Privacy Notice

We, Hefficient Inc. (“Hefficient”, “Company”, “we”, “us”, “our”) are the owners of the software Hefficient (hereinafter referred to as the “Software”). The Software  is an electronic medical record (EMR) system that facilitates medical professionals to record, manage and process medical information /records about patients, book and track appointments, and share patient information with other medical practitioners and health service providers on the Customer’s request. It also includes a patient portal, which allows patients to log-in, access and track their medical information, download/upload reports in the system and communicate with the medical practitioners via in-application messaging.

We respect data privacy rights and are committed to protecting personal information collected on this Software. This privacy notice (“Privacy Notice”) sets forth how we collect, access, use and protect the Personal Data collected through the Software.

PLEASE READ THIS PRIVACY NOTICE CAREFULLY. BY CLICKING ON THE CONSENT CHECK BOX, AND BY PROVIDING US PERSONAL DATA, YOU CONSENT TO OUR USE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THE TERMS OF THIS PRIVACY NOTICE. IF YOU DO NOT AGREE TO THIS PRIVACY NOTICE, YOU MAY WITHDRAW YOUR CONSENT OR ALTERNATIVELY CHOOSE NOT TO PROVIDE YOUR PERSONAL DATA ON THE SOFTWARE. SUCH AN INTIMATION TO WITHDRAW YOUR CONSENT CAN BE PROVIDED BY EMAIL privacy@hefficient.com.

IF YOU ARE ACCESSING THE SOFTWARE ON BEHALF OF A THIRD PARTY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH THIRD-PARTY TO THE TERMS AND CONDITIONS OF THIS PRIVACY NOTICE AND, IN SUCH AN EVENT YOUR USE OF THE SOFTWARE SHALL REFER TO USE BY SUCH THIRD PARTY. IF YOU DO NOT HAVE SUCH AN AUTHORITY (TO PROVIDE ANY PERSONAL DATA OF A THIRD PARTY) OR DO NOT AGREE TO THE TERMS OF THIS PRIVACY NOTICE, THEN YOU SHOULD REFRAIN FROM USING THE SOFTWARE.

This Privacy Notice is an electronic record in the form of an electronic contract being compliant and construed in accordance with data protection laws of the applicable jurisdictions.

1.    Definitions

i.                     “Patient/s”  shall mean and include individual patients of the Customer who access, and/ or use the Software.

ii.                   “Customer” shall mean and include medical facilities, hospitals, clinics, individual physicians who have purchased the license to the Software and related services.

iii.                 “Authorised Personnel”, “User/s”, “you”, “your” shall mean and include personnel authorised by the Customer to use the Software.

iv.                 “Personal Data” means all information that can be used to personally identify a person, including but not limited to, as first and last name, address, email address and contact number, and any other such information.

 

2.    Access to Personal Data

We may be provided access to Personal Data in the following ways:

i.      Personal Data of Authorised Personnel for registration:

We may receive Personal Data of the Authorised Personnel including but not limited to name, email address, contact number, username/ login ID.

 

 

 

ii.    Personal Data collected from the Patients:

The Customer decides and has control over the purpose and means of collection and processing of Personal Data of the Patients. We may under exceptional cases at the discretion of the Customer receive access to Personal Data of the Patients from the Customer.

 

 

3.    Processing of Personal Data by us on behalf of the Customer:

i.      This section concerns the Personal Data of the Patient collected by the Customer, where such collection is only facilitated by us. The Customer sets the purpose and means of processing of such Personal Data. We process such Personal Data only on behalf of and on the instructions of the Customer and for the purposes of rendering our services to the Customer.

 

ii.    If you are the Patient and your Personal Data was shared with us by the Customer, the privacy notice of the Customer, on whose behalf we collect and process the Personal Data, will be applicable. Therefore, any enquiry, request, objection or complaint that the Patient may have in connection with the collection and/or processing of Personal Data that forms part of the Patient’s use of the Software usage should be addressed to and resolved by the Customer solely.

 

 

iii.   Customer representation:

The Customer represents that it has acquired all necessary consents and/or relies on other appropriate legal basis for the processing of Personal Data of the Patient and complies with the requirements of applicable data privacy laws that govern processing of such Personal Data.

 

4.    Cookies

We use session cookies on the software to hold active session tokens. We do not use any third-party tracking tools for tracking or any other such purpose.

 

5.    Accuracy of information

The Customer and/or Authorised Personnel undertakes that he shall be solely responsible for the accuracy, correctness, or truthfulness of the Personal Data shared with us whether of its own or any third party. In the event the Customer and/or Authorised Personnel is sharing any Personal Data on behalf of a third person, the Customer and/or Authorised Personnel represents and warrants that he has the necessary authority to share such Personal Data with the Company, obtained a written consent from such third party and the Company shall not be responsible for verifying the same. The Customer and/or Authorised Personnel understands and acknowledges that such Personal Data shall be subject to the terms and conditions of this Privacy Notice.

 

 

 

6.    Use of Personal Data

We use your Personal Data of the Customers and/or Authorised Personnel for the following purposes:

                i.     to notify about our services and to respond to the requests received;

              ii.     for the creation or development of business intelligence or data analytics in relation to the services provided by us;

            iii.     to process transactions;

            iv.     to provide a better experience during access of our Software and to improve the services;

              v.     to maintain and manage our Software;

            vi.     for internal record keeping;

           vii.     to comply with our legal or statutory obligations;

         viii.     in case of Patients anonymised Personal Data received from the Customers in our registry, may be shared with health data registry for medical research and development purposes.

 

7.    Disclosures

We do not sell, rent, share, distribute, lease or otherwise provide Personal Data of Customers and/or Authorised Personnel to third parties, without your prior consent. Keeping this in mind, we may disclose Personal Data in the following cases:

i.      Affiliates: We may provide Personal Data to our affiliates to enable them to improve the offerings, provide feedback and respond to their queries.

ii.    Service Providers: We may share Personal Data with the service providers who work with us in connection with operating the Software and/ or providing the offerings. All such service providers are subject to stringent confidentiality restrictions consistent with this Privacy Notice.

iii.  Merger or Acquisition: We may transfer Personal Data if we are acquired by another entity, or if we merge with another company or transfer a part of our business, including the Software, to a third party. Any such third party or resultant entity that receives Personal Data shall have the right to continue to use Personal Data in line with the purposes set out herein. In the event of such a sale or transfer, we may notify you.

iv.   Legal and Regulatory Authorities: We may disclose Personal Data in order to comply with our legal obligations/ court orders/ requests by Govt. authorities.

 

8.    Data Retention

We will retain Customer and/or Authorised Personnel’s Personal Data as long as it is required to be retained for the purpose of provision of the services. We may also retain and use User’s Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9.    Security and Storage

Your Personal Data is stored on third party cloud infrastructure hosted in the United States of America. We have implemented safeguards such as encryption methods to protect the Personal Data. Although we provide appropriate firewalls and protections, we cannot warrant the security of Personal Data transmitted as these systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, technical issues is possible, and we will take necessary measures to mitigate such events.

10.Your Rights

11.   The Authorised Personnel have the right to access Personal Data in our possession, right to have us rectify or modify any such Personal Data, right to have us erase/delete Personal Data, right to restrict us from processing such Personal Data, withdraw consent at any time where we are relying on consent to process Personal Data. All requests for exercising such Personal Data rights must be raised with the admin of the Customer. In the event the Customer is not able to address these rights we will provide the required assistance to the Customer for fulfilling such requests. Customer’s that are individual physicians may reach out to us at (insert email address) to exercise any of these rights.  Choice and Opt-Out

We may send communications to the Customer including but not limited to (a) notices about use of our Software and services, including those concerning violations of use, (b) updates.  The Customers may opt out of receiving emails from us by following the unsubscribe instructions provided in those emails.

12.Governing laws

This Privacy Notice shall in all respects be governed by and construed and enforced in accordance with the laws of Delaware, USA and the courts in Delaware shall have exclusive jurisdiction to adjudicate any subject matter under this Privacy Notice.

13.Links to other Websites

The Software may contain links to other websites/ platforms/ applications. Please note that we do not have any control over such other websites/ platforms/ applications, and you will be accessing these websites/ platforms/applications at your own risk. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites/platforms/applications and those are not governed by this Privacy Notice. Please exercise caution and look at the privacy policy/ notice applicable to such websites/ platforms/ applications.

14.Children’s Privacy

We do not collect Personal Data from children under the age of 16 years. If the legal representative of the child discovers that the child has provided us with Personal Data, we request the legal representative of the child to contact us privacy@hefficient.com to have the Personal Data deleted.

15.Changes To This Privacy Notice. 

Please revisit this page periodically to stay aware of any changes to this Privacy Notice, which we may update from time to time. If we modify this Privacy Notice, we will make it available through the Platform and indicate the date of the latest revision. If such modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change via email or through our Platform. This Privacy Notice was last updated on February 28, 2024.

16.Contact Us

For any questions or concerns or grievances regarding this Privacy Notice or wish to withdraw consent in relation to the processing of Personal Data, reach out to our appointed grievance redressal officer (may also be known as compliance officer) Sanjeev Sehgal via email at privacy@hefficient.com.