Date of Latest Version 9th April 2020

Medbay India Private Limited, under the brand “LetsMD” is the author and publisher of the domain name www.letsmd.com (“Website”) and LetsMD mobile application (“App”). This privacy policy (the “Privacy Policy”) is designed to explain our practices regarding collection, use, and disclosure of information that you may provide for using our services via this Website or App (collectively referred to as the “Services”). Please carefully go through this entire Privacy Policy before you decide to access the Website or App to avail the services of LetsMD. By using this Website or App, you understand and agree that LetsMD will treat your use of the Services as acceptance of the Privacy Policy and Terms & Conditions.

 

1.  GENERAL

This Privacy Policy covers LetsMD treatment of Personal Information (as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information, Rules, 2011) that we collect and receive, including information related to your past use of LetsMD services. “Data” and “information” includes information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available. Where applicable we explicitly point out the use of personally identifiable data within our privacy policies. All other data is anonymous to us or is used pseudonymously. This Privacy Policy applies regardless of whether you use a computer, mobile phone, tablet, or television or any other media or computer resource to access our Services. It is important that you read the Privacy Policy carefully because whenever you use our website/applications, your Personal Data will be processed (if at all) in accordance with this policy.

 

2.  DEFINITIONS

The following terms, when used in this Privacy Policy, shall have the meaning as set out hereunder unless the context otherwise requires:

i.  “We”, “Our”, and “Us” shall mean and refer to Medbay India Private Limited;

ii.  “You”, “Your”, “Yourself” and “User” shall mean and refer to natural  and legal individuals who use the Website or App.

iii.  “Loan” shall mean and refer to Medical Loan or Emergency Medical Loan.

iv.  “Personal Information” shall mean and refer to any personally identifiable information that We may collect from You.

v.  “Platform” shall mean and refer to the Website and App in collectively.

vi.  “Third Parties” refer to any application, website, company or individual apart from the User and LetsMD.

 

3. INFORMATION COLLECTION AND USE

3.1 Information Collection:

We may collect and process the following Information or data (information that can be uniquely identified with you) about you, we ask this information in order to allow you to user our Services. Where possible, we indicate the mandatory and the optional fields. You always have the option to not provide your personal information by choosing not to use a particular service or feature on the Platform:

3.1.1.  Collection of Personally Identifiable Information

i.  Information that the Users provide to LetsMD by filling in forms on the Website/App. This includes personal information such as name, age, occupation, email address, mailing address, phone number, gender, marital status, GPS based location, Permanent Account Number (PAN), Unique Identification Authority of India (UIDAI), Credit Information Bureau of India Limited (CIBIL) or any other agency including any other Credit Information Bureaus;

ii.  The User’s tracking Information such as, but not limited to the device ID, Google Advertising ID and Android ID;

iii.  Information that the Users provide to LetsMD over telephone. We may make and keep a record of the information shared by the Users with LetsMD;

The Information specified above and collected by us may be classified as ‘Personal Information’ or ‘Sensitive Information’ under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. Collection of information which has been designated as ‘sensitive personal data or information’ under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules requires your express consent. By affirming your assent to this Privacy Policy, you provide your consent to such collection as required under applicable law.

3.1.2.  Collection of Financial SMS Information

We don’t collect or store your personal SMS from your inbox.

After obtaining your explicit consent, we only collect financial SMS sent by 6-digit alphanumeric senders from your inbox which helps us in identifying the various accounts that you are holding and the cash flow patterns that you have as a user to help us perform a credit risk assessment which enables us to determine your risk profile and to provide you with the appropriate credit analysis to enable you to take financial facilities from the regulated financial entities and other service providers available on the platform. While using the app, it periodically sends the financial SMS information to our affiliate server and to us.

3.1.3. Collection of Device Location

We require your assent for collecting and monitoring the information about the location of your device to provide serviceability of your loan application and also helps us to provide You the information of nearest empaneled hospitals. This also helps us to verify the address and expedite know your customer (KYC) process.

3.1.4.   Collection of Contact Information

Our App requires your permission to collect and monitor your contact’s information which includes name, phone number & contact last modified. Since, LetsMD facilitates Emergency Medical Loan, reaching out to patient’s immediate contacts becomes a hurdle for loan approval process in most of the cases. Further, if a patient is in critical condition, collecting and monitoring the aforesaid information becomes an utmost priority. We use the above mentioned information for connecting with immediate contacts promptly and thereby expediting the loan approval process.

We undertake that your Information is securely stored with us and we will retain Your information for such periods as necessary to provide You the Services on our Platform.

3.1.5.   Collection of Installed Applications

We collect a list of the installed applications’ metadata information which includes the application name, package name, installed time, updated time, version name and version code of each installed application on your device to assess your credit worthiness.

3.1.6.   Storage

We require storage permission so that your KYC and other relevant documents can be securely downloaded and saved on your phone. You can then easily upload the right KYC related documents for faster medical loan application and disbursal process. This ensures that you are provided with a seamless experience while using the application.

3.1.7.  Camera

We require the camera information permission to provide you an easy/smooth experience and to enable you to click photos of your KYC documents along with other requisite documents and upload the same on the App during your loan application journey.

3.1.8.  THIRD PARTY APPLICATIONS

Our application requires access to your third party application – Google Drive to enable you to upload your KYC documents and make your journey with us seamless and smooth.

3.1.9.   Collection of other Non-Personal Information

We automatically track certain information about you based upon your behaviour on our Platform. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users and improve our services. This information is compiled and analyzed on an aggregated basis. We also collect your Internet Protocol (IP) address and the URL used by you to connect your computer to the internet, etc. This information may include the URL that you just came from (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your computer browser information, and your IP address.

Cookies are small data files that a Website stores on Your computer. We will use cookies on our Website similar to other lending websites / apps and online marketplace websites / apps. Use of this information helps Us identify You in order to make our Website more user friendly. Most browsers will permit You to decline cookies but if You choose to do this it might affect service on some parts of Our Website.

If you choose to make a purchase through the Website, we collect information about your buying behaviour.

We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Website, we collect such information into a file specific to you.

3.1.10.   Collection of Device Information

The information the App collects, and how that information is used, depends on how you manage your privacy controls on your device.

When you install the App, we store the information we collect with unique identifiers tied to the device you’re using.

We collect information from the device when you download and install the App and explicitly seek permissions from YOU to get the required information from the device.

The information we collect from your device includes the hardware model, unique device identifiers like IMEI, serial number, SSAID; SIM information that includes network operator, roaming state, WIFI information that includes MAC address and mobile network information to uniquely identify the devices and ensure that no unauthorized device acts on your behalf to prevent frauds.

We collect information about your device to provide automatic updates and additional security so that your account is not used in other people’s devices. In addition, the information provides us valuable feedback on your identity as a device holder as well as your device behaviour, thereby allowing us to improve our services and provide an enhanced customized user experience to you.

3.1.11.   Collection of GST information

If a User is self-employed, then we may require GST number of his Organisation. However, this is an optional field and user may opt to not provide this information but providing the said detail will help us to establish your identity and verification thereon. Under no circumstances, we shall be using the information for purposes other than as mentioned.

3.1.12.   Collection of Official/Professional Information

As a part of Loan process, the User may require to provide his Organisation name and official E-mail address. Our application requires your consent for the purpose of establishing your identity and verification thereon. Under no circumstances, we shall be having any access to your Emails and shall at all times ensure that the specific consent is not misused beyond the consent explicitly vested with us.

3.1.13. Third Party Integration with your Financial Information

During the application process, you shall be required to share/upload certain financial information such as bank documents, salary slips, bank statements, PAN card, bank account no.,data from Credit Information Bureaus,data required for Know Your Customer compliances,requirement and other relevant details. The collection of Financial Information shall be required, if we fail to fetch your credit data through Financial SMS. We shall integrate your Financial information with Third Party banking partner to perform a credit risk assessment which enables us to determine our risk profile and to provide you with the appropriate credit analysis to enable you to take financial facilities from the regulated financial entities and other service providers available on the platform. You undertake that you shall be solely responsible for the accuracy and truthfulness of the Financial Information you share with us. However, our App requires your explicit consent to access the required Financial Information.

We undertake that your Financial Information is securely stored with us and we will retain Your information for such periods as necessary to provide You the Services on our Website/App,

 

3.2 Use of your Information

3.2.1.   Personal and other Information

We will protect your personal information against unauthorized use, dissemination or publication in the same manner in which we would protect our confidential information of like nature. To the extent we intent to use your personal information to market any product to you, we will provide you the ability to opt-out of such uses. In case we use or disclose your information for any purpose not specified in the Privacy Policy, we will take your explicit consent. However, under following conditions we may share this information:

i.  We may use the personal information to improve our services to you and to keep you updated about our new products or other information that may be of interest to you.

ii.  We may share information in the course of normal business operations, such as providing services you have subscribed for, and any activity related to these services. It may become necessary for LetsMD to disclose your personal information to its agents and contractors in the course of normal business operations for the above referred purpose. However, these parties would be required to use the information obtained from LetsMD for such purposes exclusively.

iii.  The information provided by you shall be used to contact you when necessary. We may use your tracking information to help identify you and to gather broad demographic information. The information is also used to customize your experience of using our services.

iv.  We may release your Personal Information to a third-party in order comply with a Court Order or other similar legal procedure, or when we believe in good faith that such disclosure is necessary to comply with the law; prevent imminent physical harm or financial loss; or investigate or take action regarding illegal activities, suspected fraud, or violations of Our Terms & Conditions. In case We are acquired by or merged with another company, We shall transfer information disclosed by You and information about You to the company we acquired by or merge with.

v.  We also use personal information to help us develop, deliver, and improve our Services and to personalize and improve your experience.

vi.  From time to time, we may use your Personal Information to send important notices, such as communications and changes to our terms, conditions and policies.

vii.  We may also use Personal Information for internal purposes such as auditing, data analysis and research to improve our Services and customer communications.

viii.  We may use the information for the purpose of sending administrative notices, Service-related alerts and other similar communication with a view to optimizing the efficiency of the Platform;

ix. We also use the information for doing market research, troubleshooting, protection against error, project planning, fraud and other criminal activity; and

x. The Customer authorizes LetsMD to exchange, share, part with all information related to the details and transaction history of the Customers to its Affiliates / Subsidiaries / banks / financial institutions / credit bureaus / agencies/participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold us liable for use or disclosure of this information.

3.2.2.   Device Information

We use the information provided by You in the following ways:

a. to establish identity and verify the same.

b. provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.

c. design and offer customized products and services offered by our third party financial partners.

d. analyse how the Website is used, diagnose service or technical problems and maintain security.

e. send communications notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Website.

f. manage Our relationship with You and inform You about other products or services We think You might find of some use.

g. use the User information in order to comply with country laws and regulations.

h. to conduct KYC for our third party lending partners based on the information shared by the User.

i. use the User information in other ways permitted by law to enable You to take financial services from our lending partners.

We will use and retain Your information for such periods as necessary to provide You the Services on our Website/App, to comply with our legal obligations, to resolve disputes, and enforce our agreements.

 

4. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

We will share Your information with only our registered third parties including our financial partners for provision of services on the Platform and/or for facilitation of a loan / facility to a User. We will share Your information with third parties only in such manner as described below:

i. We may disclose and share Your information with the financial service providers, banks or NBFCs and Our third party partners for facilitation of a loan or facility or line of credit or purchase of a product;

ii. We may disclose the data / information provided by a User with other technology partners to track how the User interact with Website on Our behalf.

iii. We may disclose the information to our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers.

iv.  When you use our Website/App, we might provide some of your personal information to third parties to give you better services and for enhancement and visibility of LetsMD. However, we do not sell or rent individual customer names or other Personal Information to third parties except sharing of such information with our alliance partners or vendors who are engaged by us for providing various promotional and other benefits to our customers from time to time.

v.  Due to the existing regulatory environment, we cannot ensure that all of your information shall never be disclosed in ways other than those described in this Privacy Policy. For example, but without limiting and foregoing, we may be forced to disclose Your Personal Information to the government, law enforcement agencies or other Third Parties. Under certain circumstances, Third Parties may unlawfully intercept or access transmission or private communications, or abuse or misuse Your Personal Information that they may collect from our Website/App. Therefore, we do not promise, and you should not expect, that your personally identifiable information or private communications would always remain private.

vi.  We cooperate with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud and other rights. We can, and You so authorize Us, disclose Your Personal Information to law enforcement and other government officials as We, in Our sole discretion, believe necessary or appropriate, in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose Us/ Us or You to any legal liability.

vii.  We gather up data such as personally identifiable information and disclose such information in a non-personally identifiable manner to advertisers and other third parties for other marketing and promotional purposes. However, in these situations, we do not disclose to these entities any information that could be used to identify you personally. We may use third-party advertising companies to serve advertisement on our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous.

viii. We will share Your information under a confidentiality agreement with the third parties and restrict use of the said Information by third parties only for the purposes detailed herein. We warrant that there will be no unauthorised disclosure of your information shared with third parties.

ix. By using the Platform, you hereby grant your consent to the Company to share/disclose your Personal Information (i) To the concerned third parties in connection with the Services; and (ii) With the governmental authorities, quasi-governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of India.

 

5. LINK TO THIRD-PARTY SDK

5.1. Our application has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data.

5.2. Our third-party service provider employs separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.

5.3. Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.

 

6. Your Privacy Controls

You have certain choices regarding the information we collect and how it is used:

a. Device-level settings: Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Contact or Storage permissions.

b. Delete your entire App account.

c. You can also request to remove content from our servers based on applicable law or by writing to our Grievance Officer.

 

7. SECURITY AND CONFIDENTIALITY

This Website has various electronic, procedural and physical security measures in place to protect the loss, misuse and alteration of information, or any accidental loss, destruction or damage to data. When you submit your information via the Website/App, your information is protected through our security systems. There may be instances where we require proof of identity before disclosing any of your information to you. You agree to be responsible to protect the security of your username and password and other registration details, if any.

While using and transferring of your information, we will take necessary steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy and in accordance with applicable laws including but not limited to Information Technology Act, 2000 and the rules framed thereunder, whenever required.

Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavor to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per the law.

We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.

In addition, the Website and App have been certified for the following security certifications:

ISO/IEC 27001:2013: is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes

We work hard to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:

a. We use encryption to keep your data private while in transit.

b. We offer security feature like an OTP verification to help you protect your account.

c. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.

d. We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

e. Compliance & Cooperation with Regulations and applicable laws

f. We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.

g. Data transfers

We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000.

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

h. Bureau Enquiry

We will enquire with one or more Credit Bureaus on one or more affiliate National Banking Financial Company’s (NBFC) behalf to provide you with your loan amount.

 

8. PROCEDURE FOR OPTING-OUT

If and when a User is desirous of having his/her name and other details removed from our records, immediately upon receiving the User’s written request to that effect LetsMD shall, subject to the terms hereof, remove and/delete all such information.

If the User no longer wishes to receive notifications about our services, The User may change his/her notification preferences by contacting us. We reserve the right to close the User account if the User opts out of receiving certain crucial notices that are required to perform our services through its App. The User may not opt-out of receiving notifications about due or past due amounts that the User owes LetsMD or any other collections efforts.

 

9. EXCLUSION

The Platform includes links to other websites whose privacy practices may differ from those of LetsMD. The inclusion of a link does not imply any endorsement by LetsMD of the third party website, the website’s provider, or the information on the third party website. If the Users submit personal information to any of those websites, such information is governed by the privacy policies of such third party websites and We disclaims all responsibility or liability with respect to these policies or the websites. The Users are encouraged to carefully read the privacy policy of any website that they visit.

 

10. DATA RETENTION

We shall not retain Personal Information longer than the Purpose for which it is sought is served or is otherwise required under any other law for the time being in force. However, we will retain your Personal Information till the Outstanding Amount(s) is due and payable. We may also retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Subject to this section, we will strive to delete your Personal Information upon reasonable written request for the same.

 

11. MODIFICATION

We reserves the right to amend this Privacy Policy at any time. The policies, as and how modified, shall be updated on the Website and the same shall be notified on the Website. We encourage you to review this Privacy Policy whenever you visit our Website/App to understand how your personal information is used.

 

12. GRIEVANCE OFFICER

In accordance with Information Technology Act 2000 and rules made thereunder, the contact details of our Grievance Officer are provided below:

 

NAME: Anshuman Gupta
ADDRESS: B-17, Ground Floor, Sector – 1, Noida, Uttar Pradesh – 201301
TEL: 0120-4294066
EMAIL: care@letsmd.com