Dr. B. L. Kapur Memorial Hospital, a unit of Lahore Hospital Society registered under the Societies Registration Act, 1860 (referred to as “we”, us”, “BLK-Max Hospital”) is the author and publisher of the internet resource www.blkmaxhospital.com (referred to as “Website”) on the world wide web as well as other software and applications provided by BLK-Max Hospital. BLK-Max Hospital provides the Services in partnership with its representatives, associates, agents, affiliates, or other third parties (together referred to as “Partners”)
a. Section 43A of the Information Technology Act, 2000;
b. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); and
c. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
a. The type of information collected from the Users, including sensitive personal data or information;
b. The purpose, means and modes of usage of such information; and
c. How and to whom we will disclose such information.
In order to better knowing the User of our Website; when you access the Services, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:
a. Contact data (such as your email address and phone number);
b. Demographic data (such as your gender, your date of birth and your pin code);
c. Data regarding your usage of the services and history of the appointments and other transactions made by or with you through the use of Services;
d. Health or medical data (such as your past medical history and conditions, diagnostic reports, prescriptions and medication history)
e. Insurance data (such as your insurance carrier and insurance plan); and
f. Other information that you voluntarily choose to provide to us (such as your correspondence address details, family details work details etc.)
The information collected from you by BLK-Max Hospital may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules. Personal information is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
The SPI Rules further define “sensitive personal data or information” of a person to mean personal information about that person relating to:
b. financial information such as bank accounts, credit and debit card details or other payment instrument details;
c. physical, physiological and mental health condition;
d. sexual orientation;
e. medical records and history;
f. biometric information;
g. information received by body corporate under lawful contract or otherwise;
h. visitor details as provided at the time of registration or thereafter; and
i. Call data records
Information that is freely available in the public domain or accessible under the Right to Information Act, 2005 or any other law will not be regarded as personal information or sensitive personal data or information.
b. All the information provided to us by a User, including sensitive personal information, is voluntary. You understand that BLK-Max Hospital, either itself or with its Partners, may use certain information of yours, which has been designated as ‘sensitive personal data or information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non- personally identifiable form for research, statistical analysis and business intelligence purposes, for (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to our Partners. BLK-Max Hospital also reserves the right to use information provided by or about the User for the following purposes:
i. Publishing such information on the Website.
ii. Contacting Users for offering new products or services.
iii. Contacting Users for taking product and Service feedback.
iv. Analyzing software usage patterns for improving product design and utility.
v. Analyzing anonymized information for commercial use.
You hereby give your consent to such use of such information by BLK-Max Hospital and our Partner(s).
d. Users’ personally identifiable information, which they choose to provide on the Website is used to help the Users describe/identify themselves better. Other information that does not personally identify the Users as an individual, is collected by BLK-Max Hospital or our Partners from Users (such as, patterns of utilization described above) and is exclusively owned by BLK-Max Hospital or its partners. We or our Partners may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties. In particular, we and our Partners reserve with us the right to use anonymized User demographics information and anonymized User health information for the following purposes:
i. Analyzing software usage patterns for improving product design and utility.
ii. Analyzing such information for research and development of new technologies.
iii. Using analysis of such information in other commercial product offerings of BLK-Max Hospital or our Partners.
iv. Sharing analysis of such information with third parties for commercial use.
e. You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on your profile information page on the Websites or by contacting us at email@example.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or BLK-Max Hospital has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, BLK-Max Hospital may, at its sole discretion, discontinue the provision of the Services to you.
f. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us through firstname.lastname@example.org. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us or our Partners as long as necessary for us to provide our Services effectively or improve the Services, but our use of the anonymized data will be solely for analytic purposes.
g. BLK-Max Hospital may require the User to pay with a credit card, debit card, net banking or other online payment mechanisms for Services for which an amount(s) is/are payable. BLK-Max Hospital will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process offered by a third party payment gateway. User’s credit card / debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
h. Due to the communication standards on the Internet, when a User or anyone who visits the Website, we automatically receive the URL of the site from which anyone visits. We also receive the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), User’s computer/ device operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help BLK-Max Hospital improve its Services. The linkage between User’s IP address and User’s personally identifiable information may be available to us or our Partners but is not shared with other third parties. Notwithstanding the above, we may share some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow our business.
j. In order to have access to all the features and benefits on our Website, a User must first create an account on our Website. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is personal information allowing others, including BLK-Max Hospital, to identify the User: Name, User ID, E-mail address, Correspondence Address, Date of Birth, Gender, Contact Details and password chosen by the User. Other optional information may be requested on the registration page. We may, in future, include other optional requests for information from the User to help us to customize the Services to deliver personalized information to the User. However, We assume your consent in relation to various matters, once you complete the registration process.
l. The Services may enable a User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorized representatives or agents of BLK-Max Hospital, and their opinions or statements do not necessarily reflect those of BLK-Max Hospital, and they are not authorized to bind BLK-Max Hospital to any contract. BLK-Max Hospital hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.
m. BLK-Max Hospital may periodically ask users to complete surveys asking about their experiences with features of the Websites and Services. Our surveys may ask visitors for demographic information such as age, gender, and education. We use survey information for evaluation and quality improvement purposes, including helping BLK-Max Hospital to improve information and services offered. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.
n. Comments or questions sent to us using email or secure messaging forms will be shared with our employees and health care professionals who are most able to address the comment or question. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. Some of our services such as our automated appointment selection and prescription refill for BLK-Max Hospital generated prescriptions interact directly with other BLK-Max Hospital data systems. Data about your transaction may be stored in these systems, and available to people who test and support these systems. When you use a service on the Websites to interact directly with BLK-Max Hospital health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.
o. Our Website may include social media Features, such as the Facebook, Twitter, YouTube, Instagram and LinkedIn buttons. These Features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Your interactions with these Features are governed by the privacy statement of the company providing them.
p. If you are using the Website, with your permission, we will use the geo-location feature of your device or same or similar feature of the device you are using to access the Website. BLK-Max Hospital and our Partners do not share your location information with other any third party. You may opt out of location based services on your device by changing the relevant/ applicable setting at your device level.
r. BLK-Max Hospital has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices through which the User avails the Services, BLK-Max Hospital or its Partners shall not be held liable for any loss whatsoever incurred by the User.
s. BLK-Max Hospital ensures that it and its partners implement reasonable security practices and procedures that are commensurate with respect to the information being collected and the nature of BLK-Max Hospital’s business. The reasonable security practices and procedures implemented by BLK-Max Hospital include but are not limited to: encrypting data when it is on the move using industry standard practices, regularly changing production keys and password, secure access to all production servers, performing regular security updates on our servers and more.
v. To the extent necessary to provide Users with the Services, BLK-Max Hospital may provide their personal information to third party contractors who work on behalf of or with BLK-Max Hospital to provide Users with such Services, to help BLK-Max Hospital communicate with Users or to maintain the Website. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Website, including the providers of online communications services, will have rights to use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies.