Privacy Policy

This Privacy Policy ("Policy") describes the manner in which ProMediMate ("ProMediMate," "Company," "we," "our," or "us"), having its registered office at Hyderabad, Telangana, collects, uses, discloses, shares, protects, and processes your personal data when you access or use our website https://www.promedimate.com (the "Website") or our mobile application (the "Application") and any associated services (collectively, the "Services").

By using our Services, you ("user," "data principal," "you," or "your") acknowledge and agree to the terms of this Policy. If you do not agree, you should not use or access our Website, Application, or Services.

This Policy forms an integral part of our Terms of Use and must be read together with it.

1

Legal Framework

This Policy is published in compliance with:

  • The Digital Personal Data Protection Act, 2023 ("DPDP Act");
  • Section 43A of the Information Technology Act, 2000;
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011; and
  • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, where applicable.
2

Your Consent

  • By registering, accessing, or using our Services, you expressly provide your free, informed, specific, and unambiguous consent to the collection, processing, transfer, storage, and disclosure of your personal data in accordance with this Policy.
  • Consent for each distinct purpose is obtained separately.
  • You may withdraw consent at any time using in-app settings or by contacting our Data Protection Officer (DPO).
  • For children (below 18 years), processing is undertaken only with verifiable parental consent.
3

Information We Collect

We collect only such personal data that is necessary for providing our Services. This includes:

a) Information You Provide Directly

  • Personal Identification Data: Name, gender, address, contact details, date of birth, photograph, and government-issued identification proofs.
  • Health Data (End Users): Medical history, diagnostic reports, prescriptions, clinical images, allergies, chronic conditions, and health indicators (BMI, weight, height).
  • Professional Data (Healthcare Professionals): Practice details, years of experience, registration with medical councils, educational qualifications, certifications, and affiliations.
  • Account Credentials: Login IDs, usernames, passwords.

b) Information We Collect Automatically

  • Communication Data: Records of your communications with us (via chat, email, phone, or in-app).
  • Location Data: Approximate or real-time geolocation (with your device/app permission).
  • Transaction Data: Records of service usage, appointment bookings, payments, and billing details.
  • Cookies & Device Identifiers: Session cookies and similar technologies to improve technical performance and personalization.

c) Sensitive & Special Category Data

We process health data and children's data with heightened protection and strict safeguards in line with the DPDP Act.

4

Purpose of Processing

Your personal data will be processed only for lawful purposes, including:

  • Delivering healthcare and diagnostic Services.
  • Managing user accounts, appointments, and treatment history.
  • Providing reminders, alerts, and service updates.
  • Enhancing security and fraud prevention.
  • Business intelligence, analytics, and product development (in anonymized form).
  • Compliance with legal, regulatory, and contractual obligations.

We do not use your data for any purpose other than those specified above without obtaining fresh consent.

5

Data Sharing and Disclosure

Your personal data may be shared only in the following circumstances:

  • With Service Providers & Healthcare Partners: For laboratories, diagnostic centers, pharmacies, insurance partners, and other service enablers (bound by confidentiality and data protection agreements).
  • With Government & Regulators: When required under applicable laws, court orders, or lawful directives.
  • With Overseas Entities: Only where permitted by the Government of India and compliant with cross-border transfer restrictions under the DPDP Act.
  • In Corporate Transactions: In case of merger, acquisition, restructuring, or transfer of business.

We never sell your personal data to third parties.

6

Your Rights Under the DPDP Act

As a data principal, you have the following rights:

  • Right to Access – obtain a copy of your personal data held with us.
  • Right to Correction/Erasure – correct inaccuracies or request deletion (subject to legal obligations).
  • Right to Consent Withdrawal – withdraw previously given consent without affecting prior lawful processing.
  • Right to Be Informed – know categories of data collected, purposes of processing, and entities with whom it is shared.
  • Right to Grievance Redressal – lodge complaints about data misuse or unlawful processing.

You may exercise these rights via the Application or by contacting our DPO (details provided below).

7

Data Security Measures

We employ robust administrative, technical, and organizational safeguards, including but not limited to:

  • ISO/IEC 27001-compliant security practices;
  • End-to-end encryption of sensitive data;
  • Multi-factor authentication and access controls;
  • Regular penetration testing and system audits;
  • Employee training on data protection obligations.

In the event of a personal data breach, we will notify both affected users and the Data Protection Board of India within 72 hours, along with remedial steps taken.

8

Data Retention & Deletion

  • Data is retained only for as long as necessary to fulfill the purpose for which it was collected or as mandated by law.
  • Upon withdrawal of consent or fulfillment of the purpose, your data will be securely deleted.
  • Where deletion is not immediately possible (e.g., for regulatory reasons), data will be archived and access strictly restricted.
  • Users will be notified 48 hours prior to scheduled deletion, where feasible.
9

Third-Party Links

Our Website and Application may contain links to third-party websites. We are not responsible for the privacy practices, content, or security of such external sites.

10

Policy Updates

This Policy may be amended from time to time. Material changes will be communicated via email, in-app notifications, or prominent banners on our Website prior to implementation. Continued use of Services constitutes your acceptance of the updated Policy.

11

Grievance Redressal & Data Protection Officer

For questions, grievances, or to exercise your rights under the DPDP Act, please contact our Data Protection Officer (DPO):

ProMediMate

Email: contact@promedimate.com

Address: Abhinandana Exotic, 304, B Block, Manikonda, Beside Bharat Petroleum, Hyderabad, Telangana - 500089

Response Time: Within 7 working days

Important Note

This Policy is available in English and may be made available in other Indian languages upon request.

Loading cart...

Cart Items

0

Your cart is empty