PRIVACY POLICY OF INDIA HEALTH LINK PVT LTD

(Effective from 04/10/2017) This Privacy Policy represents the Privacy Commitment of India Health Link Pvt Ltd., a body corporate registered in India with its Registered Office at SCO-394, New Grain Market, Karnal, 132001 (herein after referred to as the ‘Company’)and applies to all its services delivered through its portal viz: www.indiahealthlink.com and the IHL Kiosks operating at different locations in India.

The Company reserves the right to modify this policy as and when required and this is the current version modified last on 04/10/2017.

This Privacy Policy shall be read along with the Terms of Use applicable as applicable and apply for all persons who use the services of the company. (herein after referred to as the ‘user’)

1. Our Commitment IHL recognizes that “Privacy” is a key right of an individual who interacts with the Company either for browsing through this Portal or for availing any of the services rendered here in including the IHL Kiosks in physical locations.

In the context of the services rendered by the Company, “Privacy” is recognized as a “Right of an individual to Control how information related to a person is collected and used by the Company”.

As a Company registered in India, IHL follows the principles of Personal and Sensitive Personal information protection as mandated by the Information Technology Act 2000 as amended from time to time (ITA 2000).

Being in compliance with ITA 2000, the Company is also in conformity with the broad principles of Privacy protection that are internationally recognized such as the HIPAA-HITECH Act of USA, though the Company specifically declares that its obligations and liabilities are restricted to ITA 2000 as the law applicable in India and not any other international law.

2. Consent By opting to use the services of the Company, users are deemed to have provided their express consent to provide such personal data as they may share with the Company, in exchange of the services rendered or promised to be rendered by the Company as indicated here in and further detailed under the specific terms associated with the services and/or under FAQ section in the Portal.

The user agrees to receive transactional or promotional emails / SMS / push notifications in registered email address or mobile number This consent shall be irrevocable for the period for which the user continues to use the services.

In the event any user is not agreeable to any of the terms of this document, they shall kindly refrain from continuing to use the services. Continuation of the use of the services is a confirmation of the user’s consent for valuable consideration received to provide their personal information under the terms mentioned here in.

This consent shall be irrevocable for the period for which the user continues to use the services, subject further to the data retention requirements as mentioned here in.

The User agrees that a Copy of this document along with the Terms will be sent by the company in confirmation through the registered e-mail provided by the user if any.

Without waiting for the receipt of such e-mail, User confirms that he has chosen to provide confirmation, by clicking on the button “I AGREE” at the end of this document.

3. Information Collected

Kiosk Service IHL kiosks enable users to check certain health parameters here in after referred to as ‘vitals’ such as the weight, Blood Pressure, ECG readings etc. The Kiosk is meant to be used for educational purpose and not as a replacement of consulting a qualified medical practitioner.

The Kiosks are intended to be used only by persons aged above 18 years and competent to enter into valid contracts as per law. Others may use the service as “Guests” under the supervision of accompanying guardians.

The Kiosk has been calibrated to provide reasonably accurate measurements of the vitals however, given the technical nature of the measurements; the results may not always be completely accurate.

Information collected at the Kiosk may at the discretion of the user discarded immediately or forwarded securely to the user’s mobile or his account with IHL on the portal.

Portal Browsing (a) When any user visits the Portal of IHL, certain technical information about the user is identified and recorded by the Company in order to assist in enhancing the user experience and for administration purpose.

Such information includes,

i. The details of the device used

ii. The Browser and application used by the user,

iii. The different pages visited by the user on the Portal, the time spent, interactive actions etc

iv. IP address, locational information and Referral page from which he arrived on the Portal

v. Time spent by the User on a webpage

vi. Type of data uploaded and downloaded etc

b) When a user registers as a member of the services offered by the Portal and Kiosk additional information is provided by the User which may include the following:

i. Personal information such as Name, Address, Gender, Phone/Mobile number, E Mail address, location, Date of Birth, details of the health records etc.

ii. Nature of Services to be used

iii. Aadhar Number

iv. Suggested User name for registration and chosen password

(c) When a user uses the Patient Health Record storage service,

i) Health information which user choses to submit for storage and use at a later time including

a) information collected at the Kiosk and forwarded for storage on the web

b) Information otherwise uploaded in the form of documents such as diagnostic reports, medical reports etc

ii) Any other relevant information submitted for availing specific services

4. Cookies: Company uses cookies to make it easier for you to navigate our site on repeated visits. However the cookies do not contain any personal information.

5. How the Information is used i) IHL follows the principle of requesting only such minimal information that is required for providing the required service and use it only for the purpose of providing the service for which the information is provided.

ii) Information provided by the user is classified into appropriate categories such as “Personal”, “Sensitive Personal” and “other” information and stored either in the local systems or on the cloud.

iii) Where feasible, identifiable information is de-identified removing the parameters that link the health data to the individual’s identity parameters.

iv) The information submitted by the user is meant for access by the user himself for which access is provided to the user using reasonable access control mechanisms such as “Password” with or without additional authentication mechanisms such as a confirmation code sent through mobile or e-mail.

v) Where the user avails “Telemedicine” or “Diagnostic” services, information collected will be shared with the service provider to enable the service to be provided.

vi) The Company may use “De-Identified” data or “Limited Data Set” for research and statistical purposes including for Census and Market analysis by Pharma Industry with appropriate reasonable precautions to ensure that the data remains separate from the identity of the individuals as per standard industry practice.

vii) The User hereby agrees that the Company may at its discretion chose such partners as they deem fit for the required service and where a service is provided in association with a Business Associate/Contractor/sub-contractor, the Company may share information with such partners with due contractual bindings to ensure that the User gets the required quality of service

viii) The Company does not use any identifiable information collected from the user for marketing purposes of third parties unless a separate specific consent has been obtained for the purpose as applicable to the given service.

ix) The E-Mail ID of the users may be used for sending communications from the Company regarding any of the services of the Company including security related alerts or one time passwords.

x) The phone/mobile of the user may be used for sending security related alerts including one time passwords or other messages which require a direct interaction with the user.

xi) On specific occasions, Company may with specific consent of the user, use the e-mail ID of the user for sending messages for marketing of Company’s own services/products.

6. How the Information is Shared

i. User’s information stored with the Company is not generally accessed by any of the employees of the Company. Where required, information is shared within the company strictly on a “Need to know basis”

ii. Information may be shared with medical personnel for rendering “Telemedicine services”

iii. Information may be shared with law enforcement or other regulatory authorities as per requirements under law for which suitable policies and procedures are set in place within the Company.

iv. Under emergent circumstances, information may be shared with the required agencies or authorities after due approval from a medical personnel or an administrator under a defined process with documentation of the reasons for such sharing.

7. How the Information is Secured

i. IHL adopts Reasonable Security Practices to prevent unauthorized access, modification, or denial of access as defined under ITA 2000 to ensure security of the personal and sensitive personal information provided by the User after an informed consent.

ii. Accuracy of the Personal information collected from the User is maintained by providing an access to the User to the profile information to facilitate verification of the information and for making corrections as may be necessary from time to time.

iii. IHL has taken reasonable care to prevent any malicious codes or viruses affecting the confidentiality, integrity and availability information and adopts such security practices that are considered necessary for maintaining the data security as per legal requirements in force.

iv. In case any hyperlinks are provided on the Portal, the users are expected to use discretion before clicking on the links and ensure that they check the Privacy and Security policies of the destination site before using their services.

v. IHL has taken reasonable care for Disaster recovery and Business Continuity as is relevant for the nature and size of its activities.

vi. Sensitive Personal information is secured during transmission and storage with appropriate and reasonable encryption to mitigate the risk of unauthorized access.

vii. The Company ensures through appropriate contractual bindings that whenever the user’s information is accessed or processed by an entity other than the Company, the associates or contractors including their sub contractors if any always adhere to the same security standards that the Company itself tries to provide in facilities within their direct control.

viii. The users having direct access to the information stored in their membership area, shall take such suitable steps as are required to ensure that they do not compromise the security of the data in any manner either because of the security deficiencies in their access devices or the networking services.

8. Transfer of Information :

The personal information collected from the users is not transferred to any agency unless such agency is also contractually bound to follow adequate security standards as required under Indian law.

All reasonable efforts are taken to ensure that Sensitive personal information, is stored within the boundaries of India even while it is stored on the cloud.

9. Retention of Information

Information collected from the users is retained in a secure manner for a reasonable period subject to the requirements under Indian law.

Information not in active use is archived or destroyed as per the information security policy followed by the Company in conformity with the data retention regulations as per laws in India.

Any request from the Users for erasure of their personal data will be subject to the data protection laws applicable in India.

10. External Links

This privacy policy is limited to the information provided to the Company when the user uses the services on the Portal or the Kiosk.

The Portal may however also contain hyper links to other external Portals. Such sites may have their own privacy policies and users are required to peruse and take note of such policies.

11. Grievance Redressal

i. The Company follows a Grievance Redressal Policy to address any complaints that may arise on account of this Privacy Policy.

ii. All disputes are resolved as per laws in force in India and subject to jurisdictional limits in India as defined in the Grievance Redressal policy.

iii. Following is the Grievance redressal officer who will receive Privacy related complaints of the Users if any and redress the grievance as per a structured Grievance redressal policy adopted by the Portal

Name: Ramakanta Behera, (CCO)

E Mail: ramakanta@indiahealthlink.com

12. Opt-In Principle

The Privacy policy followed by the Company is entirely dictated by the choice of the user and we endeavour to provide opt-in choice to the users to the extent technically considered feasible.

We believe that protection of Privacy is a joint responsibility of the Company and the user and we encourage users to request for any information that they consider relevant to the protection of their privacy from the designated Privacy Official of the Company.

When in doubt about any aspect of this Policy, Users may contact the Company for clarification as required.

13. Changes to the Privacy Policy

Company reserves the right, to change, alter, modify, add, or remove portions from this Privacy Policy at any time and hence Users should review the Privacy Policy from time to time and exercise their option to discontinue the service if they so desire.

REFUND POLICY

(Effective from 04/10/2017)

This Privacy Policy represents the Privacy Commitment of India Health Link Pvt Ltd., a body corporate registered in India with its Registered Office at SCO-394, New Grain Market, Karnal, 132001 (herein after referred to as the ‘Company’)and applies to all its services delivered through its portal viz: www.indiahealthlink.com and the IHL Kiosks operating at different locations in India.

Our focus is complete customer satisfaction.

If you have made a payment via our kiosk and it has been found that an overpayment has been made or in case of a failed health test (amount paid but results not displayed), we will issue a refund to the original account used to make the initial payment.

In case of other disputes or discrepancies arising out of the payment on transactions done through our kiosk, please contact us via info@indiahealthlink.com; we will reverse the charges deducted for the transaction within 7 working days, provided the reasons are genuine and proved after investigation.

Dispute requests received later than 2 business days after the transaction will be treated as invalid requests.