VITACLOUD PRIVACY POLICY

VitaCloud Digital Health Private Limited (“VitaCloud”, “Company”, “we”, “us” or “our”), provides care providers with VitaCloud APIs, SDKs, developer documentation, website, professional support and the other services (collectively the “Services”).

VitaCloud is committed to ensuring that your personal information shared over our website and/or Services is protected and kept confidential. By accepting our VitaCloud API/SDK Agreement, you consent to the use and disclosure of personally identifiable information as outlined therein and in this Privacy Policy (“Privacy Policy”).

This Privacy policy is dedicated to both VitaCloud Customers ("Customer" or "Customers") who integrate the VitaCloud API/SDK into their mobile product and End Users ("End User" or "End Users") who activate features enabled by the VitaCloud API/SDK in a product they use that is installed on their mobile device.

This Privacy Policy is published in compliance with, inter alia:

  1. Section 43A of the Information Technology Act, 2000;
  2. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
  3. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.

What information we collect?

In this section, we provide details about some of the information we currently collect about users of our Website and of our Services (collectively, “User Data”).

We consider the data that is collected to be the property of VitaCloud End Users. VitaCloud operates on behalf of End Users to identify moments in the End Users' life via their smartphone or other connected devices in the event the End Users shared access to their data with VitaCloud. All data collection is done through official APIs and mobile sensors, with the explicit permission of End Users.

User Identifier: Your healthcare program or website provides us with an Organisation User Identifier (the “Org User ID”) that identifies you as a registered customer. This allows us to verify that we are authorised to provide you with the Service.

Personal Information: We may collect information by which you may be personally identified, such as name, address, e-mail address and/or telephone number, and information required for the payment of goods or services that you order from us, including credit card numbers, security codes and other financial information (“Personal Information”).

“Personal Information” under the Sensitive Personal Information Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.

The SPI Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:

  1. passwords;
  2. financial information such as bank accounts, credit and debit card details or other payment instrument details;
  3. physical, physiological and mental health condition;
  4. sexual orientation;
  5. medical records and history;
  6. biometric information;
  7. information received by body corporate under lawful contract or otherwise;
  8. visitor details as provided at the time of registration or thereafter; and
  9. call data records.

Health and Wellness Data:We will collect user data, the data collected includes but is not limited to your activity, sleep, heart rate, body composition, blood pressure, blood glucose, oxygen saturation, food intake data, produced by your use of, or uploaded by you to, certain integrated mobile health applications, wearables and/or medical devices that you may elect to use in connection with the Website and/or the Service (“Applications”). (Examples of Applications are Fitbit, Omron, Strava, etc).

We provide you with information about Applications that connect with the Services. These Applications typically have features that collect and store data and/or other information about you and/or permit you to upload the same to your user account with the Application. When you choose to integrate these Applications with the Services, they will be able to provide us with access to some or all of that data and/or other information (the “Health and Wellness Data”). You should review information from the Applications, including their privacy statements and terms of use, prior to using them or allowing them access to any information about you.

These Applications are not sold, designed or manufactured by the Company. All support for these Applications is provided by the Application provider. The Company does not warrant and is not responsible for the quality, use or operation of the Applications and your use of any such Applications is governed by separate terms of use and privacy statements by the Application provider.

Aggregated Data: In an ongoing effort to better understand and serve the users of the Website and the Services, we may conduct research on demographics, interests, behaviour and other topics based on User Data of our end users, including you, that is provided to, collected by or otherwise available to us. We use the User Data from you and other users and reformat, supplement, compile, analyse and/or aggregate these datasets together to create what we term “Aggregated Data.”

How we use and share the information collected?

Data Analysis – End Users’ data is uploaded over a secured connection to our servers that analyze the data and identify metrics and contextual information. Our system is able to analyze the raw data gathered and identify real time events, predict future events to the extent technologically possible and compose different types of End Users profiles. The results may be shared with the End Users’ care providers and/or stored in our servers.

We use the information we collect to continually try to improve our Service and to provide a safe, efficient, and customised experience. In particular, we may use the User Data to do any of the following:

  • We may use the information we collect to provide our Service, to measure and improve the Website, the Service and features provided by us. We may also use User Data, including Aggregated User Data, to develop proprietary technology or services (including through the filing of patents or other forms of intellectual property protection) to be used in the Service and/or other related services. We may also use the information we collect to enforce our Terms and Conditions. We also use a variety of technological systems to detect and address anomalous activity, some of which require the use of User Data.
  • We create backup copies of the User Data we provide to your care providers.
  • We may use aggregated data over several users to improve our algorithms, measure service usage, publish summaries online or offline, and to develop new features which may be beneficial to our customers. We will not display or otherwise disclose information where individual users can be recognized. Furthermore, our developer team need to occasionally review raw data and they will only see the unique identifier number with the data, and no personally identifiable information.
  • We may also disclose certain Aggregated Data that is non personally identifiable, in order to describe the Service and capabilities to current and prospective business partners, researchers, service providers and to other third parties for other lawful purposes.
  • We may use any of your User Data as necessary in order to comply with any applicable laws, regulations or court orders. We may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Reviewing and updating your Information

End Users have the right to access their health and wellness data. We provide your care provider with the capability to review and update your User Data. We require your permission before any of your User Data is accessed, retrieved or made available to your care provider. In addition, we provide your care provider the ability to allow you to revoke permission to access your User Data.

Security

The security of handling End Users data is extremely important to us. VitaCloud has implemented appropriate technical and organizational measures to protect information against accidental loss, unlawful destruction, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide the Services.

We store the data by distributing it over multiple databases and each database holds only fragments of the data. Additionally, sensitive data is hashed or encrypted in order to protect the data itself. The databases are protected by the security countermeasures provided by our Cloud provider.

If you use our Website or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand with the company’s privacy and security policy with respect to Internet use.

End Users may choose to immediately stop any collection of their data and opt-out from collection of your real-time health and wellness data by visiting the Application portal.

Changes to this Privacy Policy

VitaCloud may amend this Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Site and at other places we deem appropriate.

If you have any questions or suggestions on ways we can improve our privacy policy, please contact the Company at:

VitaCloud Digital Health Private Limited
                    #72 Ground Floor, 14A Main Road, 16th Cross
                    HSR Layout
                    Bangalore, Karnataka 560102
                    hello@vitacloud.io