Privacy Policy

1. Introduction and Scope

This Master Privacy Policy describes how Zylife Smartcare Private Limited (referred to as “Zylife Smartcare,” “we,” “our,” or “us”), along with its group entities and affiliates, collects, uses, shares, protects, or otherwise processes your information/personal data. This policy applies to all platforms and services owned and operated by Zylife Smartcare.

  • Platform Owner Details: Zylife Smartcare Private Limited, a company incorporated under the Companies Act, 1956, with its registered office at 29/2, First Floor, Savitri Nagar, New Delhi – 110017.
  • Applicable Platforms: This policy governs all products and services offered by Zylife Smartcare, including but not limited to, the corporate website (zylifesmartcare.com) and all subsidiary Platforms such as app.sodium.care, sodium.care, getaktiv.life, zylifedigital, pilotai.in, and their related mobile sites and applications (collectively, the “Platforms”).

2. Governing Law and Jurisdiction

  • This electronic record is generated in terms of the Information Technology Act, 2000, and rules thereunder, including the provisions pertaining to electronic records.
  • All disputes arising out of or in connection with these terms shall be governed by and construed in accordance with the laws of India and shall be subject to the exclusive jurisdiction of the courts in New Delhi and Delhi.

3. Key Definitions

For the purpose of this Master Policy:

  • “Personal Data” (PD): Means any data that relates to a Data Principal (individual) and allows identification of that individual.
  • “Sensitive Personal Data or Information” (SPDI): In a healthcare context, this includes, but is not limited to, financial data, health data (e.g., symptoms, diagnosis, test results, prescriptions), biometric data, and genetic information. The collection and use of SPDI require heightened security and explicit consent.
  • “Data Fiduciary”: Zylife Smartcare, which determines the purpose and means of processing personal data.
  • “Data Principal”: The individual whose personal data is being processed (i.e., you, the user).

4. What Information We Collect

We collect information necessary for the provision and improvement of our specific products/services.

Category of Data

Examples of Data Collected

Purpose of Collection

Identity Data

Name, date of birth, gender, email address, phone number, physical address.

Account creation, identity verification, communication, and service delivery.

Health Data (SPDI)

Medical records, clinical notes, diagnosis, prescriptions, consultation logs (video/audio/chat), and wearable device data.

To provide medical consultation, treatment, and personalized health management services (e.g., through sodium.care). Requires specific and informed consent.

Financial Data (SPDI)

Transaction history, service purchase details, and other payment-related information (excluding full credit/debit card numbers as they are handled by third-party Payment Gateways).

For processing transactions, invoicing, managing subscriptions, and processing refunds.

Technical/Usage Data

IP address, device type, operating system, browser type, website pages visited, features used, and time spent.

System administration, preventing fraud, improving platform functionality, and gathering statistical data.

5. How We Collect and Use Your Personal Data

 

We collect and process your Personal Data and SPDI only for specified, clear, and lawful purposes.

  1. To Provide and Maintain Services: To deliver the specific features of our Platforms (e.g., booking a doctor on sodium.care, tracking progress on getaktiv.life).
  2. To Process Payments: To complete transactions and manage subscriptions, which involves sharing necessary financial details with secure, PCI-DSS compliant payment processors (see Section 7).
  3. For Research and Improvement: To analyze data for product improvement, R&D, and the development of our AI/ML services (like pilotai.in). Any use of Health Data for R&D will be done using anonymized or pseudonymized data wherever possible.
  4. For Communication: To send transactional alerts, service-related updates, and marketing communications, subject to your explicit opt-in choice.
  5. To Comply with Legal Obligations: To respond to lawful requests from government agencies, law enforcement, or as required by Indian laws, including the IT Act and applicable health regulations.

6. Consent Requirements

We adhere to the highest standards of consent, particularly for SPDI:

  • Valid Consent: Consent must be free, specific, informed, unconditional, and unambiguous with a clear affirmative action.
  • Notice: Every request for consent will be accompanied by a notice informing you of the specific data being collected, the exact purpose of processing, and the manner in which you can withdraw consent and exercise your rights.
  • Granular Consent: For products that handle highly sensitive data, we may request separate consent for different processing activities (e.g., consent for treatment vs. consent for anonymized research).
  • Withdrawal of Consent: You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred based on consent before its withdrawal.

7. Disclosure and Sharing of Your Personal Data

We do not sell your personal data, especially Health Data. We only share it for the purposes described below, ensuring all third parties are under contractual obligation to maintain confidentiality and security.

  • Affiliates and Group Entities: We may share data among Zylife Smartcare group companies (e.g., Zylife Digital) for internal reporting, product development, and administrative purposes.
  • Third-Party Service Providers (Data Processors): We use vendors for payment processing, data storage (cloud services), data analytics, and marketing services. These vendors are only provided with the minimum data necessary to perform their services.
  • Payment Gateway Integration (Crucial for your query):
  • All financial transactions are processed by PCI DSS compliant payment gateways (e.g., Razorpay, PayU, etc.).
  • Zylife Smartcare does not store your full payment card details (like full card number or CVV). This highly sensitive information is handled directly by the Payment Gateway, which uses industry-standard encryption and security practices.
  • Legal Compliance: Sharing data with law enforcement or regulatory bodies in response to a court order, legal process, or to establish or defend our legal rights.
  • Corporate Restructuring: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, and we will notify you and ensure they adhere to this Privacy Policy.

8. Data Security and Retention

  • Security Measures: We use advanced technical and organizational measures, including encryption, access control, and multi-factor authentication, to protect your data from unauthorized access, disclosure, or breach. Access to internal data servers is limited to specialist, authorized personnel.
  • Breach Notification: We maintain an incident response plan and will notify you and the relevant regulatory authorities promptly in the event of a significant data breach, as required by law.
  • Data Retention: We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For instance, patient records are often required to be preserved for specific durations under health regulations. Once the purpose is no longer served, we cease to retain the data or take steps to anonymize/erase it.

9. Your Rights as a Data Principal

You have the following rights regarding your Personal Data:

  • Right to Access and Confirmation: The right to know whether your data is being processed and to access a summary of the data we hold.
  • Right to Correction/Rectification: The right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (‘Right to be Forgotten’): The right to request the deletion of your Personal Data, subject to our legal and regulatory retention obligations.
  • Right of Grievance Redressal: The right to have a readily available mechanism to address your concerns.

10. Grievance Redressal Mechanism

If you have any questions or grievances regarding the processing of your personal data, you may contact our Grievance Officer:

  • Address: 29/2, First Floor, Savitri Nagar, New Delhi – 110017
  • Email: hello@zylifesmartcare.com

The Grievance Officer will acknowledge your complaint within 24 hours and redress it within one month from the date of receipt.