When we use your personal data we are regulated under The Information Technology Act 200 (IT ACT) which applies across India and we are responsible as controllers of that personal data for the purposes of the IT Act. Our use of your personal data is subject to your instructions, the IT Act, other relevant Indian legislation and our professional duty of confidentiality.
It would be helpful to start by explaining some key terms used in this policy:
We, us, our or Aremas: Aremas, based at Block C1-449, FF, Palam Vihar, Gurgaon, Haryana,122017
Data Protection Point of Contact: Himani Sahni of Aremas, Block C1-449, FF, Palam Vihar, Gurgaon, Haryana,122017
Services: Aremas is a platform that connects mental health professionals and clients. It provides online mental health sessions, forums for emotional support, mental health-related products and programs curated by psychologists.
Personal data: Any information relating to an identified or identifiable individual
Special category personal data: 1. Personal data revealing racial or ethnic origin, political opinions, religious beliefs or philosophical beliefs
2. Data concerning health, sex life or sexual orientation
Section 43A of the Information Technology Act, 2000;
Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”);
Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
The type of information collected from the Users, including Personal Information (as defined in paragraph 2 below) and Sensitive Personal Data or Information (as defined in paragraph 2 below) relating to an individual;
The purpose, means and modes of collection, usage, processing, retention and destruction of such information; and
How and to whom Aremas will disclose such information.
Personal data we collect about you
Generally, some of the Services require us to know who you are so that we can best meet your needs. When you access the Service, or through any interaction with us via emails, telephone calls or other correspondence, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you.
The table below sets out the personal data we will or may collect in the course of advising and/or acting for you. You hereby consent to the collection of such information by Aremas. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:
Personal data we will collect:
Your name, address, telephone number and date of birth
Electronic contact details, eg your email address and mobile phone number
Information relating to the matter in which you are seeking our services
Information about your use of our IT, communication and other systems, and other monitoring information, eg if using our secure online client portal
Other information that you voluntarily choose to provide to us
Personal data we may collect depending on why you have instructed us:
Your bank details
[Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs]
This personal data is required to enable us to provide our services to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing services to you.
The information collected from you by Aremas may constitute ‘personal information or ‘sensitive personal data’ or information’ under the SPI Rules.
‘Personal Information is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The SPI Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
financial information such as bank accounts, credit and debit card details or other payment instrument details;
physical, physiological and mental health condition;
medical records and history;
information received by body corporate under lawful contract or otherwise;
visitor details as provided at the time of registration or thereafter; and
call data records.
Aremas will be free to use, collect and disclose information that is freely available in the public domain without your consent.
ALL USERS NOTE: This section applies to all users.
All the information provided to Aremas by a User, including Personal Information or any Sensitive Personal Data or Information, is voluntary. You understand that Aremas may use certain information of yours, which has been designated as Personal Information or ‘Sensitive Personal Data or Information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates (d) for communication purpose so as to provide You a better way of booking appointments and for obtaining feedback in relation to the Practitioners and their practice, (e) debugging customer support related issues.. (f) for the purpose of contacting you to complete any transaction if you do not complete a transaction after having provided us with your contact information in the course of completing such steps that are designed for completion of the transaction. Aremas also reserves the right to use the information provided by or about the End-User for the following purposes:
- Publishing such information on the Website.
- Contacting End-Users for offering new products or services.
- Contacting End-Users for taking product and Service feedback.
- Analyzing software usage patterns for improving product design and utility.
- Analyzing anonymized practise information for commercial use.
- Processing payment instructions including those through independent third party services providers such as payment gateways, banking and financial institutions, pre-paid instruments and wallet providers for the processing of payment transactions or deferral of payment facilities.
If you have voluntarily provided your Personal Information to Aremas for any of the purposes stated above, you hereby consent to such collection and use of such information by Aremas. However, Aremas shall not contact You on Your telephone number(s) for any purpose including those mentioned in this subsection 4.1(iii), if such telephone number is registered with the Do Not Call registry (“DNC Registry”) under the PDPA without your express, clear and unambiguous written consent.
4. You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through email@example.com. We will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Aremas has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Aremas may, at its sole discretion, discontinue the provision of the Services to you. There may be circumstances where Aremas will not correct, delete or update your Personal Data, including (a) where the Personal Data is opinion data that is kept solely for an evaluative purpose; and (b) the Personal Data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.
5. If you wish to cancel your account or request that we no longer use your information to provide you Services, contact us through firstname.lastname@example.org. We will retain your information for as long as your account with the Services is active and as needed to provide you with the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then maybe held by us as long as necessary for us to provide our Services effectively, but our use of the anonymized data will be solely for analytic purposes. Please note that your withdrawal of consent or cancellation of account may result in Aremas being unable to provide you with its Services or to terminate any existing relationship Aremas may have with you.
6. Aremas may require the User to pay with a credit card, wire transfer, debit card or cheque for Services for which subscription amount(s) is/are payable. Aremas will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, Aremas provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
7. Due to the communications standards on the Internet, when a User or the End-User or anyone who visits the Website, Aremas automatically receives the URL of the site from which anyone visits. Aremas also receives the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), the User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help Aremas improve its Service. The linkage between the User’s IP address and the User’s personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, Aremas may share and/or disclose some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.
8. The Website uses temporary cookies to store certain (that is not sensitive personal data or information) that is used by Aremas and its service providers for the technical administration of the Website, research and development, and User administration. In the course of serving advertisements or optimizing services to its Users, Aremas may allow authorized third parties to place or recognize a unique cookie on the User’s browser. The cookies, however, do not store any Personal Information of the User. You may adjust your Internet browser to disable cookies. If cookies are disabled you may still use the Website, but the Website may be limited in the use of some of the features.
9. A User may have limited access to the Website without creating an account on the Website. Unregistered Users can make appointments with the doctors by providing their name and phone number. In order to have access to all the features and benefits on our Website, a User must first create an account on our Website. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is Personal Information allowing others, including Aremas, to identify the User: name, User ID, email address, country, ZIP/postal code, age, phone number, password chosen by the User and valid financial account information. Other information requested on the registration page, including the ability to receive promotional offers from Aremas, is optional. Aremas may, in future, include other optional requests for information from the User to help Aremas to customize the Website to deliver personalized information to the User.
11. The Website may enable User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorized Aremas representatives or agents, and their opinions or statements do not necessarily reflect those of Aremas, and they are not authorized to bind Aremas to any contract. Aremas hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.
13. Aremas maintains a strict "No-Spam" policy, which means that Aremas does not intend to sell, rent or otherwise give your e-mail address to a third party without your consent.
14. Aremas has implemented commercially reasonable international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices through which the User avails the Services, Aremas shall not be held liable for any loss whatsoever incurred by the User.
15. Aremas implements reasonable security practices and procedures and has a comprehensively documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Aremas’s business.
CONFIDENTIALITY AND SECURITY
1. Your Personal Information is maintained by Aremas in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time. Aremas takes all necessary precautions to protect your personal information both online and offline and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Aremas’s business.
2. No administrator at Aremas will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer and your mobile phone. Be sure to log off from the Website when finished. Aremas does not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify Aremas by sending an email to support@Aremas.com You shall be liable to indemnify Aremas due to any loss suffered by it due to such unauthorized use of your account and password.
3. Aremas makes all User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds only its employees to strict confidentiality obligations.
4. Part of the functionality of Aremas is assisting the doctors to maintain and organise such information. Aremas may, therefore, retain and submit all such records to the appropriate authorities, or to doctors who request access to such information.
5. Notwithstanding the above, Aremas is not responsible for the confidentiality, security or distribution of your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, Aremas shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Aremas including but not limited to, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.
If a User uses the Services or accesses the Website after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.
CONSENT TO THIS POLICY
ADDRESS FOR PRIVACY QUESTIONS
Name: Himani Sahni
Contact: Block C1-449, FF, Palam Vihar, Gurgaon, Haryana, 122017