Date of Latest Version 9th April 2020

Medbay India Private Limited, under the brand “LetsMD” is the author and publisher of the domain name www.letsmd.com (“Website”) and LetsMD mobile application (“App”). This privacy policy (the “Privacy Policy”) is designed to explain our practices regarding collection, use, and disclosure of information that you may provide for using our services via this Website or App (collectively referred to as the “Services”). Please carefully go through this entire Privacy Policy before you decide to access the Website or App to avail the services of LetsMD. By using this Website or App, you understand and agree that LetsMD will treat your use of the Services as acceptance of the Privacy Policy and Terms & Conditions.

 

1.  GENERAL

This Privacy Policy covers LetsMD treatment of Personal Information (as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information, Rules, 2011) that we collect and receive, including information related to your past use of LetsMD services. “Data” and “information” includes information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available. Where applicable we explicitly point out the use of personally identifiable data within our privacy policies. All other data is anonymous to us or is used pseudonymously. This Privacy Policy applies regardless of whether you use a computer, mobile phone, tablet, or television or any other media or computer resource to access our Services. It is important that you read the Privacy Policy carefully because whenever you use our website/applications, your Personal Data will be processed (if at all) in accordance with this policy.

 

2.  DEFINITIONS

The following terms, when used in this Privacy Policy, shall have the meaning as set out hereunder unless the context otherwise requires:

i.  “We”, “Our”, and “Us” shall mean and refer to Medbay India Private Limited;

ii.  “You”, “Your”, “Yourself” and “User” shall mean and refer to natural  and legal individuals who use the Website or App.

iii.  “Loan” shall mean and refer to Medical Loan or Emergency Medical Loan.

iv.  “Personal Information” shall mean and refer to any personally identifiable information that We may collect from You.

v.  “Platform” shall mean and refer to the Website and App in collectively.

vi.  “Third Parties” refer to any application, website, company or individual apart from the User and LetsMD.

 

3. INFORMATION COLLECTION AND USE

3.1 Information Collection:

We may collect and process the following Information or data (information that can be uniquely identified with you) about you, we ask this information in order to allow you to user our Services:

3.1.1.  Collection of Personally Identifiable Information

i.  Information that the Users provide to LetsMD by filling in forms on the Website/App. This includes personal information such as name, age, occupation, email address, mailing address, phone number, GPS based location, Permanent Account Number (PAN), Unique Identification Authority of India (UIDAI), Credit Information Bureau of India Limited (CIBIL) or any other agency including any other Credit Information Companies (CIC);

ii.  The User’s tracking Information such as, but not limited to the device ID, Google Advertising ID and Android ID;

iii.  Information that the Users provide to LetsMD over telephone. We may make and keep a record of the information shared by the Users with LetsMD;

The Information specified above and collected by us may be classified as ‘Personal Information’ or ‘Sensitive Information’ under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. Collection of information which has been designated as ‘sensitive personal data or information’ under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules requires your express consent. By affirming your assent to this Privacy Policy, you provide your consent to such collection as required under applicable law.

3.1.2.  Collection of Financial SMS Information

We don’t collect or store your personal SMS from your inbox.

We only collect financial SMS sent by 6-digit alphanumeric senders from your inbox which helps us in identifying the various accounts that you are holding and the cash flow patterns that you have as a user to help us perform a credit risk assessment which enables us to determine your risk profile and to provide you with the appropriate credit analysis to enable you to take financial facilities from the regulated financial entities and other service providers available on the platform. While using the app, it periodically sends the financial SMS information to our affiliate server and to us.

3.1.3.   Collection of Contact Information

Our application collects your contact information from your device for the purposes of risk analysis by enabling us to detect credible references only after obtaining your explicit consent.The more credible the references are, the lower is the risk associated to a User.

We undertake that your Information is securely stored with us and we will retain Your information for such periods as necessary to provide You the Services on our Platform.

3.1.4.   Collection of Installed Applications

We collect a list of the installed applications’ metadata information which includes the application name, package name, installed time, updated time, version name and version code of each installed application on your device to assess your credit worthiness and enrich your profile with pre-approved customized loan offers.

3.1.5.   Storage

We require storage permission so that your KYC and other relevant documents can be securely downloaded and saved on your phone. You can then easily upload the right KYC related documents for faster medical loan application details filling and disbursal process. This ensures that you are provided with a seamless experience while using the application.

3.1.6.  THIRD PARTY APPLICATIONS

Our application requires access to your third party application – Google Drive to enable you to upload your KYC documents and make your journey with us seamless and smooth.

3.1.7.   Collection of other Non-Personal Information

We automatically track certain information about you based upon your behaviour on our Platform. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users and improve our services. This information is compiled and analysed on an aggregated basis. We also collect your Internet Protocol (IP) address and the URL used by you to connect your computer to the internet, etc. This information may include the URL that you just came from (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your computer browser information, and your IP address.

Cookies are small data files that a Website stores on Your computer. We will use cookies on our Website similar to other lending websites / apps and online marketplace websites / apps. Use of this information helps Us identify You in order to make our Website more user friendly. Most browsers will permit You to decline cookies but if You choose to do this it might affect service on some parts of Our Website.

If you choose to make a purchase through the Website, we collect information about your buying behaviour.

We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Website, we collect such information into a file specific to you.

3.1.8.   Collection of Device Information

The information the App collects, and how that information is used, depends on how you manage your privacy controls on your device.

When you install the App, we store the information we collect with unique identifiers tied to the device you’re using.

We collect information from the device when you download and install the App and explicitly seek permissions from YOU to get the required information from the device.

The information we collect from your device includes the unique ID i.e. IMEI number, information on operating system, SDK version and mobile network information including carrier name, SIM Serial and SIM Slot, your profile information, list of installed apps, wi-fi information.

We collect information about your device to provide automatic updates and additional security so that your account is not used in other people’s devices. In addition, the information provides us valuable feedback on your identity as a device holder as well as your device behaviour, thereby allowing us to improve our services and provide an enhanced customized user experience to you.

3.1.9.   Collection of Official/Professional Information

As a part of Loan process, the User may require to provide his Organisation name and official E-mail address to establish his identity and verification. We will not be having any access to your Official Emails and the information will be restricted to the extent allowed by the Organisation settings on that site and the User’s specific authorization.

However, we may disclose this information to our third party partners to perform credit checks and credit analysis to provide best services to Users in a timely manner. As part of the Services,you authorize us to import your details and Personal Information dispersed over Third Party Platforms. Third Party Platforms are social networking platforms, such as Facebook, LinkedIn and other similar platforms.

3.1.10. Third Party Integration with your Financial Information

During the application process, you shall be required to share/upload certain financial information such as bank documents, salary slips, bank statements, PAN card, bank account no.,data from Credit Information Companies,data required for Know Your Customer compliances,requirement and other relevant details. The collection of Financial Information shall be required, if we fail to fetch your credit data through Financial SMS. We shall integrate your Financial information with Third Party banking partner to perform a credit risk assessment which enables us to determine our risk profile and to provide you with the appropriate credit analysis to enable you to take financial facilities from the regulated financial entities and other service providers available on the platform. You undertake that you shall be solely responsible for the accuracy and truthfulness of the Financial Information you share with us.

We undertake that your Financial Information is securely stored with us and we will retain Your information for such periods as necessary to provide You the Services on our Website/App,

 

3.2 Use of your Information

3.2.1.   Personal and other Information

We will protect your personal information against unauthorized use, dissemination or publication in the same manner in which we would protect our confidential information of like nature. However, under following conditions we may share this information:

i.  We may use the personal information to improve our services to you and to keep you updated about our new products or other information that may be of interest to you.

ii.  We may share information in the course of normal business operations, such as providing services you have subscribed for, and any activity related to these services. It may become necessary for LetsMD to disclose your personal information to its agents and contractors in the course of normal business operations for the above referred purpose. However, these parties would be required to use the information obtained from LetsMD for such purposes exclusively.

iii.  The information provided by you shall be used to contact you when necessary. We may use your tracking information to help identify you and to gather broad demographic information. The information is also used to customize your experience of using our services.

iv.  We may release your Personal Information to a third-party in order comply with a Court Order or other similar legal procedure, or when we believe in good faith that such disclosure is necessary to comply with the law; prevent imminent physical harm or financial loss; or investigate or take action regarding illegal activities, suspected fraud, or violations of Our Terms & Conditions. In case We are acquired by or merged with another company, We shall transfer information disclosed by You and information about You to the company we acquired by or merge with.

v.  We also use personal information to help us develop, deliver, and improve our Services and to personalize and improve your experience.

vi.  From time to time, we may use your Personal Information to send important notices, such as communications and changes to our terms, conditions and policies.

vii.  We may also use Personal Information for internal purposes such as auditing, data analysis and research to improve our Services and customer communications.

viii.  The Customer authorizes LetsMD to exchange, share, part with all information related to the details and transaction history of the Customers to its Affiliates / Subsidiaries / banks / financial institutions / credit bureaus / agencies/participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold us liable for use or disclosure of this information.

3.2.2.   Device Information

We use the information provided by You in the following ways:

a. to establish identity and verify the same.

b. provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.

c. design and offer customized products and services offered by our third party financial partners.

d. analyse how the Website is used, diagnose service or technical problems and maintain security.

e. send communications notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Website.

f. manage Our relationship with You and inform You about other products or services We think You might find of some use.

g. use the User information in order to comply with country laws and regulations.

h. to conduct KYC for our third party lending partners based on the information shared by the User.

i. use the User information in other ways permitted by law to enable You to take financial services from our lending partners.

We will use and retain Your information for such periods as necessary to provide You the Services on our Website/App, to comply with our legal obligations, to resolve disputes, and enforce our agreements.

 

4. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

i.  The Website/App includes links to other websites whose privacy practices may differ from those of LetsMD. The inclusion of a link does not imply any endorsement by LetsMD of the third party website, the website’s provider, or the information on the third party website. If the Users submit personal information to any of those websites, such information is governed by the privacy policies of such third party websites and We disclaims all responsibility or liability with respect to these policies or the websites. The Users are encouraged to carefully read the privacy policy of any website that they visit.

ii. We may disclose and share Your information with the financial service providers, banks or NBFCs and Our third party partners for facilitation of a loan or facility or line of credit or purchase of a product.

iii. We may disclose the data / information provided by a User with other technology partners to track how the User interact with Website on Our behalf.

iv. We may disclose the information to our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers.

v.  When you use our Website/App, we might provide some of your personal information to third parties to give you better services and for enhancement and visibility of LetsMD. However, we do not sell or rent individual customer names or other Personal Information to third parties except sharing of such information with our alliance partners or vendors who are engaged by us for providing various promotional and other benefits to our customers from time to time.

vi.  Due to the existing regulatory environment, we cannot ensure that all of your information shall never be disclosed in ways other than those described in this Privacy Policy. For example, but without limiting and foregoing, we may be forced to disclose Your Personal Information to the government, law enforcement agencies or other Third Parties. Under certain circumstances, Third Parties may unlawfully intercept or access transmission or private communications, or abuse or misuse Your Personal Information that they may collect from our Website/App. Therefore, we do not promise, and you should not expect, that your personally identifiable information or private communications would always remain private.

vii.  We cooperate with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud and other rights. We can, and You so authorize Us, disclose Your Personal Information to law enforcement and other government officials as We, in Our sole discretion, believe necessary or appropriate, in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose Us/ Us or You to any legal liability.

viii.  We gather up data such as personally identifiable information and disclose such information in a non-personally identifiable manner to advertisers and other third parties for other marketing and promotional purposes. However, in these situations, we do not disclose to these entities any information that could be used to identify you personally. We may use third-party advertising companies to serve advertisement on our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous.

5. LINK TO THIRD-PARTY SDK

5.1. Our application has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data.

5.2. Our third-party service provider employs separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.

5.3. Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.

 

6. Your Privacy Controls

You have certain choices regarding the information we collect and how it is used:

a. Device-level settings: Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.

b. Delete your entire App account.

c. You can also request to remove content from our servers based on applicable law or by writing to our Grievance Officer.

 

7. SECURITY AND CONFIDENTIALITY

This Website has various electronic, procedural and physical security measures in place to protect the loss, misuse and alteration of information, or any accidental loss, destruction or damage to data. When you submit your information via the Website/App, your information is protected through our security systems. There may be instances where we require proof of identity before disclosing any of your information to you. You agree to be responsible to protect the security of your username and password and other registration details, if any.

While using and transferring of your information, we will take necessary steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy and in accordance with applicable laws including but not limited to Information Technology Act, 2000 and the rules framed thereunder, whenever required.

Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavor to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per the law.

We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.

In addition, the Website and App have been certified for the following security certifications:

ISO/IEC 27001:2013: is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes

We work hard to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:

a. We use encryption to keep your data private while in transit.

b. We offer security feature like an OTP verification to help you protect your account.

c. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.

d. We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

e. Compliance & Cooperation with Regulations and applicable laws

f. We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.

g. Data transfers

We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000.

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

h. Bureau Enquiry

We will enquire with one or more Credit Bureaus on one or more affiliate National Banking Financial Company’s (NBFC) behalf to provide you with your loan amount.

 

8. Procedure for Opting-out

If and when a User is desirous of having his/her name and other details removed from our records, immediately upon receiving the User’s written request to that effect LetsMD shall, subject to the terms hereof, remove and/delete all such information.

If the User no longer wishes to receive notifications about our services, The User may change his/her notification preferences by contacting us. We reserve the right to close the User account if the User opts out of receiving certain crucial notices that are required to perform our services through its App. The User may not opt-out of receiving notifications about due or past due amounts that the User owes LetsMD or any other collections efforts.

 

9. MODIFICATION

We reserves the right to amend this Privacy Policy at any time. The policies, as and how modified, shall be updated on the Website and the same shall be notified on the Website. We encourage you to review this Privacy Policy whenever you visit our Website/App to understand how your personal information is used.

 

10. GRIEVANCE OFFICER

In accordance with Information Technology Act 2000 and rules made thereunder, the contact details of our Grievance Officer are provided below:

 

NAME: Anshuman Gupta
ADDRESS: B-17, Ground Floor, Sector – 1, Noida, Uttar Pradesh – 201301
TEL: 0120-4294066
EMAIL: care@letsmd.com