1. Nature and Objective
1.2.1. Information Technology Act, 2000;
1.2.2. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
1.2.3. Information Technology (Intermediaries Guidelines) Rules, 2011.
1.3.1. The kinds of information collected from the Users including Personal Information [as defined in Clause 2] and Sensitive Personal Data or Information [as defined in Clause 2] (collectively, “User Information”); and the modes of collecting User Information;
1.3.2. The manner in which OneHealth uses, processes, retains and destroys the User Information;
1.3.3. Modes of disclosing the User Information.
2. Type of User Information Collected and Stored:
2.1. The information collected from the Users may constitute “Personal Information” or “Sensitive Personal Data or Information” under the SPI Rules.
2.1.1. “Personal Information” is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
2.1.2. “Sensitive Personal Data or Information” of a person means personal information about that person relating to:
220.127.116.11. financial information such as bank accounts, credit and debit card details or other payment instrument details;
18.104.22.168. physical, physiological and mental health condition; sexual orientation;
22.214.171.124. medical records and history;
126.96.36.199. biometric information;
188.8.131.52. information received by body corporate under lawful contract or otherwise;
184.108.40.206. visitor details as provided at the time of registration or thereafter; and
220.127.116.11. call data records.
2.2. OneHealth shall collect such information from the User in order to, among other things, facilitate and ensure efficient provision of Services to the Users, improve its Website, etc. It includes, but is not limit to the following:
2.2.1. OneHealth shall collect and maintain all the information that the Users provide at the time of registration.
2.2.2. OneHealth shall collect financial information like credit card number, debit card number and such other information that is essential to successfully facilitate a successful payment or financial transaction. The transaction however will be completed only upon verification through the authentication process, which shall be solely established by the Customer
2.2.3. OneHealth shall maintain a record of all the prescriptions that the Customers may upload in order to purchase products or avail services.
2.2.4. OneHealth may also conduct surveys (which is optional for the Users), in order to understand User preferences and to target advertisements. User responses however will be maintained in anonymous/aggregated forms.
2.2.5. When any User visits the Website, OneHealth will automatically receive the URL of the site from which User comes and the site to which the User goes, the IP address of the User’s computer or the proxy server as the case may be, User’s computer operating system and type of web browser the User is using, email patterns, name of User’s ISP and other such information. Such information, which is not Personal Information or which does not personally identify the Users (“Non-Personal Information”), as well as the nexus between the Non-Personal Information and the User’s identity shall remain confidential for all purposes and will be used in anonymized/aggregated form for research, analysis, administration, intelligence and other such purposes which will help OneHealth improve its services or its Website
2.2.6. OneHealth uses temporary cookies in order to store certain kind of information, which is also Non-Personal Information, but which will assist OneHealth in research, analysis, administration, intelligence and other such purposes which will help OneHealth improve its services or its Website.
2.2.7. OneHealth may also maintain records of telephonic conversations with its Users for various purposes like research, analysis, administration, intelligence, etc
2.2.8. Other information which OneHealth may seek from its User, includes but is not limited to those which enable the Users to receive promotional offers from OneHealth, those which will assist OneHealth to customize its Website to deliver personalized information to the User, etc
3. OneHealth Roles and Responsibilities
3.2. OneHealth will not collect any information of any of the User from any other outside source, other than that information which is expressly sought for on the Website.
3.3. OneHealth shall not share or disclose any contact information of the User to any third party without the User’s consent
3.4. OneHealth shall take all reasonable steps to ensure confidentiality of all the data.
3.9. OneHealth shall exclusively own all the Non-Personal Information. OneHealth may use such Non-Personal Information in anonymized/aggregated form for research, analysis, administration, intelligence and other such purposes. OneHealth may also transfer/sell such Non-Personal Information to any other third-party personnel/affiliates
3.10. OneHealth shall ensure that financial transactions are facilitated upon secure sites of approved, authorized and digitally encrypted payment gateways, thereby providing highest possible degree of security. Users however agree and understand that despite OneHealth having employed every reasonable measure to ensure utmost security, internet technology is still not absolutely infallible, and that OneHealth shall not be held liable for any breach which may occur despite having taken all reasonable measures.
3.11. OneHealth assures the Users that all of OneHealth’s directors, employees, officers, agents, consultants, licensors, representatives or other personnel who are associated with OneHealth (collectively “Employees”) who have access to User Information are bound by non-disclosure agreements to maintain confidentiality of User Information
3.12. OneHealth assures to all the Users that it has implemented industry standards security policies and other measures to safeguard all the User Information from accidental loss or unauthorized, illegal or improper access, modification, use, disclosure or destruction.
4.2. OneHealth may retain User Information as long as necessary, depending on the type of information, purpose, modes of use.
5. All Users’ Duties and Obligations
5.1. The Users shall ensure the accuracy of any and all information they provide to OneHealth. In the event OneHealth learns that the information provided is not accurate, or reasonably suspects it to be incorrect, OneHealth may terminate the account of the User and discontinue provision of Services at its own discretion
5.4. The User is responsible for, and shall ensure confidentiality of their account access information and password, other log-in details, use of the account, etc. Each User shall exclusively use his/her account
5.5. In the event the User suspects any unauthorized access or use of his/her account, the User shall immediately notify OneHealth.
5.6. As mandated by Regulation 3(2) of the IG Rules, OneHealth hereby informs the User that the User is not permitted to host, display, upload, modify, publish, transmit, update or share any information that
5.6.1. Belongs to another person and to which the User does not have any right to;
5.6.2. is grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, pedophilic, libelous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
5.6.3. harm minors in any way;
5.6.4. infringes any patent, trademark, copyright or other proprietary rights;
5.6.5. violates any law for the time being in force;
5.6.6. deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
5.6.7. impersonate another person;
5.6.8. contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;
5.6.9. is prohibited under applicable law for the time being in force including Drugs and Cosmetics Act, 1940, the Drugs and Magic Remedies (Objectionable Advertisements) Act, 1954, the Indian Penal Code, 1860 as amended from time to time and rules made there under
5.6.10. threatens the unity, integrity, defense, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognizable offence or prevents investigation of any offence or is insulting any other nation
5.6.11. The User is also prohibited from:
18.104.22.168. Tampering or attempting to tamper with any part of OneHealth Content, or security or integrity of the Website
22.214.171.124. Acting or omitting to act in such manner so as to disrupt efficient service delivery
126.96.36.199. intentionally submitting on the Website any incomplete, false or inaccurate information;
188.8.131.52. making any unsolicited communications to other Users;
184.108.40.206. using any engine, software, tool, agent or other device or mechanism (such as spiders, robots, avatars or intelligent agents) to navigate or search the Website;
220.127.116.11. attempting to decipher, decompile, disassemble or reverse engineer any part of the Website
18.104.22.168. copying or duplicating in any manner any of the OneHealth Content or other information available from the Website;
22.214.171.124. framing or hotlinking or deep-linking any OneHealth Content
6. All Users’ Note
6.1. The User agrees that he/she provides any or all User Information voluntarily, by his/her own free will and volition.
6.2. The User consents that OneHealth may use the User Information for any or all purposes that will enable it to efficiently provide its Services.
6.3. The Users shall, from time to time, provide and update information relating to the products or services offered by such User, or any other information in order to ensure the accuracy of information provided to OneHealth
6.4. If the User wants to modify any information already submitted to OneHealth, including but not limited to contact details, the User can modify such information by logging-in his/her account. In such cases, OneHealth may keep the copy of the information which the User had originally submitted to OneHealth.
6.8. User shall view, access and use the OneHealth Content solely for the purposes of visiting/browsing to learn about OneHealth, purchasing products or availing services from Service Providers, or for the purposes of communicating with OneHealth.
7. Service Providers’ Note:
7.1. Service Providers are required by OneHealth to submit information at the time of registration (“Service Provider Information”). Such Service Provider Information shall be owned by OneHealth. It shall be used for commercial purposes or in anonymized/aggregated form for research, administration, analysis and intelligence purposes, which can be transferred/sold
7.2. The Service Provider Information is displayed when Users search for such Service Providers, and such Service Provider Information is used by Customers to order for products/services
7.3. The Service Providers agree and understand that OneHealth may, at its discretion, make available any other Service Providers to the Users.
7.4. The Service Providers must ensure the confidentiality of any or all User Information they become privy to, while providing consultation or in the course of their duties.
7.5. The Service Providers must respond to the Customer within 10 working days from the date on which the Customers reach out to the respective Service Providers
7.6. Service Providers shall not manipulate or attempt to manipulate the prices of the offered products and services.
8. Customers’ Note:
The Customers must, in order to purchase products or avail services of the Pharmacies or Labs, upload prescriptions by registered medical practitioners, on the Website. Such prescriptions can be accessed or used by Customers and other authorized Users.
9. Casual Visitors’ Note:
10. Disclosure Norms:
10.1. OneHealth makes the User Information accessible to the Employees on a need-to-know basis, and the Employees are subjected to strict non-disclosure obligations
10.3. Regulation 7 of the SPI Rules provides that sensitive personal data or any such information can be transferred to any other body corporate or a person in India, or located in any other country that ensures the same level of data protection that OneHealth adheres to; and that such transfer may be allowed only if it is necessary for the performance of the lawful contract between OneHealth and the User or where the User has contented to data transfer. Pursuant to this Regulation, OneHealth may disclose/share/transfer User Information to its affiliates in other countries, and the User hereby agrees for such disclosure/sharing/transfer.
10.5. OneHealth may also disclose or transfer User Information to any other third party as part of re-organization of OneHealth or sale of its assets. Such third parties will have the right to continue to use the User Information.
10.7. OneHealth may share Non-Personal Information in anonymized/aggregated form with such third parties, including but not limited to investors, strategic partners, advertisers, etc, with the objective of growing its business