Privacy Policy

This Privacy Policy governs how we, MRG Blockchain Solutions Pvt. Ltd., a company duly incorporated under the provisions of the Companies Act, 2013, having its registered office at 2604, Rejoice, Citi of joy, JSD Road, Mulund West, Mumbai 400080, Maharashtra, India, India (collectively, “Mykaizen”, “MRG”, “Company”, “we,” “us,” or “our”) collect, use, share and process your information, that you provide to us through your use of the app, Mykaizen and website https://mykaizen.io in the course of availing services that are made available on the said app and website (“Services”) as defined in the Terms and Conditions https://mykaizen.io/terms-and-conditions to you.

MRG, owner of the Mykaizen website and app (“Website” / “App” respectively), respects your privacy and seeks to comply with applicable legal requirements, including the Information Technology Act, 2000, in respect of data collection, processing, and transfer.

Please read this Privacy Policy carefully. By accessing or using this Website/ App, you agree to be bound by the terms described herein and all the terms incorporated by reference. If you do not agree to all of these terms, do not use this Website/ App.

The Privacy Standards and the Security Standards are necessarily linked. Any Blockchain health record (BHR)system requires safeguards to ensure that the data is available when needed and that the information is not used, disclosed, accessed, altered, or deleted inappropriately while being stored or retrieved, or transmitted. The Security Standards work together with the Privacy Standards to establish appropriate controls and protections. Health sector entities that are required to comply with Privacy Standards must also comply with Security Standards.

Purpose

Mykaizen intends to digitize the entire healthcare ecosystem of India and create a Health Information Exchange framework based on Blockchain. This would be done by creating digital health records and creating and maintaining registries for healthcare professionals and health facilities in order to ensure a smooth interoperable framework for the multiple partners associated with healthcare delivery to individuals in India. Mykaizen’s Blockchain de-centralized architecture be adopted, instead of a centralized architecture, for the management of digital health data to ensure interoperability, technological flexibility, and independence across the National Digital Health Ecosystem (“NDHE”).

Mykaizen’s Health Data Management Policy (“Policy”) is the guiding principle of “Security and Privacy by Design” for the protection of individuals’/data principals’ personal digital health data privacy. It acts as a guidance document and sets out the minimum standard for data privacy protection that should be followed across the board in order to ensure compliance with relevant and applicable laws, rules, and regulations. This Policy will be dynamic in nature and may be revised from time to time as may be required. Such interoperability shall be strictly compliant with the provisions relating to consent, and protection of personal data as set out under this Policy. This would be essential to build a trust quotient across the Mykaizen Framework as well as to ensure that the personal data relating to the health of all individuals in India is adequately protected. In addition, participation of an individual will be on a voluntary basis and where an individual chooses to participate, he/she will be issued a Unique Blockchain-based Global Health ID {Mykaizen ID} (as defined in this Policy) by the Mykaizen. Where individual wishes to avail of any health services, the Mykaizen ID of the individual may be verified by the use of an Aadhaar or any other method of identification as may be specified by the NDHM.

The voluntary use of Aadhaar in this Policy is envisaged as per the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020. The failure or refusal to make use of Aadhaar would not result in the denial of access to any health facility or service. This Policy is to be read along with, and not in contradiction to, any applicable law, or any instrument having the effect of any law together with the Blueprint, policies relating to information security, guidelines relating to data retention and archival, or any other policies or guidelines which may be notified from time to time.

CONSENT

We request You carefully read this Privacy Policy and Terms of Use of the Portal before sharing personal information with us. This Privacy Policy applies to current and former visitors of the Portal. By visiting and/or accessing the Portal (or searching for any of the pages on Our Portal), You explicitly consent and agree to the Privacy Policy laid out herein and by providing Us Your personal information yourself or by making use of the Services provided through the Portal or through Third Party Service Providers (as defined under the Terms of Use), You hereby acknowledge for the collection, receipt, storage, use, processing, disclosure and transfer of Your personal information in accordance with the provisions of this Privacy Policy. No liability pertaining to the authenticity/ genuineness/ misrepresentation/ fraud/ negligence, etc. of the information disclosed shall lie on the company nor will the company in any way be responsible to verify any information obtained from You.

Collection, use, and disclosure of information that has been designated as Personal Information under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 requires the express consent of the User. By affirming Your assent to this Privacy Policy, You provide Your consent to the company for such use, collection, and disclosure for the provision of Services.

What is Personal Information?

Personal information is that information can be used to directly or indirectly identify you. It includes de-identified data that, when linked to other information available to us, would enable us to identify you. Personal data does not include data that has been irreversibly anonymized or aggregated so that we cannot identify you through it, even in conjugation conjunction with other information.
Personal Information includes ‘sensitive personal data or information (as defined under applicable law) and other information that You share with Us whether directly or in combination with other information or is received from Third Party Service Provider, that personally identifies You or could be used to personally identify You.
“Sensitive Personal Data or Information” means personal information of any individual relating to password; financial information such as bank account or credit card or debit card or other payment instrument details; physical, physiological, and mental health condition; sexual orientation; health information such as medical records and history; biometric information; any detail relating to the above as provided to or received by us for processing or storage. However, any data/information relating to an individual that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005, or any other law shall not qualify as Sensitive Personal Data or Information.
By signing up on the App or proceeding to the Website, and/or using our Services you represent that you voluntarily provide us with personal information including medical and financial information, and consent to their collection, use, and disclosure in accordance with this Privacy Policy. You also represent that you are duly authorized by any third party (including a child or an employee) whose information you share with us. We shall act as per your representation of authority and shall not make any independent inquiries to ascertain the veracity of your authorization. In the event, you do not have sufficient authorization you shall be solely responsible for your acts and omissions including sharing of information with us by you and the consequential processing and actions taken by us in accordance with this Privacy Policy.

What types of data do we collect?

Users: We may collect information such as Your name, address, email, phone number, medical records and medical history, physical, psychological, and mental health condition, payment information such as credit card information, and other such information as provided by You while rendering Services of the Portal. We may also collect information that You share in the process of User registration, and post Your feedback, reviews, comments, etc. on the Portal.

Non-Personal Information: Information, (viz. type of internet browser and operating system used, the domain name of the website from which You came, number of visits, average time spent on the site, pages viewed, etc.) may be picked up automatically and without being explicitly provided by You, but during Your interaction with the Portal by the use of certain technologies, such as cookies and web beacons.

The Website/App, like many other websites, uses “Cookies”. Cookies are small data files that a website stores on your web browser. These are used for the purpose of storing your preferences, previous activities browsing activities, profiling, and tracking behavior on this Website. By visiting the App or Website, you acknowledge, accept, and expressly authorize the placement of cookies on your web browser. We recommend that you clear the cookies stored on your browser from time to time.

When you sign up or register on the App or Website to use our Services, and during the course of actual usage of our Services, the types of information that will be collected by us include the following:

  • Contact information: Name, Address, Contact details, Email ID, and Phone Number.
  • Demographic information: Gender, Date of Birth, Nationality.
  • Data regarding your usage of the Services such as search history and history of the appointments made by you using Services.
  • Financial information such as bank account or credit card or debit card or other payment instrument details and billing information.
  • Your browsing history including the URL of the site that you visited prior to visiting the Website as well as the Internet Protocol (IP) address of your computer (or the proxy server you used to access the World Wide Web), your computer operating system and type of web browser you are using, the name of your ISP;
  • Any additional information that you provide to us during the use of the Services, through any mode of communication or during any interaction with our employees, doctors, technicians, consultants, etc., of or any other entity while availing its services;
  • Health information such as your Health records and history which you voluntarily provide or is generated on the usage of any of the services availed by you from any entity related to Mykaizen;
  • Information regarding your insurance coverage (such as your insurance carrier and insurance plan) which you voluntarily provide or is generated on availing any of the Services;
  • Information regarding your physical, physiological, and mental health condition which you voluntarily provide or is generated on the usage of the Services including information such as (i) inpatient and emergency department data; (ii) outpatient registration, scheduling, and encounter data; (iii)laboratory data; (iv)radiology data; (v)pharmacy orders data; (vi)e-prescribing data;(vii) pharmacy data; (vii) medical administration data; (ix) administrative and operational data; (x) transaction data, (xi) IoT data, (xii) Pharma company data
  • Any other information that is collected or generated in the course of availing the Services;
  • Data regarding your medical qualifications, registrations, and certifications;
  • Any other detail relating to the above as voluntarily provided to us by you, for providing value-added service; and
  • Any other information relating to the above that you may have shared with us prior to this Privacy Policy for availing any of the Services.
  • We will be using google Gmail, read-only permission to sync your health records from multiple sources to Mykaizen.
  • The company’s use and transfer to any other app of information received from Google APIs will adhere to the Google API services users’ data policy, including the Limited Use requirements.
  • Camera & audio permissions are required to facilitate a teleconsultation with doctors & save medical records with the Mykaizen app. The doctor might choose to record the teleconsultation for medico-legal reasons. We will inform you on the tele consolation screen if the doctor chooses to record the video consultation session.
  • We additionally seek permission for reading & writing files on external storage to allow you to upload & save medical records on the Mykaizen app which you have full control over whether to share further with doctors or not. We don’t scan any other files from your storage system other than the files you’re explicitly uploading
  • We require permission to use images or capture image from the camera for updating profile photos, uploading images as medical records, or measuring heart rate using the Camera. We shall only save images where the user explicitly chooses to save images with the Mykaizen app which in turn may store data on the cloud service provider.
  • We Need access to the camera, Images, and file upload in order to Store medical records, Update user Profile photos, etc.
  • We will be using google Gmail or social media login read-only permissions to sync your appointments from multiple sources to Mykaizen
  • Company’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where do we collect your data from?

For end users:
  • Any information that you voluntarily choose to provide to us through the App, Website, email, notifications during interaction with us on call or chat, and other modes of communication.
  • Information that we collect from Point of Care (“POCs”) such as doctors, hospitals, diagnostic centers, chemists, etc, to whom you have permitted the sharing of your personal information.
  • Data you have provided to any group company of the Company, affiliates, associates, subsidiary, holding company of the Company, associates, and subsidiaries of holding company of the Company, to whom you have given consent for sharing of such information.
For doctors:
  • Before onboarding you, we may request information regarding your qualifications, experience, public profile, and representations made by you to us.
  • During your usage of the App /Website, we may collect information based on your use of the Services.
  • We may collect other information that you voluntarily choose to provide to us through the App, Website, email, during interaction with us on call or chat, and other modes of communication.
  • We may collect information from any group company, affiliates, associates, subsidiary, holding company of the Company, associates, and subsidiaries of holding company of the Company to whom you have given consent for sharing of information for availing value-added service.

How do we use your data?

We use your personal information for purposes that include the following:

General (end users and doctors):
  • Your registration for the purpose of receiving our Services, identification, communication, notification, and for fulfillment of the Terms and Conditions https://mykaizen.io/terms-and-conditions
  • Offering you personalized Services and targeted advertisements of various POSs and wellness plans and offering you customized health insights;
  • Addressing your requests, queries, and complaints, if any, pertaining to our Services; taking feedback, assisting you with the completion of transactions or other issues relating to the use of Services and other customer care-related activities;
  • Leveraging services from Mykaizen and customizing suggestions for appropriate medical products and services;
  • Creating insights for corporate / business strategy and marketing operations of Mykaizen companies;
  • Developing machine learning algorithms and tools to improve targeting of services, diagnostics and treatment protocols, and other products and services;
  • Contacting you to provide information on new Services, features, products, special promotions or offers, both of the MRG or Mykaizen group entities and affiliates as well as third-party offers or products with whom we have a tie-up and which are relevant to the use of the Services;
  • Technical administration and customization of Website, and other general administrative and business purposes;
  • Research and analysis for the development and improvement of products and services;
  • Disclosure as required to government authorities in compliance with applicable law;
  • Carrying out our obligations in relation to any agreement with affiliate companies, Mykaizen companies, our business partners, or contractors;
  • Investigating, enforcing, and resolving any disputes or grievances; and
  • Any other purpose required by applicable law.

For end users only:

  • Creation and maintenance of Health Records in electronic form in the Blockchain Health Record (BHR) database for use by us and the MRG or Mykaizen companies, affiliates, etc., to provide relevant services;
  • Create your unified profile with analytics and insights generated through processing your personal information;
  • For sharing with your chosen POCs like doctors, hospitals, diagnostic centers, chemists, and online services who may provide you services under the App or Website;
  • Processing any orders/requests you may place using our Services.

For doctors only:

  • For verifying your professional credentials and any representations you have made to us;
  • For processing any payments made to you;
  • For providing recommendations to end users based on your expertise and specializations.
  • For providing any other service to you.

How long will we retain your data?

We store your personal information in accordance with applicable laws, which means we keep your data for as long as necessary to provide you with our Services or as may be required under any law. We shall store your personal information for lawful purposes only. We keep de-identified data for research and statistical purposes for a longer period.

If you close your account, we have no obligation to retain your data, and we may delete any or all of your data without liability. However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse, or if required by law, or for other legitimate purposes. We may continue to store your data in anonymized or de-identified form for analytical, research, or other purposes for which your information is collected as previously indicated.

Disclosure and transfer of your data

We may share, disclose and in some cases transfer your personal information to such entities as required to provide Services to you, improve our Services, and provide value-added services or other third-party products and services, to the extent permitted by applicable law. These entities may be located outside India, which you hereby consent to. We require such entities to protect your information through equivalent security measures as we would adopt. An indicative list of entities we may disclose or transfer information to are provided below:

Service Providers: We share personal information with companies that provide Services on our behalf, such as website hosting, data storage, software services, email services, marketing, fulfilling customer orders, providing payment-related services including payment aggregation, data analytics, data mining, providing customer services, and conducting surveys, as permitted by applicable law. These companies may be located within or outside India, but in any case, are obligated to protect your data.

We may also share information with employees, data processors, consultants, business partners, and technology partners on a need-to-know basis. Such entities would be contractually obligated to maintain confidentiality in relation to your data.
If you are an end user, your personal information will also be shared with your chosen POCs.

Business Affiliates: We may disclose or transfer some of your information to entities in our group companies, affiliates, associates, subsidiary, holding companies of the Company, associates and subsidiary of holding company of the Company including foreign entities, and in particular group companies and affiliates who are involved in the provision of products and services, to the extent permitted by applicable law.

In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, asset sale, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal information to the relevant third party with the same rights of access and use.

Law Enforcement Agencies: We may share information with law enforcement agencies pursuant to lawful requests for information, and otherwise as required under any law applicable at the given time, both in India and outside India.

Other Third Parties:

  • We may also disclose personal information if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
  • We may disclose personal information to any third party if necessary to provide or improve our Services, fulfill any lawful contractual obligation we are bound by, and any other activity related to the purposes identified in this privacy policy and the terms and conditions you agree to when you use our Services.
  • Anonymized, aggregated data may be shared with advertisers, research firms, and other partners.

How do we protect your data?

We are committed to maintaining the privacy of the information uploaded by you on the Website and complying with the industry / Blockchain standard security safeguards for the purpose of securing the Website and the information provided/collected/uploaded by you.
We use reasonable technical, administrative, and physical security measures for the purpose of safeguarding all data you share with us. We also have comprehensive internal policies in place to prevent unauthorized access to your data. We take adequate steps to ensure that third parties we share data with also adopt reasonable levels of security practices and procedures to ensure the privacy and security of your information.
However, we are not responsible for any loss, unauthorized access, safety issue or any harm caused to you by any misuse of your personal information, unless it is a direct and foreseeable consequence of negligence and non-compliance on our part only. You hereby acknowledge that we are not responsible, in particular, for any third-party action or action on your part leading to loss, damage, or harm to you or any other person.
For any data loss or theft due to unauthorized access to your electronic devices through which you avail our Services, Company shall not be held liable for any loss whatsoever incurred by you. Further, you are liable to indemnify the Company as per the Terms of Use.

USE OF PERSONAL INFORMATION

You agree and acknowledge that all information gathered from You, that is, information that is voluntarily provided by You or received from Third Party Service Providers and information that may be automatically collected, may be used by Mykaizen for the following purposes:

  • To comply with central, state, or local laws that require disclosure;
  • To respond to law enforcement officials or to judicial orders, subpoenas, or other processes and/or to avert a serious threat to health or safety;
  • To enable the provision of Services opted by You including collating all User medical records, reports, and other data;
  • To enable the viewing of content in your interest;
  • To copy, reproduce, store, distribute, publish, export, adapt, edit and translate Personal Information to the extent reasonably required for the provision of Services by the company;
  • To provide better products and Services and to programmatically use Your data to give You contextual Services.
  • To fulfill your requests for certain Services and/or to contact You about our Services;
  • To use and share Your information with third parties with whom we have a contractual relationship. For example, We may provide you with an option where you may share your content with another person including Third Party Service Provider.
  • To respond to your comments, reviews, and questions and provide better customer service, for promotion and marketing purposes, to track your activity on our digital platforms and personalize and improve your experience;
  • To conduct research following internal review protocols to ensure the balancing of privacy and to use anonymized data for research. Additionally, non-personally identifiable information, exclusively owned by the company may be used in an aggregated or non-personally identifiable form for internal research, statistical analysis, and business intelligence purposes including those for the purposes of determining the number of visitors and transactional details, and company may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates;
  • To use your information to operate, improve and maintain our site, to prevent fraud and abuse, to fulfill any other purpose for which you provide us Personal Information, and for any other purpose for which You give Us authorization.

Please note that We may use Non-Personal Information created by Us without restriction. We may retain Non-Personal Information and will continue to use Non-Personal Information as permitted under this Privacy Policy and applicable law. Please note that We may use Non-Personal Information created by Us without restriction. We may retain Non-Personal Information and will continue to use Non-Personal Information as permitted under this Privacy Policy and applicable law.

COOKIES

Cookies are alphanumeric identifiers with a small amount of data that is stored on the User’s device hard drive containing information about the User, commonly used as an anonymous unique identifier. Company and other third-party service providers collect information about You using these cookies. Please note, a cookie in no way gives Us access to Your device. Our Portal uses these “cookies” to collect information and to improve Our service. Some cookies and other technologies may serve to recall Personal Information previously indicated by You. Most web browsers are set to accept cookies by default. If You prefer, You can usually choose to set Your browser to remove cookies and to reject cookies. If You choose to remove cookies or reject cookies, this could affect certain features of the Portal.
Other websites may place their own cookies or other files on Your device, collect data or solicit personal information from You, for which We shall not be held responsible or liable. We encourage You to read the privacy policies of all external sites.

What are your rights?

We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. However, you have the sole responsibility of ensuring that you review the accuracy of the information provided by you and contact us in case of discrepancies, or in case you wish to discontinue the use of our Services. You have the following rights with regard to your personal information:

  • You have the right to access your personal information, and request updating, correction, and deletion. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through [help@mykaizen.co.in]. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date, or incomplete (or subsequently becomes untrue, inaccurate, out of date, or incomplete), or we have reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, we may, at our sole discretion, discontinue the provision of the Services to you. There may be circumstances where we will not correct, delete or update your personal information, including (a) where the personal information is opinion data that is kept solely for an evaluative purposes; (b) the personal information is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed, and (c) where your information has already been processed in de-identified form.
  • You are free to not to share any medical or other information that you consider confidential and withdraw consent for us to use data that you have already provided. In the event that you refuse to share any information or withdraw consent to process information that you have previously given to us, we reserve the right to restrict or deny the provision of our Services for which we consider such information to be necessary.

Third-Party Websites and Services

Our Website and App may contain links to third-party services, and give you the ability to access such third-party websites, products, and services. Please note that you may proceed to the use of such third-party websites or services at your own risk and the Company will not be held liable for any outcome or harm arising as a result of your use of such third-party websites or services. Please read the privacy policies of any third party before proceeding to use their websites, products, or services.

Google / Social Media Accounts

The user (Point of Care Provider / Care Seeker) may choose to provide explicit consent to connect/integrate the User’s Gmail / Social media account(s) with his/her account on the Platform. The following are the information collected from your consented email accounts:

Consultation Appointments are taken with a Doctor / Point of care Provider where the consented email account is owned by the POC Provider. The mykaizen Application organizes this information in your account to help you manage all your appointments at one place.

Medical Records, Lab Test Reports, and Care Context Documents. The mykaizen Application organizes this information in your account to provide Smart Health Reports.

Connecting your Google / Social media account enables us to automatically provide updated AI health insights to users. Mykaizen Mobile Application cannot make any medical diagnoses. Please consult a doctor if you are concerned about your health or you have any medical queries. You should never override or reject a doctor’s professional advice in favor of any information that you see on the Mykaizen app/website.
You can choose to de-link your account with the application at any time and/ or you can delete your information by writing to help@mykaizen.co.in

Once connected, the Platform will securely access and analyze the contents of emails consisting of ‘read-only’ including but not limited to the attachments from POC Providers / Doctors for the purpose of managing and tracking Appointment information and/or Medical Records, such as Lab Reports, Prescription, Radiology Reports, Discharge Summary and consolidating this information in User’s Blockchain account which can’t be accessed without Blockchain permissions.

Please note that any data obtained by this integration will be used by the Company solely for providing the Services, updating the User’s AI based Health Reports, & consolidating appointments for a POC at one place. We shall not use or transfer any data or information received from the integration of the email addresses with the account on the Platform to third parties for any purpose other than as explicitly authorized by the User.

Security

Steps were taken to ensure data security:

  • All the user information can only be accessed by authorized users;
  • Users need to authenticate themselves, and All data is hosted on cloud servers and/or local devices.
  • Unfortunately, the transmission of information via public networks such as the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted through the Services. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained in the Services.

Changes to this Privacy Policy

Any changes to our Privacy Policy will be posted on the Website/ App and will become effective as of the date of posting. Please review the Privacy Policy from time to time to make sure you are aware of any changes. If you do not agree with any such revised terms, please refrain from using our Services and contact us to close any account you may have created.