PRIVACY AND DATA PROTECTION POLICY
Effective Date: 31st May, 2025
At Neeb Medihub Private Limited ("we," "us," or "our"), we value your privacy and are committed to protecting your personal data. This Privacy and Data Protection Policy governs the collection, processing, and usage of your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act, 2023), Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).
By using our website, https://medihub.healthcare/ ("Website"), you consent to the collection and use of your personal data in accordance with this Policy.
1. INFORMATION WE COLLECT
1.1 Personal Information
We may collect the following personal data from you:
- Name, contact details (email address, phone number), and demographic information (age, gender).
- Information related to your account registration (username, password).
- Payment information, including credit/debit card details and other financial data.
1.2 Sensitive Personal Data Or Information (SPDI)
We may collect sensitive personal data, including:
- Health-related information provided for booking diagnostic tests (e.g., medical conditions, doctor's referrals).
- Passwords
- Financial information such as bank accounts, credit and debit card details or other payment instrument details
- Physical, physiological, and mental health condition
- Sexual orientation
- Medical records and history
- Biometric information
- Information received by body corporate under lawful contract or otherwise
- Visitor details as provided at the time of registration or thereafter; and call data records
1.3 Technical Information
We collect certain technical information automatically, including:
IP address, browser type, operating system, and usage data.
Information collected through cookies and other tracking technologies (see Cookies Policy below).
2. LEGAL BASIS FOR PROCESSING PERSONAL DATA
We process your personal data on the following lawful bases under the DPDP Act, 2023:
- Consent: Where you have provided consent for the processing of your personal data for specific purposes (e.g., marketing communications).
- Performance of a Contract: To provide services you request, such as booking diagnostic tests and facilitating communication with diagnostic Service Providers.
- Compliance with Legal Obligations: To comply with our obligations under Indian law (e.g., responding to lawful requests from public authorities).
- Legitimate Interests: To analyze and improve the functionality of our Website and enhance user experience.
3. PURPOSE OF COLLECTION AND USE OF INFORMATION
We collect and use your personal data for the following purposes:
3.1 Providing Services
- To facilitate your booking of diagnostic tests and connect you with third-party Service Providers.
- To communicate with you regarding your bookings, test results, and inquiries.
3.2 Payment Processing
- To securely process payments for diagnostic services through our payment gateways.
3.3 Service Improvement
- To monitor and analyze usage of our Website and improve our services.
3.4 Compliance With Legal Obligations
- To comply with regulatory and legal obligations, including public health mandates.
3.5 Marketing Communications
- With your consent, we may send marketing and promotional materials. You may withdraw your consent at any time by contacting us or using the unsubscribe link in our emails.
4. RIGHTS OF DATA PRINCIPALS (YOUR RIGHTS)
Under the DPDP Act, 2023, as a Data Principal (the individual whose personal data is collected), you have the following rights:
4.1 Right To Information
- You have the right to be informed about how your personal data is being processed, including the type of data collected, the purpose of processing, and your rights under this Policy.
4.2 Right To Access
- You can request access to your personal data that we hold.
4.3 Right To Correction and Erasure
- You can request correction of inaccurate data or request erasure of your personal data if it is no longer necessary for the purpose for which it was collected.
4.4 Right To Data Portability
- You can request your personal data in a structured, commonly used, and machine-readable format to transfer it to another service provider.
4.5 Right To Withdraw Consent
- Where the processing of your data is based on consent, you can withdraw your consent at any time.
4.6 Right To Grievance Redressal
- You can file a complaint with our Grievance Officer if you believe that your data is being processed in violation of the DPDP Act, 2023 or this Policy.
5. DATA SHARING AND DISCLOSURE
We may share your personal data under the following circumstances:
5.1 Service Providers
- We share your personal data, including health-related information, with third-party diagnostic Service Providers to deliver the services you request. These Service Providers are contractually bound to adhere to Indian privacy and data protection laws.
5.2 Third-Party Payment Processors
- We share payment information with third-party payment processors to complete financial transactions. These processors must adhere to their own privacy policies and security practices.
5.3 Legal Obligations
- We may disclose your data to comply with legal obligations, including court orders or requests from law enforcement agencies in accordance with Indian law.
5.4 Business Transfers
- In the event of a business transfer, such as a merger or acquisition, your personal data may be transferred to the new entity, subject to the same privacy protections.
6. DATA SECURITY
We implement reasonable security practices and procedures as per the DPDP Act, 2023, IT Act, 2000, and SPDI Rules to protect your personal and sensitive data. Our security measures include:
- Encryption: We encrypt sensitive personal data during transmission to safeguard it from unauthorized access.
- Access Controls: We restrict access to your data to authorized personnel only.
- Regular Security Audits: We conduct periodic audits to assess the effectiveness of our security measures.
While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
7. DATA RETENTION
We retain personal and sensitive data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce agreements. Health-related data may be retained for longer periods, as required under applicable healthcare regulations in India.
8. CROSS-BORDER DATA TRANSFERS
Currently, we do not transfer personal data outside India. If international transfers become necessary in the future, we will comply with the cross-border data transfer provisions of the DPDP Act, 2023, ensuring that the receiving entity provides an adequate level of data protection.
9. COOKIES POLICY
9.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our Website. They help us improve your browsing experience and offer personalized services.
9.2 Types of Cookies We Use
- Essential Cookies: Required for the operation of the Website.
- Analytics Cookies: Help us analyze how Users interact with the Website.
- Marketing Cookies: Used to show you relevant advertisements.
9.3 Managing Cookies
You can control the use of cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Website.
10. GRIEVANCE REDRESSAL MECHANISM
As per the DPDP Act, 2023, we have appointed a Grievance Officer to address any concerns regarding the processing of your personal data. If you have any complaints or grievances, you may contact the Grievance Officer at:
Mr. Ankur Singh
National Head
ankur.singh@medihub.healthcare
+91 7400022218
The Grievance Officer will acknowledge receipt of your complaint within 24 hours and resolve your grievance within the statutory period specified under the DPDP Act, 2023.
11. CHANGES TO THIS POLICY
We may update this Privacy and Data Protection Policy from time to time to reflect changes in our practices or to comply with applicable laws. Any updates will be posted on this page, and the revised policy will take effect immediately.
12. CONTACT US
If you have any questions about this Privacy and Data Protection Policy or our data practices, please contact us at:
Mr. Ankur Singh
National Head
ankur.singh@medihub.healthcare
+91 7400022218