Privacy Policy

CMED Health Limited

Privacy Policy


CMED Health Ltd (“we”, “us”, “our”) operates (the “site”) and CMED Health Mobile Application (the “Mobile App”), and is committed to protecting and respecting the privacy of users of our Services. We created this Privacy Policy to tell you how CMED Health Ltd collects, uses and discloses information in order to provide you with our Services. If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last Revised” date of the Privacy Policy. Your use of our Services following any such change means you accept the revised Privacy Policy. If you have any questions about this Privacy Policy, or any other aspect of the applicable website or application, please contact [email protected] .

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By accessing or using our Services, you accept the practices and policies outlined in this Privacy Policy. You hereby consent that we will collect, use and disclose your Information as set forth in this Privacy Policy. If you are using our Services on behalf of an individual or legal entity other than yourself, you represent that you are authorized by such individual or legal entity to accept this Privacy Policy on such individual’s or legal entity’s behalf.

If you do not agree to the terms of this Privacy Policy, please do not use the Services.

This Privacy Policy covers the following sections:

  • Our Key Privacy Principles;
  • Information That We May Collect;
  • The Manner In Which Your Information Is Used;
  • The Manner In Which Your Information May Be Disclosed;
  • Security of Your Information;
  • Jurisdictional Issues;
  • COVID-19;
  • Third Parties; and
  • Miscellaneous (including our contact details).


Our Key Privacy Principles:

We are committed to upholding industry – leading standards when processing and protecting your information. These are our key data privacy principles:

  • We shall use the information that you give to us, or that we otherwise collect about you, in a fair and consistent way and in ways that will enhance the Service you receive;
  • We shall always comply with applicable law and regulations when using information about you;
  • We take information security very seriously. Although no system can be 100% secure, we will do our best to keep your information safe;
  • Data about you is your Information, and we will treat it as such;
  • We will always be open with you about how we use your information;
  • Our data is stored in General Data Protection Regulation (GDPR) compliant servers like


Information That We May Collect

We may collect and process the following types of information from you or third parties in connection with your use of our Services:

Personal User Information – this shall include, for example: (1) your name, contact data and identification information (such as your e-mail address, phone number, father’s/ mother’s/ husband’s/ wife’s name, billing and physical addresses, identification information such as national ID, and sometimes financial information (depending on the service used) such as credit card or bank account numbers, etc.); (2) your login and password; (3) demographic data (such as your gender, date of birth, location and family status); (4) your communications with us and your healthcare service  provider (“Providers”); (5) any information you provide when you contact or communicate with us; (6) payment information; (7) insurance information; and (8) the location of your device through which you access our Services.

Personal Health Information – this shall include, for example, health screening results while using CMED devices & application or inputted manually, medical history, names and details of previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medications, risk factors, images or videos and other medical and health information you share with us. In addition to the information we collect directly from you, we may also collect certain information about you from Providers who provide treatment or other services to you in connection with our Services. This information may include, but is not limited to, the Provider’s diagnoses, recommended advice, treatment plans and medical notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, medical record, admission and discharge certificates, insurance policy, insurance eligibility and coverage, and laboratory test results. This Personal Health Information will form a core part of your electronic health record.

Non-Personal User Information – We may also gather non-personal user information about your computer or device and how you use our Services. This information is typically anonymous and the analytics that we share for this purpose will not identify you as an individual. The collection of this non-personal data is in order for us to learn more about your and our other users’ online behavior so that we can improve the Services and general marketing to provide a better experience of our brand and cater more to your and our other users’ needs.

For the purposes of this Privacy Policy, the Personal User Information, the Personal Health Information and the Non-Personal User Information, as defined above, shall together be regarded as your “Information”.

You represent and warrant that all the Information you provide in relation to obtaining the Services is true, accurate, current and complete and you agree to maintain and promptly update such Information, as and when necessary, to keep it current. If we have reasonable grounds to suspect that such Information is untrue, inaccurate or incomplete, we have the right to suspend or terminate the Services.

You may at any time request us to provide you with a record of all your Information that we have in our possession. Should you wish to remove/delete your Personal User Information and Personal Health Information in whole or in part from our systems you can request us to do so by writing to us. We will take necessary measures to verify the identity of the requestor and where this is consistent with the owner of the Personal User Information and Personal Health Information, we will endeavor to fulfil this request. Where we receive such a request to remove/delete your Personal User Information and Personal Health Information from our systems, you acknowledge and accept that it is not always possible to completely delete the data due to technical constraints. We also retain a back-up archive of data where this is necessary to comply with applicable law, to resolve disputes, troubleshoot problems and enforce terms and conditions. However, we keep this data under periodic review to ensure it is still necessary for us to retain it, in compliance with applicable data protection law.

We and/or our service providers may automatically collect certain Personal User Information from your device through which you access our Services. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier, the IP address of your device, the manufacturer, model and operating system of your device, the name and version of our Services you are using, information regarding your browser and information that allows us to personalize our Services. We or our service providers may also collect information about how you interact with our Services and any of our websites or applications to which our Services links or third party websites/applications that link you to our Services, such as how many times you use a specific part of our Services, the amount of time you spend using our Services or how often you use our Services, actions you take in our Services and how you engage with our Services.

Before you share any information with us about other people, you must make sure that you have their consent to do so. For the avoidance of doubt, we shall not be liable, in any manner whatsoever, for failure on your part to obtain such consent.

The Manner In Which Your Information Is Used

In connection with providing you with our Services, we and our affiliates and service providers

(a) verifying your identity, processing your payments and fulfilling your request/orders;

(b) communicating with you about our Services or your use of our Services, and sending you communications on behalf of your Providers;

(c) ensuring quality customer service by providing you with customer support, responding to your requests or concerns, ensuring that our Services functions properly for you and tailoring our Services to meet your needs;

(d) facilitating the provision of healthcare services to you by your Providers, and ensuring your Providers the services and support necessary for healthcare operations;

(e) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type);

(f) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our terms of services or policy, or other misuse of our Services or a Provider’s services;

(g) sending Internet content and SMS and voice messages on general health as well as specialized health topics;

(h) enhancing the experience of Services which may include analysis of your data and application of algorithms to provide assistance such as relevant recommendations, advice and new products;

(i) providing certain marketing communications or promotional materials relating to our Services that may be of interest to you; and

(j) understanding how you interact with our Services and any of our websites to which our Services links or third-party websites that link you to our Services.

You acknowledge and accept that we may use your Information to improve the Services which we provide to you and this may include aggregating and/or anonymizing your data for analytical purposes.

We use information regarding your location or the location of your device through which you access our Services for a number of purposes, including, but not limited to: (a) identifying Providers who may provide you with healthcare services; (b) providing you with a list of nearby pharmacies that may fulfill any prescriptions provided to you by your Provider; and (c) identifying other healthcare providers whom you may visit at the recommendation of your Provider.

We will only store and/or use your Information for as long as it is necessary to do so. Non-Personal User Information may be held for as long as it is necessary in order that we can monitor aggregated statistics about use of our site and exposure to our brand.

The Manner In Which Your Information May Be Disclosed

We may disclose your information to third parties in connection with the provision of our Services or your Provider’s provision of services or as otherwise permitted or required by law. For example, we may disclose your Information in accordance with the terms of this Privacy Policy to:

(a) Providers directly involved in your care including for treatment, payment or healthcare operations purposes;

(b) third parties as we believe necessary or appropriate to comply with applicable laws;

(c) third-party service providers that provide services such as the hosting of our Services, data and usage analysis, IT services and infrastructure, customer service, e-mail or sms delivery, auditing and other similar services (save that no Personal Health Information will be disclosed to any third-party service provider that is not directly involved in your healthcare); and

(d) a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock to such third party.

(e) We may share your Information with other service providers involved in your healthcare, save that we will only share your Personal Health Information where it is absolutely necessary to do so in order for you to receive the Service. This may include (a) sharing components of your medical history for referrals to diagnostics, pathology labs, for the formulation of prescriptions; and (b) sharing relevant medical and social history as part of referrals to behavior change programs (such as community-based health coaching programs, in the course of registering you for digital therapeutics).

We will neither share your electronic health record with any third party that is not involved in your medical care or the Services unless you provide your prior consent for us to do so, nor will we ever sell your Personal Health Information to a third party.

(f) Furthermore, we may anonymize or de-identify your Information and use or disclose that anonymized or de-identified information for any purpose including, but not limited to, aggregating anonymized information for the purposes of analyzing data, trends and patterns relating to the Services. For the avoidance of doubt, we are not required to destroy or return to you any information that has been anonymized or in any way de-identified and such anonymized information may be shared with our affiliates or third-party service providers.

(g) Notwithstanding any of the foregoing, the CMED servers that are used to store your Personal Information are owned and hosted by either (1) Amazon Web Services, Singapore, an, or (2) Google Cloud Platform, managed by You can read more about measures taken by Amazon and Google to protect the security of their servers and your Personal Information here: and here: .

(h) We may disclose information about you if we determine that for national security, law enforcement, or other issues of public importance that disclosure of information is necessary.

Security of Your Information

Although no system can ever be 100% secure, we are committed to and take great care in ensuring that your Information is secure. This includes physical security measures, as well as password-controlled access and audit trails. In order to prevent unauthorized access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the personal information we collect online.

Where we have given you (or you have chosen) a password to access certain parts of the Services, you must keep this password confidential. You should not share this password with anyone. You are responsible for what happens with your log in credentials.

Jurisdictional Issues

We intend to provide our Services in Bangladesh; accordingly, this Privacy Policy and our collection, use, and disclosure of your Information, is governed by the laws of Bangladesh. We do not represent or warrant that our Services are appropriate or available for use in any other jurisdiction. If you choose to access or use our Services from outside Bangladesh, you do so on your own initiative and solely at your own risk. You acknowledge that our Services are subject to the laws of Bangladesh and consent to the transfer of your Information to Bangladesh, which may provide a different level of data security than in the country in which you are located and you waive any claims that may arise under the laws of your location outside Bangladesh.


CMED Health has developed COVID-19 digital health services module for providing screening, education and awareness, triage for potential cases for sample collection, lab test and patient management services and incorporated in different apps of CMED. CMED health is working with different organizations of Bangladesh Government from April 2020. Their health professionals are using these apps to provide screening, education and awareness and other services to support the responses for pandemic.

The data captured during providing COVID related services are used by different organizations and entities of Bangladesh government for decision making, resources mobilization and responding to the pandemic.

It is to be mentioned that, during utilizing data we strictly maintain user privacy and take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Third Parties

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including Providers, the manufacturer of your mobile device, and any other third-party mobile application or website to which our Services may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties. We encourage you to review the privacy policy of your Provider and the privacy policies of each website and application you visit and use.

Miscellaneous (including our contact details)

When using our Services, you may choose not to provide us with certain information, but this may limit the features you are able to use. You may also choose to opt-out of receiving certain communications (e.g., newsletters, promotions) by contacting us through phone, email, or other channels. Please note that even if you opt-out, we may still send you service-related communications.

If you have any security concerns or requests regarding our Services or any complaints or grievances, or if you wish to ask us any questions about the information which we hold about you or wish us to correct or delete such information, please use the contact information below.