×

Privacy policy

This is the Privacy Policy (“Policy”) of Sayre Therapeutics Pvt. Ltd, a company incorporated under the Companies Act, 1956, and having its registered office at No.91, GR Square Amarjyothi Nagar HBCS Layout, 100 Feet Road, Domlur, Bangalore, Karnataka 560071 (hereinafter referred to as “Company”).

The Company under the brand name ‘OncMonk’ provides certain services on a tech- enabled platform through which users undergoing treatment for cancer or users related to such persons can avail of certain consultative and informational services from third party physicians and doctors ("Experts") to obtain information on the treatment options available in the cancer segment specified by the user ("Services"). The Services can be availed through the Company website: www.oncmonk.com and shall be subject to the terms of service available at www.oncmonk.com

This Policy discloses Company’s information and data related practices for this Website and Services provided on the Company and certain third party-based platform used for Services, including the type of information being collected, method of such information collection, use of such information and sharing of such information with third parties. These terms operate in addition and without prejudice to the Terms of Service.

By visiting the Website you expressly consent to our use and disclosure of your personal information in any manner described in this Policy, including authorising us to collect, receive, process and store and use any information that you may enter on our Website or provide to us in some other way. This Policy extends to both visitors to the Website who do not transact business or avail any Services on the Website and to registered users, whether customers or partners, or Experts who transact business or avail the Services on the Website (collectively “Users” for the purposes of this Policy).

If you are not the patient and are registering on the Website on behalf of the patient, you represent that you have obtained the requisite consents from the patient in order to register on and use the Website..

This Policy is meant to apply to the Users based out of India. In the event you are accessing our Website from anywhere outside the territory of India, you do so at your own risk. Company shall not be liable for any claims, losses, liabilities that may arise out of the usage of the Website by Users outside India.

1. Types / Categories of Personal Information

We collect the following Personal Information from you, for the purposes set forth below:

  1. Non-Sensitive Personal Information shall include name contact information, telephone/ mobile numbers, e-mail addresses, postal addresses, gender, date of birth, educational details, qualification (in addition to the above, if you are an Expert).
  2. 1.2. Sensitive Personal Information:
    • Health data, including physical or mental health related information, past, present, or future health data including medical records and history, information and data relating to you and given by you for availing the Services, financial data (bank account information, card or payment instrument information, or any UPI related information), genetic data, sexual orientation, biometric data, disability data, insurance related information, any unique identification number issued by the Central Government (for example, Aadhar, PAN or passport number), if required for verification of your details.

2. Lawful Basis for the Collection and Processing of Personal Information

Your Personal Information will be used for the following purposes:

  • If you are an Expert:
    • For receiving, verifying (either by the Company or its third party vendors) your educational and qualification details;
    • For registering you on the platform on which the Services are to be provided.
    • For displaying your name with your educational qualifications on our listings of the registered medical practitioners.
    • To pay your compensation.
    • To process your personal information to protect your vital interests; and
    • To provide to the government or to a court of law in the event that there is a government or court order calling upon us to provide your information.
  • you are a subscriber/general user of the website/a patient using our Services/guardian or attender of a patient availing the Services:
    • To register on the website/platform on which Services are provided;
    • To avail the Services.
    • For contacting registered medical practitioners to avail the Services/consult from them;
    • For otherwise contacting the registered medical practitioners;
    • For receiving payments or consideration for Services from you.
    • For you to access your medical history available on our platform.
    • For us to contact you to offer new products or services provided by us or our third-party partners, subject to your election of receiving unsolicited calls or communications.
    • Respond to your queries.
    • Operate, evaluate, and improve our business and
    • To provide to the government or to a court of law in the event that there is a government or court order calling upon us to provide your information.

3. IP Address

  • When you visit our Website, Company collects your IP address to help diagnose problems with its server, administer and tune the operation of its Website, analyse trends, track traffic patterns, gather demographic information for aggregate use, and track the date and duration of each session within our Website and similar purposes. Your IP address may also be used in combination with your personal information to prevent fraud or abuse, customize your shopping experience, improve our Website, customer service, products, and promotional efforts, and to understand your preferences, patterns and interests.

4. Cookies and Web Beacons

  • Company collects data through cookies and other monitoring technologies to enhance your browsing and shopping experience on our Website. ‘Cookies’ are small pieces of information that are stored by your browser on your computer’s hard drive to collect information about your activities on our Website. We may authorize third parties to use cookies and other monitoring technologies to compile information about the use of the Website or interaction with advertisements that appear on the Website. We do not have access or control over these cookies. We do not link the information we store in cookies to any personally identifiable information you submit while on the Website. We use session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You are always free to decline cookies if your browser permits, although, by declining the use of cookies you may not be able to use certain features on the Website.

5. Sharing of Information

  • Any personal information, if collected, will be passed on to our partners and service providers who shall need access to the information upon your placing an order with us. We use trusted third-party service providers to perform certain services on our behalf, including for the purposes of payment processing, data storage/management, web hosting, web analytics, fulfilment, marketing, mailing, and emailing. Currently, the Company uses DocPulse [https://DocPulse.com/] (“DocPulse”), the platform on which the Services will be provided (“Platform”). DocPulse will use your Personal Information in accordance with the terms set out in this link https://DocPulse.com/privacy-policy/ and in accordance with the terms set out in Annexure – A to this Policy. Without prejudice to the foregoing, the Company may share your personal information with its third-party partners and suppliers who may offer certain additional services in accordance with their respective terms, subject to your agreement to avail such services.

6. Your Rights

  • If you have any specific questions about the collection and the usage of your Personal Information, please contact us at 9591436262 or email us at support@oncmonk.com.
  • You may request a summary or any information as to how your Personal Information is being processed by the Company. You may also request for a brief summary of processing activities undertaken by the Company with respect to your Personal Information. To exercise the foregoing rights, you may write to support@oncmonk.com
  • Upon request, we will remove your personal information from our database. However, our Partners may require access to your personal information in order to provide you with the Services and such removal of your personal information from our database may make you ineligible to avail the Services. Upon written request, you may access and/or request that any erroneous information about you be corrected.
  • You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at the e-mail address below.
  • The Website may, from time to time, contain links to and from the Websites of our partner networks, advertisers and affiliates. If you follow a link to any of these Websites, please note that these Websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Websites.

7. Business Transfer

  • Your personal information may be disclosed as part of any merger, sale of Company’s assets or acquisition, as well as in the event of insolvency, bankruptcy, or receivership
  • Your Personal Information may also be disclosed to such other third-party whose services will be availed of by the Company for the provision of Services.

8. Comments

  • We value your comments, feedback, and testimonials which help us improve our Website, products, and services. By making such submissions to us, you assign your rights in the submissions to us.

9. Children’s Privacy

  • Our Website is not directed at anyone who we know to be under the age of 18, nor do we collect any personal information from anyone who we know to be under the age of 18. If you are under the age of 18, you should not use the Website and should not submit any personal information to us.
  • In the event you are providing us with the Personal Information of an individual under 18 (Eighteen) years of age (“Child” or “Children”), by providing us with such information, you represent and warrant that you have the requisite rights to provide us with the Personal Information of such Child/Children.

10. Security

  • Safeguarding information to help protect you from identity theft is a top priority and we at Company take all measures to protect identity theft. We do not and will not, at any time, request your credit card information or national identification numbers in a non-secure or unsolicited e-mail or telephone communication.
  • While the Company tries to ensure this Website/Platform is normally available twenty-four (24) hours a day, the Company will not be liable if this Website and/ or the Platform is unavailable at any time or for any period.
  • Access to this Website and the Platform may be suspended temporarily and without notice. Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Website/Platform, any transmission is at your own risk.

11. Links

  • This Website may contain links and advertisements which may lead you to other Websites. Please note that once you leave our Website you will be subjected to the privacy policy of the other Website and this Policy will no longer apply. By using this Website, you signify your agreement to the terms of this Policy. Company reserves the right, in our sole discretion, to change, modify, and or delete portions of the terms of this Policy at any time.

12. Limit of Liability

  • Notwithstanding anything to the contrary in this Policy or any other terms of service or use applicable as between Company and you, Company’s aggregate liability hereunder towards direct damages shall be limited to Rs.1000 only. Company’s liability shall not extend to any indirect or remote damages whatsoever, including but not limited to special, incidental, consequential, or punitive damages or loss of profits, loss, corruption or theft of data.

13. Contact Us

  • 13.1. If You believe that Company has not complied with this Policy with respect to your personal information or would like us to update information we have about you or your preferences or if you have any questions about our Policy, please feel free to contact our Privacy Grievance Officer at: [support@oncmonk.com].

14. Applicability of Policy

  • While this Policy applies to all personal information collected, stored and used by Company, it is intended to comply only with the applicable laws of India and not any other jurisdiction. All matters of dispute are subject to the courts in the city of Bangalore, India.

15. Compliance

  • Company shall always cooperate with regulatory authorities and investigating agencies in India in the matter of treatment of personal information.

16. Severability

  • In the event that any part of this Policy shall be held by a court of competent jurisdiction to be unlawful or otherwise unenforceable, the remainder of this Policy shall remain in full force and effect to the maximum extent possible, and an attempt shall be made to substitute the unenforceable provision with an enforceable provision of similar intent

17. Assignment

  • Company may, at any time, assign its rights and obligations under this Policy to any entity, in its sole discretion.

18. Amendments

  • Company may modify this Policy in its sole discretion at any time. While Company shall make best efforts to notify You of any such modification, it shall be Your responsibility to read and understand the Policy as prevalent from time to time. Continued use of the Website shall be deemed to constitute acceptance of the Policy as amended.

Annexure- A

DocPulse Terms and Conditions

These terms apply to you if you are accessing the DocPulse platform through [insert Sayre’s OncMonk link]:

1. Account Security

DocPulse will ensure international and industry standard safeguards to protect all your data. In the event of any breach or loss of the data, Sayre shall be informed forthwith of such occurrence. DocPulse shall ensure that such data protection is made available without any disruptions or interruptions even during any downtime or maintenance. However, users are solely responsible for the confidentiality of any password and other account information that you create to access or use the Services. You agree to notify us immediately of any unauthorized use of your account, username, or password

2. Services and Use of Website

Docpulse Technologies provides the services through its website - http://www.docpulse.com and http://www.meetmydoctor.in (“DocPulse Websites”). Use of the DocPulse Websites may require you to use software provided by or operated from the DocPulse Website, and on occasion DocPulse may make certain software available to you from the DocPulse Website. To the extent you use such software or download such software from the DocPulse Website, the software, including all files and images contained in or generated by the software, and accompanying data (collectively, "Software") will be deemed to be licensed to you by DocPulse, for providing Services to you and enabling you to use those Services only. DocPulse does not transfer either the title or the intellectual property rights to the Software, and we (or our licensors) retain full and complete title to the Software as well as all intellectual property rights therein. You may not sell, redistribute, or reproduce the Software, nor decompile, reverseengineer, disassemble, or otherwise convert the Software to a human-perceivable form. You may not access the Services if you are DocPulse’s direct competitor, except with DocPulse’s prior written consent. In addition, you may not access the Services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

3. Data Security

DocPulse runs on a secure application and data environment which is hosted by Google. More details about Google’s security information are available at: https://developers.google.com/appengine/whyappengine#reliable . All communication between the browser and our server is encrypted with SSL 3.0. The connection is encrypted using RC4_128, with SHA 1 for message authentication and RSA as the key exchange mechanism. All passwords are encrypted and stored in a secure datastore. Industry standard security best practices has been implemented to detect and address security breaches.

4. Affiliated/External Sites

DocPulse’s Website may be linked to the website of third parties, affiliates, and business partners. DocPulse have no control over, and not liable or responsible for content, accuracy, validity, reliability, quality for such websites or made available by / through DocPulse Website. Inclusion of any link on the DocPulse Website, does not imply that we endorse the linked site. You use the links and these services at your own risk.

5. User Conduct

All Users agree to adhere to the below code of conduct. While using the DocPulse Website, software and/or Service, you agree not to:

  • Restrict or inhibit any other visitor or member from using the DocPulse Website, including, without limitation, by means of "hacking" or defacing any portion of the DocPulse Website.
  • Use the DocPulse Website, software and/or Service for any unlawful purpose; or post any information which infringes third party's intellectual property rights or privacy policy.
  • Express or imply that any statements you make are endorsed by DocPulse
  • Transmit any content or information that is unlawful, fraudulent, threatening, abusive, libellous, defamatory, obscene, or otherwise objectionable, or infringes on DocPulse or any third party's intellectual property or other rights.
  • Any material, non-public information about companies without the authorization to do so.
  • Any advertisements, solicitations, chain letters, pyramid schemes, investment opportunities, or other unsolicited commercial communication (except as otherwise expressly permitted by DocPulse) or engage in spamming or flooding.
  • Any job posting involving any franchise, club membership, distributorship or sales representative agency arrangement or other business opportunity.
  • any software or other materials that contain any virus, worm, time bomb, Trojan horse, or other harmful or disruptive component.
  • Modify, adapt, sub-license, translate, sell, reverse engineer, decompile or disassemble any portion of the DocPulse Website or software.
  • Remove any copyright, trademark, or other proprietary rights notices contained in the Website.
  • "Frame" or "mirror" any part of the DocPulse Website without our prior written authorization.
  • Link to any page of or material on the DocPulse Website other than the URL located at www.docpulse.com.
  • Use any robot, spider, site search/retrieval application, or other manual or automatic device or process to retrieve, index, "data mine," or in any way reproduce or circumvent the navigational structure or presentation of the DocPulse Websiteor its contents; or
  • Harvest or collect information about DocPulse Website visitors or members without their express consent.

6. Compliance to Laws

The Users are solely responsible for compliance with all applicable laws, including patient history, medical records, confidential information, and privacy laws. Docpulse Technologies is a facilitator for clinic management and provides technology platform. Docpulse Technologies is in no way responsible, liable, accountable for patient information available on the software provided by Docpulse Technologies.

7. Indemnity and Limitation of Liability

You agree to indemnify and hold harmless the Company, DocPulse, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives from any and all third party claims, losses, liability, damages, and/or costs (including reasonable attorney fees and costs) arising from your access to or use of the DocPulse Website, your violation of the Policy, or your infringement, or infringement by any other user of your account, of any intellectual property or other right of any person or entity.

DocPulse/ Company will notify you promptly of any such claim, loss, liability, or demand, and in addition to your foregoing obligations, you agree to provide us with reasonable assistance, at your expense, in defending any such claim, loss, liability, damage, or cost.

8. DocPulse Privacy

Your personal information shall be processed by DocPulse in accordance with the terms contained in https://docpulse.com/privacy-policy/.

9. DocPulse Security

Shall be in accordance with the terms set forth in this White Paper:

DocPulse - Security White Paper

Security of your data is of immense importance to DocPulse and we take it very seriously. We take multiple measures to ensure data safety. The following sections gives details as to how DocPulse ensures your data is secure from unauthorized access.

9.1. Browser to server communications

All communications from the browser to the server is encrypted with 128 bit encryption

and follows the industry standard SSL protocol. The following diagram shows this.

9.2. Cryptography

SSL protects confidential information using cryptography. Sensitive data is encrypted across public networks to achieve a high level of confidentiality. Primarily, PKI utilizes asymmetric cryptography that is considered more secure than symmetric cryptography.

Simply, asymmetric algorithms use one key for encryption of data, and then a separate key for decryption. Asymmetric algorithms are stronger than symmetric algorithms because even if the encryption key is learned in one direction, the third party still needs to know the other key in order to decrypt the message in the other direction.

The primary benefit of asymmetric encryption (also referred to as PKI) is that both sides can spontaneously initiate a transaction without ever having met. This is achieved by the use of a public and private key pair. The public key of the entity is public knowledge and is used for encryption, whereas the private key of the entity remains secret and is used for decryption.

Although PKI is more secure, it also is more expensive in terms of processing speed and encryption/ decryption (in PKI) can take up to 1000 times the processing than symmetric cryptography.

9.3. Public and Private Keys

SSL takes advantage of the strengths of both public-key and symmetric-key encryption technologies. Public-key technologies both securely authenticate clients and servers and exchange trade secret symmetric keys used in the encryption sessions. SSL certificates have a public key and a private key – a public key to encrypt information and the private key to decipher it.

When a browser points to a secured domain, a secure sockets layer handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that guarantees message privacy and message integrity.

SSL Certificates help prevent someone from impersonating the server with a false key

SSL uses digital certificates that act as digital documents that will attest to the binding of a public key to an individual or other entity. They provide verification of the claim that a specific public key does, in fact, belong to the specified entity.

These certificates use X.509 standards to validate identities. X.509 certificates contain information about the entity, including public key and name. The role of the certificate authority then is to validate this certificate.

9.4. Login Security

During account registration (or a change password operation), user will specify a username and a password that he'd like to use. We ‘mangle’ the password so that we can still authenticate users, but without storing the password itself. This act is called hashing.

The basic mathematical principle behind hashing is explained on this wikipedia page. also shown

We use BCrypt. It's a very simple algorithm available for a number of platforms that takes a password and converts it into a string which can be used to ascertain that someone knows the password without actually storing the password. It's specifically written for login authentication and security experts have thoroughly reviewed it.

9.5. Password User Guidelines

Users have a responsibility to ensure their data is safe. The following guidelines will be circulated to the users.

  • Always use strong passwords. For more information, see Strong passwords.
  • If passwords must be written down on a piece of paper, store the paper in a secure place and destroy it when it is no longer needed.
  • Never share passwords with anyone.
  • Use different passwords for all user accounts.
  • Change passwords immediately if they may have been compromised.
  • Be careful about where passwords are saved on computers. Some dialog boxes, such as those for remote access and other telephone connections, present an option to save or remember a password. Selecting this option poses a potential security threat.

9.6. Password policies

  • Enforce password history - users cannot use the same password when their password expires.
  • Maximum password age password will expire in 30 days. With this policy setting, if an attacker cracks a password, the attacker only has access to the network until the password expires.
  • Minimum password length policy setting so that passwords must consist of at least 8 characters. Long passwords--seven or more characters--are usually stronger than short ones. With this policy setting, users cannot use blank passwords, and they must create passwords that are a certain number of characters long.
  • Passwords must meet complexity requirements policy settings. This policy setting checks all new passwords to ensure that they meet basic strong password requirements.

9.7. High Replication Datastore

Your application will have access to a high replication datastore. This technology ensures that the data is replicated across multiple geographical locations. This provides high availability and reliability to your application. All data stored in the datastore is encrypted.

9.8. No physical access to data centre

DocPulse staff do not have physical access to the data center, and it is in a secure place in the Google’s data center. This allows cloud applications to not to get exposed to local security threats or infrastructure impact (electricity, backup etc)

9.9. Data access authorizations

DocPulse provides admin level data access to only authorized personnel and only when there is an issue that the customer authorizes us to check. As an additional measure, if the customer wishes, we can allow data access only after written communication (Email) to the support alias (at the cost of delays in debugging of issues)

9.10. Data backup

Customer has the option to request monthly backup of all data (Nominal charges may apply). This will be sent to the customer’s authorized contact.

9.11. Memorandum of understanding

DocPulse signs memorandum of understanding with the customer, where we comply with India’s IT act also, we give it in writing about our commitment to secure your data.