PRIVACY NOTICE

Tata Medical and Diagnostics Limited (“Tata MD” or “we” or “Company”) takes the privacy of your information seriously. This Privacy Notice describes the types of personal information we collect from you through our Tata MD (including sub-domains and microsites) and mobile application, email and any offline method set up by the Company, including via the phone. It also describes the purposes for which we collect that personal information, the other parties with whom we may share it and the measures we take to protect the security of your data. It also tells you about your rights and choices with respect to your personal information, and how you can contact us about our privacy practices.

You are advised to carefully read this Privacy Policy before using or availing any of our products and/or services. By using our website or mobile application and availing the services whether through online or offline methods, and voluntarily providing us with information, you are consenting to our use of it in accordance with this Privacy Policy. This Privacy Policy does not apply to third-party links, applications or websites that are connected via links to our website or mobile application or displayed on our website or mobile application or third party service providers who you consent to procuring services from directly after we facilitate an introduction between you and them. If you use the services of Tata MD on behalf of someone else (such as your family members) or an entity (such as your employer), you represent and warrant that you are authorised by such individual or entity to (i) accept this Privacy Policy on such individual’s or entity’s behalf, and (ii) consent on behalf of such individual or entity to our collection, use and disclosure of such individual’s or entity’s information as described in this Privacy Policy. You indemnify Tata MD from any claims which such individual or entity may claim against Tata MD.

This Privacy Policy constitutes a legal agreement between you, as a user of our website or mobile application or our services (including any offline method) and us, as the owner of our website or mobile application or services. You must be a natural person who is at least 18 years of age.

1. DEFINITIONS

In this Privacy Notice, the following definitions are used:

Data

includes non-personal information, personal information and sensitive personal information about you, which either directly or indirectly in combination with other information, could allow you to be identified when you visit our website or mobile application or obtain our services by any method (whether online or offline).

This includes, without limitation, the following categories:

1.      Contact information: Contact information: first and last name, email address, postal address, country, employer, phone number and other similar contact data.

2.      Financial information: payment instrument information, transactions, transaction history, preferences, method, mode and manner of payment, spending pattern or trends, and other similar data.

3.      Technical information: website, device and mobile app usage, Internet Protocol (IP) address and similar information collected via automated means, such as cookies, pixels and similar technologies.

4.      Transaction information: the date of the transaction, total amount, transaction history and preferences and related details.

5.      Product and service information: Your account membership number, registration and payment information, and program-specific information, when you request products and/or services directly from us, or participate in marketing programs.

6.      Personal information: Age, sex, date of birth, marital status, nationality, details of government identification documents provided, occupation, ethnicity, religion, travel history or any other personal information provided in responses to surveys or questionnaires.

7.      Your reviews, feedback and opinions about our products, programmes and services.

8.      Loyalty programmes: If applicable, your loyalty membership information, account details, profile or password details.

9.      Sensitive Personal Data or Information: your medical history, medical records, and any other health related information.

Cookies

A small file placed on your device by our website or mobile application when you either visit or use certain features of our website or mobile application. A cookie generally allows a website to remember your actions or preference for a certain period of time.

Data Protection Laws

Any applicable law for the time being in force relating to the processing of Data including Information Technology Act, 2000, the Information Technology (Amendment) Act, 2008, and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, of the Republic of India as well any amendments thereto or any new laws that may come into force from time to time.

Partners

Select third parties, or diagnostic labs, hospitals and hospital chains, nursing homes, registered medical practitioners, pathology labs, including Tata Group Entities with whom we have contracts for the businesses described in this Privacy Policy.

Service Providers

Includes entities to whom we or our Partners and other Tata Group Entities will disclose your Data in order to process information for a specific purpose pursuant to written contract.

Tata MD

Tata MD, a company incorporated in India whose registered office is at Army & Navy Building, 148 M. G. Road, Fort, Mumbai 400001.

Tata Group Entity

Tata Sons Private Limited, and its subsidiaries, affiliates, associate companies and joint venture companies with whom we have a contractual arrangement to, inter alia, share data for the purposes described in this Privacy Policy.

User or you

The natural person who accesses our website, mobile application or use our services in any manner whatsoever (online or offline).

2. SCOPE

Tata MD collects Data for its business. You provide some of this Data directly, such as when you register on our website or mobile application or avail our services (through any offline or online method). You provide some of this Data when you complete registration forms provided by Tata Group Entities (e.g., at outlets, stores, hotels, kiosks); register on websites of Tata Group Entities; in such other manner as may be specified on our website or mobile application; or by availing our services through offline method.

You can make choices about our collection and use of your Data. For example, you may want to access, edit or remove your Data on our website or mobile application. When you are asked to provide Data, you may decline. However, in the event you decline providing any of the Data requested for, we may not be able to provide access to all our services available through our website or mobile application.

3. HOW WE COLLECT DATA

We collect Data in the following ways:

1.      Information You Give Us: We receive and store any information you enter on our website or mobile application or give us in any other way, such as through other Tata Group Entities or Partners.

2.      Automatic Information We Collect: We use “cookies”, pixels and similar technologies to receive and store certain types of information whenever you interact with us.

3.      E-mail Communications: To help us make e-mails more relevant and interesting, we often receive a confirmation (if your device supports such capabilities) when you open e-mail from us or on a link in the e-mail. You can choose not to receive marketing emails from us by clicking on the unsubscribe link in any marketing email.

4.      Automatic Information We Collect from Other Websites: We receive and store certain types of information when you interact with third-party websites that use our technology or with whom we have a specific agreement. Because we process this information on behalf of the applicable website operators, collection, processing, and use of such information is subject to the applicable website operators’ privacy policies and is not covered by our Privacy Policy.

5.      Information from Other Sources: An example of information we might receive from other sources is when you authorize a third-party website (such as the website of another Tata Group Entity) or the Partners, to interact directly with our website or mobile application to provide or receive Data about you. In that case, we might receive such Data used by that third-party website to identify your account with that website.

6.      Information Previously Provided to Tata Group Entities: Where you have shared any information previously with any of the Tata Group Entities and have consented to the further sharing of such information, such information will be shared with us by the Tata Group Entities.

7.      Information Previously Provided to your Employers/Partner: Information previously provided to your employer/our Partner: Where you have shared any information previously with your employer/our Partner and have consented to the further sharing of such information, such information can and will be shared with us by your employer. Regardless of the terms on which you had originally provided the information to your employer, by accepting this Privacy Policy, you hereby provide your consent to Tata MD to collect such information from your employer for the purposes set out in this Privacy Policy. Further, you hereby acknowledge and accept that we are not responsible and liable in any manner whatsoever for any breach by your employer in this regard, including failure to obtain consent for sharing such data with us and you hereby unconditionally and irrevocably waive, release and discharge us and our directors, employees, consultants or agents from any and all claims and liabilities arising out of or relating to any sharing of your information by your employer with us.

 

4. YOUR CONSENT

Please note that by providing the information you provide your consent and authorize us to collect, use or disclose such information for the purposes stated in this Privacy Policy and as permitted or required by applicable law.

MOREOVER, YOU UNDERSTAND AND HEREBY CONSENT THAT THIS INFORMATION MAY BE TRANSFERRED TO ANY SUCH PARTY AS MENTIONED IN CLAUSE 9, FOR THE PURPOSE OF SERVICES PROVIDED THROUGH THE WEBSITE, MOBILE APPLICATION OR ANY OFFLINE METHOD OR TO ANY THIRD - PARTY PROVIDERS FOR ANY JOINTLY DEVELOPED OR MARKETED SERVICES, PAYMENT PROCESSING, ORDER FULFILMENT, CUSTOMER SERVICES, DATA ANALYSIS, IT SERVICES AND SUCH OTHER SERVICES WHICH ENABLE US TO PROVIDE YOU SERVICES THROUGH THE WEBSITE, MOBILE APPLICATION OR OFFLINE METHOD. WE MAY ALSO SHARE YOUR SENSITIVE PERSONAL DATA INCLUDING MEDICAL DATA WITH GOVERNMENT AGENCY FOR COMPLIANCE UNDER APPLICABLE LAWS. YOU HEREBY PROVIDE YOUR CONSENT TO TATA MD TO SHARE YOUR SENSITIVE PERSONAL DATA WITH SUCH PARTY AND GOVERNMENT AGENCY.

This Privacy Policy shall be enforceable against you in the same manner as any other written agreement.

By visiting or accessing our website or mobile application and voluntarily providing us with information/ Data, you are consenting to our use of it in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you may refuse or withdraw your consent any time, or alternatively to not provide us with any Data. However, this may significantly impact your ability to use our website or mobile application and the services provided through it.

5. DATA SHARED BY YOU

Tata MD may collect your Data in several ways from your use of our website or mobile application or by availing our services. For instance:

1.      When you register with us to receive our products and/or services;

2.      When you conduct a transaction with us or attempt a transaction at our on our website or mobile application;

3.      When you complete surveys conducted by or for us;

4.      When you elect to receive any e-mail communications (including promotional offers) from us;

5.      From the information gathered by your visit to our website or mobile application;

6.      Information provided by you (such as to answer your queries, support and contact requests).

7.      When you provide us information by availing services offline i.e. by any offline method as mentioned in Terms of Service.

8.      You shall not share, upload, publish or store any data on our website or mobile application:

·        which belongs to another person;

·        which is defamatory, obscene, paedophilic, gender-based harassing, racist, encouraging gambling or money laundering etc;

·        harmful to children;

·        infringes any intellectual property rights;

·        deceptive of origin or false/misleading or impersonates another person;

·        threatens the sovereignty of India or incites commissions of cognisable offences;

·        software virus or any other harmful computer code;

·        patently false information of a vindictive nature.

In case of any non-compliance which may be discovered by us or notified to us by government or any third party, we may terminate your access and usage rights of our website or mobile application or the services and remove all the non-compliant information from our website or mobile application.

 

6. DATA THAT IS COLLECTED AUTOMATICALLY

1.      We automatically collect some information when you visit our website or use our mobile application. This information helps us to make improvements to our content and navigation. The information collected automatically includes your IP address.

2.      Our web servers or affiliates who provide analytics and performance enhancement services collect IP address, operating system details, browsing details, device details and language settings. This information is aggregated to measure the number of visits, average time spent on the site, pages viewed and similar information. Tata MD uses this information to measure the site usage, improve content and to ensure safety and security, as well enhance performance of our website or mobile application.

3.      We may collect your Data automatically via Cookies, pixels and similar technologies in line with settings on your browser. For more information about Cookies, please see the section below, titled “Cookies”.

 

7. OUR USE OF DATA

Any or all the above Data may be required by us from time to time to provide information relating to Tata MD and to work on the experience when using our website or mobile application or availing our services. Specifically, Data may be used by us for the following reasons:

1.      Provide products and/or services and communicate with you about products and/or services offered by us;

2.      Enable Tata Group Entities and Partners to offer their products and/or services and communicate with you about such products and/or services;

3.      Processing, disclosing, transmitting, and/or sharing the data/information with Tata Group Entities, and other third parties, Partners which have business or contractual dealings with us;

4.      Provide you with offers, personalized services and recommendations and improve your experience on our website and mobile application;/p>

5.      Operate, evaluate and improve our business;

6.      Generate aggregated data to prepare insights to enable us to understand customer behavior, patterns and trends with a view to learn more about your preferences or other characteristics;

7.      Provide offers (including for financial products and/or services), privileges and benefits to you, marketing and promotional campaigns based on your profile;

8.      In connection with loyalty programs owned and operated by us or by other Tata Group Entities;

9.      Responding to your requests, customizing and improving our services and communicating with you;

10.   Protect against and prevent fraud and other legal or information security risks; and

11.   Serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by applicable law.

We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed "Your rights and choices" below).

We may use your Data to show you adverts and other content on other websites. If you do not want us to use your data to show you adverts and other content on other websites, please turn off the relevant cookies (please refer to the section headed “Cookies, pixels and similar technologies” below).

We use Data to protect the security and safety of our website or mobile application.

Additionally, to improve your experience of our website or mobile application, we collect the following data:

1.      Increase output: : Tata MD uses all this information to analyze the usage trends, learning behaviors and preferences of the Users, to improve the way these services work and look with respect to you, including updating, enhancing the operations and functionality of these features.

2.      Business or Research Purposes: The information is used for business or research purposes, including improving and customizing our website or mobile application or our services for ease of use and the products and services offered by us. We may archive this information to use it for future communications for providing updates and/or surveys.

3.      Improve functionality: All information is used to provide a personalized learning and high-quality experience for our Users by increasing site functionality and the services offered by Tata MD.

 

We treat these inferences as personal information (or sensitive personal information, as the case may be), where required under applicable law.

We treat these inferences as personal information (or sensitive personal information, as the case may be), where required under applicable law. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Where required under applicable law, we will only use your personal information with your consent; as necessary to provide you with products and/or services; to comply with a legal obligation; or when there is a legitimate interest that necessitates the use.

8. MINORS

Our website and mobile application do not offer products or services for use by minors. If you are under 18, it is mandatory that you use our website or mobile application or services only with the involvement of a parent or guardian and in such a case this Privacy Policy shall be deemed to be a contract between Tata MD and your legal guardian or parent and to the extent permissible under applicable laws, enforceable against you.

9. SHARING OF DATA

We may share your Data with/ for:

1.      Partners: We may make available to you services, products, or applications provided by Partners for use on or through our website or mobile application. If you choose to use such service, customer information related to those transactions may be shared with such Partner.

Such Partners will be required to respect the security of your Data and to treat it in accordance with this privacy policy and applicable law.

2.      Tata Group Entities: We may make available to you products, services and /or applications of Tata Group Entities, to assist them to reach out to you in relation to their programs or campaigns and to process your queries and requests. Accordingly, we may share your Data with Tata Group Entities. We may also share your Data with the Tata Group Entities as is relevant for the purposes set out in Clause 6 above, and to facilitate the operation of our business.

3.      Service Providers: We or other Tata Group Entities may share your Data with Service Providers. Examples include storing and analyzing Data, protecting and securing our systems, providing search results and links, providing customer service, credit analysis, processing your information for profiling, user analysis and payment processing.

These Service Providers will be required to only process Data in accordance with express instructions and as necessary to perform services for purposes set forth in this Privacy Policy. The Service Providers will also be required to safeguard the security and confidentiality of the Data they process by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Data

4.      When Tata MD acts as a Service Provider: We may process and share your Data with Tata Group Entities and Partners when we act as a service provider to such Tata Group Entities and Partners.

5.      Protecting Tata MD: We may release Data when we believe release is appropriate to comply with applicable law or legal process, enforce or apply the Terms of Service of our website or mobile application or use of our services in any offline manner and other agreements, protect Tata MD against harm or financial loss, when we believe disclosure is necessary to protect individuals’ vital interests, or in connection with an investigation of suspected or actual fraudulent or illegal activity. This may include exchanging information with other companies and organizations for fraud protection, risk management and dispute resolution. This does not include selling or otherwise disclosing personally identifiable information from users for commercial purposes in violation of this Privacy Policy.

6.      Business Transfers: As we continue to develop our business, we might sell or buy subsidiaries or business units. In such transactions, Data, including in relation to loyalty programs generally is one of the transferred business assets.

7.      Third Parties: We do not share sensitive personal data with other third parties (other than as set out in (a) to (g) above). However, this may happen if:

                                                      i.          You request or authorize us to do so;

                                                    ii.          We need to comply with applicable law or respond to valid legal process; or

                                                   iii.          We need to operate and maintain the security of our website or mobile application, including to prevent or stop an attack on our computer systems or networks.

We require these third parties by contract to only process sensitive personal data in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the sensitive personal data they process on our behalf by implementing appropriate confidentiality, technical and organizational security measures.

Please note that Tata Group Entities and Partners may have privacy practices that differ from those of Tata MD. Your data will be governed by their privacy statements when you provide Data on their websites.

10. KEEPING DATA SECURE

We will use technical and organisational measures to safeguard your Data and we store your Data on secure servers. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us by e-mail.

11. RETENTION OF DATA

Tata MD retains Data for as long as necessary for the use of our products and/or services or to provide access to and use of our website or mobile application, or for other essential purposes such as complying with our legal obligations including conducting audits, resolving disputes, enforcing our agreements and as long as processing and retaining your Data is necessary for our legitimate interests. Because these needs can vary for different data types and purposes, actual retention periods can vary significantly.

Even if we delete your Data, including on account of exercise of your right under Clause 12 below, it may persist on backup or archival media for audit, legal, tax or regulatory purposes.

12. YOUR RIGHTS AND CHOICES

When we process Data about you, we do so with your consent and/or as necessary to operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests of Tata MD as described in this Privacy Policy.

We may transfer Data we collect about you to recipients in India, where we are headquartered. India may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Data to India, we will protect that information as described in this Privacy Policy, as disclosed to you at the time of data collection or as described in our program-specific privacy notice. Depending on which country’s laws are applicable to you, you may have the right or choice to: :

1.      opt out of some collection or uses of your Data, including the use of cookies, pixels and similar technologies and the use of your Data for marketing purposes.

2.      access your Data, rectify it, restrict or object to its processing, or request its deletion or anonymization.

3.      change or edit information submitted to us.

4.      receive the Data you provided to us to transmit it to another company.

5.      withdraw any consent provided or alter your preferences.

6.      where applicable, lodge a complaint with your supervisory authority.

You may submit a request as described in the “How to Contact Us” section below. We will not charge you for any request. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

Below, you will find additional privacy information that you may find important. Data Protection Laws, depending on your country, may include the following rights in relation to your Data:

1.      Right to Confirmation and Access - the right to confirm our methods of processing and request

                                                      i.          copies of the information we hold about you at any time, or

                                                    ii.          that we modify, update or delete such information.

2.      Right to Correction - the right to have your Data rectified if it is inaccurate or incomplete.

3.      Right to be Forgotten - the right to request that we delete or remove your Data from our systems.

4.      Right to Restrict / Object to Our Use of your Data - the right to limit the way in which we can use it.

5.      Right to Data Portability - the right to request that we move, copy or transfer your Data.

6.      Right to Withdraw Consent - the right to withdraw your consent provided earlier.

7.      Right to File Complaints - the right to raise complaints to a regulatory authority.

For information about managing your Data and promotional communications, please e-mail us at data.urbancare@tatamd.com

It is important that the Data we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold it.

13. INFORMATION SECURITY

To protect your privacy and security, Tata MD takes steps to verify your identity before granting you account access or making corrections to your information.

Tata MD is committed to protecting the security of your Data. We use a variety of security technologies and procedures to help protect your Data from unauthorized access, use or disclosure. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the internet. You accept the inherent security implications of data transmission over the internet and the world wide web cannot always be guaranteed as complete secure. Therefore, your use of our services, website or mobile application will be at your own risk. If you have any concerns, please feel free to email us at enquiry@tatamd.com

14. WHERE WE STORE DATA

Data collected under this Privacy Policy is hosted on servers located in India. We take steps to ensure that the Data we collect under this Privacy Policy is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

15. PROCESSING YOUR DATA

We take steps to ensure that the Data we collect under this Privacy Policy is processed according to the provisions of this Privacy Policy and the requirements of applicable law.

To ensure that your Data receives an adequate level of protection, we have put in place appropriate written contracts with Tata Group Entities, Partners and Service Providers that we share your Data with. This ensures your Data is treated by such parties in a way that is consistent with applicable law.

16. LINKS TO OTHER WEBSITES

1.      (a) Our website or mobile application may, from time to time, provide links to websites and applications of Tata Group Entities and Partners whose privacy practices differ from those of Tata MD. We have no control over such websites and applications and are not responsible for the content of those websites and applications. If you provide personal information to any of those websites or applications, then your data is governed by their privacy notices.

2.      This Privacy Notice applies to the Tata MD’s website or mobile application only.

17. COOKIES, PIXELS AND SIMILAR TECHNOLOGIES

1.      Our website or mobile application may place and access certain Cookies on your device. Cookies are unique identifiers that we transfer to your device to enable our systems to recognize your device. We also use Technical Information, pixels and similar technologies to analyse traffic on our website or mobile application, to improve your experience of using our website or mobile application.

2.      (b) You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser. You can choose to delete Cookies at any time. however, you may lose any information that enables you to access our website or mobile application more quickly and efficiently including, but not limited to, personalisation settings.

3.      (c) It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

4.      Tata MD uses cookies and similar technologies for several purposes, which may include:

                                                      i.          Storing your Preferences and Settings: Settings that enable our website or mobile application to operate correctly or that maintain your preferences over time may be stored on your device.

                                                    ii.          Sign-in and Authentication: When you provide details into our website or mobile application using your credentials, we store a unique ID number, and the time you access, in an encrypted Cookie on your device. This cookie allows you to move from page to page within our website or mobile application.

                                                   iii.          Security: We use cookies to detect fraud and abuse of our websites and services.

18. SEVERABILITY

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

19. CHANGES TO THIS PRIVACY POLICY

Our business changes constantly and our Privacy Policy will change also. We may e-mail periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check our website, mobile application and its Terms of Use, Terms of Service and this Privacy Policy frequently to see recent changes. The updated version will be effective as soon as it is accessible. Any changes will be immediately posted on our website, mobile application or any other form as the Company deems fit and you are deemed to have accepted the terms of the updated Privacy Policy on your first use of our website or mobile application or first purchase of the products and/or services following the alterations. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

20. HOW TO CONTACT US

Request by e-mailing us at enquiry@tatamd.com . You may contact us for information on Service Providers, Partners and Tata Group Entities with whom we may share your Data in compliance with this Privacy Policy and applicable law. We will respond to your request within 30 (thirty) days.

21. GRIEVANCE OFFICER

In case of any discrepancy or grievance with respect to all or any information shared with the Company, please feel free to contact at grievance@tatamd.com .

We assure you that we shall ensure implementation of this Privacy Policy and shall make the Notice available to individuals and redress the grievances of the user expeditiously 15 (fifteen) days from the date of receipt of grievance. Any complaints with respect to the content depicting nudity, sexual acts, morphed images shall be dealt by us within 24 hours of receipt of the complaint. Please see below the details of our grievance officer:

Name: Mr. Kartik Krishnan

Email: grievance@tatamd.com

Address: Army and Navy Building, M.G Road, Opposite Kala Ghoda, Fort, Mumbai, Maharashtra 400001