Policy details & applicability
This Privacy Policy applies to the personal information of individual or group of individuals (which means any and all information/ documents/ details pertaining to a natural person or group of persons, such information may either directly or indirectly or in combination with other information available with MedsCred, may be used to identify such a person or group.
This Privacy Policy shall be referred to govern the use of any or all MedsCred Services, availed by our Customers which may include personal as well as business use unless specified explicitly.
Information collected
We collect certain types of information expressly to carry out the operations and services we offer. The types of data we collect and how we use it to deliver our services are as follows:
Device information
We may collect information through your computer, mobile phone, tablets, or other devices that you use to access MedsCred platform. Such information, collected by us includes, but is not limited to, the following: IP address, browsing data, device ID or unique identifier, device type, geo-location information, computer and internet information, mobile network information, statistics on page views, referral URL, advertisement data, web log data and other such information, Calendar information (We request calendar information to set reminders for premium due dates, helping you avoid missed payments.).
We may also collect anonymous information through the use of cookies and web beacons. We may collect and store any information that you may provide to us or agree to share, including when you add information on web forms, add or update your account information, participate in social media, community/ MedsCred club discussions, chats, or dispute resolutions, or when you otherwise correspond with us regarding MedsCred Services through any channel.
Credit information report
Your Credit Information (credit score and credit information report) may be procured by us through your credit records with Credit Information Companies “CICs” with your consent and in conformation to the applicable regulatory framework to access such information. MedsCred may receive this information from one or more CICs for and on your behalf only once you agree to appoint MedsCred as your lawfully and voluntarily appointed authorized agent/ representative for collecting your credit information from CICs. By consenting to use and availing your credit information report through MedsCred, you agree that MedsCred and CICs shall be entitled to rely on your authorization and consent granted by you to MedsCred
Purpose of Data Collection for Operations
The data we collect is essential for:
- Operating and managing our platform and services efficiently
- Processing transactions and providing requested services
- Ensuring compliance with legal and regulatory requirements
- Enhancing user experience by offering personalized services and features
- Maintaining platform security, preventing fraud, and resolving issues
Other information
When you use MedsCred platform, we may also collect information about your transactions and your activities including but not limited to:
- Contact information including your name, PAN, date of birth, address, mobile number, email, and other similar information
- Specific personal identification information such as your date of birth or national ID number.
- Address proof, Officially Valid documents.
- Financial information, required by lenders or merchants on MedsCred platform for providing their services to you, such as bank account information or as procured from Account Aggregator framework.
We may also collect information from or about you from other sources, such as through your correspondence with us, including our customer support team, your interactions with members of the MedsCred employees or representatives.
Additionally, MedsCred may monitor or record its all of your communication with MedsCred platform, any MedsCred employee or representative at any time of its choice. Also, by communicating with MedsCred, you acknowledge that your communication may be overheard, monitored, or recorded without further notice or warnin.
We may also use the User information to enable activities and transactions that need to occur during the process of lending, such as:
After obtaining the User’s specific consent to allow the MedsCred platform to access the User’s SMS inbox, we may collect relevant information from text messages (SMS) received by the Users from providers of services and/or products (including but not limited to retail outlets, financial institutions, mobile carriers, websites, ecommerce companies, any merchant and all utility companies), that will enable us to provide better access to financial products and services , managing your expenditure by providing insights and other products to the Users. In case we do, we shall only access business messages and will never intrude in your personal messages.
When you download or use our mobile applications, or access one of our mobile optimized sites, we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertising, search results, and other personalized content. Most mobile devices allow you to control or disable location services in the device’s settings menu.
Consent
By using any of MedsCred platforms, you expressly consent to MedsCred and including all its marketing channels and business partners, representatives to provide the details/documents/information mentioned hereinabove for the purpose stated under this Privacy Policy.
You also expressly consent to MedsCred (including its marketing channels and business partners/ representatives) to contact you through SMS, call, WhatsApp and/ or e-mail or any other applicable communication platform and to follow up in relation to the Services provided by or through the MedsCred Platform, for corresponding on transactions, imparting product knowledge, offering promotional offers through MedsCred Platform & various other offers offered by its business partners.
You hereby authorize and expressly consent us to share your Personal information with third parties including but not limited to Banks, credit information bureaus, government agencies or any other such agency mandated by law, for completion of the services availed.
Details of the third parties we share your information with are set out below:
Sr. No. | Third Party | Address |
---|---|---|
1. | Sayyam Investments Private Limited | 1 and 2 Floor Khykha Court II #8, 2nd Stage 2nd Block, Hosur Main Road, Koramangala, Bangalore South 560034 |
Use and purpose of collecting such data
The Company’s primary purpose to collect any or all the aforementioned personal information is to provide you with a secure, smooth, efficient, smart, and personalized experience while dealing with MedsCred products or products and services facilitated by MedsCred through its partners.
Other unaffiliated third parties, for the following purposes:
We may use your personal information to:
- Allow you access to MedsCred Services and customer support; process transactions and send notifications about your transactions; verify your identity, including during account creation and password reset processes
- Share applicable personal information with partner Banks, NBFCs and other financial institutions for facilitating no cost/ low cost EMI solutions
- Manage and protect our information technology infrastructure; provide targeted marketing and advertising, provide service update notices, and deliver promotional offers based on your communication preferences; contact you at any telephone number, by placing a voice call or through text (SMS) or email messaging, or WhatsApp message or robotic calling; perform creditworthiness and solvency checks, and compare information for accuracy and verify it with applicable third parties.
- Manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities; detect, prevent or remediate violations of policies or applicable user agreements; improve the MedsCred Services by customizing your user experience; measure the performance of the MedsCred Services and improve their content and layout;
- We may also use the User information to enable activities and transactions that need to occur during the process of lending, such as:
- Generating and maintaining User profiles on the App.
- Provide personalized features.
- Helping you select the best financial product.
- Facilitating transactions on the platform.
- Maintaining regular communications with the User concerning transactions the User initiates, such as requesting information or assistance, submitting any request, making payments, transferring funds, etc.
- Modifying the App from time to time to cater to the User’s interests.
- Providing the App and the functions and features therein, efficiently.
- Avoiding the need for the user to enter previously entered information again.
Framework of data security
Personal information is defined as information that can be associated with a specific person or a group of persons and can be used to identify that person or group. For the purposes of the use of MedsCred, information that has been made anonymous so that it does not identify a specific user shall not be considered as Personal information.
We store and process your personal information on our computers and or cloud infrastructure located in India. We shall endeavor to protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. We have fully ensured that reasonable security practices are adopted, which are at par with reasonable industry standards. Note that we shall not be liable for any third-party breaches to the security of your information. Please beware of phishing attacks. We shall not be responsible for any loss or damage if you share any Account information or otherwise to such phishing attacks.
Limitations on use of personal information
We may share your Personal information with our affiliates and business partners where we feel that you will be assisted better for the purpose of availing the MedsCred Services. We may share your personal information with:
Financial institutions like Banks, NBFCs, Insurance Companies, Asset Management companies and others who we may partner with to jointly create and offer any product or service.
- Users of the MedsCred corporate family, affiliates, group companies , to provide joint content, products, and services (such as registration, transactions and customer support), to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about their products, services, and communications. Members of our corporate family will use this information to send you marketing communications only if you have requested their services.
- Credit bureaus and collection agencies to report account information, as permitted by law.
- Companies that we may plan to forge a Joint Venture with or are acquired by.
- Law enforcement entities, personnel, government officials, or other third parties pursuant to a summon, court order, or other legal process or requirement applicable to MedsCred or one of its affiliates; when we need to do so to comply with law or debit/ credit card rules; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement.
- Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk. For example, if you use MedsCred Services to buy or sell goods, we may share account information in order to help protect your account from fraudulent activity, alert you if we detect such fraudulent activity on your accounts, or evaluate credit risk.
- Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing, or transactional).
- Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.
- Service Providers: to enable service providers under contract with us to support our business operations. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
We may also seek necessary explicit consent on a case to case basis, as deemed appropriate as per our operational framework or applicable law.
Cookies policy
We use data collection methodologies such as "cookies"/similar information sets, etc on certain pages of the app to help analyse our app page flow, measure promotional effectiveness, and promote trust and safety. "Cookies" are small files placed on your device hard-drive/storage that assist us in providing our services.
Procedure of Opting out
The User can at any time while availing the services or otherwise, withdraw his/her consent given previously to MedsCred for collecting, receiving, possessing, storing, dealing or handling Information of the User or ask for deletion of Personal Information or User account, by sending us your request by email on info@medscred.com. In such case, MedsCred will unfortunately not be in a position to provide the Services to you. However, MedsCred will be able to retain such Information for the time period in accordance with the applicable laws.
Consent for Data Usage
You have the right to give or deny consent for the collection and use of specific data. Where applicable, we will request your explicit consent before collecting certain categories of information. You can manage your consent preferences at any time by accessing your account settings or contacting us.
Review and Rectify Information
You have the right to access, review, and correct any personal information we hold about you. If any data is inaccurate or outdated, you can update it through your account or by reaching out to us directly.
Right to Restrict Disclosures to Third Parties
You have the right to restrict the sharing of your personal data with third parties.
If you do not wish to receive marketing communications from us, you may write to us on info@medscred.com
Please note that it may take about 15 business days to process your request. In furtherance to your usage of the MedsCred Platform, you expressly waive the Do Not Call (DNC) / Do Not Disturb (DND) registrations on your phone / mobile numbers for contacting you for such purpose and usage. Hence, there will be no DNC / DND check required for the number you may have left on our MedsCred Platform. Such modes of contacting you may include sending SMSs and/ or telephonic calls.
Data retention & deletion
MedsCred will retain your information for 3-5 years as per applicable laws and regulations, including the Medical Council of India's (MCI) recommendations from the date of your last transaction with MedsCred, or your request for termination of your account with MedsCred, whichever is earlier. Furthermore, MedsCred may also be required to retain certain information under the applicable law and/or as part of its contractual obligations with the Banks/Financial Institutions and accordingly such information shall be retained as prescribed under the applicable law or part of MedsCred’s contractual obligation.
At any time, you may choose to withdraw consent for your information, and seek deletion/ return of the same from our records. You may email info@medscred.com from your registered email ID , with subject line as : “Deleting MedsCred account and withdrawal of consent of use of information”, clearly mentioning your registered mobile number and asking for deletion of account with MedsCred. Please note that your account can only be deleted in the event of no existing financial obligation on you on account of using products or services facilitated through the MedsCred platform.
Further, you can visit MedsCred | Merchant portal to delete your account on ‘MedsCred for Healthcare Business’ mobile app.
Post termination of your relationship, MedsCred may continue to use your anonymized data aggregated or in combination with anonymized data of other users. We use this aggregated anonymized data for data analysis, profiling, and research purposes, for example to gain insights about our users and their profiles. We may keep your contact information along with your application details (if any) for fraud prevention purposes and for the exercise/ defence of a legal claim or for providing evidence in legal proceeding(s).
Storage and Security Information
1. Encryption
- Data Encryption: All sensitive data is encrypted at rest and in transit using
industry-standard encryption protocols (e.g., AES-256, TLS).
- End-to-End Encryption: Patient records and communications are secured with end-to-end
encryption to ensure confidentiality.
2. Firewalls
- Network Security: Firewalls are implemented to protect the network from unauthorized access
and to monitor incoming and outgoing traffic.
- Intrusion Detection Systems (IDS): Regular monitoring and alerts for any suspicious activities
help safeguard sensitive information.
3. Access Control
- Role-Based Access Control (RBAC): Access to medical records and sensitive data is restricted
based on user roles, ensuring that only authorized personnel can access specific information.
- Multi-Factor Authentication (MFA): All users are required to undergo multi-factor
authentication to enhance security during login.
4. Regular Backups
- Automated Backups: Regular automated backups of all critical data are performed to ensure data
integrity and availability.
- Offsite Storage: Backups are stored securely offsite to prevent data loss in case of physical
disasters or system failures.
5. Cloud Security
- Secure Cloud Infrastructure: Data is stored in a secure cloud environment that complies with
regulatory standards and includes built-in security measures.
- Regular Audits: Continuous monitoring and periodic security audits of cloud services ensure
compliance and the detection of vulnerabilities.
Upgrading personal info
In case of any changes in the personal information shared by you with MedsCred, you may contact our customer support or write to us on info@medscred.com.
Obligation with other platforms
Sometimes, MedsCred platforms may link to other platforms that may collect personally identifiable information about you. MedsCred is not responsible for the privacy practices or the content of such linked platforms.
Your compliance with these Terms of Use grants you a personal, non-exclusive, non-transferable, limited privilege to enter and use the MedsCred Website and/or App and its allied Platforms (including Services).