Privacy Policy

PrognoHealth Mobile Application & Digital Healthcare Services

GDPR + Digital Personal Data Protection Act, 2023 (India) Compliant

Effective Date: 12.12.2015  |  Last Updated: 12.12.2025

This Privacy Policy describes how PrognoHealth Solutions India Pvt. Ltd. ("PrognoHealth", "Company", "we", "our", or "us") collects, processes, stores, uses, shares, protects, and manages your personal data when you access or use our mobile application, websites, diagnostic services, occupational health services, wellness programs, teleconsultation platforms, and related healthcare solutions ("Services").

This Privacy Policy is designed to align with:

  • The Digital Personal Data Protection Act, 2023 (India) ("DPDP Act")
  • The General Data Protection Regulation (EU) 2016/679 ("GDPR")
  • Applicable healthcare and information technology laws

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Fiduciary / Data Controller Information

PrognoHealth Solutions India Pvt. Ltd.
A2/5, Saudamini Complex, Paud Road, Kothrud, Pune – 411038
Email: customercare@prognohealth.com
Website: PrognoHealth Official Website

Data Protection Contact
Data Protection Officer / Grievance Officer
Email: legal@prognohealth.com

Users may contact the above email for:

  • Privacy-related concerns
  • Data access requests
  • Data correction requests
  • Consent withdrawal
  • Data deletion requests
  • Grievance redressal

2. Definitions

For the purposes of this Policy:

  • Personal Data means any information relating to an identified or identifiable individual.
  • Sensitive Personal Data includes health records, medical history, diagnostic reports, biometric data, and other healthcare-related information.
  • Processing means collection, storage, use, sharing, analysis, transfer, or deletion of personal data.
  • Data Principal refers to the individual to whom personal data relates under the DPDP Act.
  • Data Subject refers to the individual under GDPR terminology.

3. Categories of Personal Data Collected

We may collect the following categories of data:

A. Identity & Contact Information
  • Full name
  • Date of birth
  • Gender
  • Mobile number
  • Email address
  • Residential address
  • Employee ID
  • Government identification details (where legally required)
B. Health & Medical Information
  • Medical history
  • Laboratory reports
  • Diagnostic reports
  • Health assessments
  • Vaccination records
  • Occupational health records
  • Fitness certificates
  • Teleconsultation records
  • Prescription information
C. Technical & Device Information
  • Device identifiers
  • IP address
  • Browser type
  • Operating system
  • App version
  • Log files
  • Usage analytics
  • Crash reports
D. Location Data
  • Approximate location
  • GPS location (only with explicit permission)
E. Uploaded Documents
  • Medical prescriptions
  • Health records
  • Insurance documents
  • Identity verification documents

4. Lawful Basis for Processing

We process personal data under one or more lawful bases:

Under GDPR
  • Explicit consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • Provision of healthcare services
  • Occupational health obligations
Under India's DPDP Act

Processing is based on:

  • Consent provided by the Data Principal
  • Legitimate uses permitted under applicable law
  • Employment and occupational health obligations
  • Medical emergency situations
  • Compliance with legal and regulatory requirements

5. Purpose of Data Processing

We process personal data for:

  • User registration and authentication
  • Scheduling appointments
  • Delivering healthcare services
  • Occupational health compliance
  • Medical consultations
  • Corporate wellness management
  • Diagnostic reporting
  • Health analytics and reporting
  • Customer support
  • Security monitoring
  • Fraud prevention
  • Regulatory compliance
  • Improvement of services and user experience

6. Consent

Where required by law, we obtain:

  • Freely given consent
  • Specific consent
  • Informed consent
  • Explicit consent for sensitive health data

Users may withdraw consent at any time by contacting: legal@prognohealth.com

Withdrawal of consent shall not affect processing already lawfully undertaken.

7. Sharing & Disclosure of Personal Data

We do not sell personal data.

We may share personal data with:

A. Healthcare Providers
  • Doctors
  • Laboratories
  • Diagnostic centers
  • Hospitals
  • Occupational health specialists
B. Employer Organizations

Where services are employer-sponsored, limited information may be shared strictly for:

  • Fitness-for-work compliance
  • Statutory reporting
  • Occupational health obligations

Such sharing shall be limited to authorized personnel only.

C. Service Providers & Processors

Third-party vendors providing:

  • Cloud hosting
  • Technical support
  • SMS/email delivery
  • Payment processing
  • Analytics tools
  • Customer service

All processors are contractually obligated to maintain confidentiality and data security.

D. Government & Regulatory Authorities

Where disclosure is required under:

  • Applicable laws
  • Court orders
  • Public health mandates
  • Regulatory investigations

8. International Data Transfers

Personal data may be processed or stored outside India or the European Economic Area (EEA). Where international transfers occur, we implement appropriate safeguards including:

  • Standard contractual clauses
  • Contractual confidentiality obligations
  • Secure hosting arrangements
  • Adequacy-based transfer mechanisms where applicable

9. Data Retention

We retain personal data only for as long as necessary for:

  • Healthcare delivery
  • Occupational health compliance
  • Legal obligations
  • Tax and audit requirements
  • Dispute resolution

Medical and occupational health records may be retained in accordance with applicable statutory requirements. Data no longer required is securely deleted, anonymized, or archived.

10. User Rights

Rights under GDPR

Users may exercise the following rights:

  • Right to access
  • Right to rectification
  • Right to erasure ("Right to be Forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right to lodge complaints with supervisory authorities
Rights under India's DPDP Act

Users may:

  • Seek access to personal data
  • Request correction and erasure
  • Withdraw consent
  • Nominate another individual
  • Seek grievance redressal

Requests can be submitted to: legal@prognohealth.com

11. Account Deletion & Data Erasure

Users may request deletion of:

  • User accounts
  • Personal data
  • Uploaded documents

Requests may be submitted through:

Certain information may be retained to comply with healthcare laws, occupational health regulations, and legal and audit obligations.

12. Data Security Measures

We implement appropriate technical and organizational safeguards including:

  • Encryption in transit and at rest
  • Access controls
  • Secure authentication
  • Audit logging
  • Role-based access
  • Periodic security reviews
  • Vulnerability monitoring

Despite our efforts, no digital platform can guarantee absolute security.

13. Automated Decision-Making

PrognoHealth does not undertake fully automated decisions producing legal or similarly significant effects without human involvement.

14. Children's Privacy

Our Services are not intended for children under 18 years without parental or lawful guardian consent. Where required, verifiable parental consent shall be obtained.

15. Cookies & Tracking Technologies

We may use:

  • Cookies
  • Session identifiers
  • Analytics tools
  • Mobile SDKs
  • Device identifiers

These technologies support security, user authentication, analytics, and performance optimization. Users may manage permissions through browser or device settings.

16. Third-Party Technologies

The App may use:

  • Firebase Analytics
  • Firebase Crashlytics
  • Push notification services
  • Cloud hosting providers
  • Payment gateways

These providers may process limited technical data necessary for service functionality.

17. Healthcare Disclaimer

The App is intended to support healthcare management and wellness services and does not replace emergency medical care or independent medical judgment. Users should seek immediate medical attention in emergencies.

18. Google Play & App Store Compliance

PrognoHealth complies with:

  • Google Play User Data policies
  • Google Play Data Safety requirements
  • Applicable Apple App Store privacy requirements

The App discloses data collection practices, data usage purposes, third-party sharing, and security practices within relevant app store disclosures.

19. Changes to this Privacy Policy

We may revise this Privacy Policy periodically. Updated versions shall be published at this page. Continued use of Services after changes constitutes acceptance of the updated Policy.

20. Grievance Redressal

For grievances or complaints relating to personal data:

Grievance Officer / Data Protection Officer
PrognoHealth Solutions India Pvt. Ltd.
Email: privacy@prognohealth.com

We aim to respond within:

  • 30 days under GDPR
  • Timelines prescribed under applicable Indian laws

21. Governing Law & Jurisdiction

This Privacy Policy shall be governed by the laws of India and applicable GDPR provisions where relevant. Courts located in Pune, Maharashtra, India shall have jurisdiction, subject to applicable data protection laws.