iii. How and to whom We will disclose such information.
“Personal Information” is defined under the SPI rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person. The SPI rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to: (i) passwords; (ii) financial information such as bank accounts, credit and debit card details or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) information received by body corporate under lawful contract or otherwise; (viii) visitor details as provided at the time of registration or thereafter; and (ix) call data records. Note that the information collected by Us from You may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules.
In order to have access to all the features and benefits on Our Platform, a User must first create an account on Our Platform. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is personal information allowing others, including Us, to identify the User: name, User ID, gender, country, ZIP/postal code, age, phone number, password chosen by the User. In addition, at the time of a registered User availing of the Services, the User is required to provide certain sensitive personal information which includes its bank account or card details for undertaking transactions on the Platform for availing the Services. Other information requested on the account registration page, including the ability to receive promotional offers from Us, is optional. We may, in future, include other optional requests for information from the User to help Us to customize the Platform to deliver personalized information to the User. Further, for the purposes of availing the Services, You may be additionally asked to provide the details about previous medical history, medical records and prescriptions for the medications that have been issued to You by any registered medical practitioner. In addition, the information provided by the User, User’s medical history and records uploaded by the User on the Platform, medical records, logs and details of the exchanges between the Practitioner and the Users through any medium or on the Platform and the prescription issued by the Practitioner will be stored by Us for the purposes of monitoring the correctness of the order placed and for ensuring the quality of the consultation availed of by a User.
The information contained on this Platform and the personal information collected by using/ login and or accessing this Platform are stored at a secured server. It is stated by the server service provider that they have all the best security practices required for the server. The Platform is owned by Us and is located in India. Hence, We are bound by duty to abide by the laws, including but not limited to, regulations, rules, circulars and notifications governing privacy in India.
PROCESSING OF PERSONAL DATA
We may process your personal data for, including without limitation, the following purposes:
Providing Our services: We might process your personal data to provide Services so as to facilitate the interaction and transaction of the Users. For example, personal data is processed in order to set up your BoldCare account, allow You to place orders for the Products, allow You to book appointments for consultation with or availing the services offered by independent third party Practitioners and submit reviews to the Platform. We process the following personal data: (i) name; (ii) phone number; (iii) home address; (iv) IP address; (v) location; (vii) BoldCare user account profile data.
Customer service: We need to process personal data for this purpose because it enables Us to adequately respond to Users’ questions/ concerns and to verify the correctness of the order for the Products placed by User on the Platform and to ensure the quality of the consultation services availed by a User from the Practitioners.
Marketing (Direct): We process Users’ data for (direct) marketing purposes. This means that We can contact customers to draw attention to Our services. For this purpose, We process the following personal data: (i) website behaviour; (ii) IP address; (iii) postal address; (iv) phone number (v) online identifiers; (vi) order information; (vii) location; and (viii) account information.
Commercial Use: All the information provided to Us by a User, including personal information or any sensitive personal data or information, is provided voluntary. You understand that We may use certain information provided by You, which may include your personal information or sensitive personal data or information for (i) the purpose of providing the Services to You; (ii) commercial purposes and in an aggregated and anonymized form for research, statistical analysis and/or business intelligence purposes; (iv) sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates; (v) communication purposes to enhance your experience of booking appointments and obtaining feedback in relation to the Services; (vi) customer support related issues; (vii) and enabling you to complete any transaction through the Platform.
In addition to the above, We may also use Your personal data for several reasons, including but not limited to; (i) keep You informed of the transaction status; (ii) send You order confirmations via SMS or WhatsApp or any other messaging service; (iii) send You any updates or changes to Your order(s); (iv) allow Our customer service to contact You, if necessary; (v) confirm Your appointment for consultation; (vi) customize the content of Our website and mobile app;(vi) request You for reviews of the Services; (vii) send You verification message(s); (viii) validate/authenticate Your account and to prevent any misuse or abuse; (ix) contact You on Your birthday and/or anniversary to inform You of any special offers; (x) send You important notices and communications regarding Our services availed or changes to the terms and conditions and/or policies; (xi) to administer Our business and Platform; (xii) to send You marketing related communications; (xiii) to deal with enquiries and complaints raised by You and to troubleshoot problems; (xiv) ensure compliance with all applicable laws and to ensure safety of the Platform and all Users; (xv) to obtain your Know Your Customer (KYC) details and credit report; (xvi) to prevent fraud, errors and/or any illegal activity on the Platform; (xvii) to send invoices, statements, agreements and/or to collect payment from You or make payments to You on behalf of theUser availing Services (as the case may be); (xviii) send You remindersto confirm bookings, schedule and/or re-schedule appointments.
DISCLOSURE OF DATA
It may be necessary for Us to disclose Your personal data whether by law, legal process and/or by request from public and/or governmental authorities within or outside of your country of residence. We may also disclose Your personal information if We determine that disclosure is necessary or appropriate for the purposes of law enforcement, national security or to prevent or stop any activity We may consider to be, or to pose a risk of being, illegal, unethical or legally actionable.
Some sections on the Platform are freely accessible by all Users and visitors and require no prior registration. Further, certain sections on the Platform are accessible by Users only after entering their details, username and password. Therefore, We request You to use a safe and secure server to access the Platform to ensure the safety of Your username, password and other information. We do not guarantee the security and/or privacy of any information, which may be available to all Users and visitors of the Platform publicly. Further, the Platform may contain links to other websites. Please note that We do not endorse any links or websites and are not responsible for the privacy practices of such third party websites.
We automatically receive the URL of the site from which anyone visits. We also receive the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help Us improve Our Services. The linkage between User’s IP address and User’s personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, We may share and/or disclose some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow Our business.
Note that We maintain a strict no-spam policy and do not rent, sell, disclose or share personal information belonging to You with other people or non-affiliated companies without Your consent, except to provide products or services which You have requested/placed ordered for or for availing the consultation with the Practitioner or otherwise as specifically provided for in this Policy.
You agree that in addition to as may be provided in this policy, We may also disclose Your personal information under the following circumstances:
Third party service professionals and/or providers: We engage, retain or might, as per requirement and business needs of the Company, employ, engage, contract with third party service professionals/providers to work on behalf of or with Us, under agreements containing confidentiality obligations and in accordance with law, in relation to the services provided by Us on the Platform. These third party service providers may use Your personal information in assisting Us to communicate with You about Our offers, scheduling of appointments, feedback of Services, assisting in payment facilities, verification of credit information to process payment, providing customer support, assisting in advertising on the Platform, obtaining your KYC details or credit report, etc. We may employ third party companies and/or individuals to help improve or facilitate our service, to provide the Service on our behalf, to perform platform-related services, including but not limited to: payment processing, maintenance services, fraud detection services, database management, web analytics, monitoring, delivery/logistics and evaluation services. In this event, your information may be shared with such third party companies and/or individuals;
Compliance with laws and protection of Users: We may release your personal information when the same is required in order to comply with the law, in response to court orders, court summons, judgments, decrees, injunctions, arbitral awards, administrative orders, governmental investigation or orders of any government authority or any other legal process, to establish/exercise Our legal rights or defend against legal claims or in the event We reasonably believe that doing so is legally required or is in your interest to protect Your property or other legal rights or property or rights of others. We may also share your personal information in order to enforce and fully comply with Our terms of service and other Company policies;
Contracting parties: We transfer/share Your information with Our service professionals or third party contractors to facilitate the availing/provision aesthetics, dermatology or skincare solutions/services by You or to You in order to consummate the transaction.
With Your consent: in addition to the aforementioned circumstances, We may share Your personal information with third parties with Your prior consent and/or at Your request.
COLLECTION AND USE OF NON-PERSONAL DATA
Non-personal data is data that can never be used to identify an individual. We may collect information regarding customer activities on Our Platform. This aggregated information shall be used by Us in research, analysis, to improve and monitor Our services and for various promotional schemes. Such non-personal data may be shared in aggregated, non-personal form with third party to enhance customer experience, offerings or services.
The data that cookies collect will be used to process and/or analyse information by third parties to help improve or facilitate Our services, to provide Service on Our behalf, to Platform-related services, including but not limited to; maintenance services; fraud detection services; database management; web analytics; monitoring; and evaluation services. If you have any questions about Our cookie usage, please contact Us at the contact details/information mentioned below.
YOUR RIGHTS AND HOW TO EXERCISE THEM
We respect the exercise of the rights You have in relation to the personal data We process or use. You can request access to or a copy of your personal data collected and processed by Us. You may also request the rectification and removal of personal data or the restriction of the processing of Your personal data. Users have the right to unilaterally change their contact preferences at any time by logging into their "Account" at www.boldcare.com and changing the account settingsYou also have the right to data portability. If You have an objection to use of Your data under this policy, please write to Our privacy team at firstname.lastname@example.org. To prevent misuse, We will ask You to identify yourself.
NOTE FOR ALL USERS
We do not control or endorse the content, messages or information found in any Services and, therefore, We specifically disclaim any liability with regard to the Services and any actions resulting from Your participation in any Services, and You agree that you waive any claims against Us relating to same, and to the extent such waiver may be ineffective, you agree to release any claims against Us relating to the same.
You are responsible for maintaining the accuracy, truthfulness, correctness and completeness of the information You submit or provide to Us, on the Platform or to Practitioners; and shall hold harmless and indemnify BoldCare from and against all claims arising out or in relation to the wrongful information posted, provided by You to Us, on the Platform or the Practitioners.
If Your personal information changes, You may correct, delete inaccuracies, or amend information by making the change on Our member information page or by contacting Us on email@example.com. There may be circumstances where We will not correct, delete or update Your personal data, including; (i) where the personal data is opinion data that is kept solely for evaluative purpose; and (ii) the personal data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed. If you wish to cancel your account or request that We no longer use your information to provide you Services, contact Us on firstname.lastname@example.org.
We understand the serious implications of data security and take extensive measures to ensure Your data and information is secured. We take extensive technical, and legal measures to safeguard Your personal data. The Platform uses a reliable SSL certificate to ensure Your personal data is not misused in any manner whatsoever. We use SSL encryption when transmitting certain kinds of information, such as financial services information or payment information. An icon resembling a padlock is displayed on the bottom of most browser windows during SSL transactions that involve debit/credit cards and other forms of payment. In case We ask You for Your debit/credit card number for payment or for verification purposes, the same will be SSL encrypted. The information You provide will be stored securely on Our servers. Once You choose to store or enter Your debit/credit card number, it will not be displayed back to You in its entirety when You retrieve or edit it in the future. Instead of the entire number, You will only see asterisks and either the first four digits or the last four digits of your debit/credit card number.
We also work with third party service providers/experts/trainers/professional, suppliers who provide services on Our behalf or to Us. We enter into agreements with such third party service providers, experts, trainers, professional and suppliers to ensure complete security and safety of the User information. Such third party service providers do not have any independent right to the information provided by Us to them.
Our employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every User’s personal information or sensitive personal data and information. We have put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data from the point of collection to the point of destruction. Any third-party data processor to which We transfer Personal Data shall have to agree to comply with those procedures and policies, or put in place adequate measures on their own.
No administrator of the Platform will have knowledge of Your password. It is important for You to protect against unauthorized access to Your password, Your computer and Your mobile phone. Ensure You log off from the Platform when finished. We do not undertake any liability for any unauthorized use of Your account and password. If You suspect any unauthorized use of Your account, you must immediately notify Us by sending an email to email@example.com. You shall be liable to indemnify Us due to any loss suffered by Us due to such unauthorized use of Your account and password. Note that We make all User information accessible to Our employees, agents or partners and third parties only on a need-to-know basis, and binds only its employees to strict confidentiality obligations. However, We are not responsible for the confidentiality, security or distribution of Your personal information by Our partners and third parties outside the scope of Our agreement with such partners and third parties.
In case there is any breach of security, We will make all legally required disclosures concerning the breach and the confidentiality, or integrity of Your unencrypted electronically stored "personal data" to You by posting it on Platform without unreasonable delay, in as far as is consistent with any legitimate needs of law enforcement and any measures required to determine the scope of the breach and to safeguard the integrity of data.
APPLICABLE LAWS AND REGULATIONS
We ensure that your data and information shall be protected under the provisions of General Data Protection Regulation (“GDPR”), Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 along with any amendments made to these acts, rules and regulations.
We do not keep your personal data longer than necessary for the purpose of the processing. This includes, for example, the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims. We may aggregate and anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case We may use this information indefinitely without further notice to you.
Under certain circumstances, You have rights under applicable data protection laws in relation to Your personal data. It is Our policy to respect Your rights and We will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of Your personal data. Details of Your rights under GDPR are set out below:
(i) Right to be informed about how personal data is used – You have a right to be informed about how We will use and share Your personal data. This explanation will be provided to You in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
(ii) Right to access personal data – You have a right to obtain confirmation of whether We are processing Your personal data, access to Your personal data and information regarding how Your personal data is being used by Us;
(iii) Right to have inaccurate personal data rectified – You have a right to have any inaccurate or incomplete personal data rectified. If We have disclosed the relevant personal data to any third parties, We will take reasonable steps to inform those third parties of the rectification where possible;
(iv) Right to have personal data erased in certain circumstances – You have a right to request that certain personal data held by Us is erased. This is also known as the ‘right to be forgotten’. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
(v) Right to restrict processing of personal data in certain circumstances – You have a right to block the processing of your personal data in certain circumstances. This right arises if You are disputing the accuracy of personal data, if You have raised an objection to processing, if processing of personal data is unlawful and You oppose erasure and request restriction instead or if the personal data is no longer required by Us but You require the personal data to be retained to establish, exercise or defend a legal claim;
(vi) Right to data portability – under certain circumstances, You have the right to request to receive a copy of Your personal data in a commonly used electronic format. This right only applies to personal data that You have provided to Us (for example by completing a form or providing information through the Platform). Information about You which has been gathered by monitoring Your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on Your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
(vii) Right to object to processing of personal data in certain circumstances (including where personal data is used for marketing purposes) – You have a right to object to processing being carried out by Us if (a) We are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if We are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that You have a right to object at the point of data collection and the right to object will be explicitly brought to Your attention and be presented clearly and separately from any other information; and
(viii) Right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – You have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on You.
You may exercise any of the above-mentioned rights by sending a request to Us on Our contact information as detailed below. You will not have to pay a fee to access Your personal data (or to exercise any of the other rights). However, We may charge a reasonable fee if Your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with Your request in these circumstances.
We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Your personal data (or to exercise any of Your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to speed up Our response.
We try to respond to all legitimate requests within one month. Occasionally it may take Us longer than one calendar month if Your request is particularly complex or You have made a number of requests. In this case, We will notify You and keep You updated.
QUESTIONS OR COMPLAINTS
If you have any question or complaints about the processing of your personal data, write to Us at firstname.lastname@example.org . Our team will be happy to assist you.
Address: Shah Heights, Sector - 7, Kharghar, Navi Mumbai 410210
Customer Support: +91-9326143233