Zyla is committed to the highest standard of privacy and data security of its users. Zyla’s mission is to provide you with a platform that enables you to seek personalised and pertinent health advice, and support your doctor-patient relationship by making it more accessible, affordable and intelligent. In delivering this mission, Zyla understands that privacy and data security are very important, and Zyla is constantly working to make sure that Zyla offers you, as in other aspects of Zyla’s products, the highest standard of care.Zyla is in compliance with international safety measures that protects the unauthorised access and usage of data. All the data is processed and stored in accordance to:General Data Protection Regulation (GDPR)Health Insurance Portability and Accountability Act (HIPAA)The Information Technology Act 2000.
1. What Is "PROTECTED HEALTH INFORMATION"?
Your Protected health information (PHI) is individually identifiable health information, including demographic information, about your past, present or future physical or mental health or condition, health care services you receive, and past, present or future payment for your health care. Demographic information means information such as your name, social security number, address, and date of birth. PHI may be in oral, written or electronic form. Examples of PHI include your medical record, claims record, enrollment or disenrollment information, and communications between you and your health care provider about your care.
If your PHI is de-identified in accordance with HIPAA standards, it is no longer PHI.
2. What is Zyla’s Responsibility to protect your PHI?
Zyla has following duties towards your PHI:
- A. Protect the privacy of your PHI
- B. Inform you on your Rights and Duties towards PHI
- C. Notify you in case of breach towards PHI security
Zyla prioritizes these responsibilities and takes them seriously. Hence, we have all the safeguards and counter-measures in place to ensure the privacy of your PHI.
3. What information is collected from you?
In order to provide personalised and effective service, Zyla collects Personal and Non-Personal information (collectively referred to as "Information").
Zyla may collect "Personal Information" about you – such as your name, phone number, date of birth, gender, email address,images (profile picture etc.) and general health information (such as medical records, family history, diagnostic test reports, prescriptions (in pdf or image formats), lifestyle, or information contained in consult requests and chats).
Zyla may collect "Non-Personal Information" – information that cannot be used to identify you – via Cookies, Web Beacons, Zyla mobile device applications and from external sources, even if you have not registered with or provided any personal information to Zyla. Zyla may collect and process information about you resulting from your interactions with the website and/or mobile application and via any health or monitoring device you connect to the mobile application. Such non-personal information may include:
- 1. Technical information, including the address used to connect your device to the Internet, your login information, system and operating system type and version, time zone setting, operating system and platform, your location,
- 2. Master and transaction data and other data stored in your user account,
- 3. Information about your visit, including products and services you viewed or used; mobile application response times, interaction information (such as button presses, chat time stamps, response times, etc.) and any phone number used to contact Zyla customer support.
4. How Zyla collects information?
When you are using Zyla website and/or mobile application, Zyla may automatically collect information. Zyla may also collect information from you through phone, sms or email.
Zyla may receive information about you if you use any services or products that Zyla provides, or if you use any of Zyla affiliates or third parties to fulfil a request you have made via Zyla.
5. How information collected may be used?
Zyla may use information you provide to:
- Administer your account and provide you with access to particular tools, products and services personalised to you
- Share it with your doctor to give you accurate care
- Share it with your Zyla Care team to build and deliver your personalised program
- May disclose your information to validate your eligibility for and participation in the Services and Programs offered by Zyla (i.e., you meet the clinical enrolment criteria for the Services, which may identify those individuals at risk for certain chronic diseases or living with certain chronic diseases)
- Provide information to any member of Zyla, or affiliates,vendors, suppliers and sub-contractors of Zyla, reasonable or necessary in the provision of the products and services, including provision of your information to doctors you connect via Zyla, in anonymised form, on need to know basis, for required period of time only
- Provide information to Pharma Companies (Data Source) in case of any adverse reportings. The representative from such Company in case of adverse reporting may get in touch with you for query resolution and solutions
- Respond to your inquiries and send you administrative communications
- Obtain your feedback on Zyla services and offerings
- Review and enhance the quality of Zyla services and products, and improve your experience
- Make disclosures as required by or in compliance with reasonable requests by regulatory bodies including, or as otherwise required by law or regulation
- Send you personalised emails or secure electronic messages pertaining to your health interests, including news, announcements, reminders and opportunities, and provide you with more relevant content and advertisements
- Non-Personally Identifiable Information (Non-PII) - information which cannot be used to identify / trace an individual’s identity: Zyla may use your Non-Personally identifiable information without restriction for population health analytics, scientific publications, research and development of new products and services. Zyla may, for example, share Non-Personally identifiable information with the sponsors paying for your participation in the Services (e.g., reports containing data related to enrollment, engagement, retention, and outcomes to evidence overall program success metrics) and with third party administrators working with the sponsors to administer certain services to you (e.g., incentives vendors, wellness administrators, etc.). Again, Zyla shall never disclose aggregate information in a manner that would identify you personally.
- All information collected will be shared in anonymized form with Zyla’s affiliates and vendors on a need to know basis, for the limited purpose of record, reference and tracking in order to provide better services. The said information will be retained only until necessary.
- Administer Zyla service and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes
Zyla may combine personal and non-personal information collected by Zyla about you, and may combine this information with information from external sources. Third parties may also use non-personal information in order to display advertising that reflects the interests and preferences of Zyla user community.
6. How Zyla protects your information?
The security of your information is important to us. Zyla has adopted reasonable security practices and procedure to ensure the security of health information. Here are some of the security procedures that Zyla uses to protect your privacy:
- Requires both personal username (can be mobile number) and password (can be OTP) in order for users to access their personally identifiable information or personal health information.
- Uses firewalls to protect information held in Zyla secure servers.
- Utilizes Secure Socket Layer (SSL) encryption in transmitting personally identifiable information to Zyla servers.
- Backs-up Zyla systems to protect the integrity of your personally identifiable and personal health information.
- Does not store any credit or debit card information. Payments are processed via a third-party payment gateway provider that is fully compliant with Payment Card Industry (PCI) data security standards. All payment transactions are encrypted using SSL technology.
7. Will your information be shared and disclosed with others?
- helps us dynamically generate content on Web pages or in newsletters,
- allows us to statistically monitor how many people are using Zyla Website or mobile application and selected sponsors' sites,
- understand how many people open Zyla emails, and
- for what purposes these actions are being taken.
9. Links to other websites
The websites and mobile application may contain links to other third-party sites. The third-party sites are not under the control of Zyla. Please note that Zyla is not responsible for the privacy practices of such third-party sites. Zyla encourages you to be aware when you leave Zyla and to read the privacy policies of each and every third-party site that collects personal information. If you decide to access any of the third-party sites linked to Zyla, you do this entirely at your own risk. Any links to any partner of the websites is the responsibility of the linking party, and Zyla shall not be responsible for notification of any change in name or location of any information on the websites.
10. Rights of Users as Patient
A. Right to Access of PHIYou as a user have the Right to access the PHI data we store and use for treatment purposes associated with you. You can have the copy of PHI data being shared with you, for which a request has to be raised from your side in written mail to us on designated mail id provided. On receiving such a request, we shall ask you to complete the payment and provide us with your proof of identity for this process and after which we will complete our process and share with you the PHI stored with us corresponding to you.
B. Get your PHI CorrectedIn case you think, the PHI data corresponding to you, which is stored with Zyla may be incorrect or incomplete, for whatever reason, you can always ask us to get it corrected in written as prescribed over the mail id. After receiving your request, we will inform you within one month’s time period of the action being taken against your request. It is to be noted that, your request is eligible for acceptance and rejection both, subject to applicability of PHI with us, however, you will be notified for the reason of the action being taken.
C. Right to be ForgottenYou have the Right to ask Zyla for deletion of your PHI that we hold, where:
The request for the same has to be given in writing over the designated mail id only.
- a. We no longer have the need to use the PHI for the purpose it was obtained.
- b. We have processed your PHI in an unlawful manner.
- c. We no longer have your consent for processing your PHI, and this decision cannot be overridden by us.
Whatever be the action of your request, we will inform you within one month’s time period with the reason for the action being taken.
D. Right to Restrict data usageYou have the Right to ask Zyla, to not use your PHI in any specific manner as per your choice, in writing over designated mail id only. However, it has to be noted that consequence of such requests may cause hindrance in the treatment process and Zyla shall not be responsible for such conduct in any manner. Whatever be the action of your request, we will inform you within one month’s time period with the reason for the action being taken.
E. Right to Data PortabilityYou have the Right to ask for portability of your PHI or data stored with Zyla, to any other organisation or service provider of your choice for any reason. In order to exercise this Right, a written request has to be sent to Zyla over the designated mail id only. After receiving your request, we will process it and inform you within one month’s time period with the reason for the action being taken.
F. Right to ObjectYou have the Right to object or stop processing your data for marketing and commercial communications. Under this Right, you can opt-out from receiving updates and information sharing through any channel with you, Zyla would not bother you again. In order to exercise this Right, a written request has to be sent to Zyla over the designated mail id only. After receiving your request, we will process it and inform you within one month’s time period with the reason for the action being taken.
G. Right to be informed about PHI usage and sharingYou have the Right to be informed about the manner of usage of your corresponding PHI stored with us. If at any point of time you feel, the PHI was used for any purpose other than the original purpose for which it was obtained, you may ask Zyla, the extent of usage of your PHI and furthermore, may choose to exercise your other Rights as per your choice.
12. Dispute Resolution
In case of any dispute or difference, arising out of or in relation to (including interpretation thereof) the terms set out herein and/or pertaining to any transaction between the parties in consequence of the present agreement, the parties shall try to settle the same amicably, failing which the matter shall be referred to a Sole Arbitrator for arbitration under the Arbitration and Conciliation Act, 1996 and/or any statutory re-enactment or modification thereof, and the Sole Arbitrator shall be appointed by Zyla. The place of arbitration shall be New Delhi.
13. Contact Us
In case you want to make any request or exercise any right of yours or convey any message regarding data privacy or data breach, feel free to get in touch with the Data Protection Officer of Zyla at below mentioned details:
Data Protection Officer:
This Agreement shall be subject to laws of India and the jurisdiction of courts in New Delhi, India.