1. Introduction and Scope

Quamar Brothers Healthcare Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at The Vue, SN 19/1/2/ 3/5/6 12/4 Kondhwa, Pune, Maharashtra, 411048, India, (“AgentQure,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy describes how we collect, use, store, and protect information when you use our AI-powered healthcare platform, including our Laboratory Information Management System (LIMS), Electronic Medical Records (EMR), patient engagement applications, and related services (collectively, the “Platform”).

This Privacy Policy applies to all users of our Platform, including:

• Healthcare professionals (“Providers”)
• Healthcare institutions (“Institutions”)
• Patients and individuals (“Patients”)
• Administrative staff (“Staff”)
• Other authorized users (“Users”)

 

IMPORTANT: This Privacy Policy complies with Indian data protection laws including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023. We have also incorporated practices aligned with international standards including GDPR and HIPAA for future global expansion.

 2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

Identity Information:

• Name, date of birth, gender, age
• Contact details (address, email, phone number)
• Professional credentials and licenses (for healthcare providers)
• Government-issued identification numbers
• Photographs for profile purposes

Health Information:

• Medical records and history
• Diagnostic reports and test results
• Prescription information and medication history
• Treatment plans and clinical notes
• Medical images (X-rays, scans, etc.)
• Laboratory test results and pathology reports
• Vital signs and biometric data

Financial Information:

• Payment card details and billing information
• Insurance information
• Transaction history and payment records
• Banking details for refunds or payments

Technical Information:

• Device information and identifiers
• IP addresses and location data
• Browser type and version
• Usage logs and analytics data
• Cookies and similar tracking technologies

2.2 Information Collected Automatically

When you use our Platform, we automatically collect:

• System logs and performance data
• Feature usage patterns and preferences
• Error reports and diagnostic information
• Security-related information

2.3 Information from Third Parties

We may receive information from:

• Healthcare institutions you’re associated with
• Laboratory partners and service providers
• Payment processors and financial institutions
• Government agencies for verification purposes
• Integration partners and connected medical devices

3. How We Use Your Information

3.1 Primary Purposes

We use your information for the following purposes:

Healthcare Service Delivery:

• Facilitating medical consultations and treatments
• Managing laboratory tests and results
• Maintaining electronic medical records
• Enabling communication between patients and providers
• Supporting clinical decision-making with AI analytics

Platform Operations:

• User account management and authentication
• Providing customer support and technical assistance
• Processing payments and managing subscriptions
• Ensuring platform security and preventing fraud
• Complying with legal and regulatory requirements

Analytics and Improvement:

• Analyzing usage patterns to improve our services
• Conducting research for healthcare insights (using de-identified data)
• Developing new features and capabilities
• Performance monitoring and optimization

3.2 De-identified and Aggregated Data

We may use de-identified and aggregated health information for:

• Medical research and population health studies
• Development of AI algorithms and clinical insights
• Healthcare analytics and trend analysis
• Public health reporting (where legally required)
• Product development and improvement

Note: De-identified data cannot be traced back to individual users and is not considered personal information under applicable law.

3.3 Marketing and Communications

With your consent, we may use your contact information to:

• Send service updates and announcements
• Provide educational health content
• Offer new features or services
• Send promotional materials about our Platform

You can opt out of marketing communications at any time.

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Consent: For marketing communications, optional features, and certain data sharing activities.

Contractual Performance: To provide Platform services you’ve requested and fulfill our obligations under our Terms of Service.

Legal Compliance: To meet regulatory requirements, respond to legal requests, and ensure compliance with healthcare laws.

Legitimate Interests: For platform security, fraud prevention, analytics, and business operations, balanced against your privacy rights.

Vital Interests: In rare cases, to protect life or prevent serious harm to individuals.

5. Information Sharing and Disclosure

5.1 Healthcare Context Sharing

We may share your health information with:

• Your healthcare providers and their authorized staff
• Laboratories and diagnostic centers you’ve consented to
• Insurance companies (with your explicit consent)
• Emergency contacts in critical situations
• Healthcare institutions for continuity of care

5.2 Service Providers and Partners

We share information with trusted third parties who help us operate our Platform:

• Cloud hosting and data storage providers
• Payment processors and financial service providers
• Communication service providers (SMS, email)
• Analytics and performance monitoring services
• Customer support and technical assistance providers

All service providers are contractually required to maintain data confidentiality and security.

5.3 Legal and Regulatory Disclosures

We may disclose information when required by law:

• To comply with court orders, warrants, or legal processes
• To respond to government agency requests
• To report public health information as legally mandated
• To cooperate with law enforcement investigations
• To protect our rights and enforce our Terms of Service

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5.5 Emergency Situations

We may disclose health information without consent in medical emergencies to protect life or prevent serious harm.

6. Data Security Measures

6.1 Technical Safeguards

We implement robust security measures including:

• End-to-end encryption for data transmission
• Advanced encryption (AES-256) for stored data
• Multi-factor authentication for user accounts
• Regular security monitoring and threat detection
• Secure cloud infrastructure with industry-leading providers
• Regular security audits and penetration testing

6.2 Administrative Safeguards

Our data protection practices include:

• Role-based access controls limiting data access
• Regular employee training on privacy and security
• Incident response procedures for security breaches
• Data retention and deletion policies
• Regular compliance audits and assessments

6.3 Data Breach Response

In the event of a data breach, we will:

• Immediately investigate and contain the incident
• Notify affected users within 72 hours (or as required by law)
• Cooperate with regulatory authorities
• Take corrective actions to prevent future incidents

7. International Data Transfers

As we expand globally, we may transfer your information to countries outside India. When we do so, we ensure adequate protection through:

• Standard Contractual Clauses approved by regulatory authorities
• Adequacy decisions by the Indian government
• Binding Corporate Rules for intra-group transfers
• Other legally recognized transfer mechanisms

You will be notified of any international transfers that may affect your data.

 

8. Data Retention

8.1 Retention Periods

We retain your information for the following periods:

Health Records: As required by applicable medical record retention laws (typically 7-10 years from last treatment)

Account Information: While your account is active and for 3 years after closure

Financial Records: As required by tax and financial regulations (typically 7 years)

Marketing Data: Until you opt out or for 2 years from last interaction

Technical Logs: For 1 year for security and performance monitoring

8.2 Deletion Procedures

We securely delete information when:

• Retention periods expire
• You request deletion (where legally permissible)
• Information is no longer needed for its original purpose
• We are legally required to delete specific information

 

9. Your Privacy Rights

9.1 Access Rights

You have the right to:

• Know what personal information we hold about you
• Obtain copies of your personal information
• Access your health records maintained on our Platform

9.2 Correction and Updates

You can:

• Update your personal information through your account
• Request corrections to inaccurate information
• Add missing information to your records
• Contact us for assistance with updates

9.3 Deletion Rights

You may request deletion of your personal information, subject to:

• Legal and regulatory retention requirements
• Ongoing healthcare relationships
• Legitimate business interests
• Technical limitations

9.4 Portability Rights

You can:

• Export your health records in common formats
• Transfer your data to another healthcare provider
• Receive your information in machine-readable formats

9.5 Objection and Restriction

You have the right to:

• Object to certain processing activities
• Restrict processing in specific circumstances
• Withdraw consent for optional features
• Opt out of marketing communications

9.6 Complaint Rights

You can file complaints with:

• Our Data Security Officer
• Relevant regulatory authorities
• Consumer protection agencies
• Healthcare regulatory bodies

 

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Essential Cookies: Required for basic platform functionality and security

Performance Cookies: Help us understand how users interact with our Platform

Functional Cookies: Enable enhanced features and personalization

Analytics Cookies: Provide insights into usage patterns and preferences

10.2 Cookie Management

You can control cookies through:

• Your browser settings and preferences
• Our cookie management tools
• Third-party opt-out mechanisms
• Mobile device settings for app-based tracking

10.3 Third-Party Tracking

We may use third-party analytics services that collect information about your use of our Platform. These services have their own privacy policies.

 

11. Children’s Privacy

Our Platform is not intended for individuals under 18 years of age. When healthcare services are provided to minors:

• Parental or guardian consent is required
• Parents/guardians can access and control their child’s information
• We comply with applicable child protection laws

 

12. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• New legal or regulatory requirements
• Platform feature updates
• User feedback and requests

We will notify you of material changes through:

• Email notifications to registered users
• Prominent notices on our Platform
• Updated version dates on this policy

Your continued use of our Platform after changes constitutes acceptance of the updated Privacy Policy.

 

13. Regional Privacy Provisions

13.1 India-Specific Provisions

Under Indian data protection laws, you have additional rights including:

• The right to nominate a representative for data decisions
• Special protections for sensitive personal information
• Rights related to automated decision-making
• Specific consent requirements for certain data uses

13.2 International User Provisions

For users in other jurisdictions, we provide protections aligned with local laws, including GDPR, and other applicable privacy regulations.

 

14. Privacy & Security Inquiries

To report Privacy and Security concerns:
Email: dataprotection@agentqure.com

 

15. Consent and Acknowledgment

By using our Platform, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. You also acknowledge that:

• You understand how your information will be collected, used, and shared
• You have the right to withdraw consent for optional features
• You understand the consequences of refusing to provide certain information
• You are authorized to provide any health information you share on our Platform

For Healthcare Professionals: You certify that you have appropriate authority to access and process patient health information and that you will obtain necessary patient consents.

For Patients: You understand that your health information may be accessed by your healthcare providers and used for treatment, payment, and healthcare operations.