CMED Health Limited
Our Key Privacy Principles;
Information That We May Collect;
The Manner In Which Your Information Is Used;
The Manner In Which Your Information May Be Disclosed;
Security of Your Information;
Third Parties; and
Miscellaneous (including our contact details).
Our Key Privacy Principles:
We are committed to upholding industry – leading standards when processing and protecting your information. These are our key data privacy principles:
We shall use the information that you give to us, or that we otherwise collect about you, in a fair and consistent way and in ways that will enhance the Service you receive;
We shall always comply with applicable law and regulations when using information about you;
We take information security very seriously. Although no system can be 100% secure, we will do our best to keep your information safe;
Data about you is your Information, and we will treat it as such;
We will always be open with you about how we use your information;
Our data is stored in General Data Protection Regulation (GDPR) compliant servers like
AWS (Amazon Web Services, Singapore); For detail https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
Google’s Firebase Cloud Firestore; For details https://firebase.google.com/support/privacy/
Information That We May Collect
We may collect and process the following types of information from you or third parties in connection with your use of our Services:
Personal User Information – this shall include, for example: (1) your name, contact data and identification information (such as your e-mail address, phone number, father’s/ mother’s/ husband’s/ wife’s name, billing and physical addresses, identification information such as national ID, and and sometimes financial information (depending on the service used) such as credit card or bank account numbers, etc); (2) your login and password; (3) demographic data (such as your gender, date of birth, location and family status); (4) your communications with us and your healthcare service provider (“Providers”); (5) any information you provide when you contact or communicate with us; (6) payment information; (7) insurance information; and (8) the location of your device through which you access our Services.
Personal Health Information – this shall include, for example, health screening results while using CMED devices & application or inputted manually, medical history, names and details of previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medications, risk factors, images or videos and other medical and health information you share with us. In addition to the information we collect directly from you, we may also collect certain information about you from Providers who provide treatment or other services to you in connection with our Services. This information may include, but is not limited to, the Provider’s diagnoses, recommended advice, treatment plans and medical notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, medical record, admission and discharge certificates, insurance policy, insurance eligibility and coverage, and laboratory test results. This Personal Health Information will form a core part of your electronic health record.
Non-Personal User Information – We may also gather non-personal user information about your computer or device and how you use our Services. This information is typically anonymous and the analytics that we share for this purpose will not identify you as an individual. The collection of this non-personal data is in order for us to learn more about your and our other users’ online behaviour so that we can improve the Services and general marketing to provide a better experience of our brand and cater more to your and our other users’ needs.
You represent and warrant that all the Information you provide in relation to obtaining the Services is true, accurate, current and complete and you agree to maintain and promptly update such Information, as and when necessary, to keep it current. If we have reasonable grounds to suspect that such Information is untrue, inaccurate or incomplete, we have the right to suspend or terminate the Services.
You may at any time request us to provide you with a record of all your Information that we have in our possession. Should you wish to remove/delete your Personal User Information and Personal Health Information in whole or in part from our systems you can request us to do so by writing to us. We will take necessary measures to verify the identity of the requestor and where this is consistent with the owner of the Personal User Information and Personal Health Information, we will endeavour to fulfil this request. Where we receive such a request to remove/delete your Personal User Information and Personal Health Information from our systems, you acknowledge and accept that it is not always possible to completely delete the data due to technical constraints. We also retain a back-up archive of data where this is necessary to comply with applicable law, to resolve disputes, troubleshoot problems and enforce terms and conditions. However, we keep this data under periodic review to ensure it is still necessary for us to retain it, in compliance with applicable data protection law.
We and/or our service providers may automatically collect certain Personal User Information from your device through which you access our Services. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier, the IP address of your device, the manufacturer, model and operating system of your device, the name and version of our Services you are using, information regarding your browser and information that allows us to personalize our Services. We or our service providers may also collect information about how you interact with our Services and any of our websites or applications to which our Services links or third party websites/applications that link you to our Services, such as how many times you use a specific part of our Services, the amount of time you spend using our Services or how often you use our Services, actions you take in our Services and how you engage with our Services.
Before you share any information with us about other people, you must make sure that you have their consent to do so. For the avoidance of doubt, we shall not be liable, in any manner whatsoever, for failure on your part to obtain such consent.
The Manner In Which Your Information Is Used
In connection with providing you with our Services, we and our affiliates and service providers
(a) verifying your identity, processing your payments and fulfilling your request/orders;
(b) communicating with you about our Services or your use of our Services, and sending you communications on behalf of your Providers;
(c) ensuring quality customer service by providing you with customer support, responding to your requests or concerns, ensuring that our Services functions properly for you and tailoring our Services to meet your needs;
(d) facilitating the provision of healthcare services to you by your Providers, and ensuring your Providers the services and support necessary for healthcare operations;
(e) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type);
(f) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our terms of services or policy, or other misuse of our Services or a Provider’s services;
(g) sending Internet content and SMS and voice messages on general health as well as specialized health topics;
(h) enhancing the experience of Services which may include analysis of your data and application of algorithms to provide assistance such as relevant recommendations, advice and new products;
(i) providing certain marketing communications or promotional materials relating to our Services that may be of interest to you; and
(j) understanding how you interact with our Services and any of our websites to which our Services links or third party websites that link you to our Services.
You acknowledge and accept that we may use your Information to improve the Services which we provide to you and this may include aggregating and/or anonymizing your data for analytical purposes.
We use information regarding your location or the location of your device through which you access our Services for a number of purposes, including, but not limited to: (a) identifying Providers who may provide you with healthcare services; (b) providing you with a list of nearby pharmacies that may fulfill any prescriptions provided to you by your Provider; and (c) identifying other healthcare providers whom you may visit at the recommendation of your Provider.
We will only store and/or use your Information for as long as it is necessary to do so. Non-Personal User Information may be held for as long as it is necessary in order that we can monitor aggregated statistics about use of our site and exposure to our brand.
The Manner In Which Your Information May Be Disclosed
(a) Providers directly involved in your care including for treatment, payment or healthcare operations purposes;
(b) third parties as we believe necessary or appropriate to comply with applicable laws;
(c) third-party service providers that provide services such as the hosting of our Services, data and usage analysis, IT services and infrastructure, customer service, e-mail or sms delivery, auditing and other similar services (save that no Personal Health Information will be disclosed to any third-party service provider that is not directly involved in your healthcare); and
(d) a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock to such third party.
(e) We may share your Information with other service providers involved in your healthcare, save that we will only share your Personal Health Information where it is absolutely necessary to do so in order for you to receive the Service. This may include (a) sharing components of your medical history for referrals to diagnostics, pathology labs, for the formulation of prescriptions; and (b) sharing relevant medical and social history as part of referrals to behaviour change programs (such as community based health coaching programs, in the course of registering you for digital therapeutics).
We will neither share your electronic health record with any third party that is not involved in your medical care or the Services unless you provide your prior consent for us to do so, nor will we ever sell your Personal Health Information to a third party.
(f) Furthermore, we may anonymize or de-identify your Information and use or disclose that anonymized or de-identified information for any purpose including, but not limited to, aggregating anonymized information for the purposes of analyzing data, trends and patterns relating to the Services. For the avoidance of doubt, we are not required to destroy or return to you any information that has been anonymized or in any way de-identified and such anonymized information may be shared with our affiliates or third party service providers.
(g) Notwithstanding any of the foregoing, the CMED servers that are used to store your Personal Information are owned and hosted by either (1) Amazon Web Services, Singapore, an Amazon.com, or (2) Google Cloud Platform, managed by Google.com . You can read more about measures taken by Amazon and Google to protect the security of their servers and your Personal Information here: https://aws.amazon.com/privacy/ and here: https://cloud.google.com/security/ .
(h) We may disclose information about you if we determine that for national security, law enforcement, or other issues of public importance that disclosure of information is necessary.
Security Of Your Information
Although no system can ever be 100% secure, we are committed to and take great care in ensuring that your Information is secure. This includes physical security measures, as well as password controlled access and audit trails. In order to prevent unauthorised access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the personal information we collect online.
Where we have given you (or you have chosen) a password to access certain parts of the Services, you must keep this password confidential. You should not share this password with anyone. You are responsible for what happens with your log in credentials.
Miscellaneous (including our contact details)
When using our Services, you may choose not to provide us with certain information, but this may limit the features you are able to use. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by contacting us through phone, email or other channels. Please note that even if you opt out, we may still send you service-related communications.
If you have any security concerns or requests regarding our Services or any complaints or grievances, or if you wish to ask us to any questions about the information which we hold about you or wish us to correct or delete such information, please use the contact information below.
Mail: CMED Health Limited
Apartment # C-5, House # 761
Sofura Garden, Satmosjid Road, Dhanmondi, Dhaka, Bangladesh.
Version – 1, effective from July 01, 2018