Context and Scope

Aster DM Healthcare and its group of companies (hereinafter referred to as “Aster DM Healthcare”, “us”, “we” or “our”) are committed in respecting the privacy of every person who shares Personal Information (as defined in the Section 5) or data with Aster. Your privacy protection is important to us, and we strive to take due care and protection of the information, we possess and receive in respect of people associated with us, (the User). In this regard, we adhere to the various governing laws, statutes and regulations across geographies that Aster operates in (refer to the annexure).

This Privacy and Cookie Policy (“Policy”) applies to the collection, storage, processing, disclosure, and transfer of Personally Identifiable Information (defined below), particularly when you access the websites and microsites operated by Aster for any information or services (“Services”).

The terms ‘you’ or ‘your’ refer to you as the user (registered or unregistered) of the website and/or Services.

 

1)   Access

We collect your ‘Personal Information’ directly from you, from third parties and automatically through our website. This Personal Information, for instance, would include but not limited to the type of device you are using, the time that you logged on to our website, your IP address, Cookies and other Personal Information as listed in Section 5 below.

You may access the Personal Information shared by you with us, in the manner given below. You can further choose to share additional Personal Information with us. DPO@asterdmhealtcare.com

 

2)   Consent

By choosing the opt-in option on the website and thereafter, by providing us your Personal Information or availing Services of Aster or by making use of the functionalities provisioned by the website, it is deemed to be agreed by you that you have, freely consented to the collection, storage, processing, disclosure, and transfer of your Personal Information in accordance with the provisions of this Policy and any amendments thereof.

You acknowledge that you have provided your Personal Information out of your free will and after understanding how it will be used. You also consent that the collection, storage, processing, disclosure, and transfer of any personal and privacy information shall not cause any wrongful loss to you if it is done in accordance with the provisions of this Policy. However, we shall not be liable for any loss that may happen to you owing to the provisioning of wrongful Personal Information by you. We will ask for your explicit consent to share any Personal Information including the Sensitive Personal Information as defined in Section 5.

 

3)   Control over your Personal Information

We will respect your legal rights in relation to your data. Aster is committed in to protecting them and ensuring compliance if you wish to exercise any of the rights under the respective privacy laws: For Example (Including but not limited to):

  • an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your personal data, or
  • a correction request to correct or update any of your Personal Information which we hold, you may submit your request in writing or via email DPO@asterdmhealtcare.com

Please note that if as per regulation it is required to pay a reasonable fee for an access request, we will inform you of the fee before processing your request.

We will respond to your access request as soon as reasonably possible and/or as per the applicable timeframes laid down by the respective privacy laws/ regulation. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing of the same as soon as practically possible. If we are unable to provide you with your Personal Information or to make a correction requested by you, we shall inform you of the reasons why we are unable to do so (except where we are not required to do so under the law).

Please note that depending on the request that is being made, we will only need to provide you with access to the Personal Information contained in the documents requested, and not to the entire documents themselves. For example, the Company may not be obliged to provide the employee with access to the disciplinary records, investigation reports, or decisions to terminate, that the organization has created for evaluative and/or investigative purposes of the employee.

You have the right to withdraw your consent at any point, provided such withdrawal of the consent is intimated to us in writing through an email at DPO@asterdmhealtcare.com requesting the same.

Once you withdraw your consent to share the Personal Information collected by us, we shall have the option not to fulfil the purposes for which the said Personal Information was sought and we may restrict you from using our Services or the website or parts of it as the case may be.

 

Withdrawing consent by Job Applicants:

  • The consent that you provide for the collection, use and disclosure of your Personal Information will remain valid until such time it is being withdrawn by you in writing. If you are a job applicant, you may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to DPO@asterdmhealtcare.com
  • Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.
  • While we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your job application (as the case may be). We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in the section above.
  • Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Information where such collection, use and disclose without consent is permitted or required under applicable laws.

 

4)   Changes to the Policy

We reserve the right to change this Policy from time to time. We will not reduce your rights under this Policy without your explicit consent. We always indicate the date when the last changes were published, and we will offer access to archived versions for your review. If changes are significant, we will provide a more prominent notice (including, for certain Services, email notification of Policy changes).

 

5)   Personal Information Collected

The kinds of information that we collect about you include but are not limited to the following:

  • Patient/Caregiver/Doctor/Health Care Professional Name,
  • Birth date/age,
  • Gender,
  • Address (including country and pin/postal code),
  • Phone number/mobile number,
  • Email address,
  • Physical, physiological, and mental health condition, provided by you and/ or your Health Care Professional,
  • Personal medical records and history,
  • Valid financial information at time of purchase of product/service and/or online payment,
  • Login ID and password,
  • User details as provided at the time of registration or thereafter,
  • Records of interaction with Aster representatives,
  • Your usage details such as time, frequency, duration and pattern of use, features used and the amount of storage used,
  • Master and transaction data and other data stored in your user account,
  • Any other information that is willingly shared by you (collectively referred to as “Personal Information”),
  • Biometrics data,
  • Genetic Data,
  • Transgender Status,
  • Intersex Status,
  • Caste or Tribe,
  • Religious or political belief or affiliation,
  • Sexual orientation,
  • Marital status,
  • Citizenship status,
  • Family Personal Information (as the need may be) (collectively referred to as “Sensitive Personal Information”).

            If you are a job applicant, personal data which we may collect includes, without limitation, your:

  • name or alias, gender, passport number, emirates id, date of birth, age, nationality, and country and city of birth, photographs,
  • mailing address, telephone numbers, email address and other contact details,
  • resume, educational qualifications, professional qualifications and certifications and Employment and/or character references,
  • employment and training history,
  • criminal records,
  • Details related to credentialing and privileging for doctors, nursing staff and pharmacists,
  • work-related health issues and disabilities,
  • family background for your next-of-kin and list of qualified dependent/s including their pertinent information,
  • results of exams and other diagnostic test/s for aptitude, IQ, behavior, DHA /MOH eligibility (for GCC) etc.

 

6)   How we collect Personal Information

The methods by which we collect your Personal Information include but are not limited to the following:

  • When you fill the patient registration form,
  • When you provide details to an Aster Health Care Professional or Aster representative,
  • When you register on our website, or use our App, or our Chatbot,
  • When you provide your Personal Information to us during course of receiving our Services,
  • When you apply for a job using our job portal,
  • When you use the features on our website,
  • When you provide access to any other website,
  • By the use of cookies (more fully detailed in Section 9 of this Policy).

 

7)   Use of Personal Information and Grounds for Lawful Processing of Personal Data:

Your Personal Information may be used or processed for various purposes including but not limited to the following:

  • To provide effective Services,
  • To operate and improve the website and/or our Services,
  • To perform studies, research, and analysis for improving our information, Services, and technologies and ensuring that the content displayed are customized to your interests and preferences,
  • To contact you via phone, SMS, WhatsApp or email for appointments, technical issues, payment reminders, deals and offers and other announcements,
  • To send promotional mailings from us or any of our channel partners via SMS, WhatsApp, email,
  • To advertise products and Services of Aster and its third parties,
  • To transfer information about you if we are acquired by or merged with another company,
  • To share with our business partners for provision of specific Services you have ordered so as to enable them to provide effective Services to you,
  • To administer or otherwise carry out our obligations in relation to any agreement you have with us,
  • To build your profile on our website,
  • To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims; and
  • To investigate, prevent, or act regarding illegal activities, suspected fraud, violations of our terms of use, breach of our agreement with you or as otherwise required by law,
  • To aggregate Personal Information for research, statistical analysis, and business intelligence purposes, or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates, (referred to as “Purpose(s)”).

If you are a job applicant, your personal data will be collected and used by the Company for the following purposes, and we may disclose your personal data to third parties where necessary for the following purposes:

  • assessing and evaluating your suitability for employment in any current or prospective position within the organization; and
  • verifying your identity and the accuracy of your personal details and other information provided.

 

8)   Sharing and Transferring of Personal Information

  • Once you have freely consented to share your Personal Information with us, you authorize us to exchange, transfer, share, part with all or any of your Personal Information, across borders and from your country to any other countries across the world with the Cloud Service Provider and our affiliates / agents / third party service providers / partners / authorities for legal documentation/ banks and financial institutions or any other persons, for the purposes specified under this Policy or as may be required by applicable laws and regulations.
  • You acknowledge that some countries where we may transfer your Personal Information may not have adequate data protection regime or laws that are as stringent as the laws of your own country. You acknowledge that it is adequate that when Aster transfers your Personal Information to any other entity within or outside your country of residence, Aster will place contractual obligations along with technical and organizational measures on the transferee which will oblige the transferee to adhere to the provisions of this Policy.

 

9)   Use of Cookies

  • We may store temporary or permanent ‘cookies’ on your computer. You can erase or choose to block these cookies from your computer. You can configure your computer’s browser to alert you when we attempt to send you a cookie with an option to accept or refuse the cookie. If you have turned cookies off, you may be prevented from using certain features of the website. In the course of displaying advertisements regarding its Services or optimizing Services to its users, Aster may allow authorized third parties to place or recognize a unique cookie on the user’s browser/device. Aster does not store personally identifiable information in the cookies. Further, Aster does not exercise control over the sites displayed as search results or links from within its Services. These other sites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you, for which Aster is not responsible or liable. Aster encourages you to read the privacy policies of all external sites.

 

10)   Security

  • The security of your Personal Information is important to us. We have adopted reasonable security practices and procedures including access governance and information sharing on need-to-know basis, password protection, encryption etc. to ensure that the Personal Information collected is secure. We restrict access to your Personal Information to our and our affiliates’ employees, agents, third party service providers, partners, and agencies on a need-to-know basis and absolutely limiting to the purposes as specified above in this Policy.
  • While we will endeavor to take all reasonable and appropriate steps to keep securing any information which we hold about you and prevent unauthorized access to, you acknowledge that the internet is not 100% secure and that we cannot provide any absolute assurance regarding the security of your Personal Information. We will not be liable in any way in relation to any breach of security or unintended loss or disclosure of information caused due to any reason beyond our control in relation to your Personal Information.

 

11)   Third party references and Links

  • During Your interactions with us, it may happen that we provide/include reference to third parties or fiduciaries, and/or links and hyperlinks of third-party websites. It may also happen that you include links and hyperlinks of third-party websites. The reference of such third parties or listing of such third-party external sites (by you or by us) does not imply endorsement of such party or site by Aster. Such third parties and third-party sites are governed by their own terms and conditions. We do not make any representations regarding the availability and performance of any of the third parties or third-party sites. We are not responsible for the content, terms of use, privacy policies and practices of such third-party websites.
  • Do-not-track requests: There is no standard for how online service should respond to “Do Not Track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online Services. Therefore, we do not honor “Do Not Track” signals. As standards develop, we will revisit this issue and update this notice if our practices change.

 

12)   Children’s Privacy

We understand the importance of taking extra precautions to protect the privacy and safety of children using our Website or Services. We do not knowingly collect any personal data from children under 16 or market to or solicit information from anyone under the age of 16. If we become aware that a person submitting personal data is under 16, we will delete all the information as soon as possible unless it is with the consent and involvement of a parent or guardian. If you believe we might have any information from or about a child under 16, please contact us at Email lD: DPO@asterdmhealthcare.com

13)   Compliance with the applicable Laws:

  • You are not allowed to use the Services of the website if any of the terms of this Policy are not in accordance with the applicable laws of your country.

 

14)   Term of storage of Personal Information

  • Aster shall store Your Personal Information at least for a period of three years from the last date of use of the Services or Website or for such period as may be required by law.

 

 

Annexure 1:

Middle East regions Aster operates in, and their Data Protection laws

Qatar: – Qatari Law no. 13 of 2016

Bahrain: – Bahrain Law No. 30 of 2018

Saudi Arabia: – The KSA Personal Data Protection Law

Oman: – Royal Decree 6/2022 – The Personal Data Protection Law (PDPL)

Jordan: – Draft Personal Data Protection Law of 2021

India

Personal Data Protection Bill, 2019

IT Amendment Act 2008

Europe

If any of the user is based of Europe and sharing his/her personal information on Aster website, GDPR shall be applicable.