INTRODUCTION
We, at Nirvan Eye Hospital , including its members and auxiliaries (hereinafter alluded to as “NEH”) put a superior on the classification of individual information you have endowed with us. This Privacy Policy subtleties how NEH utilizes and safeguards your own information as per DPB-2021 , its Implementing Rules and Regulations (IRR), different issuances of the Data Protection Authority (“DPA”), and other important laws of the India. All assortment, stockpiling, communication, utilization, maintenance, and removal of data will be as per the law.
PERSONAL DATA REFERS TO ALL TYPES OF:
- Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;
- Sensitive personal information refers to personal information: (1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or cm-rent health records, licenses or its denials, suspension or revocation, and tax returns; and (4) Specifically established by an executive order or an act of Congress to be kept classified ; and
- Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.
WHY DOES NEH COLLECT YOUR PERSONAL DATA?
NEH collects, uses, processes, stores and retains personal data when reasonable and necessary to perform its business processes effectively, safely and efficiently and in accordance with corporate policies.
In general, NEH are using your data for any of the following purposes:
- To comply with AEI’s obligations under law and as required by government organizations and/or agencies
- To comply with legal and regulatory requirements or obligations; and
- To perform such other processing or disclosure that may be required under law or regulations.
In addition from the general uses mentioned above, we may use your personal information depending on your transactions with NEH in any of the following means:
- When you want to become part of our team:
- To grant access to NEH premises for the performance of individual’s duties and obligations;
- To manage security at the workplace;
- To process employee salaries and benefits;
- To execute employee development, communications, health and engagement programs and organizational planning and management;
- To provide assistance in case of emergency, and to account for employees during emergencies and/or crises;
- To grant access to NEH’s IT systems and infrastructure, consistent with IT policies and procedures;
- To provide access to services, privileges or job opportunities offered by affiliates and subsidiaries of AEI;
- To process requirements for work purposes, including travel, certification, appointments, and the like;
- To conduct internal investigations in relation to security incidents, disciplinary proceedings and other analogous circumstances;
- To comply with government requirements, including permits, disclosures, orders and reports; and
- To perform such other processing or disclosure that may be required in the course of NEH’s business or under law or regulations.
- When you inquire on our website, social media sites or email:
- To respond to specific complaints, enquiries, requests or to provide requested information; and
- Allows us to personalize the site for the user and view how and when specific users visit the site, helping us to improve the site. The use of cookies is an industry standard. Cookies are stored on your computer and are used only to view information on your hard drive that was put there by a cookie from this site. If you do not wish to receive cookies you may set your web browser to prevent them.
- When you enter NEH premises as patient, guest, or visitor:
- To grant access to NEH premises for the performance of individual’s duties and obligations;
- To manage security at the workplace; and
- To control queue for diagnosis and/or consultations.
- When you become a patient of NEH:
- To provide medical services to you and meeting your healthcare needs within NEH;
- To avail of the services which NEH provides, including, where necessary, the transferring to or sharing of your personal data with third party medical service providers such as specialists, imaging providers, pathology providers, or other allied health professionals such as ophthalmologists;
- To resolve complaints and dealing with enquiries made by you;
- To maintain and update your data;
- To file medical claims on your behalf with the relevant company, employer or insurance provider;
- To collect and process payments through credit card, check, bank transfers or other means;
- To carry out billing, accounting, auditing and the maintenance of proper book-keeping for the Practice’s operations and business;
- To be used in research purposes;
- To conduct internal investigations in relation to security incidents, disciplinary proceedings and other analogous circumstances; and
- To perform such other processing or disclosure that may be required in the course of AEI’s business or under law or regulations.
- When you are a vendor, a potential vendor, or a contractor:
- To conduct appropriate due diligence checks;
- To evaluate your proposal including your manpower, technical and operational capacity;
- To assess the practicability of your proposal and process your accreditation;
- To communicate the result of your proposal and to execute a letter of award together with the contract;
- To perform any other action as may be necessary to implement the terms and conditions of our contract; and,
- To perform other processes related to or in connection with our business, including those processing or disclosure that may be required under law or regulations.
- When you become a stockholder of NEH:
- To maintain records of your stocks with NEH; and
- To perform administration of your stock transactions.
WHAT TYPE OF PERSONAL DATA DOES NEH COLLECT?
The types of personal data that NEH will collect from you depend on the particular purpose and/or position for which you are submitting an application. The common type of data collected by NEH generally includes the following:
- Basic personal information such as name, address, telephone number, and other personal contact details;
- Sensitive personal information such as birth date, marital status, age, religion, nationality, gender, dependents, health information, education, employment history, and government identification numbers, as well as biometric information such as full-face photographs, fingerprints, and other similar images; and
- Privileged information such as medical records.
NEH also generate personal data in the course of your employment, such as salary and income, payroll bank account, performance ratings, disciplinary proceedings, training and development activities, medical records and certifications.
WHAT ABOUT THE LINKS TO THIRD-PARTY WEBSITES?
From time to time, NEH website may provide links to third-party web sites, or advertisements which contain links to third-party sites. These links are provided as a service to you and we do not provide any personal data to these websites or advertisers, and therefore, we will not accept responsibility for their privacy practices. These sites are operated by independent entities that have their own privacy policies which you should also review. NEH’s Privacy Policy does not apply to such other sites or to the use that those entities make of your information. NEH has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information. More so, the availability of a link to, any such site or property on the Website does not imply endorsement of it by us or by our affiliates.
HOW DOES NEH COLLECT, ACQUIRE OR GENERATE PERSONAL DATA?
NEH collect personal data when you:
- Accomplish company forms;
- Submit to NEH your resume and other employment requirements; and
- Disclose personal data through phone calls, email, SMS or verbal communication with Company personnel.
NEH also acquire personal data through third parties, such as:
- Job-search platforms;
- Head-hunters;
- Universities and professional organizations;
- Accredited hospitals or clinics;
- Agencies and contractors; and
- Other companies (such as former employers and affiliates)
NEH generate personal data when you:
- Accept a job offer;
- Avail of benefits; and
- Participate in Company processes and activities.
HOW DOES NEH ENSURE ACCURATE AND UP TO DATE PERSONAL DATA
Employees are primarily responsible for ensuring that all personal data submitted are accurate, complete and up-to-date. From time to time, NEH requests updated data from the employees.
NEH take reasonable steps to make sure that the personal data NEH collect, generate, use or disclose are accurate, complete, and up-to-date, such as:
- Periodic reviews and audits of systems, processes and data; and
- Verification with the concerned employees and third parties.
WITH WHOM DOES NEH SHARE PERSONAL DATA?
As a general rule, NEH are not allowed to share your data with a third party except in limited circumstances as noted below.
You authorize AEI to disclose your information to accredited/affiliated third parties or independent/non-affiliated third parties, whether local or foreign in the following circumstances:
- As necessary for the proper execution of processes related to the declared purpose; and
- The use or disclosure is reasonably necessary, required or authorized by or under law.
This means NEH might provide personal data to the following:
- Our partner companies, organizations, or agencies including their sub-contractors or prospective business partners that act as our service providers and contractors, consistent with the purposes discussed above;
- Affiliates and subsidiaries of NEH; and
- Law enforcement and government agencies;
However, the forgoing may only use such personal data for the purpose(s) disclosed in this Privacy Policy and may not use it for any other purpose.
WHAT IS OUR PRIVACY POLICY REGARDING CHILDREN?
NEH is very sensitive to privacy issues and we are especially careful in any communications with one of our most treasured customers – children. NEH would never collect personal data from children directly, without the parent’s consent.
Personal data collected from children is used solely by NEH or other entities that provide technical, fulfillment or other services to NEH. For example, such entities may provide services, such as, improving our services/web sites, and fulfilling requests or administering promotions. These personal data are not sold.
Meanwhile, we urge parents to regularly monitor and supervise their children’s online activities.
HOW DOES NEH PROTECT YOUR PERSONAL DATA?
NEH strictly enforces its Privacy Policy. It has implemented technological, organizational and physical security measures to protect personal data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration or destruction. NEH uses safeguards such as the following:
- Use of secured servers and firewalls, encryption on computing devices;
- Restricted access only for qualified and authorized personnel; and
- Strict implementation of information security policies.
WHERE AND HOW LONG DOES AEI KEEP PERSONAL DATA?
The personal data is stored in both local and off-shore facilities, such as data centers and document storage facilities. Data collected will be retained in accordance with the following retention standards, unless you request your data to be deleted in our database immediately. Once deleted, the data will be completely removed from all the storage location.
- NEH and/or its duly authorized third party shall retain the Personal Data for a maximum period of five (5) years counted from the date the data subject provide it to NEH, or when it was collected, respectively.
- If the data subject has an existing contract and transaction with NEH, information will be retained all throughout the contract period and 5 years after its completion or termination.
- If the data subject has no existing contract but has existing transaction with NEH, information will be retained during the transaction and 5 years after its fulfillment.
- If the data subject has no existing contract and transaction with NEH, information will be retained for a retention period of 2 years.
WHAT IF THERE ARE CHANGES IN OUR PRIVACY POLICY?
From time to time, it may be necessary for NEH to change this Privacy Policy. If we change our Privacy Policy, we will post the revised version here and will take effect immediately, so we suggest that you check here periodically for the most up-to-date version of our Privacy Policy. Rest assured, however, that any changes will not be retroactively applied and will not alter how we handle previously collected personal data without obtaining your consent, unless required by law.
WHAT ARE YOUR RIGHTS UNDER THE DATA PRIVACY ACT?
As data subjects, you have the following rights:
- Right to be informed;
- Right to object;
- Right to access;
- Right to rectify or correct erroneous data;
- Right to erase or block;
- Right to secure data portability;
- Right to be indemnified for damages; and
- Right to file a Complaint
NEH’s decisions to provide such access or consider any request for correction, erasure and objection to process your personal data as it appears in our records are always subject to any exceptions under applicable and relevant laws and/or the DPA, its IRR and other issuances of NPC.