1. COMMITMENT TO PRIVACY
Aostaf Industries Limited (hereinafter referred to “we”, “us” and “Aostaf”), are bound by the data privacy principles, contained in the Information Technology Act, 2000 read with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. We are also bound by various other legislations some of which are the Constitution of India, Indian Penal Code 1860, Contract Act 1872 which outlines the right of privacy of every individual and the consequences of its breach (India Privacy Laws). The object of the India Privacy Laws is to protect the confidentiality of “sensitive personal data or information” and the privacy of individuals by regulating the way in which such sensitive personal information is managed.
Broadly, “personal information” means information or an opinion about an identified individual or from which an individual can be reasonably identified. ‘’Sensitive Personal Information means such personal information which consists of information relating to:
(1) Password; (2) Financial information such as bank accounts; (3) Physical, physiological and mental health condition; (4) Sexual orientation; (5) Medical records and history; (6) Biometric information; (7) Any detail relating to the above provided to any body corporate for providing service or received by the body corporate for processing, stored or processed under lawful contractor otherwise.
Sensitive Personal Information does not include any information, which is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force.
Sensitive Personal Information includes “health information”, which refers to information regarding an individual’s physical or mental health or a health service provided to an individual. We refer to such personal information and health information in this Policy collectively as “Sensitive Personal Information”.
Aostaf Group is committed to protecting the Sensitive Personal Information it collects and regularly monitors its systems and procedures to ensure compliance with the India Privacy Principles and this Policy. This Policy has been framed to ensure that reasonable security practices have been put in place to protect Sensitive Personal Information from unauthorized access, damage, use, modification, disclosure or impairment. This Policy outlines the way in which Aostaf deals with the Sensitive Personal Information it collects and uses in India. Aostaf complies with all applicable data privacy laws in India.
Aostaf collects Personal Information that is reasonably necessary for or directly related to our functions and activities as a provider of medicare products with your valid consent. In some cases, we are required to collect Sensitive Personal Information in order to comply with our obligations such as responding to safety concerns about our products.
Aostaf may collect Personal Information or Sensitive Personal Information about you through our interactions with you. Where Aostaf collects Sensitive Personal Information from or about you, we will inform you about the purpose and use of the collected information, the intended recipients of such information and if it is collected or transferred by/ to third parties the name and address of such third party collecting and retaining the information.
The Personal Information we collect may include:
▪ Your name
▪ Your address
▪ Your date of birth
▪ Your email address
▪ Your phone number
Personal Information and/ or Sensitive Personal Information may be collected by Aostaf in the course of:
▪ If you are a patient or healthcare professional, providing technical assistance about our products or services;
▪ Responding to product complaints; and
▪ Participation in Aostaf
sponsored programs, including educational programs and research grants Aostaf will prior to collection of your Sensitive Personal Information provide you an option to not provide the information sought to be collected. You will also have an option to withdraw your consent (in writing), which you may have earlier granted to Aostaf.
3. USE AND DISCLOSURE
Aostaf will collect and use your Personal Information, with your consent, for the purpose for which it is collected:
▪ In the course of the sale, distribution or provision of medicare products that we are providing;
▪ In the course of supporting healthcare professional in ongoing care, if you are a patient
▪ Compliance with regulatory requirements, such as maintaining a record of product queries, complaints, adverse events and recalls relating to our products.
4. TRANSFER OF DATA TO THIRD PARTIES
Aostaf will not sell or publish your Sensitive Personal Information to any third party for any purpose. In the event, Sensitive Personal Information is transferred to third parties in connection with our business operations or if it is necessary for the purpose of performance of a lawful contract, such transfer will only happen if you have consented to the transfer and only when such third parties have ensured that reasonable security procedures are in place for protection of such Sensitive Personal Information.
All such third parties are required by Aostaf to process the Sensitive Personal Information disclosed to them only for the purposes expressly authorized by Aostaf and are required by Aostaf to meet our standards of data protection and comply with the safeguards under India Privacy Laws.
5. DATA SECURITY
Aostaf has put in place reasonable security procedures and safeguards to protect Sensitive Personal Information we hold from misuse, loss, unauthorized access, modification or disclosure. Aostaf holds the Personal and Sensitive Personal Information you provide to us in an electronic form on computer servers, which are password protected for limited access and are located in controlled facilities. However, Aostaf may also hold Personal and Sensitive Information in physical form, such as in paper hard copies. While Aostaf cannot guarantee against any loss, misuse or alteration to data, we take reasonable steps to prevent such occurrences.
Access to the Personal and Sensitive Information is restricted to those employees who need to use the data, who have been trained to handle such data properly and observe strict standards of confidentiality.
Aostaf destroys or permanently de-identifies Personal and Sensitive Information that we no longer need, where permitted.
6. ACCESS, CORRECTION, AND COMPLAINTS
You have the right, in most cases, to access your Personal and Sensitive Personal Information at any time. Aostaf takes reasonable steps to ensure that any information we hold about you is up-to-date, accurate and complete. If you wish to access or correct Personal Information we hold, or you have any questions about this Policy, please contact Aostaf’s Management at firstname.lastname@example.org, setting out a full description of the request.
If you have a complaint about how we have handled your personal information or consider that we may have breached our obligations under the APPs, please write to our management at email@example.com.
We will respond to your complain within a reasonable period, usually within 3 to 4 working days.
7. RETENTION OF YOUR PERSONAL AND SENSITIVE PERSONAL INFORMATION
Aostaf will retain your Personal Information and Sensitive Personal Information no longer than it is required for the purposes for which the information may lawfully be used or is otherwise required under any law in force. In many cases Personal Information and Sensitive Personal Information must be kept for considerable periods of time in order to make it available as and when questions or disputes arise. Retention periods will be determined for each information that is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity.