top of page

Privacy Policy

Privacy Notice

General Privacy Notice by MedApp Dynamics

Last updated on 12th December, 2024

MedApp Dynamics Pvt. Ltd. and its affiliates (collectively, “MedApp Dynamics”) take protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable natural person, such as name, address, email-addresses, IP address, or user behavior etc. The following document (“Privacy Notice”) provides you with information about the processing of Personal Data in relation to administration of the contractual relationship between us as described and defined in the Terms of Service (“ToS”), End User License Agreement (“EULA”) or any other agreements, as well as all other cases, when you may come in contact with us.

This Privacy Policy applies to the processing of your Personal Data when you visit or use any one of our Products, Platforms and/or Services or visit our website at www.medappdynamics.com or a website of any of MedApp Dynamics’ affiliates (the “Websites”), if you contact us by any means and if you make use of any of MedApp Dynamics’ products, subscription, services, software or mobile applications.

This Privacy Policy is incorporated into and forms part of our Terms of Service, which outline the terms and conditions you agree to when accessing and using the Websites. By accessing and using the Websites, you agree and consent to the collection, use and disclosure of your Personal Information as outlined in this Privacy Policy.  If you do not agree with this Privacy Policy, please do not use the Websites.

Further to this Privacy Notice, please refer to our Product Privacy Notices for each of the respective products for detailed information concerning your use of the various MedApp Dynamics platforms, products and services.

 

A. Controller

MedApp Dynamics Pvt. Ltd. is the data controller pursuant to the Personal Data Protection Bill, 2023 (once enacted) concerning any processing of personal data for which we determine the purpose and means of processing.

B. Data Protection Officer (DPO)

MedApp Dynamics has appointed a Data Protection Officer (DPO) to oversee compliance with applicable Indian data protection laws, including the Personal Data Protection Bill, 2023 (once enacted). Additionally, MedApp Dynamics has established a dedicated Privacy team, which works closely with the DPO. You may contact the Privacy team and the DPO at privacy@medappdynamics.com or at MedApp Dynamics for the confidential attention of the DPO, [insert office address].

C. Categories of personal data, as well as purposes and legal basis for the processing;

C.1. When you visit our Website(s)

MedApp Dynamics has to process certain personal data in order to be able to operate our website(s) and enable you barrier-free access to our content. We do this since we want to ensure that when you visit any parts of our website, your journey will be user-friendly, and especially that you do not encounter technical problems and malfunctions. Also, we would like to make sure we provide you with the most relevant content on our website, which may require that we consider certain personal data such as your browser’s language settings or the country from which you visit our services. In general, when you visit the MedApp Dynamics website, we may collect IP address, date and time of the request, time zone, content of the request, data volume, browser information, your country of origin, as well as the operating system as transmitted by your server to our servers.

The legal basis for processing this personal data is our legitimate interest, i.e., Art. 6 para. 1 lit. f) GDPR, or in some cases, your consent, i.e., Art. 6 para. 1 lit a), Art. 49 para. 1 lit. a) GDPR.

C.2. When you interact with us

When you contact us (e.g., through an online contact form, through social media, email, chat functionality on our website or via phone), we will collect and process any personal information that you submit, such as your first name, last name, email-address, country, job title, phone number, company information (including company size), subject, description of your query etc. The collection of this data may be facilitated by third-party providers, which e.g., help us to provide particular landing pages or web forms or organize webinars (see Section D below). We will use the collected information for contacting you and serving your request, or to send you our advertising materials, depending on the type of the request and legal basis for the processing.

Depending on the individual case, we may process personal data based on your consent, to perform our contractual obligations under a contract or to follow our legitimate interest, or to fulfil a legal obligation to which we are subject to.

C.3. When you enter into a contractual relationship with us

When you use a license for one of our products on behalf of your company, or use the  beta Version of our Software, we may process certain personal data in order to conclude the agreement with you. In doing so, we may process your personal details, as well as the company details and payment information. We rely on the services of certified payment providers to process your payments and may conduct sanctions or fraud checks in accordance with applicable laws as well as to protect our business interests.

During the contractual relationship we may also process your personal data (e.g., your email-address, address, which products you have purchased etc.) in order to provide you with invoices, and other relevant contractual information.

C.4. When we reach out to you

We are of course interested in keeping in touch with our customers and users, as well as partners and suppliers, in order to keep you updated on relevant news, updates, contractual information, as well as to provide you with our marketing newsletters and information. In doing so, we may process your name, email-address, and other contact information.

C.5. When we analyze personal data

In certain cases, MedApp Dynamics may combine and analyze certain information in the course of activities described in Sections C.2 to C.4 above together with the information available to MedApp Dynamics internally, e.g., the use of the Software or Services, respectively which Software or Services licenses have been purchased. MedApp Dynamics conducts these analyses to decide on whether, when, and how to inform or get in touch with its customers and users. In this context, the aim is to convey relevant information about our products also in the most suitable manner, which may include in-product messages, email communications or contact by phone.

MedApp Dynamics may also use the gathered information in order to prioritize the workload internally and to set up the processes more efficiently. Also, the analyses will assist in predicting as well as retrospectively evaluating the effectiveness of marketing and sales efforts, although such analysis and reporting is mostly done on an aggregated level.

To every extent possible, the described analyses measures will be based on pseudonymous data (e.g., we may consider the Google Analytics Client ID and other non-personalized cookie data, or data we have connected to your Device ID, rather than using immediately identifying personal data such as your name or email-address).

The legal basis for processing personal data for analysis purposes are performance of or processing prior to entering into a contract (e.g., when you contact our sales team and ask for a demo), i.e., Art. 6 para. 1 lit. b), Art. 49 para. 1 lit. b) GDPR, and/or our legitimate interest (e.g., when we try to find out what information about our products you might be most interested in and whether and how to best get in touch with you), i.e., Art. 6 para. 1 lit. f) GDPR as long as no consent is required. For the data processing activities that require your consent, the processing is based on Art. 6 para. 1 lit. a), Art. 49 para. 1 lit. a) GDPR.

C.6. When you are our partner, reseller or distributor

If you are one of our partners, reseller, or our distributor, we may process your name, your job title, your company, as well as contact details in order to manage the contractual relationship with you, respectively your company and to provide you with the newest information and updates about our offerings. Your personal data will be processed by our respective employees (e.g., Procurement, HR, IT etc.) throughout our cooperation.

We require to process your personal data in order to maintain the contractual relationship between us.

The legal basis for processing this personal data is, Art. 6 para. 1 lit. b) GDPR or our legitimate interest, i.e., Art. 6 para. 1 lit. f) GDPR.

C.7. When you are our supplier

If you are one of our suppliers, we may process your name, your job title, your company, as well as contact details in order to manage the relationship with you, respectively your company. Your personal data will be processed by our respective employees (e.g., Procurement, HR, IT etc.) throughout our cooperation.

We require processing your personal data in order to maintain the contractual relationship between us.

The legal basis for processing this personal data is, therefore, Art. 6 para. 1 lit. b) GDPR or our legitimate interest, i.e., Art. 6 para. 1 lit. f) GDPR.

C.8. When we receive your data from third parties

Please note that depending on your region, certain MedApp Dynamics Platforms and Omni-channel services may be licensed to channel partners, healthcare groups, healthcare institutions, health systems etc.

The digital service provision may, from time to time, receive your personal data such as your name and your contact details from third parties, e.g., from event organizers, various trade fair organizers, partner websites, our integration partners (e.g., Salesforce, Microsoft, SAP etc.) and similar sources. The purpose of the transfer, as well as subsequent processing of personal data is, in most of the cases, marketing, and our desire to reach a wider audience with offers regarding our products and services. We always make sure that there is an appropriate legal basis (e.g., your consent) in place, before even processing any personal data.

We may or may not also receive Personal Information indirectly, from the following sources in the following scenarios:

  • By using technologies such as cookies

  • Directly from our healthcare professional customers (clients who use our products and services in the healthcare industry) and their patients in order to enable us to provide the necessary software service and upgrades, software development and customer service and support to ensure patient safety at all times.

The legal basis for processing this personal data is, therefore, either, your consent, i.e., Art. 6 para. 1 lit. a) or the contractual relationship with you, i.e., lit. b) GDPR. You may withdraw your consent at any time with effect for the future.

D. Data Sharing and Disclosure 

Our employees, who administer, maintain and further develop MedApp Dynamics’s website, Products and Services may receive access to your personal data to achieve the purpose for which we may have collected it. To that end, MedApp Dynamics has strong technical and organizational security measures to protect personal data against unauthorized disclosure to third parties and to ensure that only relevant individuals, who act within their job description and have a need-to-know interest in accessing any of your personal data, will have access to the data for which they have sufficient clearance.

In addition, we utilize services of external service providers (e.g., Microsoft, Amazon Web Services, Cloudfare etc.), as well as our affiliate network worldwide (e.g., MedApp Dynamics entities in the United Kingdom, USA, Australia, India, Singapore etc.).

All mentioned third-party providers and employees of such providers may receive access to personal data through the service they provide.

MedApp Dynamics chooses all third-party service providers with due care, obligates them to confidentiality, and concludes data processing agreements with them in accordance with the standards of the GDPR, as far as necessary. Should you have any questions about third parties we use, please contact us at privacy@medappdynamics.com.

MedApp Dynamics will generally not transfer your personal data outside your jurisdiction or geographical location. However, there are some exceptions to this rule (see below), which include data transfers for group internal services provided from outside the EU, including Australia, USA, India and Singapore as an example.

Please note that some or all of the Personal Data that our services may collect may be stored on cloud servers located outside of the country in which we obtain the Personal Data, including countries whose protection of data protection laws may differ from the jurisdiction in which you live. This is in order to allow for the performing of centralized functions for our group of companies. As a result, this information may be subject to access requests from governments, courts, law enforcement officials, and national security authorities in those jurisdictions according to the applicable laws in those jurisdictions. Subject to such applicable laws, we will use reasonable efforts to ensure the appropriate protections are in place to maintain such protections of the Personal Information that are equivalent to those that apply in the country in which we obtain the Personal Information.

Where a healthcare provider accesses your personal health information and stores a copy of your Personal Information, that copy will be governed by that healthcare provider’s privacy policy. Others at that facility (for example an on-call doctor) may be able to view your Personal Information. MedApp Dynamics is not responsible for the content, security, performance, or privacy policies of third-party healthcare providers.

Some of these third-party healthcare providers will be covered by federal and state health privacy laws (such as the Insurance Portability and Accountability Act, or “HIPAA”), and those laws will govern how they may use and share your information. HIPAA requires that you must authorize these providers to send information to MedApp Dynamics. With that authorization, you also give them permission to send certain especially sensitive types of health information (such as mental health or substance abuse records) that may or may not be protected by federal and state laws and require special authorization. When you ask MedApp Dynamics to share your health information to others, you will also be giving MedApp Dynamics express permission, whether written or not, to share those sensitive types of health information.

Please note that MedApp Dynamics and its affiliates may be required to disclose your Personal Data in response to a lawful request by government/public authorities, including to meet national security or law enforcement requirements.

E. Data Security and Protection

The security of your Personal Data is important to us. We use reasonable and appropriate physical measures, technical safeguards and guidelines for data and cyber protection and administrative processes to protect information from unauthorized use, security events, disclosure or access of the Personal Information we collect on the Websites. We will make reasonable efforts to protect Personal Information stored on the Websites servers from unauthorized access using commercially available computer security products (for example, firewalls), as well as carefully developed security procedures and practices.  Notwithstanding our security safeguards, there may be a possibility of data vulnerability from any third party service providers.

F. Retention

Your personal data will be deleted once you withdraw consent, or, more generally, once the purpose for processing of your personal data has ceased to exist. We may or may not retain required personal data depending on local, state and national laws or guidelines to meet the necessary legal requirements. The exact retention period will thus depend on the categories of personal data and the processing purposes:

  • Bookkeeping and accounting: In some cases, we are legally required to retain personal data for a certain period of time, e.g., for invoices, or payment details, for up to 10 years for these purposes.

  • Marketing: for the data which we may process for marketing purposes, the retention period will depend either on your withdrawal of your consent, or if, in case the processing is based on our legitimate interest or the performance of a contract, the achievement of the processing purposes, e.g., two years for the pseudonymized usage data, or one year for a survey results.

  • Protecting our legitimate interests: We may require storing personal data to protect our own legitimate interest, e.g., support ticket data or CRM data for up to 3 years (duration of statutory limitation period).

Once such a period has lapsed, and there is no purpose to be fulfilled by the processing of personal data, we will delete or anonymize the data in accordance with data protection obligations.

G. Statutory/contractual requirement

You may choose not to provide your personal data or provide incomplete personal data to us. However, you should be aware that you may not be able to engage in a contractual relationship with us or receive adequate support or may not be able to use all the functionalities of our website.

For persons residing within the Republic of India;

You may contact your healthcare service provider either in writing or by email in order to exercise the following rights to the extent you are entitled to under applicable Indian law, specifically the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Personal Data Protection Bill, 2023 (once enacted):

  • Right to Information: You have the right to request information about the processing of your personal data in accordance with the applicable Indian laws.

  • Right of Access: You may request access to your personal data and request a copy of your personal data.

  • Right to Rectification: You may request to correct or update your personal data to ensure it is accurate and complete.

  • Right to Erasure: You may request for the deletion of your personal data, subject to compliance with applicable legal obligations.

  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.

  • Right to Data Portability: You may request to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format and transmit it without hindrance or have it transmitted to another data controller.

  • Right to Object: You may object, at any time, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interests pursued by us or by a third party. We will cease processing your data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant Indian data protection authority concerning the processing of your personal data.

  • Right to Opt-Out: You may opt out at any time from processing activities that are based on your consent. Your opt-out does not affect the lawfulness of processing before the opt-out.

The relevant authority for data protection in India is the Data Protection Authority of India (DPA) once established under the Personal Data Protection Bill.

Should you have any questions about the processing of your personal data by your healthcare service provider in relation to your healthcare service, please contact your healthcare service provider.

I. Compliance with the CCPA

Pursuant to the California Consumer Privacy Act (“CCPA”), you will not receive discriminatory treatment for exercising your privacy rights. You may also designate an authorized agent to make a privacy request on your behalf.

J. Changes to this Privacy Notice

MedApp Dynamics may, from time to time, make amendments to this Privacy Notice to reflect the changes in our processing activities.

bottom of page