use Your Information

We use your personal and health information for the following purposes:

3.1 Healthcare Service Delivery

• Facilitating patient registration and visit management
• Recording symptoms, vital signs, and clinical observations
• Enabling healthcare practitioners to provide consultations
• Generating and managing prescriptions
• Maintaining continuity of care through medical history records
• Supporting follow-up visits and treatment monitoring

3.2 Platform Operations

• Managing user accounts and authentication
• Providing customer support and responding to inquiries
• Sending service-related notifications and updates
• Improving and optimizing our Services
• Ensuring platform security and preventing fraud

3.3 Analytics and Research

• Generating anonymized and aggregated health statistics
• Supporting public health initiatives and CSR programs
• Conducting research to improve healthcare outcomes (with appropriate consent and anonymization)

3.4 Legal Compliance

• Complying with applicable laws and regulations
• Responding to lawful requests from government authorities
• Protecting our legal rights and interests

4. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data based on:

• Consent: Your explicit consent obtained at the time of registration and before collecting sensitive health data
• Legitimate Uses: Processing necessary for providing healthcare services you have requested
• Legal Obligations: Compliance with applicable healthcare regulations and legal requirements
• Medical Emergency: Where processing is necessary to protect vital interests in a medical emergency

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information only in the following circumstances:

5.1 Healthcare Providers

Your health information is shared with authorized healthcare practitioners, clinics, and facilities involved in your care, as necessary for diagnosis, treatment, and care coordination.

5.2 Service Providers

We engage trusted third-party service providers who assist in operating our platform (e.g., cloud hosting, data analytics). These providers are contractually bound to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or government regulation, or when necessary to protect our rights, safety, or property.

5.4 With Your Consent

We may share your information with other parties when you have provided explicit consent for such sharing.

6. Data Security

We implement industry-standard security measures to protect your personal and health information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access ensures only authorized personnel can access sensitive data
• Authentication: Secure authentication mechanisms protect user accounts
• Audit Trails: We maintain logs of data access and modifications
• Regular Assessments: Periodic security audits and vulnerability assessments
• Employee Training: Staff handling personal data receive privacy and security training
• Incident Response: Established procedures for responding to data breaches

7. Data Retention

We retain your personal and health information for as long as necessary to:

• Provide our Services and fulfill the purposes described in this policy
• Comply with legal obligations (medical records are retained as per applicable healthcare regulations)
• Resolve disputes and enforce our agreements

Medical records are typically retained for a minimum period as mandated by Indian healthcare regulations. When data is no longer required, it is securely deleted or anonymized.

8. Your Rights

Under the DPDP Act, 2023, and applicable laws, you have the following rights:

• Right to Access: Request information about what personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to Withdraw Consent: Withdraw your consent at any time (this may affect our ability to provide Services)
• Right to Grievance Redressal: Lodge complaints regarding data processing with our Grievance Officer
• Right to Nominate: Nominate another individual to exercise your rights in case of death or incapacity

To exercise any of these rights, please contact us using the details provided in Section 12.

9. Children's Privacy

Our Services may be used to record health information for minors (individuals under 18 years of age) as part of healthcare delivery. In such cases:

• Consent is obtained from a parent or legal guardian
• We collect only information necessary for healthcare purposes
• Special safeguards are applied to protect children's data
• Parents or guardians may exercise data rights on behalf of the minor

10. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our platform with a new "Last Updated" date. For significant changes, we may also provide additional notice (such as in-app notifications or email). Your continued use of our Services after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Consent

By using the AFFEX platform and Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein. For sensitive health information, explicit consent is obtained at the time of data collection.