Privacy Policy
This Privacy Notice explains why Shroff Eye Centre (“SEC” or “we”) collects information about You, how that information may be used, processed, protected and otherwise handled when You use or visit SEC’s website (“Website”).
You acknowledge that this Privacy Notice is a part of the Terms and Conditions * and all terms defined in the Terms of Use have the same meaning in this Privacy Notice statement and vice-versa.
THE PRIVACY NOTICE IS AN INTEGRAL PART OF THE TERMS OF USE. THE TERMS OF USE ARE HYPERLINKED AND YOU HAVE BEEN DIRECTED TO THIS PAGE TO FAMILIARISE WITH THE TERMS AS WELL AS GIVE INFORMED CONSENT. WITHOUT CONSENTING TO THE TERMS HEREIN, YOU CANNOT CONSENT TO THE TERMS OF USE AND SHOULD NOT USE THE WEBSITE. BEFORE YOU SUBMIT ANY INFORMATION TO SEC, PLEASE READ THIS PRIVACY NOTICE FOR AN EXPLANATION OF HOW WE WILL TREAT YOUR PERSONAL INFORMATION.
IF YOU DO NOT AGREE WITH THIS PRIVACY NOTICE, PLEASE DO NOT USE THE WEBSITE.
Scope of application: This Privacy Notice is published in accordance with applicable laws and shall
- apply to all Visitors, i.e. those who are merely visiting the Website without any intent of availing SEC’s services
- apply to all Users i.e. those who are visiting and accessing the Website with the intent of availing SEC’s services (Visitors and Users shall be collectively referred to as “You” and “Your” in this Privacy Notice).
- cover all personal data/information that can be used directly or indirectly to identify You as an individual person (“PD”)
What does this Privacy Notice provide?
What PD we collect?
Website is designed to provide You with an overview about SEC, details of its eye care and medical services, and enables you to contact us for provision of those services (“Services”). For providing these Services, the Website processes Your PD. PD collected includes the following categories:
- Basic identification information like salutation, name, surname, location , age , gender ,mobile device ,browser & network and IP address
- Contact information like phone number, e-mail address, mobile number and address
- Device and hardware information for synching and seamless access
- Location information
- Information on how You use our Website through our or third party cookies such as duration for visiting or using Website, how long you stayed on the Website, items clicked, etc. To know more about use of cookies, please review our cookie policy
- information from other sources using your e-mail address or other information through search over internet or your social media account or third party cookies
How do we collect PD?
We collect PD
- directly from You such as when You voluntarily provide your PD to book an appointment, request a call back, visit our Website or our social media pages, or subscribe to our marketing materials; and
- indirectly from other sources such as cookies (our cookie policy), web beacons, website traffic, information available in public domain through internet searches, analytic studies and other information that we may derive while processing PD.
How do we process PD?
We collect, record, organize, structure, align, retrieve, adapt, access, review, archive, analyze, pseudonymise, encrypt, decrypt, profile, transfer, perform other related technological and manual processing activities and when not longer required, we anonymize or erase your PD.
We process PD in accordance with fair, accountable and transparent processing principles as required under applicable law. Governing principles that we follow for processing are:
- process lawfully, fairly and with transparency
- process only for purposes communicated or those which are reasonably expected to be connected with the purposes or for purposes which are compatible with them
- minimize collection only as much is adequate, relevant and necessary
- take reasonable steps to maintain accuracy in light of the processing purposes
- retain in such form bearing in mind the processing purposes
- use technical, operational, and organizational security measure; if You like to know more about this, please take a look at how do we protect PD?
- prevent accidental loss, unlawful destruction or access or damage
- maintain confidentiality and integrity of PD unless carved out in this Privacy Notice
Profiling means automated processing or PD to evaluate certain personal attributes about You. This aims at analyzing your behavior while using the Website. There will be no profiling by automated means that will affect your PD protection rights and privacy. We only profile PD to
- create, improve and develop your user experience while using the Website
- conduct market research for our operations, surveys, analytics to understand User needs for using the Website, the demand for Services, updates, upgrades and software feature requirements
- provide information and details around SEC activities that we reasonably determine You may require based on Your use of the Website.
Why do we process PD?
“We do not intend to provide or offer to provide any medical consultation or telehealth services to any individual outside India, and do not make any representation that any information provided on our website is appropriate or in accordance with law as applicable to the concerned person.”.
We process your PD for entering into a lawful contract with You and thereafter, for performance of the lawful contract so executed. We also process your PD because you have explicitly consented to the purposes of processing as stated in this Privacy Notice, those that can be reasonably expected in context thereof, and those that are compatible with the listed out purposes. If you do not want to consent, please do not use the Website.
Additionally, we process PD for the following purposes:
- providing Services
- call back, follow-ups, fixing appointments, consultation with experts, providing information required by you regarding SEC activities and operations
- synching of devices and improvising your experience while using the Website
- communicating with You
- conducting market research, surveys, trend research, analytics to understand User need for using the Website, demand for Services, updates, upgrades and software feature requirements
- creating, improving and developing our Website
- obtaining feedbacks from You and acting thereupon
- targeting information and details around SEC activities that we reasonably determine You may require based on use of the Website
- improvise, upgrade and implement security measures for the Website and your PD
- enhance brand awareness and increased Website engagement through search engine and social media remarketing lists
- send direct mailers at the e-mail address given, with an option to opt-out anytime
- protect and secure your PD
- detect and handle data breach scenarios
- periodically review PD collected to adhere with your requests regarding your rights and legal obligations under applicable law
- maintaining secure personal information management system
- mitigating and handling data breach scenarios
- archiving, statistics analysis, survey, R&D activities
- sharing with third parties; more details about third party data transfer
- honouring your requests and rights
Although SEC does not intend to offer services to any individual resident in European Union, we cannot limit the Visitors and Users accessing our Website. There may be circumstances where such Visitors and Users would eventually engage with SEC for services. Thus, we want to highlight that PD collected and processed for such individuals while accessing the Website is done on the basis of consent, lawful contract performance/entering into lawful contract, compliance with applicable legal obligations and under no circumstance shall override their fundamental interests and rights.
Apart from the above purposes, please note that we do not sell, rent, or trade your PD in any manner.
How do we protect your PD?
We are committed to managing and securing PD and information asset systems with confidentiality, integrity and authenticity. Commensurating with the size and nature of the Website, the Services, and allied activities, we have implemented reasonable, operational, technical and managerial safeguard, practices, processes and policies to ensure safety, security, integrity and protection of all its information assets including PD.
All our staff, contractors, personnel, officers, representatives and members receive appropriate and on-going training to ensure they are fully aware of their obligation to uphold confidentiality, protect PD, respect your privacy. Only limited authorized personnel and approved third parties have access to PD on a need to know basis and only for specific purposes. If you wish to learn more about our data protection practices, please find our contact details in the contact section below
How long do we store PD?
We will store and process your PD for such duration as is necessary in order to fulfill the purposes stated in this Privacy Notice and comply with applicable law. Our overarching goal is not to retain PD in identifiable form longer than what is necessary, after which they will be anonymised or destroyed.
Do we transfer your PD to third parties?
Being committed to maintaining confidentiality of PD, we follow strict controls on who can internally or externally access and process PD. Your PD may be transferred or shared with third parties within India or other jurisdiction for the following purposes:
- for processing PD in accordance with this Privacy Notice through data processors
- any government authority or any agency acting for the government for compliance with legal obligations
- enhancing brand recognition and user engagement with Website through third party marketing tools
- provide targeted information regarding SEC’s operations and activities
- performing lawful contract that SEC is party to in pursuance of its legitimate interests subject to the condition that your fundamental rights and freedoms are not overridden
Before transferring PD to a third party, we conduct reasonable due diligence factoring the purposes, such as evaluation of processes implemented, reserving audit and inspection rights, requiring representations, and mandating compliance with applicable laws concerning data protection and privacy from the third party. For processors, we require them to adhere to our privacy and data protection practices and policies as well.
Your PD may be shared or transferred to the following parties:
- any person whom SEC is compelled or required to do so under law or in response to a government directive or one from its agency
- any person where disclosure is required for larger public interest or protection of your interests concerning your right to privacy or other legal rights
- any agent of third party service provider who provides administrative, telecommunications, computer or other services to SEC
- authorized SEC representatives
- authorized SEC processors
- any third party when SEC undergoes a corporate restructuring
What are your rights?
Your rights are
- access – seek confirmation on whether and what PD is processed and seek access
- lodge complaint – file a complaint with appropriate authority under applicable law
- withdraw or modify consent – withdraw or modify consent at any time; this will not affect processing that has taken place prior to the date You request such withdrawal or modification. If withdrawal or modification will have a bearing on You accessing Website or availing Services, we will notify you before acting on your request
- erasure and restriction on processing – erase PD, or restrict, object, limit or refuse processing; if you exercise this right, it may be the scenario that this may have a bearing on using and accessing Website and Services and we will notify you before acting on your request
- portability – to request for portability to third party of PD processed through automated means in structured, commonly used, machine-readable format to the extent feasible
- data breach notification along with measure taken to retain and mitigate the breach
You can exercise these rights by writing to us atContact us*. We will try our best to provide the necessary information within 30 days from receipt of the request and this can be extended to 2 months with prior notice to you. If requests are excessive or unfounded or repetitive, we can refuse to your request or charge a reasonable fee for costs, in which case you can choose to complaint to appropriate authority.
Our cookie policy
We use cookies and web beacons to collect PD through Website
Cookies are small files which generally consist of letters plus numbers that get downloaded on your device when you access or use the Website. You can choose to turn off cookies on your device settings. This may affect some features of the website but won’t affect the Services.
To know more about our cookie policy, please access our Cookie Policy
Our anti-Spam policy
We recognize that the receipt, transmission or distribution of spam e-mails (unsolicited bulk e-mails) as a major concern and have taken reasonable measures to minimize the transmission and effects of spam e-mails in its computing environment. Accordingly, all e-mails received by SEC are subject to spam check. Any e-mail identified as spam will be rejected and deleted. With this measure, along with other technical spam reduction measures, we hope to minimize the spread and effects of spam e-mails. We reserve the right to reject and/or report any suspicious spam e-mails, to the authorities concerned and/or to the sender of such e-mails, for necessary action, from time to time.
Changes
We will periodically review and revise this Privacy Notice and policies around PD. You must periodically review the Privacy Notice to appraise of the changes. If there are substantial changes, we will post a notice on the Website and send you notices to your e-mail id. Having said that, please note that no change shall be made which adversely affects your rights and freedoms without your prior consent.
Links to Other Sites
The Website links to other websites may or may not collect PD about You. If they do collect personal information, SEC is not responsible for the privacy practices or the contents of those linked websites.
Contact
If you have any questions, comments, rights request, or complaints, please contact us.
You can write to us at
SEC Grievance Officer
You also have the right to complaint to appropriate authority.