Vital Pakistan Trust Privacy Policy

Last Updated: 27th December 2022

 

This privacy policy (the “Policy”) describes the types of information collected and policies and procedures related to the collection, usage, and disclosure of information through Vital Digital Platform (the “Service”), a digital health record android application by Vital Pakistan Trust (“we”, or “us”, or “Company”), a non-profit organization registered under the TRUST ACT 1882.

 

Ensure the careful reading of this Policy before accessing the Service as usage of the Service is an acknowledgement of your consent to the terms of this Policy, including (but not limited to) the types of information being collected and modes of collection, utilization, and disclosure of said information. If you do not agree to the terms of this Policy, please do not use the Service.

 

We reserve the right to change the provisions of this Policy at any time. The date of update, as indicated on the top of this web page, will alert you of changes made on the Policy. Each time you access the Service, the most recent version of the Policy will apply. Continual use of the service means acceptance of the changes added to the Policy. You are encouraged to review the Policy periodically to ensure an up-to-date understanding.

 

All Personal Information (as defined herein) collected via the Service will be (i) processed lawfully, fairly, and transparently; (ii) collected for specified, explicit, and legitimate purposes and not in manners that are incompatible with those purposes; (iii) adequate, relevant, and limited to what is necessary; (iv) accurate and kept up-to-date; and (v) processed in a manner that ensures appropriate security of the Personal Information, including protection against unauthorized processing, accidental loss, and destruction or damage.

 

I. Information Collected by Us

Personal Information

When you access the application, we collect the following data points about you:

  1. Storage (to download patient reports for printing –involves reading, modifying, and deleting content of your shared storage)
  2. Location (to access clinic location information –involves accessing both precise and approximate device locations)
  3. Camera (to read QR codes and take pictures of vaccination cards –involves reading and modifying device gallery)
  4. Telephone Number (to access information on mobile data –involves reading phone status and identity)
  5. Device Identifier (to ensure compatibility with application version –involves reading device type, OS, Wi-Fi connectivity, Bluetooth settings)

The app further allows you to collect the following information about the patient:

  1. Basic Information (name, CNIC, phone number, address, husband/father name, and sociodemographic information such as age, gender, ethnicity, marital status, education status)
  2. Health History (personal health history, family health history, obstetric history, antenatal care history, referral history, family planning history, physician visit history, previous vaccination record)
  3. Current Health Status (pregnancy status, gestational age, expected date of delivery, current symptoms, current diagnoses, medicines, ultrasound information, lab test information, referral/hospitalization information)

All personal information accessible to us is:

  • voluntarily provided by you and the patient when filling out our electronic Case Report Forms (CRFs) incorporated into the Service.
  • authorized to be disclosed by you via a third party (e.g., you, as the midwife, when processing your patient’s antenatal visit) (“Authorized Representative”).
  • permissible to collect under applicable laws to collect, without seeking your consent.

 

To collect any additional Personal Information or to use your Personal Information for additional purposes, we shall always seek your consent (except where permitted or authorized by law).

 

If you do not want us to share this information with specific parties, including but not limited to employers, service providers, and subcontractors, you have the right to request your information be kept confidential.

 

Automated Information

When using the Service, we and/or our service providers, may use a variety of technologies that automatically collect information about how the Service are accessed and used (“Usage Information”). Usage Information may include, in part, the operating system, the time, and the number of users accessing the service. This statistical data provides us with information about the use of the Service, such as how many users use a specific feature of the Service, how long it takes to complete a health visit via the Service, and how different users are interacting with each other. Usage Information allows us to identify issues within the Service, and aids us in keeping the Service user-friendly, accessible, and relevant to user needs.  As such, Usage Information may be used to troubleshoot of accessibility and usability. Generally, Usage Information cannot be attributed to a single user, but if it becomes associated with a specific end-user, it is then considered Personal Information (and treated as such).

 

We believe that such technology usage is fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

 

II. How is Your Information Used by Us?

We will use your information as follows:

  • onboarding you to the Service by registering for a User Account and verifying your identity;
  • managing your relationship with us, responding to, handling, and processing queries, requests, applications, complaints, and feedback from you, and notifying you about changes to our Service or this Policy;
  • improving the quality of our health care services through the quality review of data entered in the application;
  • creating Anonymized Information (e.g. aggregate statistics relating to the use of the Service) for the purposes of analytics and maternal, neonatal, and child health research;
  • notifying you when updates to the Service are available;
  • complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
  • for any other purposes for which you have provided the information;
  • transferring or transmitting to any unaffiliated third parties including our third-party service providers and agents, whether in Pakistan or abroad, for the aforementioned purposes;
  • transferring or transmitting to any relevant governmental and/or regulatory authorities, whether in Pakistan or abroad, based on regulatory requirements;
  • for any other incidental business purposes related to or in connection with the above.

 

You hereby explicitly consent for us to use your information for the purposes set out above. Where we do contact you in connection with any of the purposes set out above, you agree that we may contact you directly (by email, text messaging, calls, post) using the information provided to us by you or through your Authorized Representative. If at any time you wish that we cease communication with you, please notify us using the contact information provided below in the “Contact Us” section.

 

III. Do We Share Your Information?

Except as specified above, we will not trade, rent, share or sell your Personal Information to third parties, unless your consent is provided. We will only disclose your Personal Information to third parties that process information on our behalf and to whom we must disclose information to fulfill our obligations in allowing you to utilize our Service. Examples of such third parties include:

 

  • to our subsidiaries, related companies, affiliates, donors, or partners;
  • to our service providers and subcontractors that help us provide the Service and troubleshoot issues faced in the Service. Both employees within the Company and third-party service providers are given access to Personal Information only in circumstances where a specific job must be performed. Otherwise, Personal Information is secured within encrypted computers/servicers and kept confidential;
  • to legal authorities when/if disclosures are needed by law. The Company believes in full compliance of the law and will disclose information to a court of law, law enforcement, or other public/government authority when required by court orders or subpoenas.
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained on the Application and Services is among the assets transferred; and/or
  • to any other person or organization disclosed by us when you provide the information.

 

International Transfers of Your Information:

Usage of the Service means that you permit the transfer of your Personal Information to third-party sources in various countries for the purposes of processing, analyzing, and compiling data for maternal, neonatal, and child health research and program management. These third-party sources may either be physically from another country or may simply have multiple backups, i.e., cloud-based services. However, all third parties involved, both in and outside of Pakistan, will meet the data security standards followed by the Company; only necessary data will be shared with each third-party, corresponding to their specific service/role towards the Company.

 

We may use non-identifiable anonymous data that is based on users’ access or use of the Service that may be used by us to improve the Service. We may also use anonymized data based on your use of the Service, including de-identified health data and combine such de-identified data with data or other anonymous data (“Anonymized Information”). Anonymized Information may include information that describes the habits, usage patterns, electronic CRF responses, and/or demographic information of users as a group but does not identify any users. We may provide Anonymized Information to our third-party collaborators and partners. Such Anonymized Information does not comprise of and does not constitute Personal Information protected by law. Such Anonymized Information is not subject to data privacy laws, and may be transferred, disclosed, assigned, leased, licensed, sold, and otherwise shared with and by our partners, service providers, advertisers and/or other third parties for any purposes permitted under applicable law.

 

Accessing and Updating your Personal Information

Any Personal Information controlled or owned by the Company is accessible on demand at any time. You may request a copy, digital or physical, of any information relevant or related to you.

 

Similarly, to correct or update information, you can make a formal request to the relevant authorities mentioned under the Contact Us section of this page. If you find that your Personal Information is incomplete or holds inaccuracies, you are encouraged to rectify the information as soon as possible. No fee is applicable on such requests.

 

However, we do reserve the right to review, reject, and limit correction/update requests to maintain data integrity. Unless the Company is satisfied on reasonable grounds that a correction should not be made, the Company shall correct the Personal Information as soon as practicable and send the corrected information to every other organization to which such information had been provided to within a year before the date the correction was made, unless that other organization does not need the corrected personal data for any legal or business purpose.

 

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within twenty-one (21) days after receiving your request, we will inform you in writing of the time by which we will be able to respond to your request. If we are unable to accede to any request for access to or to correct any of your information, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under any applicable law or regulations).

 

If you do not want your information to be shared with our employees, service providers and subcontractors, upon your request, we will not share your information. However, your ability to access and use the Service may be limited or interrupted.

 

Withdrawing your consent

The consent that you provide for the collection, use and disclosure of your Personal Information will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Information for any or all of the purposes listed above at any time by submitting your request via the contact information provided below.

 

Upon receipt of your written request to withdraw your consent, we may require reasonable time to process your request and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

 

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be able to continue providing you with access to our Service and we shall, in such circumstances, notify you of the same before completing the processing of your request. You may cancel your withdrawal of consent by submitting your request via the contact information provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Information where such collection, use and disclosure without consent is permitted or required under applicable laws (please see Section VI – Retaining Personal Information below).

 

IV. Protection of Your Information

We take measures designed to protect your Personal Information to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We provide physical, electronic, and procedural safeguards to protect Personal Information we process and maintain. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other types of misuse. To protect the confidentiality of Personal Information maintained in your account, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Service by any person using your password. Please advise us immediately if you believe your password has been misused. If you have reason to believe that your interaction with us is no longer secure, if you feel that the security of any account you might have with us might have been compromised, or if you suspect that someone else is using your account, please contact us immediately using the contact information provided below in the “Contact Us” Section.

 

You agree that the Company shall have no liability for any kind or form of cyber damage resulting from a denial of service attacks, theft or corruption of data, or other data denials, hacking, operation of malware or other harmful agents, and any other electronic interference with equipment, databases, software, operating systems, networks, or other facilities, adversely affecting or with the potential to adversely affect your Personal Information, caused in whole or part by third parties (“Cyber Attack”).

 

In the occurrence of a Cyber Attack, the Company will take its best endeavors to remedy the Cyber Attack directed against the Company’s systems, networks, property, application or other facilities that adversely affect the User’s Personal Information.

 

V. Information of Minors (Persons Under the Age of 18)

The scope of the Service targets both women within the reproductive age, which is specified as 15 to 49 years in Pakistan, and children under the age of five. As such, the Service does collect information related to minors (persons under the age of 18). However, no information related to children under the age of five can be taken in the absence of parents/guardians. All users are responsible to review, adhere, and communicate this policy to parents/guardians. If you, as an app user, disagree with the terms of this policy, you may not use this Service. Similarly, if upon communicating this Policy, you find a parent/guardian in disagreement with the terms of the Policy, you may not use this Service to collect any information in relation to the specified child (as per the wishes of the parent/guardian). For women within the reproductive age bracket who are not yet 18 (age of consent in Pakistan), you must only collect information of women who are legally married and therefore, considered emancipated, (i.e., able and liable to give consent to the terms of this policy).

 

Apart from the exceptions aforementioned, the Company does not knowingly collect or use any Personal Information from persons below the age of 18. If we become aware that we have unknowingly collected Personal Information from a person under the age of 18, we will make commercially reasonable efforts to delete such Personal Information from our database.

 

VI. Retaining Personal Information

We may allow you to delete some of the records that are stored on the Service, by way of your User Account.

However, please note that such deletion(s) shall only delete your records from the Application. A back-up copy shall be retained by our Company for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your Personal Information or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Information was collected, and is no longer necessary for legal or business purposes.

 

VIII. Miscellaneous

By using the Service, you are representing that you agree to the Terms and this Policy, and this agreement supersedes any other agreement that we might have with you concerning the use of your Personal Information. If you do not agree to any of these terms and conditions, you must stop using/accessing the Service immediately. Except as otherwise specified in this Policy, this Policy shall be governed by and construed in accordance with the laws of Pakistan.

 

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, the Service, and your information as collected, processed and maintained through our Service may be included in the assets sold or transferred to the acquirer. You agree that we may transfer or assign the information we have collected about you in connection with any such event. In the event of a bankruptcy, insolvency, reorganization, receivership or assignment for the benefit of creditors, we may not be able to control how your Personal Information is treated, transferred, or used.

 

IX. Contact Us

If you have any questions about this Policy, please contact the Company at this email: [email protected]. To exercise any of your rights in this Privacy Policy, please contact us in writing, via email as indicated above, so that we may consider your request under applicable law. Please be aware that to facilitate our review and processing of your request you will be required to provide the following details:

  • The name, user ID, email address, or other identifier that you have used to use the Service, or if you are not a registered user of the Service, or have not otherwise previously interacted with us, your first and last name and an address where we can correspond with you.
  • Area of Karachi in which you are located.
  • Clear description of the nature of your request and the action you wish to be taken.
  • Sufficient information to allow us to assess and carry out your request (if applicable).

 

For your protection, we may only implement requests with respect to the Personal Information associated with the email address that you use to send us your request.

 

In addition, please note that, depending on the nature of your query, request, or complaint, we may need to verify your identity before implementing your request and may require proof of identity, such as in the form of a government issued ID and proof of geographical address.

 

Further, please note that while we will endeavor to respond to your request as soon as reasonably practicable, you may first receive just an automated reply to any query sent to the Company. The Company reserves the right to only provide the User with a customized reply after examining the query and only if deemed necessary, as determined at the Company’s sole and absolute discretion.