This privacy policy covers Our treatment of personally identifiable information ('Personal Information') that We gather when You are accessing or using Our Services and features through Our Application or Site. This policy does not apply to the practices of vendors and other companies that We do not own or control, or to individuals that We do not employ or manage.
Niyama Healthcare Inc herein referred to as Niyama is concerned about privacy issues and wants you to be familiar with how we collect, use, and disclose information and does so in accordance with laws applicable to our business. This Privacy Policy describes our practices in connection with information that we collect through websites operated by us from which you are accessing this Privacy Policy (the “Website”), through the software applications made available by us for use on or through computers and mobile devices (the “Apps”), and through our social media pages that we control from which you are accessing this Privacy Policy, as well as through HTML-formatted email messages that we may send to you.
Personal Information
Personal Information We May Collect
“Personal Information” is information that identifies you as an individual or relates to an identifiable person, including Name, Email address, Mobile Number, Socio-Demographic Details, Health Information in connection with the quizzes, tests, and questionnaires and Personal Health Information an Electronic Health Record we make available through ourServices.
We receive and store any information you knowingly provide to us. For example, we also collect personal information such as birth date, weight, height, nutrition data, workouts, physical activity, photographs, biometric information, and sleep habits and certain health-related information in order to further develop and improve Our offerings in the Application and Site. You can choose not to provide us with some such information, but then you may not be able to register with us or to take advantage of some of Our features if such information is required to access those specific features. Wherever required, We shall anonymize Your personal information so that You cannot be individually identified.
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register with Us. If You are under 18, please do not attempt to register or send any information about yourself to Us, including Your name, address, telephone number, email address or provide your biometric information. No one under age 18 may provide any personal information to Us. In the event that We learn that We have collected personal information from a child under age 18 without verification of parental consent, We will delete that information as quickly as possible. If You believe that We might have any information from or about a child under 18, please contact Us at legal@niyama.ai
If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services, whether related or not, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
How We May Collect Personal Information
We and our service providers may collect Personal Information in a variety of ways, including:
Through the Services:
We may collect Personal Information directly from you through the Services, e.g., when you answer a Questionnaire or register for an account or fill up or answer your Personal Health Information or from your Mobile App either active or passive data.
From Other Sources:
We may receive your Personal Information from other sources with your consent or as permitted by applicable law, such as from your insurance or healthcare provider, diagnostic labs, employers, public databases, joint marketing partners and other third parties.
How We May Use and Disclose Your Personal Information
Niyama may have an arrangement with your insurance or healthcare provider and under that arrangement may be permitted to use and disclose your Personal Information as directed by them, consistent with applicable law. Niyama also uses and discloses Personal Information to provide the Services as described below.
How we may use Personal Information:
To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Questionnaire, assessments that you have taken or Personal Health Information or answers or information that you have provided or answered to our Clinicians, Doctors, specialists’ consultants etc.
To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions, and policies.
To provide personalized health care services and experiences by presenting Questionnaires, forms, Health Information requests, feed backs or any other form of request through chat or text mode etc.
For our internal management and business purposes, such as data analysis, research, developing new services, enhancing, improving, or modifying the Services, for audits fraud monitoring and prevention, identifying usage trends, but in some cases that will be only to the extent such use of Personal Information is permitted or required by your insurance or healthcare provider and applicable law.
As we believe to be necessary or appropriate, and only as permitted under the Health Insurance Portability & Accountability Act and amendments thereto (HIPAA) or other applicable law such as DISHA (Digital Information Security in Healthcare Act India (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
For such other purposes as you may consent or as may be authorized or required by applicable law.
Your Personal Information may be transferred or disclosed:
- To our third-party service providers who assist us to provide the Services (such as website hosting, data analysis, researchers, information technology and related infrastructure provision, email delivery, auditing, and other services), and with whom we have a contract that includes appropriate privacy obligations.
- To third parties, such as your insurance or healthcare provider or diagnostic labs, or information in the form of e-prescription which we provide to Pharmacy distributorsor online pharmacy retailers for door delivery of medicine which is consistent with your instructions. For example, you may opt in to allow us to share your responses to and results of any Questionnaires.
- We disclose your Personal Information for a business purpose to the following categories of third parties Service Providers who provide technology services, Cloudhosting, email marketing and delivery, medical record management, telehealth video platform, service desk management, platform usage analytics, business analytics, SMS delivery, log aggregation, geolocation etc.
As we believe to be necessary or appropriate, and only as permitted under HIPAA and DISHA India Act or under other applicable law, (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
To such third parties and for such purposes to which you consent, or which may be authorized or required by law.
“Other Information”
We may collect “Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
- Browser and device information
- App usage data
- Information collected through wearables, chat bots.
- Information collected through cookies, pixel tags and other technologies
- General demographic information
- Aggregated information
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Policy.
How We May Collect “Other Information”
We and our third-party service providers may collect Other Information in a variety of ways, including:
- Through your browser or devices: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
- Through your use of the Apps: When you download and use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
- Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates.
- Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
- Physical Location: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WIFI signals. We may use your device’s physical location to provide you with personalized location-based services and content. You may be permitted to allow or deny such use, but, if you do, we may not be able to provide you with the applicable personalized services and content.
- From you: Information such as your preferred means of communication is collected when you voluntarily provide it.
E-mail and other communications:
We may contact You, by email or other means; for example, we may send You promotional offers on behalf of other businesses or communicate with you about your use of the Mobile App or the Product. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make emails more interesting and improve our service. If you do not want to receive email or other mail from us, please indicate your preference by clicking on unsubscribe@niyama.ai or emailing us at support@niyama.ai.
When you send email or other communication to Us, we retain those communications in order to process your inquiries, respond to your requests, and improve our services.
We offer some of our Services in connection with other websites. Personal information that you provide to those websites is sent to Us in order to deliver the Service. We process such information in accordance with this Policy. The affiliated websites have different privacy practices and we encourage you to read their privacy policies.
We present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our offering.
How We May Use and Disclose Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information if it is combined.
Third Party Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other technology provider, app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Services.
Security and Retention
We seek to use administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the Personal Information in our custody or control.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below.
We will retain your Personal Information in a file specific to you at our offices at New No 11 Rukmani Street, West Mambalam, Chennai 60033 and the data centers of our service providers and the same shall be subject to change from time to time.
We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
As our operations are conducted from India, all Personal Information that we collect is used and stored in India, is subject to Indian laws, and may be subject to disclosure to Indian Governments, governments, courts or law enforcement or regulatory agencies pursuant to those laws.
Individual Rights
The following six rights are collectively referred to as the “Individual Rights.”
- The right to access- You have the right to request copies of your personal data that Niyama possesses. We may charge you a small fee for this service.
- The right to rectification - You have the right to request that Niyama shall correct any information you believe is inaccurate. You also have the right to request that Niyama on any complete information you believe is incomplete.
- The right to erasure — You have the right to request that Niyama erase your personal data, under certain conditions.
- The right to restrict processing - You have the right to request that Niyama restrict the processing of your personal data, under certain conditions.
- The right to object to processing - You have the right to object to Niyama processing of your personal data, under certain conditions; and
- The right to data portability - You have the right to request that Niyama transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you would like to exercise any of your Individual Rights regarding Personal Information that you have previously provided to us, you may do so by logging into your account within the Services or by contacting us in accordance with the “Contacting Us” section below.
In your request, please make clear what Individual Right you are exercising. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in compliance with applicable law.
Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
We may be prevented from complying with a request to exercise an Individual Right. In such circumstances, we will respond to your request to exercise your Individual Right with a response stating that we cannot comply with such a request and, if legally allowed, why we cannot comply.
Data Security
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include internal reviews of our data collection, storage and processing practices, and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal information.
We restrict access of personal information to Our employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations the breach of which will result in appropriate disciplinary action against them including termination and /or criminal action against them as the case may be.
However, please note that no data transmission over the Internet can be guaranteed to be 100% secure. Though we do Our best to protect all information, We cannot ensure or warrant the security of any information that you voluntarily give Us.
Website Areas Beyond Our Control
We may choose various third party websites to link to, link from, within Our Website. We have no control over these linked sites, each of which has separate privacy and data collection practices that may be different from Ours. We have no responsibility or liability for these independent policies or actions and are not responsible for the privacy practices or the content of any such websites. Please make sure you are familiar with the privacy practices of every site you visit and provide personal information to such sites only if you are convinced of their privacy practises. Please remember that your access to these linked sites are at your choice and you therefore access them at your own risk.
We also may make chat rooms, forums, and message boards available to you through the Services. Please remember that we cannot control the information that is shared by members and that anything you voluntarily provide in any public area of the Internet will be publicly available to other visitors on that website and potentially to other third parties. Thus, please note that you should always exercise caution when deciding to publicly disclose any of your personal information in these and similar areas.
Use of Services by Minors
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register with Us. If You are under 18, please do not attempt to register or send any information about yourself to Us, including Your name, address, telephone number, email address or provide your biometric information. No one under age 18 may provide any personal information to Us. If We learn that We have collected personal information from a minor under the age of 18 without their parental consent, we will delete that information as quickly as possible. If you believe that We might have any information from or about a child under 18, please contact Us at support@niyama.ai.
We are committed to protecting the privacy of children in connection with the use of our Services. This section explains our online information collection, disclosure, and parental consent practices with respect to information collected from children under the age of 13 (“child” or “children”) in accordance with the India’s Children’s Online Privacy Protection Act and its rules (collectively referred as “COPPA”). For purposes of this section, any references to a parent also encompasses legal guardians. This section only applies to children under the age of 13 and supplements the other provisions of this Privacy Policy.
Our Services include online services that may be used to facilitate mental health care for a child. Children under the age of 13 cannot directly register for Niyama mental health care services; hence we require that all child accounts be created by a parent or legal guardian, and associated with the parent’s or legal guardian’s account, to ensure that we can comply with our notice and consent obligations under COPPA. Please note that certain circumstances thelaws may permit a child to directly obtain certain types of health care services independent of their parent or legal guardian, which is a right separate from registering for an account with Niyama.
During the account registration process, the parent or legal guardian can create a child’s account by following our instructions for doing so and providing certain information about the child, such as name, date of birth, email address, and/or mailing address. Please do not provide account credentials to your child. If your child directly uses your Niyama account, either with or without your permission, we may collect information directly from your child.
When creating an account for a child, parents and legal guardians an informed consent shall be requested for verifying that the User is the parent or legal guardian of the verified minor, that the User has the authority to make medical decisions about the health of the minor, and that the User has received, reviewed, and accepted this Privacy Policy and the terms within the informed consent (Informed Consent). If we learn that we have collected Personal Information from a child under 13 who is not the verified minor of a User or for whom no Informed Consent has been obtained from the parent or guardian, we will delete that information as quickly as possible.
If a parent or legal guardian chooses not to consent to the collection and use of their child’s Personal Information, they may not create an online account for the child. At any time, a parent or legal guardian may revoke their consent. Once consent is revoked, a child may not use any Services online, unless a new consent is obtained.
The above sections of this Privacy Policy contain details about the information we collect, which extend to information we collect about children. The information we collect will be used and disclosed for the purposes described above. We will not require a child to disclose more information than is reasonably necessary to participate in an activity.
No Personal Information about a child will be made available to the public or sold. We may engage employees and third-party services providers to work with us to administer and provide the Services or to promote our Services. These employees and third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf, always in accordance with all applicable laws, including HIPAA, and are expressly obligated not to disclose or use your Personal Information for any other purpose. You have the right to agree for us to collect and use your child’s Personal Information but still not allow disclosure to third parties unless such disclosure is part of our Services.
In addition to your right to revoke your consent for the collection of your child’s Personal Information, you may request to review the Personal Information we have collected from your child or ask to delete the information we have collected from your child unless we are required by law to maintain that information. Please submit your request or any questions to us at care@niyama.ai.
Service Providers:
We may employ third party companies and individuals to facilitate our Platform, to perform certain tasks which are related to the Platform, or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting and analytics. We will share with them only the minimum necessary information to perform their task for us and only after entering into appropriate confidentiality agreements. We require these third parties to comply strictly with its instructions and we require that they not use your personal information for their own business purposes. All 3rd parties have been carefully selected for their highest standards of security as well as their compliance with HIPAA.
PLEASE NOTE:
If our Application is made available as a pre-loaded feature or widget within an application or on a smart device, the provider of the device may bundle the relevant terms of this Policy with their own Privacy Policies. Kindly check the settings of the smart device or the terms of use of the Application before using Our Application.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you any of the following, as requested:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you. Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information. The specific pieces of personal information we collected about you.
If we disclosed your personal information and identify the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to comply with a legal obligation.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Updates to This Privacy Policy
We may change this Privacy Policy. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.
Contacting Us
If you have any questions about this Privacy Policy, please contact us at support@niyama.ai. Since email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.