Atutum appreciates your business and trust. Yellow Sapphire Technologies (“us”, “we”, or “Atutum”, which also includes its affiliates) is the author and publisher of the internet resource www.atutum.com (“Website”) on the world wide web as well as the software and applications provided by Atutum, including but not limited to the mobile application ‘Atutum’, (together with the Website, referred to as the “Services”).
- Section 43A of the Information Technology Act, 2000;
- Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
- Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
- The type of information collected from the Users, including Personal Information and Sensitive Personal Data or Information relating to an individual;
- The purpose, means and modes of collection, usage, processing, retention and destruction of such information; and
- How and to whom Atutum will disclose such information.
2. DATA COLLECTED
Generally some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, or through any interaction with us via emails, telephone calls or other correspondence, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. You hereby consent to the collection of such information by Atutum. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:
- contact data (such as your email address and phone number);
- demographic data (such as your gender, your date of birth and your pin code);
- data regarding your usage of the services and history of the appointments made by or with you through the use of Services;
- insurance data (such as your insurance carrier and insurance plan);
- other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters.
The information collected from you by Atutum may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules.
“Personal Information” is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The SPI Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
- financial information such as bank accounts, credit and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- call data records.
Atutum will be free to use, collect and disclose information that is freely available in the public domain without your consent.
DATA STORAGE LOCATION
Any patient medical record is also stored in accordance with all HIPPA Sercurity Rules.
If you fill up a form on our website, we store your name, phone number, email address and any additional personal information shared by you. Website administrators can also see and edit this information.
To offer you support during payment for your medical procedures and insurance claim we store your billing summary. This data will be stored together with other invoices generated during the procedure and your user data and is required for us to provide you with our services and customer support.
When a patient or their caregiver comes to our site and intently fills up the form to share details of his/her health conditions, we store the information safely to ensure an efficient, smooth and personalized experience. This also allows us the needed information to provide services and features to customize the website to make user experience more personalized, safer and easier. Hence, we collect personal information we deem necessary. The user however may browse the website without telling us any personal information about themself. All data stored is compliant under the HIPA Act in the United States
These submissions are only kept for customer service purposes. They are never shared with third parties.
We use Google Analytics on our site for anonymous reporting of site usage. So, no personalized data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: Google Analytics Opt-out.
CASES FOR USING THE PERSONAL DATA
We use your personal information in the following cases:
- Verification/identification of the user during website usage;
- Providing Assistance;
- Sending updates to our users with important information;
- Checking the accounts’ activity in order to prevent fraudulent transactions and ensure the security over our customers’ personal information;
- Customize the website to make your experience more personal and engaging;
- Guarantee overall performance and administrative functions run smoothly.
3. PRIVACY STATEMENTS
ALL USERS NOTE
This section applies to all users.
- All the information provided to Atutum by a User, including Personal Information or any Sensitive Personal Data or Information, is voluntary. You understand that Atutum may use certain information of yours, which has been designated as Personal Information or ‘Sensitive Personal Data or Information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates (d) for communication purpose so as to provide You a better way of booking appointments and for obtaining feedback in relation to the Practitioners and their practice, (e) debugging customer support related issues.. (f) for the purpose of contacting you to complete any transaction if you do not complete a transaction after having provided us with your contact information in the course of completing such steps that are designed for completion of the transaction. Atutum also reserves the right to use information provided by or about the End-User for the following purposes:
- Publishing such information on the Website.
- Contacting End-Users for offering new products or services.
- Contacting End-Users for taking product and Service feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practice information for commercial use.
- Processing payment instructions including those through independent third party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities.
If you have voluntarily provided your Personal Information to Atutum for any of the purposes stated above, you hereby consent to such collection and use of such information by Atutum. However, Atutum shall not contact You on Your telephone number(s) for any purpose; if such telephone number is registered with the Do Not Call registry (“DNC Registry”) under the PDPA without your express, clear and unambiguous written consent.
- Atutum does not control or endorse the content, messages or information found in any Services and, therefore, Atutum specifically disclaims any liability with regard to the Services and any actions resulting from your participation in any Services, and you agree that you waive any claims against Atutum relating to same, and to the extent such waiver may be ineffective, you agree to release any claims against Atutum relating to the same.
- You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through [email protected]. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Atutum has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Atutum may, at its sole discretion, discontinue the provision of the Services to you. There may be circumstances where Atutum will not correct, delete or update your Personal Data, including (a) where the Personal Data is opinion data that is kept solely for evaluative purpose; and (b) the Personal Data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.
- If you wish to cancel your account or request that we no longer use your information to provide you Services, contact us through [email protected] . We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytic purposes. Please note that your withdrawal of consent, or cancellation of account may result in Atutum being unable to provide you with its Services or to terminate any existing relationship Atutum may have with you.
- If you wish to opt-out of receiving non-essential communications such as promotional and marketing-related information regarding the Services, please send us an email at [email protected]
- Atutum may require the User to pay with a credit card, wire transfer, debit card or cheque for Services for which subscription amount(s) is/are payable. Atutum will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, Atutum provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
- Due to the communications standards on the Internet, when a User or the End-User or anyone who visits the Website, Atutum automatically receives the URL of the site from which anyone visits. Atutum also receives the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help Atutum improve its Service. The linkage between User’s IP address and User’s personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, Atutum may share and/or disclose some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.
- The Website uses temporary cookies to store certain (that is not sensitive personal data or information) that is used by Atutum and its service providers for the technical administration of the Website, research and development, and for User administration. In the course of serving advertisements or optimizing services to its Users, Atutum may allow authorized third parties to place or recognize a unique cookie on the User’s browser. The cookies however, do not store any Personal Information of the User. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use the Website, but the Website may be limited in the use of some of the features.
- A User may have limited access to the Website without creating an account on the Website. Unregistered Users can contact us to make appointments with the doctors by providing their name and phone number. In order to have access to all the features and benefits on our Website, a User must first create an account with us. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is Personal Information allowing others, including Atutum, to identify the User: name, User ID, email address, country, ZIP/postal code, age, phone number, password chosen by the User and valid financial account information. Other information requested on the registration page, including the ability to receive promotional offers from Atutum, is optional. Atutum may, in future, include other optional requests for information from the User to help Atutum to customize the Website to deliver personalized information to the User.
- The Website may enable User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorized Atutum representatives or agents, and their opinions or statements do not necessarily reflect those of Atutum, and they are not authorized to bind Atutum to any contract. Atutum hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.
- Atutum maintains a strict “No-Spam” policy, which means that Atutum does not intend to sell, rent or otherwise give your e-mail address to a third party without your consent.
- Atutum has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices through which the User avails the Services, Atutum shall not be held liable for any loss whatsoever incurred by the User.
- Atutum implements reasonable security practices and procedures and has a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Atutum’s business.
END USERS NOTE
This section applies to all End-Users.
- As part of the registration/application creation and submission process that is available to End-Users on this Website, certain information, including Personal Information or Sensitive Personal Data or Information is collected from the End-Users.
- If you have inadvertently submitted any such information to Atutum prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is collected, processed, stored, used or disclosed, then you may access, modify and delete such information by using options provided on the Website. In addition, you can, by sending an email to [email protected], inquire whether Atutum is in possession of your personal data, and you may also require Atutum to delete and destroy all such information.
- End-Users’ personally identifiable information, which they choose to provide on the Website is used to help the End-Users describe/identify themselves. Other information that does not personally identify the End-Users as an individual, is collected by Atutum from End-Users (such as, patterns of utilization described above) and is exclusively owned by Atutum. Atutum may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. In particular, Atutum reserves with it the right to use anonymized End-User demographics information and anonymized End-User health information for the following purposes:
- Analyzing software usage patterns for improving product design and utility.
- Analyzing such information for research and development of new technologies.
- Using analysis of such information in other commercial product offerings of Atutum.
- Sharing analysis of such information with third parties for commercial use.
- Atutum will communicate with the End-Users through email, phone and notices posted on the Website or through other means available through the service, including text and other forms of messaging. The End-Users can change their e-mail and contact preferences at any time by contacting us at [email protected].
- At times, Atutum conducts a User survey to collect information about End-Users’ preferences. These surveys are optional and if End-Users choose to respond, their responses will be kept anonymous. Similarly, Atutum may offer contests to qualifying End-Users in which we ask for contact and demographic information such as name, email address and mailing address. The demographic information that Atutum collects in the registration process and through surveys is used to help Atutum improve its Services to meet the needs and preferences of End-Users.
- Atutum may keep records of electronic communications and telephone calls received and made for the purpose of administration of Services, customer support, research and development.
- All Atutum employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every End-Users’ Personal Information or Sensitive Personal Data and Information. Atutum has put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data from the point of collection to the point of destruction. Any third-party data processor to which Atutum transfers Personal Data shall have to agree to comply with those procedures and policies, or put in place adequate measures on their own.
- To the extent necessary to provide End-Users with the Services, Atutum may provide their Personal Information to third party contractors who work on behalf of or with Atutum to provide End-Users with such Services, to help Atutum communicate with End-Users or to maintain the Website or independent third party service providers to process payment instructions including providing a payment deferral facility to End-Users in relation to the Services. These third-party service providers have access to information needed to process payments, but may not use it for other purposes. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Website, including the providers of online communications services, may use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies. In such circumstances, you consent to us disclosing your Personal Information to contractors, solely for the intended purposes only.
CASUAL VISITORS NOTE
- No sensitive personal data or information is automatically collected by Atutum from any casual visitors of this website, who are merely perusing the Website.
- If you, as a casual visitor, have inadvertently browsed any other page of this Website prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is obtained, collected, processed, stored, used, disclosed or retained, merely quitting this browser application should ordinarily clear all temporary cookies installed by Atutum. All visitors, however, are encouraged to use the “clear cookies” functionality of their browsers to ensure such clearing / deletion, as Atutum cannot guarantee, predict or provide for the behaviour of the equipment of all the visitors of the Website.
4. EMBEDDED CONTENT
We use this information to do internal research on our users’ demographics and interests to better understand, protect and serve our users. This information is compiled and analyzed on an aggregate basis. We use data collection devices such as ‘cookies’ on certain pages of the website to help analyze our web page flow, measure page effectiveness, and promote trust and safety.
6. WHO HAS ACCESS TO YOUR DATA
f you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.
If you are a client with a registered account, your personal information can be accessed by including but not limited to:
- Our system administrators.
- Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
Your Personal Information is maintained by Atutum in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time. Atutum takes all necessary precautions to protect your personal information both online and off-line, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Atutum’s business.
No administrator at Atutum will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer and your mobile phone. Atutum does not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify Atutum by sending an email to [email protected]. You shall be liable to indemnify Atutum due to any loss suffered by it due to such unauthorized use of your account and password.
Atutum makes all User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds only its employees to strict confidentiality obligations.
Part of the functionality of Atutum is assisting the doctors to maintain and organise such information. Atutum may, therefore, retain and submit all such records to the appropriate authorities, or to doctors who request access to such information.
Part of the functionality of the Atutum is assisting the patients to access information relating to them. Atutum may, therefore, retain and submit all such records to the relevant patients, or to their doctors.
Notwithstanding the above, Atutum is not responsible for the confidentiality, security or distribution of your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, Atutum shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Atutum including but not limited to, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
7. HOW LONG WE RETAIN YOUR DATA
When you submit your data, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and recall any past correspondence.
If you register on our website, we also store the personal information you provide. During a transaction, we collect some additional information- such as a billing address, a credit/debit card number, and a credit/debit card expiration date and/ or other payment instrument details and tracking information from cheques or money orders. If you send us details of personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the website, we may collect such information into a file specific to you and the information is retained until (if) you tell us to remove it.
8. SECURITY MEASURES
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity.
9. YOUR DATA RIGHTS
If you have availed our service, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. Yellow Sapphire Technologies permits residents of the European Union to use its Service. Therefore, it is the intent of Yellow Sapphire Technologies to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.
10. THIRD PARTY WEBSITES
Yellow Sapphire Technologies may post links to third party websites on this website. These third party websites are not screened for privacy or security compliance by us, and you release us from any liability for the conduct of these third party websites.
All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties, unless you explicitly click on them.
11. RELEASE OF YOUR DATA FOR LEGAL PURPOSES
At times it may become necessary or desirable to Yellow Sapphire Technologies, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.
Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.
If a User uses the Services or accesses the Website after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.
13. CHILDREN’S AND MINOR’S PRIVACY
Atutum strongly encourages parents and guardians to supervise the online activities of their minor children and consider using parental control tools available from online services and software manufacturers to help provide a child-friendly online environment. These tools also can prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although the Atutum Website and Services are not intended for use by minors, Atutum respects the privacy of minors who may inadvertently use the internet or the mobile application.
14. CONSENT TO THIS POLICY
15. ADDRESS FOR PRIVACY QUESTIONS
Name: Mr Anuuj Chauhan
Yellow Sapphire Technologies
New Delhi – 110051.
Email: [email protected]