Aster DM Healthcare Limited and its subsidiaries (referred to as “we”, us”, “Aster”) is the author and publisher of the internet resource www.asterhospitals.in, www.rameshhospitals.com, www.asterwayanad.com, www.asterlabs.in & www.asterpharmacy.in, its sub domain’s (together referred to as “Websites”) on the world wide web as well as other software and applications provided by Aster, including but not limited to the mobile applications (referred to as “App”, and together with Websites referred to as “Services”). Aster provides the Services in partnership with its agents, affiliates, associates, representatives or other third parties (together referred to as “Partners”)

This privacy policy ("Privacy Policy") explains how we collect, use, share and protect personal information about the Users of the Services (jointly and severally referred to as “you” or “User” or “Users” in this Privacy Policy). We created this Privacy Policy to demonstrate our commitment to the protection of your privacy and your personal information. Your use of and access to the Services is subject to this Privacy Policy and our Terms of Use. Any capitalized term used but not defined in this Privacy Policy shall have the meaning attributed to it in our Terms of Use.

BY CONFIRMING THAT YOU ARE BOUND BY THIS PRIVACY POLICY (BY THE MEANS PROVIDED ON THIS WEBSITE OR APP), BY USING THE SERVICES OR BY OTHERWISE GIVING US YOUR INFORMATION, YOU AGREE TO THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY AND YOU HEREBY CONSENT TO OUR COLLECTION, USE AND SHARING OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. WE RESERVE THE RIGHT TO CHANGE, MODIFY, ADD OR DELETE PORTIONS OF THE TERMS OF THIS PRIVACY POLICY, AT OUR SOLE DISCRETION, AT ANY TIME. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY AT ANY TIME, DO NOT USE ANY OF THE SERVICES OR GIVE US ANY OF YOUR INFORMATION. IF YOU USE THE SERVICES ON BEHALF OF SOMEONE ELSE (SUCH AS YOUR CHILD) OR AN ENTITY, YOU REPRESENT THAT YOU ARE AUTHORISED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF.

WHY THIS PRIVACY POLICY?

This Privacy Policy is published in compliance with, inter alia: Section 43A of the Information Technology Act, 2000;

1. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); and
2. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.

This Privacy Policy states the following:

1. The type of information collected from the Users, including sensitive personal data or information;
2. The purpose, means and modes of usage of such information; and
3. How and to whom we will disclose such information.

COLLECTION OF PERSONAL INFORMATION

Generally, some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:

1. Contact data (such as your email address and phone number);
2. Demographic data (such as your gender, your date of birth and your pin code);
3. Data regarding your usage of the services and history of the appointments and other transactions made by or with you through the use of Services;
4. Health or medical data (such as your past medical history and conditions, diagnostic reports, prescriptions and medication history)
5. Insurance data (such as your insurance carrier and insurance plan); and
6. Other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters, your work details, your family details)

The information collected from you by Aster may constitute ‘personal information’ or ‘sensitive personal data or information’ under the SPI Rules. Personal information is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

The SPI Rules further define “sensitive personal data or information” of a person to

mean personal information about that person relating to:

1. passwords;
2. financial information such as bank accounts, credit and debit card details or other payment instrument details;
3. physical, physiological and mental health condition;
4. sexual orientation;
5. medical records and history;
6. biometric information;
7. information received by body corporate under lawful contract or otherwise;
8. visitor details as provided at the time of registration or thereafter; and
9. Call data records

Information that is freely available in the public domain or accessible under the Right to Information Act, 2005 or any other law will not be regarded as personal information or sensitive personal data or information.

PRIVACY STATEMENTS

1. A condition of each User’s use of and access to the Services is their acceptance of the Terms of Use, which also involves acceptance of the terms of this Privacy Policy. Any User that does not agree with any provisions of the same has the option to discontinue the Services provided by Aster immediately.
2. All the information provided to us by a User, including sensitive personal information, is voluntary. You understand that Aster, either itself or with its Partners, may use certain information of yours, which has been designated as ‘sensitive personal data or information’ under the SPI Rules, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non- personally identifiable form for research, statistical analysis and business intelligence purposes, for (c) for sale or transfer of such research, statistical or intelligence data in an aggregated or non-personally identifiable form to our Partners. Aster also reserves the right to use information provided by or about the User for the following purposes:
   1. Contacting Users for offering new products or services.
3. Contacting Users for taking product and Service feedback.

Analyzing software usage patterns for improving product design and utility.

1. Analyzing anonymized information for commercial use.

You hereby consent to such use of such information by Aster and our Partner

1. Collection of information which has been designated as ‘sensitive personal data or information’ under the SPI Rules requires your express consent. By affirming your assent to this Privacy Policy, you provide your consent to such collection as required under applicable law. Our Services may be unavailable to you in the event such consent is not given.
2. Users’ personally identifiable information, which they choose to provide on the Website or App is used to help the Users describe/identify themselves. Other information that does not personally identify the Users as an individual, is collected by Aster or our Partners from Users (such as, patterns of utilization described above) and is exclusively owned by Aster or its partners. We or our Partners may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties. In particular, we and our Partners reserve with us the right to use anonymized User demographics information and anonymized User health information for the following purposes:

Analyzing software usage patterns for improving product design and utility.

Analyzing such information for research and development of new technologies.

1. Using analysis of such information in other commercial product offerings of Aster or our Partners.
2. Sharing analysis of such information with third parties for commercial use.

1. You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on your profile information page on the Websites or App or by contacting us at [email protected] We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Aster has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Aster may, at its sole discretion, discontinue the provision of the Services to you.
2. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us  through [email protected]. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymized and aggregated, and then may be held by us or our Partners as long as necessary for us to provide our Services effectively or improve the Services, but our use of the anonymized data will be solely for analytic purposes.
3. Aster may require the User to pay with a credit card, debit card, net banking or other online payment mechanisms for Services for which an amount(s) is/are payable. Aster will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process offered by a third-party payment gateway. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.
4. Due to the communications standards on the Internet, when a User or anyone who visits the Website, we automatically receive the URL of the site from which anyone visits. We also receive the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web),

User’s computer/ device operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyze overall trends to help Aster improve its Service. The linkage between User’s IP address and User’s personally identifiable information may be available to us or our Partners but is not shared with other third parties. Notwithstanding the above, we may share some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow our business.

1. The Website may use cookies to store certain data (that is not sensitive personal data or information) that is used by us and our partners for the technical administration of the Website, App, research and development, and for User administration. In the course of serving advertisements or optimizing services to its Users, Aster may allow authorized third parties to place or recognize a unique cookie on the User’s browser. The cookies however, do not store any personal information of the User.
2. In order to have access to all the features and benefits on our Website or App, a User must first create an account on our Website or App. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is personal information allowing others, including Aster, to identify the User: name, User ID, email address, address, date of birth, gender, phone number and password chosen by the User. Other optional information may be requested on the registration page. We may, in future, include other optional requests for information from the User to help us to customize the Services to deliver personalized information to the User. However, we assume your consent in relation to various matters, once you complete the registration process.
3. This Privacy Policy applies to Websites, App and Services that are owned and operated by Aster. We do not exercise control over the sites that may be displayed as search results or links from within the Services. These other sites may place their own cookies or other files on the Users’ computer, collect data or solicit personal information from the Users, for which Aster is not responsible or liable. Accordingly, Aster does not make any representations concerning the privacy practices or policies of such third parties or terms of use of such websites, nor does Aster guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion of such other sites does not imply any endorsement by Aster of the website, the website's provider, or the information on the website. If you decide to visit a third-party website linked to the Aster Website, you do this entirely at your own risk. Aster encourages the User to read the privacy policies of that website.
4. The Services may enable a User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Aster hereby expressly disclaims any liability for any reliance or misuse

of such information that is made available by Users or visitors in such a manner.

1. Aster may periodically ask users to complete surveys asking about their experiences with features of the Websites, App and Services. Our surveys may ask visitors for demographic information such as age, gender, and education. We use survey information for evaluation and quality improvement purposes, including helping Aster to improve information and services offered. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.
2. Comments or questions sent to us using email or secure messaging forms will be shared with our employees and health care professionals who are most able to address the comment or question. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. Some of our services such as our automated appointment selection and prescription refill for Aster generated prescriptions interact directly with other Aster data systems. Data about your transaction may be stored in these systems, and available to people who test and support these systems. When you use a service on the Websites or the App to interact directly with Aster health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.
3. Our Websites and the App may include social media Features, such as the Facebook button. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Your interactions with these Features are governed by the privacy statement of the company providing them.
4. If you are using the Websites or App, with your permission, we will use the geo-location feature of your mobile device or same or similar feature of the device you are using to access the Websites. When you download and use the App, we automatically collect information on the type of device you use, operating system version, and the device identifier. Aster and our Partners do not share your location information with other any third party. You may opt out of location-based services on your mobile phone by changing the relevant/ applicable setting at your device level.
5. Aster does not collect information about the visitors of the Website from other sources, such as public records or bodies, or private organisations, save and except for the purposes of registration of the Users (the collection, storage and disclosure of which each User must agree to under the terms of use in order for Aster to effectively render the Services).
6. Aster has implemented best standard industry practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User’s electronic devices

through which the User avails the Services, Aster or its Partners shall not be held liable for any loss whatsoever incurred by the User.

1. Aster ensures it and its partners implement reasonable security practices and procedures that are commensurate with respect to the information being collected and the nature of Aster’s business. The reasonable security practices and procedures implemented by us include but are not limited to: encrypting data when it is on the move using industry standard practices, regularly changing production keys and password, secure access to all production servers, performing regular security updates on our servers and more.
2. Aster takes your right to privacy very seriously and other than as specifically stated in this privacy Policy, will only disclose your personal information in the event it is required to do so by law, rule, regulation, law enforcement agency, governmental official, legal authority or similar requirements or when Aster, in its sole discretion, deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply the Terms of Use.
3. Aster may also disclose or transfer End-Users’ personal and other information a User provides, to a third party as part of reorganization or a sale of the assets of a Aster division or company. Any third party to which Aster transfers or sells its assets to will have the right to continue to use the personal and other information that Users provide to us, in accordance with the Terms of Use.
4. To the extent necessary to provide Users with the Services, Aster may provide their personal information to third party contractors who work on behalf of or with Aster to provide Users with such Services, to help Aster communicate with Users or to maintain the Website or App. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Website, including the providers of online communications services, will have rights to use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies.

CASUAL VISITORS NOTE:

1. No sensitive personal data or information is automatically collected by Aster from any casual visitors of this website, who are merely perusing the site.
2. Nevertheless, certain provisions of this Privacy Policy are applicable to even such casual visitors, and such casual visitors are also required to read and understand the privacy statements set out herein, failing which they are required to leave the Website immediately.
3. If you, as a casual visitor, have browsed any page of this Website prior to reading the privacy statements set out herein, and you do not agree with them, normally quitting the browser should ordinarily clear any temporary cookies installed by Aster. We, however, encourage you to use the “clear cookies” functionality of your browsers to ensure such clearing / deletion, as Aster cannot guarantee, predict or provide for the behaviour of the equipment of all the visitors of the Website.
4. You are not a casual visitor if you have willingly submitted any personal data or information to Aster through any means, including email, post or through the registration process on the Website or App. All such visitors will be deemed to be, and will be treated as, Users for the purposes of this Privacy Policy, and in which case, all the statements in this Privacy Policy apply to such persons.

CONFIDENTIALITY AND SECURITY

1. Your Personal Information is maintained by Aster in electronic form on its or its employees and Partners equipment. Such information may also be converted to physical form from time to time. We take necessary precautions to protect your personal information both online and off-line and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Aster’s business.
2. No administrator at Aster will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer and your mobile phone or device. Be sure to log off from the Website when finished. Aster and its Partners do not undertake any liability for any unauthorized use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify Aster by sending an email to [email protected]. You shall be liable to indemnify Aster, its employees and Partners due to any loss suffered by them due to such unauthorized use of your account and password.
3. Aster makes all User information accessible to its employees only on a need-to- know basis.
4. Part of the functionality of the Services is assisting the patients, customers and other stakeholders (like doctors, labs, pharmacies, customer care executives and others) to access information relating to them. Aster may, therefore, retain and submit all such records to the relevant patients, their doctors or other stakeholders.
5. Notwithstanding the above, Aster is not responsible for the confidentiality, security or distribution of your personal information by our Partners and third parties outside the scope of our agreement with such Partners and third parties. Further, Aster and its Partners shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Aster and its Partners including, acts of government, computer / website hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.

CHANGE TO PRIVACY POLICY

Aster may update this Privacy Policy at any time, with or without advance notice. In the event there are significant changes in the way Aster treats User’s personally

identifiable information, or in the Privacy Policy itself, Aster will display a notice on the Website or send Users an email, as provided for above, so that you may review the changed terms prior to continuing to use the Services. If you object to any of the changes to our terms, and you no longer wish to use the Services, you may contact [email protected] to deactivate your account. Unless stated otherwise, Aster’s current Privacy Policy applies to all information that Aster has about You and Your account.

If a User uses the Services or accesses the Website or uses the App after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.

CHILDREN'S AND MINOR'S PRIVACY

Aster strongly encourages parents and guardians to supervise the online activities of their minor children and consider using parental control tools available from online services and software manufacturers to help provide a child-friendly online environment. These tools also can prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although the Aster Website, App and Services are not intended for use by minors, Aster respects the privacy of minors who may inadvertently use the internet or the mobile application.

CONSENT TO THIS POLICY

You acknowledge that this Privacy Policy is a part of the Terms of Use of the Website and the other Services, and you unconditionally agree that becoming a User of the Website, the App and its Services signifies your assent to this Privacy Policy. Your visit to the Website, use of the App and use of the Services is subject to this Privacy Policy and the Terms of Use.

ADDRESS FOR PRIVACY QUESTIONS

Should you have questions about this Privacy Policy or Aster's information collection, use and disclosure practices, you may contact us at [email protected]. We will use reasonable efforts to respond promptly to any requests, questions or concerns, which you may have regarding our use of your personal information.

If you have any grievance with respect to our use of your information, you may communicate such grievance to:

The Grievance Officer,

Aster DM Healthcare Limited

No 1785, 1st Floor, 19th Main Road, Sector 1, Agara Extension, HSR Layout, Bengaluru, 56010 [email protected]