Privacy Policy

Introduction

Welcome to MediShifaa, a healthcare service platform operated by Impose Tech (BD) Ltd. ("we," "us," or "our"). Your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at medishifaa.com (the "Website") and use our services.

By accessing or using MediShifaa, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please discontinue use of our Website immediately.

We are committed to protecting your personal data in compliance with applicable data protection laws in Bangladesh and international best practices.

1. Information We Collect

We collect various types of information to provide, maintain, and improve our services. The information we collect falls into the following categories:

1.1 Personal Information

When you register, book appointments, or use our services, we may collect personally identifiable information ("Personal Data"), including but not limited to:

• Identity Information: Full name, date of birth, gender, national ID number (NID)
• Contact Information: Email address, phone number, mailing address
• Account Credentials: Username, password (encrypted), and security questions
• Medical Information: Medical history, symptoms, prescriptions, diagnostic reports, and health records (for patients)
• Professional Information: BMDC registration number, qualifications, specialization, and practice details (for doctors)
• Payment Information: Billing address, payment method details (processed through secure third-party payment processors)
• Appointment Details: Booking history, consultation notes, and scheduling preferences

1.2 Usage and Technical Data

We automatically collect information about how you interact with our Website, including:

• Device Information: IP address, device type, operating system, browser type and version
• Usage Data: Pages visited, time spent on pages, click patterns, search queries
• Location Data: General geographic location based on IP address
• Log Data: Access times, error logs, referring URLs
• Cookies and Tracking Technologies: Session data, preferences, and authentication tokens

1.3 Information from Third Parties

We may receive information about you from:

• Healthcare providers who refer you to our platform
• Third-party authentication services (if you choose to use social login)
• Payment processors regarding transaction status
• Analytics and marketing service providers

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision and Management

• Creating and managing your user account
• Facilitating appointment booking and scheduling
• Processing consultations and medical services
• Maintaining electronic health records and prescription history
• Enabling communication between patients and healthcare providers
• Processing payments and issuing receipts

2.2 Communication and Notifications

• Sending appointment reminders and confirmations
• Notifying you of changes to our services or policies
• Providing customer support and responding to inquiries
• Sending important service updates and security alerts
• Delivering promotional content and health tips (with your consent)

2.3 Service Improvement and Analytics

• Analyzing usage patterns to improve user experience
• Conducting research and development for new features
• Monitoring and analyzing trends, usage, and activities
• Personalizing content and recommendations
• Testing new features and functionality

2.4 Security and Legal Compliance

• Detecting, preventing, and addressing fraud and security threats
• Troubleshooting technical issues and system errors
• Enforcing our Terms of Service and policies
• Complying with legal obligations and regulatory requirements
• Protecting the rights, property, and safety of our users and the public

3. Legal Basis for Processing (for applicable jurisdictions)

We process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your data for specific purposes
• Contractual Necessity: Processing is necessary to fulfill our service agreement with you
• Legal Obligation: We must process data to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement)
• Vital Interests: Processing is necessary to protect someone's life or health

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following circumstances:

4.1 With Healthcare Providers

Your health information is shared with doctors and medical professionals you consult through our platform to facilitate your treatment and care.

4.2 With Service Providers

We may share information with trusted third-party service providers who assist us in operating our Website, such as:

• Payment processors for secure transaction handling
• Cloud hosting and data storage providers
• Communication service providers (SMS, email)
• Analytics and performance monitoring services
• Customer support platforms

These third parties are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 For Legal Reasons

We may disclose your information when required by law or in response to:

• Valid legal processes (court orders, subpoenas, warrants)
• Government or regulatory authority requests
• Protection of our legal rights or those of others
• Prevention of fraud, security threats, or illegal activities
• Emergency situations involving health or safety risks

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

4.5 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing.

5. Data Security

The security of your personal information is critically important to us. We implement industry-standard security measures to protect your data, including:

• Encryption: All sensitive data is encrypted in transit (SSL/TLS) and at rest
• Access Controls: Strict authentication and authorization protocols limit data access to authorized personnel only
• Secure Infrastructure: Our systems are hosted on secure, monitored servers with regular security updates
• Regular Audits: We conduct periodic security assessments and vulnerability testing
• Data Minimization: We collect and retain only the information necessary for our services
• Employee Training: Our staff receives regular training on data protection and privacy practices
• Incident Response: We have procedures in place to respond quickly to security breaches

However, please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: Your account data is retained while your account remains active
• Medical Records: Health records are retained in accordance with medical record-keeping regulations and best practices (typically 5-10 years)
• Inactive Accounts: Accounts inactive for an extended period may be archived or deleted after notification
• Legal Requirements: Some data must be retained for tax, legal, or regulatory purposes
• Analytics Data: Aggregated, anonymized usage data may be retained indefinitely for research and improvement purposes

When your data is no longer needed, we will securely delete or anonymize it. You may request deletion of your data as described in Section 8 (Your Rights).

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Website.

What Are Cookies?

Cookies are small text files stored on your device that help us recognize you, remember your preferences, and improve our services.

Types of Cookies We Use:

• Essential Cookies: Required for the Website to function properly (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors use our Website
• Marketing Cookies: Track your activity for personalized advertising (with your consent)

Managing Cookies:

You can control and manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Website. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Delete cookies when you close your browser

8. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to certain processing activities (e.g., marketing)
• Right to Withdraw Consent: Withdraw previously given consent for data processing
• Right to Lodge a Complaint: File a complaint with a data protection authority

To exercise any of these rights, please contact us at privacy@medishifaa.com. We will respond to your request within 30 days.

9. Children's Privacy

Our services are not intended for individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from minors without appropriate consent.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal data from a minor without proper consent, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside of Bangladesh. By using our services, you consent to the transfer of your information to countries that may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by relevant authorities
• Ensuring the receiving country has adequate data protection laws
• Obtaining your explicit consent where required

11. Third-Party Links and Services

Our Website may contain links to third-party websites, plugins, or applications that are not operated by us. If you click on a third-party link, you will be directed to that third party's site.

We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. Accessing third-party resources is at your own risk.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make changes to this Privacy Policy:

• We will update the "Last Updated" date at the top of this page
• For material changes that significantly affect your privacy rights, we will provide prominent notice on our Website or send you an email notification
• We may require you to acknowledge or accept the updated policy before continuing to use our services

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Website after changes become effective constitutes your acceptance of the revised Privacy Policy.

13. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

• Investigate the breach promptly and take immediate steps to contain it
• Notify affected users within a reasonable timeframe as required by law
• Inform relevant authorities as legally mandated
• Provide information about the nature of the breach and steps taken to address it
• Offer guidance on protective measures you can take

14. Contact Us and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving privacy concerns promptly and will respond to all inquiries within 30 days. For urgent privacy matters, please mark your communication as "Urgent - Privacy Matter."

15. Compliance and Regulatory Information

MediShifaa is committed to complying with:

• Bangladesh's data protection and privacy laws
• Healthcare information privacy regulations
• International data protection standards and best practices
• Industry-specific security standards for healthcare data

We regularly review and update our privacy practices to ensure ongoing compliance with evolving legal requirements and industry standards.