Version: 3.0

Updated On: 20 June 2022

Digital Health (Private) Limited, its subsidiaries and associates/affiliates (hereinafter collectively referred to as “Digital Health” “us” “we” or “our”) are committed to protecting the personal data of our customers, shareholders, business partners, visitors, employment candidates and employees and the personal data of individuals who work for, or act on behalf of our customers and/or business partners (collectively referred to as “data subject”) that has been provided to us.

In Digital Health, we take privacy seriously and all our activities are underpinned by our T.R.U.S.T principles of being Transparent, respecting your Rights, in our Use of your personal data, including robust cyber Security practices and taking due care when the Transfer of personal data is required.

When processing your personal data Digital Health will ensure that:

  • Your personal data will be processed lawfully and in a transparent manner so that you are aware of all processing activities connected with your personal data.
  • Your personal data will be collected by us only for the purposes listed out below and not further processed in a manner that is incompatible with those purposes.
  • We will only collect personal data that is limited to and required for the purposes listed out below and will not collect more personal data than is required.
  • Your personal data will be accurate and, where necessary, kept up to date.
  • Your personal data will be kept in a form which permits identification for no longer than is necessary for the purposes for which that personal data is processed.
  • Your personal data will be processed in a manner that ensures appropriate security of the personal data.

This privacy notice (“Privacy Notice”) explains:

  • What and how personal data is collected and further processed by us;
  • For what purposes it is collected and further processed by us;
  • Sources (if any) of personal data;
  • To whom personal data is disclosed; and
  • How to access and update your personal data and where to go for further information in respect of the personal data.

If you provide us with personal data of another individual, you hereby represent that you have obtained consent from that individual prior to providing their personal data to us. References to ‘your personal data’ in this Privacy Notice would include such individual’s personal data that you provide to us.

This Privacy Notice should be read together with the terms and conditions specific to the products and/or services you are availing yourself of. In the event of a discrepancy between this Notice and such specific terms and conditions, this Notice shall prevail to the extent of such discrepancy.

We may from time to time amend, modify, vary or update this Privacy Notice by posting the new Notice here and/or on our other platforms and you are bound by such modifications, variations or updates, should you continue to use our products and/or services.

PERSONAL DATA ABOUT CHILDREN

If you are under the age of 18, we take it that you have obtained the consent of your parent, guardian or person who has parental responsibility over you before sending us your personal data (for example, your name, address and email address etc.).

WHAT PERSONAL DATA DO WE COLLECT?

The types of personal data we collect or obtain may vary according to our relationship with you and may include the following:

A. For Customers

  • Contact information (such as name, address, email address and telephone number etc.);
  • Identification information (such as national identity card, passport, driver’s licence, date of birth, IP addresses, internet cookies etc.);
  • Demographic information (such as age, marital status, gender etc.);
  • Photographs, such as those that you may upload onto our platforms etc, for which we may need to access your camera;
  • Location information, which may include GPS location;
  • Product specific information (such as medicine to your doorstep, healthcare to your doorstep, lab reports at your fingertips etc) which may contain personal data;
  • Payment information (such as payment confirmation and billing information etc.);
  • Health information [such as information relating to the doctors, dentists, healthcare specialists, healthcare professionals, healthcare providers, or healthcare organizations etc. (collectively referred to as “healthcare providers”) you have visited, reasons for your visit, dates of your visit, your medical history, medicine prescriptions, lab test reports, documents required for this service which may include personal data, any audio or video files you may share to healthcare providers via our platforms, and your health information (blood group, BMI, allergies etc.) you choose to share with these healthcare providers.]. For this we may need to access your phone storage;
  • Information relating to our services that you have obtained (such as doctors and hospitals you have selected for channelling and the information stored in the Health Vault service);
  • Any footage captured or recorded by our surveillance camera (CCTV) system; and
  • Any recordings of calls placed by you to our customer care centres.

We may also, specifically for the purposes of providing you the services via the Doc990 mobile application, validate your WiFi connection strength and/or Bluetooth status.

B. For Shareholders

  • Contact information (such as name, address, email address and telephone number etc.);
  • Identification information (such as national identity card, passport, driver’s licence, birth certificate, date of birth etc.);
  • Demographic information (such as marital status, gender etc.);
  • Nationality and residency;
  • Bank account details (such as bank account number, bank branch and bank etc);
  • Details of beneficiary/next-of-kin;
  • Any footage captured or recorded by our surveillance camera (CCTV) system;
  • Any recordings of calls placed by you to us; and
  • Religious beliefs.

C. For Business Partners and Suppliers

  • Contact information (such as name, address, email address and telephone number etc.);
  • Identification information (such as national identity card, passport, driver’s licence, date of birth, IP addresses, internet cookies etc.);
  • Business information (such as name of organisation, name of the employer, job title, department, etc.); and
  • Any footage captured or recorded by our surveillance camera (CCTV) system.

D. For Visitors (to any of our Premises/Offices/Online Platforms)

  • Contact information (such as name, address, email address and telephone number etc.);
  • Identification information (such as national identity card, passport, driver’s licence, date of birth, IP addresses, internet cookies etc.);
  • Business information (such as name of organisation, name of the employer, job title, department, etc.);
  • Race;
  • Nationality;
  • Photographs; and
  • Any footage captured or recorded by our surveillance camera (CCTV) system.

E. For Employment Candidates and Employees

  • Contact information (such as name, address, telephone number, email address, etc.);
  • Identification information (such as national identity card, passport, driver’s licence, date of birth, IP addresses, internet cookies etc.);
  • Academic and professional information (such as educational and professional qualifications and licences etc.);
  • Employment history (such as previous job title, previous employer, referees etc.);
  • Biometrics;
  • Gender;
  • Race;
  • Nationality;
  • Age;
  • Emergency contact information (such as name, address, telephone number, e-mail address etc.);
  • Marital status;
  • Details of beneficiary/next-of-kin;
  • Financial information (such as direct deposit account etc.);
  • IT information (such as log files, software/hardware inventories, user activities etc.);
  • Photographs;
  • Any footage captured or recorded by our surveillance camera (CCTV) system;
  • Additional employment history (such as performance and disciplinary records, medical, hospitalisation and annual leave records, salary details etc);
  • Results of your health tests and medical reports, if any;
  • Philosophical and political views or affiliations;
  • Religious beliefs; and
  • Criminal record and police reports.

 

Additional Personal Data that We Collect

We may during times of a crisis such as a war, terrorism, riots, a natural disaster or a disease outbreak etc. collect:

  • Your health and physical condition;
  • The health condition of individuals in your household;
  • Results of your health tests and medical reports, if any;
  • Your body temperature;
  • Your location; and
  • Political views or affiliations.

 

WHEN DO WE COLLECT YOUR PERSONAL DATA?

We may collect or obtain your personal data:

A. For Customers

  • When you use our network, products and/or services (including through our call centres, dealers, and sales channels).
  • When you contact us or register for information relating to our network, products and/or services or for any other purposes.
  • When you communicate with us (such as via SMS, telephone calls, other digital channels, emails, questionnaires or surveys etc.).
  • When you use or interact with any of our digital applications, visit any of our websites or social media pages.
  • When you participate in any of our promotional events, incentives or loyalty programs.
  • When you visit any of our premises.
  • From external agencies.
  • From our internal database pursuant to your relationship with our group of companies, subsidiaries or associates/affiliates.
  • From our surveillance camera (CCTV) system.

B. For Shareholders

  • From our Share Register.
  • When you contact us to update your contact information and nominee details.
  • When you provide us with your identification document(s).
  • When you contact us to request any action relating to your shareholding, such as, issuance of duplicate share certificates, modification of share certificates, conducting of share transfers, updating of dividend mandate related information etc.
  • When you communicate with us (such as via SMS, telephone calls, other digital channels, emails etc.).
  • When you visit any of our premises.
  • From our surveillance camera (CCTV) system.

C. For Business Partners and Suppliers

  • When you use our network, products and/or services.
  • When you communicate with us (such as via SMS, telephone calls, other digital channels, emails, questionnaires or surveys etc.).
  • When you use or interact with any of our digital applications, visit any of our websites or social media pages.
  • When you visit any of our premises.
  • From external agencies.
  • From our internal database pursuant to your relationship with our group of companies, subsidiaries or associates/affiliates.
  • From our surveillance camera (CCTV) system.

D. For Visitors (to any of our Premises/Offices/Online Platforms)

  • When you complete our visitor log book or visitor entry form.
  • When you provide us with your identification document(s).
  • When you communicate with us (such as via SMS, telephone calls, other digital channels, emails, questionnaires or surveys etc.).
  • When you provide your host with information.
  • From our surveillance camera (CCTV) system.

E. For Employment Candidates and Employees

  • When you make an application to us.
  • When you communicate with us (such as via SMS, telephone calls, other digital channels, emails, questionnaires or surveys etc.).
  • From external agencies.
  • When you visit any of our premises.
  • From your referee.
  • From your previous employer(s).
  • From anyone with whom you may have or had a business relationship with.
  • From your or our recruiter, recruitment agency or recruitment website/platform.
  • From your health and physical advisor (such as a doctor or a dentist).
  • From our internal database pursuant to your relationship with our group of companies, subsidiaries or associates/affiliates.
  • From our surveillance camera (CCTV) system.

 

HOW DO WE USE YOUR PERSONAL DATA?

Your personal data may be used or processed for the purpose of:

A. For Customers

  • Providing you with our products and/or services that you have contracted for, and to access your personal data to provide you with these products or services.
  • Notifying you about benefits and changes to the features of our products and services.
  • Providing you with our latest offers, campaigns and promotions (where you subscribe to such updates).
  • Sending you service messages about your package subscription or account registration.
  • Compliance with laws and legal, contractual and/or regulatory obligations and protecting or exercising our legal, contractual and/or regulatory rights and remedies.
  • Sending you information via telephone calls, text messages or other digital channels, emails, etc. or social media about products and services offered by our group of companies, subsidiaries, associates/affiliates and selected third parties that we think may interest you. (You may unsubscribe from such messages).
  • Responding to complaints or account enquiries.
  • Administering debt recoveries.
  • Verifying your identity when required (you may misplace your password or security information for example, and we may then need to request for other personal data to protect your data from unauthorized access).
  • Undertaking market and product analysis based on your use of our products and/or services (achieved by analysing your service preferences) and for product and/or service enhancements and improvements.
  • Other legitimate purposes.

B. For Shareholders

  • Verifying your identity.
  • Execution of your request in relation to your shareholding, such as to update your contact information and nomination details, issue duplicate share certificates or modifying share certificates, registering of share transfers or share transmissions, issuing dividends, registering notices of nomination etc.
  • Compliance with laws and legal, contractual and/or regulatory obligations and protecting or exercising our legal, contractual and/or regulatory rights and remedies.
  • Other legitimate purposes.

C. For Business Partners and Suppliers

  • Business execution.
  • Organisation and management of the business.
  • Health, safety and security.
  • Compliance with laws and legal, contractual and/or regulatory obligations and protecting or exercising our legal, contractual and/or regulatory rights and remedies.
  • Protecting our assets and interests.
  • Other legitimate purposes.

D. For Visitors (to any of our Premises/Offices/Online Platforms)

  • Health, safety and security.
  • Compliance with laws and legal, contractual and/or regulatory obligations and protecting or exercising our legal, contractual and/or regulatory rights and remedies.
  • Other legitimate purposes.

E. For Employment Candidates

  • Identifying and evaluating candidates for potential employment, as well as for future roles that may become available.
  • Record keeping in relation to recruiting and hiring.
  • Conducting background checks.
  • Compliance with laws and legal, contractual and/or regulatory obligations and protecting or exercising our legal, contractual and/or regulatory rights and remedies.
  • Contacting you or your emergency contact in emergency situations where the health or safety of one or more individuals may be endangered.
  • Other legitimate purposes.

F. For Employees (in addition to the purposes set out for Employment Candidates above)

  • Career progression and personal development.
  • Administration and management of salary and employment benefits.
  • Short term and long-term incentive plans.
  • Employment and industrial relations disputes, including but not limited to litigation.
  • Corporate exercises undertaken by our group of companies, subsidiaries or associates/affiliates.
  • Management of performance.
  • Application of work and travel permits and immigration/emigration requirements.
  • Loans, insurance and medical purposes.
  • Disciplinary actions or terminations.
  • Ensuring health and safety.
  • Accounting, financial reporting and business planning.
  • Security monitoring.
  • Organizing team-building activities and other business-related events.
  • Internal or external investigations.
  • Research, salary surveys and for audit purpose.
  • Compliance with reasons stated in your contract of employment with us.
  • Any legal or regulatory request or demand.
  • Other legitimate purposes.

 

WHOM DO WE DISCLOSE YOUR PERSONAL DATA TO?

We may disclose your personal data:

A. For Customers

  • To our group of companies, subsidiaries and associates/affiliates.
  • To third parties when disclosure is necessary or reasonable to protect our rights, protect your security, investigate fraud or respond to a law enforcement request.
  • To our service providers, engineers, contractors, subcontractors or any other third-party performing work on our behalf or at our instruction.
  • To any public authority, governmental, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which we are subjected to or as permitted by applicable law.
  • To our business partners for our marketing activities, which you have consented to/not opted out of.
  • To third parties for credit checks and fraud management.
  • To any parties that act as our payment channels, including to validate your information, as and when required.
  • To third parties for carrying out analytics to understand how you use our products and/or services.
  • To third parties for research and development purposes.
  • To our dealers or agents.
  • If we are involved in a sale or business transaction (e.g., merger or acquisition), we will retain a legitimate interest in disclosing or transferring your personal data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring or target entity and its advisors.
  • To third parties for the purposes set out under “How do we use your personal data?”.

B. For Shareholders

  • To our group of companies, subsidiaries and associates/affiliates.
  • To any public authority, governmental, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which we are subjected to or as permitted by applicable law.
  • To banks for the purpose of issuing dividends.
  • If we are involved in a sale or business transaction (e.g., merger or acquisition), we will retain a legitimate interest in disclosing or transferring your personal data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring or target entity and its advisors.
  • To third parties for the purposes set out under “How do we use your personal data?”.

C. For Business Partners and Suppliers

  • To our group of companies, subsidiaries and associates/affiliates.
  • To our third-party agents, service providers, consultants, advisors, contractors and/or subcontractors.
  • To any public authority, governmental, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which we are subjected to or as permitted by applicable law.
  • If we are involved in a sale or business transaction (e.g., merger or acquisition), we will retain a legitimate interest in disclosing or transferring your personal data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring or target entity and its advisors.
  • To third parties for the purposes set out under “How do we use your personal data?”.

D. For Visitors (to any of our Premises/Offices/Online Platforms)

We do not routinely share or transfer your personal data with any external organizations or third parties. However, where and whenever we share or transfer your personal data, it shall be for the purposes set out under “How do we use your personal data?” and we shall do so in accordance with this Privacy Notice.

Further we will disclose your personal data if required by any public authority, governmental, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which we are subjected to or as permitted by applicable law.

E. For Employment Candidates and Employees

  • To our group of companies, subsidiaries and associates/affiliates.
  • To background verification providers.
  • To any public authority, governmental, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which we are subjected to or as permitted by applicable law.
  • To any other third-party organizations providing administration or other services.
  • To any third-party organizations involved in any corporate exercises undertaken by us or our group of companies, subsidiaries or associates/affiliates.
  • If we are involved in a sale or business transaction (e.g., merger or acquisition), we will retain a legitimate interest in disclosing or transferring your personal data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring or target entity and its advisors.
  • To third parties for the purposes set out under “How do we use your personal data?”.

We use reasonable efforts in accordance with industry best practices to ensure that the above-mentioned maintain the confidentiality and integrity of your personal data and are restricted from using your personal data for any unauthorised purpose.

In addition to the above, our service providers may, in the course of providing you the products and/or services, collect your personal data via other channels such as when you are redirected to their individual websites/mobile applications or platforms.

We strongly advise you to review the privacy notice of every such service provider. We have no control over and assume no responsibility for the content, privacy notices or practices of any service provider to the fullest extent permitted by the law.

TRANSFERS OF PERSONAL DATA

We may transfer your personal data across geographical borders to other entities. Where your personal data has been transferred to members of our group of companies, subsidiaries, associates/affiliates and/or to third parties located outside of Sri Lanka, the transfer of your personal data is carried out under organizational, contractual and legal measures and with reasonably adequate levels of protection implemented as well as any additional local legal requirements for the parties receiving this data in order to safeguard your personal data.

HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?

We may collect and store your personal data in electronic or physical form, depending on the requirement. Such personal data may be stored at our and third-party premises within IT Systems (e.g. external cloud storage, internal or third-party management systems, e-mails, databases, hard drives etc.), and physical warehouses etc.

We endeavour, where practicable, to process your personal data in a safe environment by preventing any unauthorized or unlawful processing of personal data or accidental disclosure, loss or destruction of, or damage to, such personal data. We have implemented various physical, technical and administrative security measures to protect your personal data and our network from unauthorized access. Some of these measures include:

  • encryption of personal data;
  • strict adherence to privacy and security practices;
  • periodic security assessment and reviews to upgrade our practices; and
  • restriction of access to such personal data to personnel who have a need to know such personal data.

The security of your personal data is important to us but remember that no method of transmission over the Internet, securing while processing, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We will retain your personal data only for as long as such data is necessary for the purposes it was collected for. The retention period for personal data may also be affected by the requirements of applicable laws or a legitimate business requirement. In all cases such personal data may be held for a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose).

Once personal data surpasses its retention period and if there is no valid reason to retain such personal data, the personal data will be securely disposed of.

WHAT ARE YOUR RIGHTS?

We respect your rights and privacy by taking steps to ensure that your personal data is accurate and up-to-date. Any inaccurate information that is brought to our attention shall be corrected within a reasonable period of time from the receipt of a written notification by you of the same sent to us via the below mentioned contact options. Any requested amendments may be subject to applicable laws and regulations.

We shall make available (to the extent possible) your personal data in our possession or control within a reasonable time at a reasonable cost.

You may request us to stop sending our communications to you by contacting us via the below mentioned contact details. These choices do not apply to the receipt of mandatory product or service communications that are considered as part of certain Digital Health products or services, which you may receive periodically, unless you cancel the subscription to our products or services.

CONSEQUENCES OF NOT PROVIDING YOUR PERSONAL DATA

We may require collection of certain personal data about you and failure to provide such information may:

  • Result in us being unable to process your application and/or provide you with our product and/or services.
  • Result in us being unable to respond to your requests on our products and/or services.
  • Limit or prevent access to certain features on our website, weblinks or digital platforms.
  • Result in us being unable to update you on the latest updates regarding any promotions, our services/products or launches.
  • Result in your inability to receive invitations to promotional activities organized by us.
  • Negatively affect our ability to communicate with you.
  • Result in us being unable to process your requests relating to your shareholding.
  • Result in us being unable to inform you of shareholder meetings and conduct direct remittance of dividends to your bank accounts.
  • Result in our inability to enter into a contract with you or a counter-party or continuing to contract with you or a counter-party.
  • Negatively impact your chances of being selected for any potential employment, engagement or internship.
  • Be in violation of any applicable law or regulation that requires us to collect such personal data.

 

BY SUBMITTING PERSONAL DATA TO US, YOU ACKNOWLEDGE THAT:

  • You have read and understood this Privacy Notice and agree and consent to the use, processing, disclosure and transfer of personal data as set out herein.
  • All information and representations provided by you are true and correct to the best of your knowledge, and you have not knowingly omitted any relevant information.

 

WHOM CAN YOU CONTACT FOR MORE INFORMATION?

If you have any questions or complaints about this Notice or about our privacy and information handling practices, kindly reach out to our Data Privacy Officer via the following methods:

  • Address: No. 57, Srimath Anagarika Dharmapala Mawatha, Colombo 03.
  • Telephone: +94 117990990
  • Email: privacy@doc.lk

 

UPDATES TO THE PRIVACY NOTICE

We reserve the right to amend, modify, vary or update this Privacy Notice, at our sole discretion from time to time, as and when the need arises. The most recently published Privacy Notice shall prevail over any of its previous versions and the version number and date will be updated accordingly. We have no obligation to inform you of any variations and you are encouraged to check this Privacy Notice from time to time to stay informed of any changes. You agree to adhere to the terms of the Privacy Notice including any variations.