PRIVACY POLICY

This Privacy Policy (“Privacy Policy”) governs the collection, receipt, use, processing, storage, and disclosure of personal, sensitive, and medical information in connection with the products and services offered through websites, mobile applications, dashboard, chat interfaces and related digital tools (our “Platforms”) under the names OneMi, CancerMitr, OneMitr, and such other brands as may be introduced from time to time (collectively, the “Brands”), operated by Arnam Impact Pvt. Ltd. (“Company”, “we”, “us”, or “our”), across all digital and physical touchpoints.

We value you as a customer and respect your right to privacy. In the process of transacting on the OneMi, CancerMitr, OneMitr or other digital platform coming under our company, we may become aware of information related to you, which may include information that is of a confidential nature. We are strongly committed to protecting your privacy and have taken steps to protect such information. To aid us in protecting your privacy, you should keep your login ID and password secret. Do not share the One Time Password (OTP) received on your mobile/email with anyone.

This Privacy Policy is applied to Personal Information (as defined hereinbelow) collected, processed, and used, directly or indirectly, by the Platforms.

The Privacy Policy is compliant with Section 43A of the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

Please take a moment to read our privacy practices carefully and email us at tech@cancermitr.com if you have any questions.

In addition to requirements under Indian law, we have voluntarily adopted certain data protection practices broadly aligned with principles of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) of the United States and the General Data Protection Regulation (“GDPR”) of the European Union. 

Such alignment is purely voluntary and does not create any contractual, statutory, or regulatory obligations beyond those applicable under Indian law. No rights or remedies under HIPAA or GDPR shall be enforceable against us unless expressly agreed in writing. Our privacy and security practices are periodically reviewed in line with applicable law and industry standards.

If you do not agree with the terms of this Privacy Policy, we request you to refrain from using the Platform or availing any of our products or services.

COLLECTING YOUR PERSONAL INFORMATION

Under the SPDI Rules, personal data or information collected from a person is categorised into two sub categories i.e., (i) personal information (“PI”) – data which helps in identifying a person, such as name, address, IP address, etc.; and (ii) sensitive personal data or information (“SPDI”) – data which is more sensitive and requires a higher degree of protection, such as password, financial information, physical, physiological, and mental health condition, sexual orientation, medical records and history and biometric information.

For a superior user experience and to prevent fraud, we require a few basic permissions:

  • Use your phone’s camera 
  • Access the audio recorder 
  • Access Wi Fi / network state 
  • Access location 
  • Read/Write external storage 
  • Access internet 

The Platforms may collect the following types of PI and SPDI (collectively “Personal Information”) under the following circumstances:

Circumstances

PI Collected

SPDI Collected

When you visit, browse and/or use the Platform

Your unique device identity; IP address; location

When you contact our team through the Platform, complete an online form, send us an email or give us feedback

Full name; phone number; email address; additional information provided by you

Password to our Platform

When you apply online for products, conduct transactions online and/or avail services from us

Full name; phone number; email address; PAN and Aadhaar; additional details provided in forms; beneficiary name, address and relationship

Financial information (bank account, credit/debit card, payment instrument); physical, physiological, medical records and mental health condition; password

When you apply for a job

Full name; phone number; email address; additional information provided by you

USE OF YOUR PERSONAL INFORMATION

We collect and process your Personal Information (i) either to enhance your user experience on the Platform or respond to your requests; (ii) to provide you with our product or services under a contract; or (iii) to serve our legitimate business interests (such as direct marketing).

We do not store or process your Personal Information longer than is necessary for the purposes for which it was collected or as required by law.

Purposes

  • To contact you via calls, mails and/or text messages regarding services and products of the Platforms (including where you are registered on the National Do Not Call Registry). 
  • To allow you to access specific account information. 
  • To provide customisation of your visit to the Platform by displaying appropriate content at our discretion. 
  • To send you information about products and services offered by the Platforms and its affiliates, notices, claims processing updates and newsletters (you may unsubscribe via the facility in the email). 
  • To prevent illegal activities, fraud, address security/technical issues or respond to a government request for detection/investigation of illegal activities. 
  • To protect against imminent harm to the rights, property or safety of the Platform, its users or the public as required or permitted by law. 
  • To meet legal requirements. 

CONSENT METADATA & AUDIT TRAIL

To ensure transparency, legality and accountability of digital consent processes, the Platforms collects certain metadata whenever a user provides consent through our platform. This metadata is securely stored and used solely for record keeping, compliance, security and audit purposes. It is never used for profiling, behavioral targeting or marketing purposes.

  1. Consent Identification & Record: Version ID of the consent form; Consent type (e.g., General, Treatment, Marketing); Content ID; Consent version; Timestamp of consent; OTP sent time; OTP verified time; OTP hash (OTP itself not stored); User ID (internal reference only); Mobile number (verification only); Hash of the complete log entry (tamper detection). 
  2. Device & Network Information – IP address; Device type and model; Browser and OS details; Network type (Wi Fi / Mobile); Approximate location. 
  3. Consent Lifecycle Tracking – PDF signed consent URL (downloadable link); Date and time of creation and updates; Consent revocation time and reason (if applicable). 

If you have any questions about this metadata logging or wish to request a copy of your consent log, please contact our Grievance Officer listed below.

LOG FILES

As is true of most websites/apps, we gather certain information automatically and store it in log files. This includes ISP, referring/exit pages, operating system, date/time stamp and click stream data. We use this information (which does not identify individual users) to analyse trends, administer the Platform, track user movements around the Platform and gather demographic information about our user base. IP addresses are tied to personally identifiable information to help customise your visit; however this information is not shared with third parties for promotional purposes except as provided under the “Disclosure of Information” clause.

DISCLOSURE OF INFORMATION

Subject to other terms herein, we will not disclose your information to any third parties or affiliates for their promotional purposes unless acting under a good faith belief that such action is necessary to:

  • Conform to any statutory or legal requirements, legal processes, governmental orders, warrants or judicial orders; 
  • Protect, enforce and defend our rights or property. 

We may disclose Personal Information to service providers (e.g., third party administrators for cashless hospitalisation, NDNC Registry for call filtering, health check up surveyors) necessary for providing services linked to the health sector. By agreeing to this Privacy Policy you consent to such disclosures.

We may engage data processors to carry out technical, logistical and other functions on our behalf (e.g., Google Analytics, Facebook Pixel). By agreeing to this Privacy Policy you consent to sharing Personal Information with such data processors. These service providers are prohibited from using your information for their own promotional purposes.

We may analyse data and share it with relevant stakeholders such as third party service providers or government agencies for ecosystem improvement.

UPDATING YOUR PERSONAL INFORMATION

If you need to update your Personal Information or no longer desire our service, you may update or delete it via our registration page or by emailing tech@cancermitr.com, calling or writing to us at the contact details below.

SECURITY

The security of your Personal Information is important to us. When you enter sensitive information such as credit card numbers on our registration or order forms we encrypt that information using Secure Socket Layer technology (SSL). 

We follow generally accepted industry standards to protect Personal Information during transmission and storage. No method of transmission over the internet or electronic storage is 100 % secure; therefore while we strive to use commercially acceptable means to protect your Personal Information we do not guarantee absolute security.

Breach Notification – We will notify you and the relevant Data Protection Authority without undue delay (and in any event within the timeframes required by applicable data protection legislation) upon becoming aware of a Personal Information breach. We will also publish notices on our website.

CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to modify this Privacy Policy at any time by posting the revised version on the Platform. If we materially change our Privacy Policy or practices we will notify you by email or by posting a notice on our Platform.

BUSINESS TRANSITIONS

In the event the Company undergoes a business transition such as merger, acquisition or sale of assets, your personally identifiable information may be among the assets transferred. You will be notified via email and a prominent notice will be displayed on our Platform for 30 days of any such change in ownership or control of your Personal Information.

CONTACT US

If you have any complaint / query or suggestions regarding this Privacy Policy please contact our Grievance Officer:

Kalpesh Tambe

Address: Metro Station, Dipti Classic, B-302, Suren Road, Sir Mathuradas Vasanji Rd, off Sir, near Western Express Highway, Mumbai, Maharashtra 400093
Contact No.: 7718814799
Email: kalpesh@cancermitr.com