Date of Latest Version 9th April 2020
i. “We”, “Our”, and “Us” shall mean and refer to Medbay India Private Limited;
ii. “You”, “Your”, “Yourself” and “User” shall mean and refer to natural and legal individuals who use the Website or App.
iii. “Loan” shall mean and refer to Medical Loan or Emergency Medical Loan.
iv. “Personal Information” shall mean and refer to any personally identifiable information that We may collect from You.
v. “Platform” shall mean and refer to the Website and App in collectively.
vi. “Third Parties” refer to any application, website, company or individual apart from the User and LetsMD.
3. INFORMATION COLLECTION AND USE
3.1 Information Collection:
We may collect and process the following Information or data (information that can be uniquely identified with you) about you, we ask this information in order to allow you to user our Services:
3.1.1. Collection of Personally Identifiable Information
i. Information that the Users provide to LetsMD by filling in forms on the Website/App. This includes personal information such as name, age, occupation, email address, mailing address, phone number, GPS based location, Permanent Account Number (PAN), Unique Identification Authority of India (UIDAI), Credit Information Bureau of India Limited (CIBIL) or any other agency including any other Credit Information Companies (CIC);
ii. The User’s tracking Information such as, but not limited to the device ID, Google Advertising ID and Android ID;
iii. Information that the Users provide to LetsMD over telephone. We may make and keep a record of the information shared by the Users with LetsMD;
3.1.2. Collection of Financial SMS Information
We don’t collect or store your personal SMS from your inbox.
We only collect financial SMS sent by 6-digit alphanumeric senders from your inbox which helps us in identifying the various accounts that you are holding and the cash flow patterns that you have as a user to help us perform a credit risk assessment which enables us to determine your risk profile and to provide you with the appropriate credit analysis to enable you to take financial facilities from the regulated financial entities and other service providers available on the platform. While using the app, it periodically sends the financial SMS information to our affiliate server and to us.
3.1.3. Collection of Contact Information
Our application collects your contact information from your device for the purposes of risk analysis by enabling us to detect credible references only after obtaining your explicit consent.The more credible the references are, the lower is the risk associated to a User.
We undertake that your Information is securely stored with us and we will retain Your information for such periods as necessary to provide You the Services on our Platform.
3.1.4. Collection of Installed Applications
We collect a list of the installed applications’ metadata information which includes the application name, package name, installed time, updated time, version name and version code of each installed application on your device to assess your credit worthiness and enrich your profile with pre-approved customized loan offers.
We require storage permission so that your KYC and other relevant documents can be securely downloaded and saved on your phone. You can then easily upload the right KYC related documents for faster medical loan application details filling and disbursal process. This ensures that you are provided with a seamless experience while using the application.
3.1.6. THIRD PARTY APPLICATIONS
Our application requires access to your third party application – Google Drive to enable you to upload your KYC documents and make your journey with us seamless and smooth.
3.1.7. Collection of other Non-Personal Information
We automatically track certain information about you based upon your behaviour on our Platform. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users and improve our services. This information is compiled and analysed on an aggregated basis. We also collect your Internet Protocol (IP) address and the URL used by you to connect your computer to the internet, etc. This information may include the URL that you just came from (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your computer browser information, and your IP address.
If you choose to make a purchase through the Website, we collect information about your buying behaviour.
We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.
If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Website, we collect such information into a file specific to you.
3.1.8. Collection of Device Information
The information the App collects, and how that information is used, depends on how you manage your privacy controls on your device.
When you install the App, we store the information we collect with unique identifiers tied to the device you’re using.
We collect information from the device when you download and install the App and explicitly seek permissions from YOU to get the required information from the device.
The information we collect from your device includes the unique ID i.e. IMEI number, information on operating system, SDK version and mobile network information including carrier name, SIM Serial and SIM Slot, your profile information, list of installed apps, wi-fi information.
We collect information about your device to provide automatic updates and additional security so that your account is not used in other people’s devices. In addition, the information provides us valuable feedback on your identity as a device holder as well as your device behaviour, thereby allowing us to improve our services and provide an enhanced customized user experience to you.
3.1.9. Collection of Official/Professional Information
As a part of Loan process, the User may require to provide his Organisation name and official E-mail address to establish his identity and verification. We will not be having any access to your Official Emails and the information will be restricted to the extent allowed by the Organisation settings on that site and the User’s specific authorization.
However, we may disclose this information to our third party partners to perform credit checks and credit analysis to provide best services to Users in a timely manner. As part of the Services,you authorize us to import your details and Personal Information dispersed over Third Party Platforms. Third Party Platforms are social networking platforms, such as Facebook, LinkedIn and other similar platforms.
3.1.10. Third Party Integration with your Financial Information
During the application process, you shall be required to share/upload certain financial information such as bank documents, salary slips, bank statements, PAN card, bank account no.,data from Credit Information Companies,data required for Know Your Customer compliances,requirement and other relevant details. The collection of Financial Information shall be required, if we fail to fetch your credit data through Financial SMS. We shall integrate your Financial information with Third Party banking partner to perform a credit risk assessment which enables us to determine our risk profile and to provide you with the appropriate credit analysis to enable you to take financial facilities from the regulated financial entities and other service providers available on the platform. You undertake that you shall be solely responsible for the accuracy and truthfulness of the Financial Information you share with us.
We undertake that your Financial Information is securely stored with us and we will retain Your information for such periods as necessary to provide You the Services on our Website/App,
3.2 Use of your Information
3.2.1. Personal and other Information
We will protect your personal information against unauthorized use, dissemination or publication in the same manner in which we would protect our confidential information of like nature. However, under following conditions we may share this information:
i. We may use the personal information to improve our services to you and to keep you updated about our new products or other information that may be of interest to you.
ii. We may share information in the course of normal business operations, such as providing services you have subscribed for, and any activity related to these services. It may become necessary for LetsMD to disclose your personal information to its agents and contractors in the course of normal business operations for the above referred purpose. However, these parties would be required to use the information obtained from LetsMD for such purposes exclusively.
iii. The information provided by you shall be used to contact you when necessary. We may use your tracking information to help identify you and to gather broad demographic information. The information is also used to customize your experience of using our services.
iv. We may release your Personal Information to a third-party in order comply with a Court Order or other similar legal procedure, or when we believe in good faith that such disclosure is necessary to comply with the law; prevent imminent physical harm or financial loss; or investigate or take action regarding illegal activities, suspected fraud, or violations of Our Terms & Conditions. In case We are acquired by or merged with another company, We shall transfer information disclosed by You and information about You to the company we acquired by or merge with.
v. We also use personal information to help us develop, deliver, and improve our Services and to personalize and improve your experience.
vi. From time to time, we may use your Personal Information to send important notices, such as communications and changes to our terms, conditions and policies.
vii. We may also use Personal Information for internal purposes such as auditing, data analysis and research to improve our Services and customer communications.
viii. The Customer authorizes LetsMD to exchange, share, part with all information related to the details and transaction history of the Customers to its Affiliates / Subsidiaries / banks / financial institutions / credit bureaus / agencies/participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold us liable for use or disclosure of this information.
3.2.2. Device Information
We use the information provided by You in the following ways:
a. to establish identity and verify the same.
b. provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.
c. design and offer customized products and services offered by our third party financial partners.
d. analyse how the Website is used, diagnose service or technical problems and maintain security.
e. send communications notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Website.
f. manage Our relationship with You and inform You about other products or services We think You might find of some use.
g. use the User information in order to comply with country laws and regulations.
h. to conduct KYC for our third party lending partners based on the information shared by the User.
i. use the User information in other ways permitted by law to enable You to take financial services from our lending partners.
We will use and retain Your information for such periods as necessary to provide You the Services on our Website/App, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
4. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
ii. We may disclose and share Your information with the financial service providers, banks or NBFCs and Our third party partners for facilitation of a loan or facility or line of credit or purchase of a product.
iii. We may disclose the data / information provided by a User with other technology partners to track how the User interact with Website on Our behalf.
iv. We may disclose the information to our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers.
v. When you use our Website/App, we might provide some of your personal information to third parties to give you better services and for enhancement and visibility of LetsMD. However, we do not sell or rent individual customer names or other Personal Information to third parties except sharing of such information with our alliance partners or vendors who are engaged by us for providing various promotional and other benefits to our customers from time to time.
vii. We cooperate with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud and other rights. We can, and You so authorize Us, disclose Your Personal Information to law enforcement and other government officials as We, in Our sole discretion, believe necessary or appropriate, in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose Us/ Us or You to any legal liability.
viii. We gather up data such as personally identifiable information and disclose such information in a non-personally identifiable manner to advertisers and other third parties for other marketing and promotional purposes. However, in these situations, we do not disclose to these entities any information that could be used to identify you personally. We may use third-party advertising companies to serve advertisement on our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous.
5. LINK TO THIRD-PARTY SDK
5.1. Our application has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data.
5.2. Our third-party service provider employs separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.
5.3. Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
6. Your Privacy Controls
You have certain choices regarding the information we collect and how it is used:
a. Device-level settings: Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.
b. Delete your entire App account.
c. You can also request to remove content from our servers based on applicable law or by writing to our Grievance Officer.
7. SECURITY AND CONFIDENTIALITY
This Website has various electronic, procedural and physical security measures in place to protect the loss, misuse and alteration of information, or any accidental loss, destruction or damage to data. When you submit your information via the Website/App, your information is protected through our security systems. There may be instances where we require proof of identity before disclosing any of your information to you. You agree to be responsible to protect the security of your username and password and other registration details, if any.
Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavor to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per the law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.
In addition, the Website and App have been certified for the following security certifications:
ISO/IEC 27001:2013: is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes
We work hard to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
a. We use encryption to keep your data private while in transit.
b. We offer security feature like an OTP verification to help you protect your account.
c. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
d. We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
e. Compliance & Cooperation with Regulations and applicable laws
g. Data transfers
We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000.
When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
h. Bureau Enquiry
We will enquire with one or more Credit Bureaus on one or more affiliate National Banking Financial Company’s (NBFC) behalf to provide you with your loan amount.
8. Procedure for Opting-out
If and when a User is desirous of having his/her name and other details removed from our records, immediately upon receiving the User’s written request to that effect LetsMD shall, subject to the terms hereof, remove and/delete all such information.
If the User no longer wishes to receive notifications about our services, The User may change his/her notification preferences by contacting us. We reserve the right to close the User account if the User opts out of receiving certain crucial notices that are required to perform our services through its App. The User may not opt-out of receiving notifications about due or past due amounts that the User owes LetsMD or any other collections efforts.
10. GRIEVANCE OFFICER
In accordance with Information Technology Act 2000 and rules made thereunder, the contact details of our Grievance Officer are provided below:
|ADDRESS:||B-17, Ground Floor, Sector – 1, Noida, Uttar Pradesh – 201301|