DigiDxDoc - Privacy Policy

DigiDxDoc: Privacy Policy

Version of February 18th, 2024

1. Recitals

The protection of individuals regarding the processing of their Personal Data (as defined below) is a fundamental right that DigiDxDoc Health Solutions Private Limited ("DigiDxDoc") takes very seriously.

DigiDxDoc processes Personal Data as part of its relations with its visitors, prospects, partners, clients, employees, job applicants, contacts, investors, service providers, patients, contractors, and any users of its website: www.digidxdoc.com (the “Website”) (collectively referred to as the “Individuals”).

DigiDxDoc is firmly committed to conducting its business in accordance with applicable data protection regulations and, particularly, the General Data Protection Regulation (EU) 2016/679 of April 27th, 2016 (“GDPR”), which aims to protect individuals’ rights regarding the collection, use, retention, transfer, disclosure, and destruction of their Personal Data.

The purpose of this privacy policy (“Privacy Policy”) is to set forth the types of Personal Data DigiDxDoc may receive from Individuals' interactions with DigiDxDoc, notably through its media platforms.

DigiDxDoc strives to ensure adequate protection of Individuals’ Personal Data, preserve the protection and security of Individuals’ Personal Data, and inform and uphold Individuals' rights.

What Personal Data is DigiDxDoc collecting and processing about Individuals? Why is DigiDxDoc processing Individuals’ Personal Data? What are the legal bases that entitle DigiDxDoc to do so? From what sources does DigiDxDoc collect Individuals’ Personal Data? Who are the authorized parties allowed to process Individuals’ Personal Data by DigiDxDoc? How does DigiDxDoc ensure the security and protection of Individuals’ Personal Data? How long will DigiDxDoc keep Individuals’ Personal Data? What are Individuals’ rights regarding the processing made by DigiDxDoc on Individuals’ Personal Data? How can Individuals exercise their rights?

Please read the following Privacy Policy carefully, and note that the following definitions will apply to this Privacy Policy:

Data Controller(s): DigiDxDoc Health Solutions Private Limited.

Data Processor(s): Natural person or legal entity who processes Personal Data on behalf of DigiDxDoc.

Data Recipient(s): Individual or legal entity who receives Personal Data from DigiDxDoc. Data Recipients may therefore also be employees of DigiDxDoc or external entities (e.g. partners such as healthcare organizations or professionals, suppliers, service providers, clients, exhibitors, banks, agents, etc.).

Data Subject(s): the Individuals.

Personal Data: refers to any information or pieces of information that can directly or indirectly identify a Data Subject, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

2. Objective

The purpose of this Privacy Policy is to meet the information obligation of DigiDxDoc under the GDPR (Article 12 to 14) and to document the rights of the Individuals regarding the processing of their Personal Data.

3. Scope

This Privacy Policy applies to all processing of Individuals’ Personal Data by DigiDxDoc Health Solutions Private Limited. DigiDxDoc makes every effort to ensure that Personal Data is processed within the framework of strict internal governance. However, this Privacy Policy only covers Personal Data for which DigiDxDoc is the Data Controller and does not extend to processing performed outside of DigiDxDoc's specified governance framework. Personal Data may be processed directly by DigiDxDoc or via designated Data Processors. Specific privacy notices and consent forms will be provided to Individuals as necessary for specific processing activities.

4. Purposes

DigiDxDoc processes Personal Data for various purposes including:

Business and contractual relationships, including management of agreements with academic and non-academic partners, invoicing, and accounting
Research and development activities, including scientific studies and projects involving data from partners or biobanks.
Compliance with legal, regulatory, and ethical obligations, such as industry standards and data protection laws.
Marketing purposes, such as campaigns, newsletters, targeted advertising, and events.
Recruitment management.
Website management.
Protection of DigiDxDoc's rights and interests, including investigation and litigation.

Any new use or modification of existing processing will be communicated through updates to this Privacy Policy.

5. Lawfulness of Processing

DigiDxDoc processes Personal Data based on the following legal bases:

Legitimate interests of DigiDxDoc or third parties, ensuring balance with Data Subjects' rights.
Compliance with applicable legislation.
Consent of the Data Subject for specific purposes.
Performance of a contract with the Data Subject or their employer.
Public interest where applicable.

6. Types of Personal Data Processed

Personal Data processed by DigiDxDoc may include:

Non-technical data: Identity, contact details, professional data, bank details, etc.
Technical data: Browsing history, device information, etc.
Sensitive Personal Data as defined by GDPR Article 9, with appropriate measures taken to ensure protection and confidentiality.

Specific notices and consent forms will be provided for processing involving sensitive data

7. Ownership of Supplemented Data

Supplemented data resulting from DigiDxDoc's processing and analysis remains the exclusive property of DigiDxDoc.

8. Personal Data Sources

Personal Data is primarily collected directly from Data Subjects (direct collection). Indirect collection may occur through authorized partners, clients, service providers, and suppliers of DigiDxDoc Health Solutions Private Limited, ensuring compliance with their own privacy policies and applicable laws. DigiDxDoc ensures the quality of received data and directs Data Subjects with any questions regarding initial data collection to the respective parties or their data protection policies.

9. Children's Personal Data

DigiDxDoc’s Website is not intended for children under thirteen (13) years old. DigiDxDoc does not knowingly process Personal Data from children under thirteen (13) years old through its Website. Parents or guardians discovering their child has provided Personal Data to DigiDxDoc should promptly contact DigiDxDoc's Data Protection Officer to request deletion of the data in accordance with applicable data protection laws.

10. Personal Data Recipients

DigiDxDoc ensures that Personal Data is accessible only to authorized internal and external recipients necessary for the intended purposes. Internal recipients may include various departments responsible for business operations, while external recipients may include partners, legal or administrative authorities, or potential acquirers. All recipients are bound by confidentiality obligations, and DigiDxDoc determines access rights through contracts or internal policies. DigiDxDoc does not sell Personal Data to third parties.

11. Transfer of Personal Data to Third Countries or International Organizations

In cases where DigiDxDoc needs to transfer Personal Data from the European Economic Area (EEA) to recipients outside the EEA, adequate safeguards are implemented as required by the GDPR, such as ensuring adequacy decisions from the European Commission or implementing Standard Contractual Clauses.

12. Retention Period

The retention period for Personal Data is defined by DigiDxDoc in compliance with legal and contractual obligations. Retention periods vary depending on the purpose of processing, such as contractual relations, job applications, or contact information. After the specified retention period, Personal Data is either deleted or anonymized, subject to statutory retention or legal obligations.

13. Data Subjects' Rights

Data Subjects have various rights under applicable data protection laws, including rights to confirmation, access, rectification, objection, deletion, restriction of processing, data portability, and rights concerning automated decision-making and profiling. Requests to exercise these rights should be submitted in writing to DigiDxDoc's Data Protection Officer, accompanied by proof of identity. DigiDxDoc will respond within a reasonable timeframe.

14. Data Processors

DigiDxDoc may engage Data Processors for processing Personal Data, ensuring compliance with data privacy laws and regulations. Contracts with Data Processors impose similar data protection obligations as DigiDxDoc and may be subject to audits.

15. Security

DigiDxDoc implements technical and organizational measures to protect the integrity and confidentiality of Personal Data, considering the nature and purpose of processing and associated risks. Measures include access management, backups, security audits, and business continuity plans.

16. Personal Data Breach

In the event of a Personal Data breach, DigiDxDoc will notify the competent data protection authority as required by the GDPR. High-risk breaches will also prompt notification to affected Data Subjects along with necessary information and recommendations.

17. Data Protection Officer

DigiDxDoc has appointed a Data Protection Officer reachable via email or post. Data Subjects may contact the Data Protection Officer for inquiries or assistance regarding Personal Data processing.

18. Processing Record

DigiDxDoc maintains a record of all processing activities as required by data protection regulations, providing necessary information to supervisory authorities upon request.

19. Right to Submit a Complaint to Supervisory Authority

Data Subjects have the right to lodge complaints with the competent supervisory authority if they believe DigiDxDoc's processing of their Personal Data violates applicable data protection laws and regulations.

20. Amendment of Privacy Policy

This Privacy Policy may be amended or supplemented to reflect legal developments, new uses, or recommendations from supervisory authorities. Updated versions will be made available on DigiDxDoc's website.

21. Further Information

For general information on Personal Data protection, Data Subjects may refer to the website of the competent supervisory authority.

22. Contact Information

For additional information or assistance, Data Subjects may contact DigiDxDoc via email or post to the attention of the Legal Department.