- This Uber Diagnostics Personal Data Policy (“PD Policy”) sets out how Uber Diagnostics Private Limited (“UDPL”) and its associated individuals/organizations (collectively, “UDPL”, “Cardiotrack”, “us”, “our”) collect, use, disclose
and retain your personal data.
- Among the most important assets of Cardiotrack is the trust and confidence placed in us to properly handle personal data. You can expect us to maintain your personal data accurately, protect your personal data against manipulation
and errors and keep your personal data secure from theft and free from unwarranted disclosure.
- This PD Policy provides you with notice as to what and how personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data and our
- Cardiotrack recognises its responsibilities in relation to the collection, holding, processing, use and disclosure of personal data. The provision of your personal data is voluntary. You may choose not to provide us with the requested
data, but failure to do so may inhibit our ability to do business with or provide services to you.
- Save where “policy” is referred to in the context of the PD Policy, references to such expression may, in addition to insurance policies that you may have purchased or under which you may be covered, include Cardiotrack programmes
to which you have subscribed or in which you are participating.
How We Collect Personal Data
- Cardiotrack collects personal data in the following ways:
- When you use our products or services, access our website and use our online and mobile services;
- When you submit documents and application forms to us during the application process for the purchase, or in consideration of the purchase, of our products or services;
- When you submit requests for changes or updates to your policy or any other requests in connection with your policy including through the submission of policy servicing forms and documents;
- When you respond to our queries or request for us to contact you;
- When you interact with our personnel, agents, customer service officers or sales representatives via phone, email, face-to-face meetings, interviews, SMS, fax, mail or electronic mail;
- When we receive referrals and collect personal data from within Cardiotrack, its associated persons/organisations, agents, business partners and service providers (collectively “Cardiotrack Persons”), and third party service
providers and representatives of Cardiotrack Persons;
- When you submit personal data to us to participate in a lucky draw, contest, event or competition organised by Cardiotrack, its partners, representatives or service providers; and
- When we seek information from third parties about you including but not limited to investigators, medical sources, hospitals, doctors, other healthcare professionals in connection with your policy, policy applications,
underwriting the risks of your policy, policy claims and/or products and services of Cardiotrack used or purchased by you (“Medical Sources”).
- By providing us with any personal data relating to a third party (e.g. insured persons, family members, and beneficiaries), you represent and warrant that you shall ensure accuracy of such personal data provided and have obtained
such third party’s prior consent for our collection, use and disclosure of such third party’s personal data for the relevant purposes, except to the extent that such consent is not required under relevant law. You further agree
to keep us fully indemnified from and against any and all damages, losses, costs, legal fees (solicitor - client basis), penalties and proceedings, including any penalties or other amounts levied, imposed or charges by any
regulator or regulatory authority, arising out of or in connection with your (or those of your officers, employees, advisors, agents and representatives) acts or omission, fault or negligence in performing these obligations
or which results in us breaching relevant laws.
- If you make use of any social media features or platforms, either on our website, an application we provide, or otherwise through a social media provider, we may access and collect information about you via that social media provider
in accordance with their policies. When using a social media feature, we may access and collect information you have chosen to make available and to include in your social media profile or account, including but not limited
to your name, gender, birthday, email address, address, location etc. Our access to this information may be limited or blocked based on your privacy settings with the relevant social media provider.
- We will usually identify any information which is mandatory (i.e. information required for creating an account, and to enable you to access the features of the website and receive any services) when we collect the information from
you. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with you or to respond to your enquiries.
Type Of Personal Data Collected, Used or Disclosed
- Cardiotrack may collect, use and disclose personal data including but not limited to the following:
- Your personal particulars such as national identity numbers, passport numbers, contact details, addresses, date of birth, occupation, photographs and marital status;
- Your financial information such as income, bank account numbers, income tax statements, bank statements, credit card and other payment details;
- Your employment information and employment history;
- Your medical information such as medical history, consultation history, prescriptions, notes, treatments, description of medical services rendered and medical reports;
- Details of your products and services purchased with Cardiotrack; and
- Personal data of a third party that you provide to us in connection with the purchase of our products and services or for referrals.
Purposes For Which Personal Data Is Collected, Used or Disclosed
- Cardiotrack collects, uses and discloses personal data for the following purposes:
- Evaluating your financial needs and providing recommendations of suitable products and services to you;
- To assess, process, administer, implement and effect the requests or transactions;
- Underwriting the risks of your policy, reinsurance and assessing your eligibility to purchase our products and services;
- Servicing your policy, account and relationship with us;
- Responding to your requests and queries including requests and queries from your authorised representatives and individuals purporting to be you;
- Making changes or updates to your policy;
- Reviewing, renewing or reinstating your policy;
- Providing ad-hoc or regular information about your policy;
- Assessing, processing, settling, authenticating and investigating claims;
- Verifying your identity and any information you provide to us;
- Collecting premiums and making any payments to you in connection with our products and services;
- Marketing and promoting the business activities, products and services of Cardiotrack to you via face to face meetings, video conferencing, telephone calls, SMS, fax, mail and electronic mail;
- Participating and administering contests, lucky draws, events and competitions;
- Providing, managing, operating, processing and administering our products and services to you;
- Archiving, backing up or destroying personal data;
- Compliance, monitoring and audit reviews;
- Meeting requirements of prevailing internal policies of Cardiotrack;
- To design new or enhance existing products and services provided by us;
- To communicate with you including to send you administrative communications about any account you may have with us or about future changes to this PD Policy;
- For market, statistical or actuarial research and trend analysis of our products and services for company, regulatory or industry exercises and studies and reviewing the standard of our products and services;
- For data matching, internal business and administrative purposes;
- Meeting requirements imposed by any law, rules, regulations, agreements or schemes imposed by any government regulators, law enforcement agencies, government authorities, dispute resolution or industry bodies or in connection
with any investigations;
- To personalise the appearance of our websites, provide recommendations of relevant products and provide targeted advertising on our website or through other channels;
- Quality and training when our communications with you are recorded;
- Conducting general administration in connection with the foregoing;
- Other purposes as notified at the time of collection; and
- Other purposes directly relating to any of the above.
- By providing your personal data to us, you accept that Cardiotrack may retain your information for as long as necessary, to fulfil the purpose(s) for which it is collected in compliance with applicable laws and regulations and
Cardiotrack’s prevailing internal policies. Cardiotrack applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss or use including limiting physical access to data within Cardiotrack’s
systems and encryption of sensitive data when transferring such data. Reasonable steps will be taken to delete, destroy or anonymise your personal data when it is no longer necessary for any of the purposes above.
Who May Be Provided With Your Personal Data?
- Personal data will be kept confidential but may, where permitted by law and where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such personal
data to the following parties:
- Insurance intermediaries (including our financial services consultants);
- Any Cardiotrack Persons, third-party service providers and representatives of Cardiotrack Persons who provide administrative services, business process services, storage services, scanning of policy documents services,
printing and despatch of documents, document processing and archiving services, information technology services, data center services, payment services, data analytics services, marketing services and other services
to Cardiotrack in connection with the business of Cardiotrack, including but not limited to banks, credit card companies, credit agencies, investigators, insurers, reinsurers, hospitals and clinics;
- Medical Sources and insurance organisations;
- Any member company of Cardiotrack where necessary;
- Other companies that help gather your information or communicate with you, such as research companies and ratings agencies, in order to enhance the services we provide to you;
- Our professional advisers such as our lawyers and auditors;
- Any law enforcement agency, statutory board, government regulator, government authority, dispute resolution or industry bodies as necessary to comply with any laws, rules, regulations, agreements or schemes;
- Any party to whom you have consented the disclosure of your personal data; and
- Any other party as permitted under applicable law.
- From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) and where permitted by law your personal data may be transferred or disclosed as a part of the purchase or sale or a proposed
purchase or sale. In the event that we purchase a business, the personal data received with that business would be treated in accordance with this PD Policy, if it is practicable and permissible to do so.
- Where permitted by law, your personal data may be provided to any of the above parties who may be located in India or outside of India. Your information may be transferred to, stored, and processed in India or any
other jurisdictions where any Cardiotrack company is located, or jurisdictions where a third party contractor is located or from which the third party contractor provides us services. By providing us with your personal information
or using our services or our website or applications, you consent to the transfer of such information outside your jurisdiction to our facilities or to those third parties with whom we share it as described above.
- Consequences of consent withdrawal
- You may withdraw your consent for us to collect, use or disclose your personal data by giving us reasonable notice.
- If you withdraw your consent for us to collect, use or disclose your personal data for non-marketing reasons, we will be unable to process, administer and/or manage your policy, relationship and/or account with us. In such event,
you may be required to surrender or terminate all your policies or accounts or withdraw from any programs in which you are participating. This may be to your disadvantage, as you may be losing valuable benefits from your policies
or programmes, incur surrender charges or it may not be possible for you to obtain a similar level of protection on the same terms in the future.
- You may withdraw your consent for your personal data to be used for marketing purposes and you will stop receiving marketing information from us via the mode(s) of communication for which you have withdrawn such consent after a
period permitted under law or in accordance with our internal policies. Please note that such withdrawal of your consent will not affect our ability to provide you with the products and services for which you have requested
or to which you have applied, subscribed or are participating with us.
- Cookies are small text containing small amounts of information which are downloaded and may be stored on any of your web browsers or internet enabled devices (e.g. your computer, smartphone or tablet) that can later be read by
the server - like a memory for a web page.
domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, and durations of visit) will be used to ensure operation
of the website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our websites for web enhancement and optimisation purposes, and to help us understand how we can improve
your experience on it.
- The cookies also enable our website to remember you and your preferences, and tailor the website for your needs. Advertising cookies will allow us to provide advertisements on our websites that are as relevant to you as possible,
e.g. by selecting interest-based advertisements for you, or preventing the same advisement from constantly reappearing to you. You can find more information on the types of cookies we collect, what we use these for, and how
- As Cardiotrack relies on your personal data to provide products and services to you, you shall ensure that the information provided by you to us is at all times correct, accurate and complete. You shall update us in a timely manner
of all changes to the information provided to us.
- If any part of this website contains links to other websites, those sites may not operate under this PD Policy. You are advised to check the privacy statements on those websites to understand their policies on the collection, use,
transfer and disclosure of personal data.
Amendments To This PD Policy
- Cardiotrack reserves the right, at any time and without notice, to add to, change, update or modify this PD Policy, simply by notifying you of such change, update or modification. If we decide to change our personal data policy,
those changes will be notified on our website so that you are always aware of how and what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update
or modification will be effective as stated in the PD Policy.
- You have the right to access and request for the correction of your personal data and withdraw your consent given to us to collect, use or disclose your personal data. We may charge a fee for data access requests. You may access
your personal particulars via www.cardiotrack.io, if available. In all other cases, requests for withdrawal of consent, access and correction must be made via email to firstname.lastname@example.org
- Should you have any questions on any part of this PD Policy or would like additional information regarding Cardiotrack’s personal data practices, please do not hesitate to contact us via the contact channels set out above.