1win Privacy Policy

1win Privacy Policy

“We,” “Us,” and “Our” refer to 1win. We are committed to safeguarding the privacy and security of your personal and health data. This Privacy Policy outlines how we collect, use, process, store, and protect your personal information in compliance with applicable laws, including:

• The Digital Personal Data Protection Act, 2023 (DPDPA),
• The Information Technology Act, 2000 – Section 43A, and
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011.

This policy applies to all personal information collected and processed during the course of providing our services, both online (via [Hospital Website URL]) and offline. The terms ‘You’ or ‘Your’ refer to patients, caregivers, or visitors, and ‘We,’ ‘Us,’ and ‘Our’ refer to 1win.

1. Scope and Applicability

This Privacy Policy applies to:

• Personal information collected when you visit our hospital, access our services, or interact with us through our website.
• Data shared during consultations, registrations, or other hospital-related processes.

Our compliance with the above laws ensures that we process sensitive personal data with the highest standards of privacy and security.

2. Personal Information We Collect

We may collect the following categories of personal information:

• Identity Information: Name, gender, date of birth, and contact details.
• Health Information: Medical history, diagnostic records, prescriptions, and treatment plans.
• Financial Information: Billing details, insurance information, and payment transaction data.
• Website and Technical Data: IP address, browser type, device information, and usage patterns through cookies.
• Any additional data provided voluntarily by you during registration, feedback, or consultations.

3. Legal Framework for Data Processing

We process your personal information in compliance with:

1. The Digital Personal Data Protection Act, 2023 (DPDPA):
   • Ensuring lawful, fair, and transparent processing of personal and sensitive personal data.
   • Obtaining explicit consent where necessary.
2. The Information Technology Act, 2000 – Section 43A:
   • Implementing and maintaining reasonable security practices to protect sensitive personal information.
3. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011:
   • Processing sensitive personal information (e.g., medical data) only with consent.
   • Following reasonable security practices such as encryption, access controls, and regular audits.

4. Purpose of Data Collection

Your personal information is used for the following purposes:

• Delivering healthcare services, including diagnosis, treatment, and follow-up care.
• Managing hospital operations, such as patient registration, billing, and medical record maintenance.
• Complying with legal, regulatory, and audit requirements.
• Improving the quality of care through research and analysis.
• Communicating appointment reminders, updates, or promotional offers.

Aggregated, anonymized data may be used for research and operational insights.

5. Consent for Data Processing

By accessing our services or sharing your personal information, you consent to:

• The collection, use, and transfer of your personal information as per this Privacy Policy.
• The processing of sensitive personal data for the purposes mentioned above, including healthcare delivery.

You may withdraw consent at any time (refer to Clause 8).

6. Data Sharing and Transfers

We do not sell or rent your personal information. Data may be shared in the following circumstances:

• With Health Professionals: For delivering medical care.
• With Service Providers: For lab tests, imaging, or insurance claims, under confidentiality agreements.
• Legal and Regulatory Requirements: To comply with applicable laws or court orders.
• Cross-Border Transfers: Data will be shared only with countries that are allow-listed under the applicable provisions of DPDPA, ensuring adequate safeguards are in place.

7. Data Security

We have adopted reasonable security practices and procedures as required under Section 43A of the IT Act and the 2011 Rules. These include:

• Encryption of sensitive personal data during storage and transmission.
• Role-based access controls to ensure only authorized personnel handle your data.
• Regular security audits, monitoring, and vulnerability assessments.
• Secure backups and disaster recovery mechanisms to ensure data availability.

While we take every precaution, no system is completely secure. We encourage you to protect your login credentials and report any suspicious activity immediately.

8. Your Rights

You have the following rights regarding your personal data:

• Access: Request details of your personal data.
• Correction: Rectify inaccuracies in your data.
• Erasure: Request deletion of your personal information, subject to legal or regulatory requirements.
• Data Portability: Obtain a copy of your data in a structured format.
• Withdrawal of Consent: Withdraw consent by contacting us at the email address below.

To exercise your rights, please contact our Grievance Officer (refer to Clause 11).

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or comply with applicable laws.

• Medical Records: Retained as per legal and regulatory requirements.
• Billing and Financial Data: Retained for audit and compliance purposes.

Once the retention period expires, data is securely deleted or anonymized.

10. Use of Cookies

We use cookies and similar technologies to:

• Enhance the functionality of our website.
• Analyze user behavior and improve user experience.

You can manage cookie preferences via your browser settings. Disabling cookies may affect certain features of the website.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website. Significant changes will be communicated directly to you.

12. Contact and Grievance Redressal

If you have any concerns or complaints regarding this Privacy Policy or your data privacy, please contact us at [email protected].
Our Data Protection Officer will address your concerns within a reasonable timeframe.

Kauvery Kare APP

Privacy Policy:

We use reasonable technical, administrative, and physical security measures for the purpose of safeguarding all data you share with us. We also have comprehensive internal policies in place to prevent unauthorized access to your data. We take adequate steps to ensure that third parties we share data with also adopt reasonable levels of security practices and procedures to ensure the privacy and security of your information. We are committed to maintaining the privacy of the information uploaded by you on the

Your Rights

By clicking “I accept” when downloading the App, and/or using our services you represent that you voluntarily provide us with personal information including medical and financial information, and consent to their collection, use, and disclosure in accordance with this Privacy Policy. We shall act as per your representation of authority and shall not make any independent enquiries to ascertain the veracity of your authorisation. We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. However, you have the sole responsibility of ensuring that you review the accuracy of the information provided by you and contact us in case of discrepancies, or in case you wish to discontinue the use of our services.

You are free not to share any medical or other information that you consider confidential and withdraw consent for us to use data that you have already provided. In the event that you refuse to share any information or withdraw consent to process information that you have previously given to us, we reserve the right to restrict or deny the provision of our services for which we consider such information to be necessary.

Changes to this Privacy Policy

We may periodically revise or update this Privacy Policy. Your continued use of our products and services after the effective date of the Privacy Policy means that you accept the revised Privacy Policy.