Privacy Policy

Introduction

This Privacy Policy ("Policy") outlines how Indiem (hereinafter referred to as "the Company", "we", "us", or "our"), a company registered under the Companies Act, 2013, collects, uses, stores, discloses, and protects your personal information. The Company operates the website www.indiem.tech ("Website") and provides health insurance claim management services ("Services") to hospitals and patients across India.

All visitors and users of the Website are collectively referred to as "you", "your", or "Users". By visiting this Website or using our Services, you agree to be bound by the terms and conditions of this Privacy Policy and consent to our collection, use, and disclosure of your personal information in accordance with this Policy.

This Privacy Policy has been prepared in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPI Rules"), and the Information Technology (Intermediaries Guidelines) Rules, 2011, as amended from time to time.

If you do not agree with the terms of this Privacy Policy, please do not use or access our Website or Services.

1. Definitions

1.1 Personal Information

"Personal Information" means any information that relates to or identifies you and may include:

• First name, middle name, last name
• Contact information (phone numbers, email addresses, residential address)
• Date of birth, age, gender
• Identity proof details (Aadhaar, PAN, Voter ID, Passport, Driving License)
• Policyholder information
• Insurance policy details
• Hospital admission and treatment information
• Family member information
• Any other information provided by you

1.2 Sensitive Personal Data or Information (SPDI)

"Sensitive Personal Data or Information" means Personal Information which consists of information relating to:

• Password
• Financial information such as bank account, credit card, debit card, or other payment instrument details
• Physical, physiological, and mental health condition
• Medical records and history including prescriptions, test reports, diagnoses, treatment plans
• Sexual orientation
• Biometric information
• Any detail relating to the above clauses as provided to the Company for providing Services
• Any information received under the above clauses by the Company for processing, storing, or processing under lawful contract or otherwise

Note: Information freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 is not considered SPDI.

2. Scope and Applicability

This Privacy Policy applies to:

• All Users who visit, access, or use our Website
• Hospitals who register with us to avail our healthcare claim management services
• Patients who share their information with us directly or through hospitals for claim processing services
• All forms of Personal Information, whether collected or stored physically or electronically

3. Information We Collect

3.1 Information Provided by You

For Hospitals:

• Hospital name, registration details, and GST information
• Authorized representative's name, designation, contact details
• Hospital infrastructure and empanelment details
• Bank account information for payment processing
• TPA (Third Party Administrator) tie-ups and insurance company relationships
• Hospital MIS and billing system details

For Patients:

• Full name, age, gender, contact information
• Residential address
• Identity proof documents (Aadhaar, PAN, etc.)
• Insurance policy details (policy number, insurer name, sum insured, policy tenure)
• Medical history and current health conditions
• Hospital admission details and treatment information
• Prescription, diagnostic reports, and medical bills
• Bank account details for reimbursement claims
• Family member details (for dependent coverage)
• Claim history and status

3.2 Information Automatically Collected

We may automatically collect certain information when you visit our Website:

• Device information (device type, operating system, browser type)
• IP address and location data
• Website usage patterns and pages visited
• Time spent on pages
• Referring website information
• Cookies and similar tracking technologies (see Section 9)

3.3 Information from Third Parties

We may collect information from:

• Insurance companies and TPAs
• Hospitals and healthcare providers
• Diagnostic centers and laboratories
• Government databases and registries
• Credit information bureaus (with your consent, where applicable)
• Other publicly available sources

4. How We Use Your Information

4.1 Primary Purposes

For Hospital Services:

• Health claim cashless processing and pre-authorization approval
• Managing genuine cashless rejection claims
• Facilitating claim desk operations
• Hospital MIS and dashboard analytics
• Payment processing and reconciliation
• Compliance with regulatory requirements

For Patient Services:

• Health claim reimbursement processing
• Rejected claims recovery assistance
• Claims delay resolution
• Claim short-settlement recovery
• Document collection and verification
• Communication with insurance companies and TPAs on your behalf
• Providing claim status updates

4.2 Secondary Purposes

• To improve and customize our Services
• To send service-related notifications and updates
• To conduct data analysis and research for service improvement
• To detect, prevent, and protect against fraud and unauthorized activities
• To comply with legal obligations and respond to legal processes
• To enforce our Terms of Service
• To resolve disputes and troubleshoot problems
• To provide customer support
• To send promotional communications (with your consent)

5. Information Sharing and Disclosure

5.1 With Your Consent

We may share your Personal Information with third parties only with your express consent, which may be obtained at the time of collection or subsequently.

5.2 Service Providers and Partners

We may share your information with:

• Insurance Companies and TPAs: To process your claims, verify coverage, and facilitate approvals and payments.
• Hospitals and Healthcare Providers: To coordinate treatment, billing, and claim documentation.
• Diagnostic Centers and Laboratories: To obtain and verify medical reports and test results.
• Technology Service Providers: Including cloud storage providers, IT infrastructure providers, payment gateways, and communication service providers who assist in delivering our Services.
• Legal and Regulatory Authorities: When required by law, court order, or governmental request, or to protect our rights and safety.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your Personal Information may be transferred to the successor entity, provided such entity agrees to comply with this Privacy Policy.

5.4 Restrictions on Sharing

We will NOT:

• Sell your Personal Information to third parties for marketing purposes
• Share your SPDI without your explicit consent, except as required by law
• Use your information for purposes incompatible with those disclosed at collection

6. Data Retention

We will retain your Personal Information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Active user data: Duration of service relationship
• Claim-related information: Minimum 7 years from claim closure (as per regulatory requirements)
• Financial records: As per applicable tax and accounting laws
• Medical records: As per Indian Medical Council regulations and applicable laws

After the retention period expires, we will securely delete or anonymize your Personal Information in accordance with applicable data protection laws.

7. Data Security

7.1 Security Measures

We implement industry-standard security measures to protect your Personal Information:

• SSL/TLS encryption for data transmission
• Secure servers with firewall protection
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection and confidentiality
• Secure backup and disaster recovery procedures

7.2 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your login credentials
• Using strong passwords and changing them periodically
• Not sharing your account access with unauthorized persons
• Logging out after each session
• Notifying us immediately of any unauthorized access or security breach

7.3 Limitations

While we strive to protect your Personal Information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will take all reasonable measures to safeguard your information.

8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

• Access your Personal Information held by us
• Request correction of inaccurate or incomplete information
• Update your information through your account settings
• Request details of third parties with whom your information has been shared

To exercise these rights, contact us at: contact@indiem.tech / support@indiem.tech

8.2 Withdrawal of Consent

You may withdraw your consent for collection, use, or disclosure of your Personal Information at any time by notifying us in writing. However, please note that:

• Withdrawal may affect our ability to provide Services to you
• We may retain certain information as required by law or for legitimate business purposes
• Previous processing based on your consent remains lawful

8.3 Opt-Out Options

Marketing Communications: You may opt out of receiving promotional emails and SMS by:

• Clicking the "unsubscribe" link in emails
• Replying "STOP" to SMS messages
• Contacting us at contact@indiem.tech

Note: You cannot opt out of service-related communications necessary for providing our Services.

8.4 Data Portability

Upon request, we will provide your Personal Information in a structured, commonly used, and machine-readable format, subject to technical feasibility and legal requirements.

8.5 Right to Erasure

You may request deletion of your Personal Information. We will comply with such requests except where:

• Retention is required by law
• Information is necessary for legal claims or compliance
• Retention is necessary for fulfilling our contractual obligations

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device that help us improve your experience on our Website.

9.2 Types of Cookies We Use

• Essential Cookies: Required for Website functionality and security.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how visitors use our Website (using tools like Google Analytics).
• Marketing Cookies: Track your browsing behavior for personalized advertising (only with your consent).

9.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect Website functionality and your user experience.

10. Third-Party Links

Our Website may contain links to third-party websites and services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any Personal Information.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Information from minors. If you are under 18, please do not use our Services or provide any information without parental or guardian consent. If we learn that we have collected information from a minor without proper consent, we will promptly delete such information.

12. International Data Transfers

Your Personal Information is processed and stored within India. If you access our Services from outside India, you consent to the transfer of your information to India and processing in accordance with Indian laws.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy
• Post the revised Policy on our Website
• Notify you via email or prominent notice on our Website (for significant changes)

Your continued use of our Services after such modifications constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

14. Grievance Redressal

14.1 Grievance Officer

In accordance with the Information Technology Act, 2000 and the SPI Rules, we have appointed a Grievance Officer to address your concerns regarding privacy and data protection.

Grievance Officer Details:

• Name: Shashank Agnihotri
• Email: shashank.agnihotri@indiem.tech
• Phone: +91 9675124370
• Address: Office No – 101, First Floor, Plot No. A-61, Sector-16, Noida, UP-201301

14.2 Complaint Resolution Process

1. Submit your complaint in writing via email or post
2. We will acknowledge receipt within 10 working days
3. We aim to resolve complaints within one month from receipt
4. If your complaint cannot be resolved within this timeframe, we will inform you of the reasons and expected resolution time

14.3 Escalation

If you are not satisfied with our response, you may escalate your complaint to:

• The appropriate data protection authority
• The Cyber Appellate Tribunal under the Information Technology Act, 2000
• Consumer forums and courts as per applicable law

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Indiem
• Email: shashank.agnihotri@indiem.tech
• Phone: +91 9675124370
• Address: Office No – 101, First Floor, Plot No. A-61, Sector-16, Noida, UP-201301
• Website: www.indiem.tech

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in Noida, India.

17. Language

This Privacy Policy is executed in English. In case of any conflict between the English version and any translation, the English version shall prevail.