Privacy Policy

Regulations on the protection of personal data of users of the Dentlap service

General provisions

This Regulation on the protection of personal data of users (hereinafter referred to as "Regulation") is a local regulatory act of Dentlap Company, defines the policy, procedure and conditions for processing personal data of users of websites "Dentlap.in " and "Dentlap.com " and "Dentlap" applications for mobile devices running iOS and Android.

The following terms used in this document have the following meanings:

"Operator" means Dentlap company;
"User" means an individual intending to use and/or using the Service;
«Personal data" means any information required by the Operator in connection with the use of the Service by Users and related to a specific User;
Processing of User's personal data means any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data of a certain User;
"Service" means the website "Dentlap.in " or "Dentlap.com ", as well as the application for mobile devices "Dentlap" for iOS and Android.
"Partner" means an organization or individual entrepreneur, information about which is posted in the Service. Medical services offered by Partners for purchase using the Service are subject to provision exclusively by Partners who have valid licenses to carry out medical activities.

This Regulation regulates the procedure for obtaining, processing, systematization, storage, use, transfer and disclosure of personal data of Users and fully applies to all Users.

The principles of processing personal data of Users include, among other things:

legality of the purposes and methods of personal data processing, integrity and fairness in the Operator's activities;
the reliability of personal data, their sufficiency for processing purposes, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of personal data processing. The operator takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data;
storing personal data in a form that allows you to identify the subject of personal data, no longer than the purposes of personal data processing require.

All issues related to the processing of personal data that are not regulated by this Regulation are resolved in accordance with the current legislation of India in the field of personal data.

Processing of personal data of Users

Users' personal data is processed for the purposes of making an appointment with a doctor through the Service, contacting the Operator's user support center (call center), providing support when using the Service, sending advertising and marketing materials, improving the Service, receiving feedback and suggestions on the Service.

When making an appointment with a doctor through the Service, the User can provide the Operator with the following personal data: surname, first name, patronymic, phone, email address, gender, age, information about the intention to see a doctor. The User confirms that the personal data is complete, accurate and up-to-date and is provided personally by the User or his legal representative.

The User has the right not to provide the Operator's employees or the Operator's call center with any additional information or information when making an appointment with a doctor using the Service, including information about the User's health status. When using mobile applications as part of the Service, the User provides additional information of his choice, if necessary to implement the functionality of the applications.

The Operator does not collect or process users' personal data concerning the health status and intimate life of Users. Such data is provided by Users directly and only to doctors or medical organizations, including Partners, who are required to respect their confidentiality in accordance with the applicable laws of India.

When using the Service, Users provide the Operator with consent to the processing of their personal data by accepting the terms of the consent text posted in the Service.

The Operator, at its own expense and in accordance with the procedure provided for by the legislation of the Russian Federation, ensures the protection of Users' personal data from loss, unlawful and/or unauthorized access to them.

The User may use certain functions of the Service intended for the provision of medical and other services by Partners to patients with suspected COVID-19 or patients with diagnosed COVID-19, namely:

Downloading and recognition of test results on COVID-19. When using this function, the Partners process the following data set: date of analysis, full name, date of birth, age, gender, name of the medical organization, name of the laboratory study, the biological material under study, the parameters of the study, the results of the study. The information is used exclusively to provide the User with information about laboratory studies performed in the interests of the User;

Downloading and processing information about vaccinations, including vaccination against COVID-19. When using this function, Partners process the following data set: full name, date of birth, age, gender, name of the vaccine, date of vaccination. The information is used exclusively to provide the User with information about vaccinations carried out by the User;

Monitoring of the health status of Users with diagnosed COVID-19 on the basis of agreements (contracts) with authorized state (municipal) bodies and medical organizations. When using this function, Partners process the following data set: full name, date of birth, age, gender, body temperature, general well-being. The information is used exclusively to provide the User and medical organizations that have assigned remote monitoring of the User's health status with up-to-date information about the health status of Users diagnosed with COVID-19;

Conducting telemedicine consultations by Partners using the Service, including for Users with diagnosed COVID-19. When using this function, Partners process the following data set: full name, date of consultation, User complaints, medical history, recommendations of a medical professional. The information is used exclusively to provide the User with consultations of doctors using telemedicine technologies and to provide the User with access to the results of such consultations.

Collection, storage and use of Users' personal data

The Operator collects and stores Users' personal data using an electronic database.

When collecting Personal Data of Users, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data in databases.

Transfer of personal data

The Operator transfers Users' personal data only for the purposes stipulated in the consent to the processing of personal data, in particular, without restrictions, to medical organizations or doctors for whom the User has submitted an application, call center employees, Partners.

The Operator undertakes to warn all persons to whom the personal data of Users is transmitted that this data can only be used for the purposes for which they are reported. All persons receiving the User's personal data are obliged to strictly observe confidentiality with respect to such data. This provision does not apply to cases where the exchange of personal data of Users is carried out in accordance with the procedure established by the legislation of India.

The rights of Users with respect to their personal data

For the purposes of protecting personal data stored by the Operator, Users are granted the following rights:

to receive full information about their personal data and their processing on the basis of a corresponding request;
have free access to your personal data, except in cases where Russian legislation provides otherwise;
to require the deletion or correction of incorrect, incomplete or irrelevant personal data, as well as data processed in violation of the requirements of Indian law.

In cases where the Operator refuses to delete or correct the User's personal data, the User has the right to send the Operator a statement of his disagreement with such refusal in writing, indicating the reasons for his disagreement.

Personal Data Protection

6.1 For the purposes of protecting personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions with respect to personal data, the Operator takes appropriate legal, organizational and technical measures.

Legal measures include:

acceptance of this Provision and its publication in the Service;
obtaining consent to the processing of personal data;
providing answers to User requests regarding the processing of personal data;
bringing to justice persons guilty of violating the rules of personal data processing provided for by the legislation of India and this Regulation.

Organizational measures include:

appointment of the person responsible for the organization of personal data processing at the Operator;
determination of the procedure for storing personal data in information systems, as well as the procedure for accessing them;
regular monitoring and analysis of the requirements of legislation and modern technologies of personal data processing in order to timely change the legal, organizational and technical measures taken by the Operator in order to improve the methods and methods of processing, storing and protecting personal data.

Technical measures include:

a throughput mode has been introduced and maintained in the Operator's office;
actual access to electronic documents and material carriers of personal data is provided only to a limited number of employees of the Operator, whose job responsibilities include the processing of personal data;
material carriers of personal data are stored in compliance with the rules of the law in a way that excludes access to them by third parties;
identification and authentication of access subjects and access objects;
access control of access subjects to access objects;
registration of security events;
control (analysis) of personal data security;
protection of the virtualization environment;
protection of the information system, its means, communication and data transmission systems;
configuration management of the information system and the personal data protection system.

Control of personal data processing

Internal control over the compliance of the Operator's employees with the requirements of the Indian legislation and this Regulation consists in verifying the fulfillment of the stipulated requirements, as well as in assessing the validity, adequacy and effectiveness of the measures taken. It can be carried out by a structural unit or an employee responsible for ensuring the security of personal data.

The audit of the compliance of the processing of personal data with the requirements of the legislation of India and this Regulation may be carried out by a third party with appropriate qualifications on a contractual basis.

Based on the results of internal control and (or) audit, the Operator evaluates the harm that may be caused to Users' personal data and the compliance of the measures taken with the identified threats. If necessary, the Operator introduces additional measures to protect personal data and makes appropriate changes to this Regulation.

Responsibility for violation of the rules governing the processing and protection of Users' personal data

Persons guilty of violating the rules governing the receipt, processing and protection of personal data are subject to disciplinary, administrative, civil or criminal liability in accordance with applicable law.

Moral damage caused to the User as a result of violation of his rights, violation of the rules for processing personal data, as well as non-compliance with the requirements for the protection of personal data established by the legislation of India "On Personal Data", is subject to compensation in accordance with the legislation of India. Compensation for moral damage is carried out regardless of compensation for property damage and losses incurred by the User.

Based on the results of internal control and (or) audit, the Operator evaluates the harm that may be caused to Users' personal data and the compliance of the measures taken with the identified threats. If necessary, the Operator introduces additional measures to protect personal data and makes appropriate changes to this Regulation.

THE FOLLOWING SECTIONS APPLY TO BOTH USERS AND HEALTHCARE PROVIDERS.

Business Transfers

All Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Tracking Tools, Advertising and Opt-Out

The following sections provide additional information about how we collect your Personal Data.

Information Collected Automatically

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, mobile identifiers, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services. We do this to analyze trends, learn about and advertise to our user base, and operate and improve our Services. For example, we use Cookies to tailor the Services or customize advertisements by tracking navigation habits, measuring performance, storing authentication status so re-entering credentials is not required, customizing user experiences with the Services and for analytics and fraud prevention. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).

We use the following types of Cookies:

Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into the secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services such as by collecting information about the number of visitors to the Services, what pages visitors view on our Services, how long visitors are viewing pages on the Services, mouse clicks, mouse movements, scrolling activity, and text typed into the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the content for those who engage with our advertising. For example, Google Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of cookies by visiting the Google advertising opt-out page at https://www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information about this, please see the section below titled “Information about Interest-Based Advertisements.”
Web Beacons. Web Beacons (e.g., clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of our Services, the web services of selected advertisers, and the emails, special promotions, or newsletters that we send. The information collected by Web Beacons allows us to analyze how many people are using the Services, using selected publishers’ web services or opening emails, and for what purpose, and also allows us to enhance our interest-based advertising (discussed further below).
Mobile Device Identifiers. Mobile device identifiers help Dentlap learn more about our Users’ demographics and internet behaviors. Mobile device identifiers are data stored on mobile devices that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Data, such as media access control, address and location, and tracking data, including without limitation IP address, domain server, type of device(s) used to access the Services, web browser(s) used to access the Services, referring webpage or other source through which you accessed the Services, other statistics and information associated with the interaction between your browser or device and the Services.
Cross Device Matching. To determine if users have interacted with content across multiple devices and to match such devices, we may work with partners who analyze device activity data and/or rely on your information (including demographic, geographic and interest-based data). To supplement this analysis, we may also provide de-identified data to these partners. Based on this data, we may then display targeted advertisements across devices that we believe are associated, or use this data to further analyze usage of Services across devices.

You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. You can also delete all Cookies that are already on your computer. Although you are not required to accept Dentlap’s Cookies, if you block, reject, or delete them, you may have to manually adjust some preferences every time you access the Services as some functionalities may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Not all browsers offer a Do Not Track option and there is currently no industry consensus as to what constitutes a Do Not Track signal. Please note that, for these reasons and because of our use of Cookies, our Services, like many website operators, do not support “Do Not Track” requests sent from a browser at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.

Information about Interest-Based Advertisements:

We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, or derived or inferred from the online activity or usage patterns of particular users on the Services and/or services of third parties. Such information may include IP address, mobile device ID, operating system, browser, web page interactions, geographic location and demographic information, such as gender and age range. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including Web Beacons, from an ad network to you through the Services. Web Beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. This information helps Dentlap learn more about our Users’ demographics and internet behaviors. Web Beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web Beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.

We comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give users a better understanding of, and greater control over, ads that are customized based on a user’s online behavior across different websites and properties. To make choices about Interest-Based Ads from participating third parties, including to opt-out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s User opt-out pages, which are located at http://www.networkadvertising.org/choices/ or www.aboutads.info/choices, or install the DAA’s AppChoice app (for iOS; for Android) on your mobile computing device. When you use these opt-out features, an “opt-out” Cookie will be placed on your computer, tablet or mobile computing device indicating that you do not want to receive Interest-Based Ads from NAI or DAA member companies. If you delete Cookies on your computer, tablet or mobile computing device, you may need to opt out again. For information about how to opt out of Interest-Based Ads on mobile devices, please visit http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device. You will need to opt out of each browser and device for which you desire to apply these opt-out features.

Please note that even after opting out of Interest-Based Ads, you may still see Dentlap advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Dentlap is no longer using tracking tools — Dentlap may still collect information about your use of the Services even after you have opted out of Interest-Based Ads and may still serve advertisements to you via the Services based on information collected via the Services.

Data Security and Retention

The security of your Personal Data is important to us. We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. We endeavor to follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and in storage. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data. We store and process your information on our servers in the United States and abroad. We maintain what we consider industry standard backup and archival systems. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, for example, by making good faith efforts to store Personal Data in a secure operating environment that is not open to the public, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot and do not guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.

If at any time during or after our relationship we believe that the security of your Personal Data may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can update that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software.

We retain Personal Data about you consistent with all internal policies and procedures. We may retain Personal Data to comply with our legal obligations, resolve disputes or collect fees owed, or as is otherwise permitted or required by our data retention policies and procedures.

Children’s Privacy

The Services are not directed to or intended for use by children under 13 years of age. If you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any Personal Data. By accessing, using and/or submitting information to or through the Services, you represent that you are not under the age of 13. If we learn that we have received any Personal Data directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that Personal Data only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s Personal Data. If you believe that a child under 13 may have provided us with Personal Data, please contact us at info**@dentlap.com**.

If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Data as otherwise provided herein.

If you use the Services on behalf of another person, regardless of age, you agree that Dentlap may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.

How We Use Information That is Neither Personal Data nor PHI

Certain information that Dentlap collects may be neither Personal Data nor PHI, including information that does not include any identifiable information at collection or which we have de-identified and/or aggregated from Personal Data or PHI. We may use this information for any purpose permitted by applicable law, including but not limited to for purposes of better understanding who uses Dentlap and how we can deliver a better digital healthcare experience.

Controlling Your Personal Data & Notifications

If you are a registered user of the Services, you can modify certain Personal Data or account information by logging in and accessing your account. If you wish to close your account, please email us. Dentlap will use reasonable efforts to delete your account as soon as reasonably possible. Please note, however, that Dentlap reserves the right to retain information from closed accounts consistent with our internal data retention policies and procedures.

You must promptly notify us if any of your account data is lost, stolen, or used without permission.

Changes to this Privacy Policy

We reserve the right to amend our Privacy Policy at our discretion and at any time. When we make changes to the Privacy Policy, we will notify you by email or through a notice on our website homepage. Use of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.

All questions and written requests from Users can be sent to e-mail info@dentlap.com