EHRSAFE’s Privacy Policy
1. Important information and who we are
This Privacy Policy aims to give you information on how EHRSAFE collects and processes your personal data through your use of the Platform when you sign up and use our Services. EHRSAFE is a personal health record mobile based application and website for healthcare service users and medical professionals. It stores and displays your health records for you and the medical professionals providing healthcare services and provides to you access to medical records shared with you.
Data Controller
EHRSAFE limited is the controller and responsible for your personal data (hereinafter referred to as “EHRSAFE”, “We”, “Us”, “Our” through this Privacy Policy)
Contact Details
If you have any questions or concerns about this Privacy Policy, including any requests to exercise your legal rights under the United Kingdom – General Data Protection Regulation (GDPR), please contact us at the following address/email:
Full Name of the Business Entity: EHRSAFE Limited
Email Address: kuldeepbhati@ehrsafe.com
Registered Office Address: 391 Valence Avenue Dagenham London UK RM8 3RB
2. What kind of information do we collect and how do we use it (categories of personal data that we collect)?
Personal Data
When you download, access, and use our Platform and related Services, we must receive and collect certain data from you and store the same to be able to operate, improve, understand, customise, support, market, and provide you with better services and experiences. However, we only collect such information and data that we consider necessary to meet our requirements and improve our Services. The type of information we collect is determined by how you use our Platform and what Services you avail from us. We collect the following personal information from you when you interact with our Platform:
Mandatory information requirements
Information that we collect from you.
We require certain information or yours to deliver our Services to you. For example, to enable you to create an account on the Platform, you are required to provide your name, mobile number, email-ID, birth date, gender, cover photo, and current location.
Usage and log information
Information that we collect from you.
We collect information about your activity on our Platform, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use etc.
We do not use third party analytics tools for analysing your activity on the Platform.
Device and Connection Information
Information that we collect from you.
We collect device and connectionspecific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers.
Customer and Support Information
Information that you provide to us.
When you contact us for customer support or otherwise communicate with us, you may provide us with information related to your use of our Services, including copies of your messages, any other information you deem helpful, and how to contact you (e.g., an email address). For example, you may send us an email with information relating to app performance or other issues. We may store such information to provide you with all the necessary Services and for our record purposes as necessitated under the Applicable Law.
Cookies
Information that we collect from you.
We use different types of Cookies – Essential Cookies and functional cookies. Essential cookies are necessary for the operation of the platform and functional cookies provide you a much personalised experience on the platform. We however do not use marketing cookies.
You can always change your preferences at any time by visiting Cookies Settings.
Personal Data categorised as Special Categories under the GDPR
We provide to you a Platform where you can i) store your medical records; ii) share such records with any third parties (including any medical professionals) as you deem fit, and or iii) have access to medical records shared with you. As per Article 9 of the GDPR, medical records and medical history are categorized as special category information. We store and retain only such special category information that you provide to us for storage purposes and we do not process, share, and/or transfer such information other than in accordance with the Applicable Law. We collect following special category data of yours:
Medical records and Medical History
Information that you provide to us
We store the medical records that you provide to us or upload on our Platform. We host and store all the medical records that you have shared with us through MICROSOFT AZURE cloud-based platform. We have taken this decision to support scaling of the service and to benefit from the inherent security within Azure whilst also ensuring business continuity (eg. protection again fail over, ensure appropriate capacity). Microsoft Azure will support the EHRSAFE’s record keeping service within the Microsoft data centre that in United Kingdom
By agreeing this Privacy Policy, you provide to us explicit consent to host your personal data categorised as special category with Microsoft’s Azure in United Kingdom.
3. For what Purpose do we collect your personal data?
We collect your personal information to provide you with smooth and efficient Services. Below is a list of purpose for which we collect your personal information:
| Purpose | Lawful basis |
|---|---|
| To facilitate your use of the Platform or other Services. This includes enabling you to register as a new customer on our platform. | Performance of a contract. |
| To respond to your inquiries (which may also be in relation to this privacy policy and how your data is handled) or fulfil your requests for information about the various Services offered on the Platform. |
Performance of a contract. Necessary to comply with the legal obligations. |
| To send you important information regarding the Platform, changes in terms and conditions, policies, and/or other administrative information. |
Performance of a contract. Necessary to comply with the legal obligations. |
| For proper administering of the Platform and to help you address your problems incurred on the Platform including addressing any technical problems like application crash. |
Necessary for running our business smoothly, providing administrative and IT services, preventing any kind of cyber frauds etc. Necessary to comply with the legal obligations. |
| To conduct internal reviews and data analysis for the Platform. We anonymize your personal data as well as your data falling under special categories to ensure it is not associated with you. | Necessary to determine the interaction of our customers with our Platform, to enable us to develop our business and marketing strategy, to shares statistics with the government etc. |
4. The lawful basis for the processing your personal data
GDPR requires that the purpose of processing of personal data is clearly stated in the Privacy Policy as also the legal basis for processing of such information. It also states that if we are processing personal data that falls under the special categories (like medical records), then we can collect and process the same only if it falls under one of the conditions enumerated in Article 9(2).
Our lawful basis for the collection of your sensitive personal information is Article 9(2)(a), which reads as follows:
“The data subject has given explicit consent to the processing of personal data for one or more specified purposes, except where domestic law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject.”
We must therefore take explicit consent of the provider of such data. By agreeing to this Privacy Policy, you are giving explicit consent to process your personal data, specifically, special category data.
You must note that providing your personal data under this Privacy Policy is purely a contractual obligation and not a statutory requirement. If you do not wish to provide your personal data, kindly refrain from using the Platform.
We process your personal data for the effective performance of the contract. We only take such data as is necessary to perform and improve our Services.
5. How do we secure your personal data?
We have put in place appropriate security safeguards and measures to prevent your personal data from being accidentally lost, altered, disclosed, used, or accessed in any unauthorised manner. In addition to the above, we limit access to your personal data only to those employees, agents, and other third parties, who have a business need to know (with whom we have confidentiality agreements) and for the effective execution of your contract with us.
We require all third parties to keep your personal data confidential and to respect the security of your personal data as required under the Applicable Law and for which we have appropriate confidentiality agreements in place. We do not allow these third-party service providers to use your personal data for their own purposes and only permit them to access and process your personal data in accordance with the instructions.
6. How long do we keep your personal data?
We will retain your personal data for as long as it is necessary to fulfil the purpose for which you entered into a contract with us. We may retain certain personal data of yours (like name, contact, identity, etc.) to satisfy any legal or reporting requirements under the Applicable Law. However, we do not keep the data that falls under the special categories under the GDPR (medical and health records under this policy) once you request us for deletion of such data and/or once you delete your account with us.
To determine the retention period of your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, and the purposes for which we process your personal data.
In certain cases, we anonymise your personal data other than the special category data (so that it cannot be associated with you) solely for research and analytical purposes, and in such an event, we may use such data indefinitely.
7. Disclosure and transfer of your personal data to third countries or organisations in other countries.
Your personal data, including the data that is categorised as special categories under the GDPR, is shared with external third parties that are based outside of the United Kingdom. These third-parties may also process your personal data. We ensure that these external third-parties have taken adequate safeguards and have appropriate policies and procedures in place to comply with the Applicable Law (GDPR).
Whenever we transfer your personal data outside of the United Kingdom, we ensure that:
A. We only transfer your personal data to the countries or to the organisations in other countries that have been determined to provide adequate level of protection in accordance with the GDPR;
B. Where we are transferring your personal data to organisations in other countries, we may use specific contracts approved by the European Commission which give the personal data the same level of protection as in the United Kingdom/European Union.
For the purpose of this Privacy Policy, external third parties are the parties based within the United Kingdom and/or India who provide: i) IT and system administration services (Microsoft Azure in this case); ii) professional consultants who provide consultancy in banking, accounting, legal and other such areas; and iii) governmental authorities who require reporting in relation to the processing of your personal data.
8. Your Rights in Relation to Your Personal Data
You have the following legal rights as per the GDPR:
- Right to Access: You can request access to your personal data. This right enables you to receive a copy of the personal data we hold about you and confirm that we are lawfully processing it.
- Right to Correction: You can request correction of the personal data that we hold about you. This helps you ensure that we hold accurate and complete data about you.
- Right to Erasure: You can request us to erase or delete the personal data that we hold about you when there is no longer a need to process it. However, we may not be able to comply with your request for erasure for any specific legal reasons, which will be notified to you.
- Right to Object: You have the right to object to our use of your personal data if you feel there is something about your particular situation which makes you want to object to the processing of your personal data
- Right to Restrict Processing: You can request us to suspend the processing of your personal data where you feel that you want us to establish the accuracy of your personal data or where the use of your data is unlawful.
- Right to Request data portability and/or Transfer: You may request the transfer of your personal data to yourself or your chosen third party, and we will provide you with the same in a structured, commonly used, and machine readable format.
- Withdrawal of consent at any time: We rely on your explicit consent while processing your personal data under this Privacy Policy. You have the right to withdraw your consent on processing of your personal data at any time. However, in the event of such a withdrawal, we may not be able to provide you with certain services/features.
You have the RIGHT TO LODGE A COMPLAINT with respect to the handling of your personal data by us with the Information Commissioner’s Office established under the GDPR. We would however want you to give us an opportunity to deal with your concerns around the handling of your personal data before you lodge a complaint.
You do not have to pay any fee in the event you exercise any of your rights above. However, we may charge if your request is found to be clearly unfounded, repetitive, or excessive.
When you place any requests with us, we may want to verify your identity by asking you to provide us with certain specific information. We do this to ensure that the request is legitimate and the personal data does not fall into the hands of any third-party who is not the intended recipient.
We will undertake to act upon your requests within a period of one month. But if there are any complexities involved, we may take a little more time to respond to your requests, but not exceeding two months. In the event of such a delay, we will undertake to inform you about the same.
9. What are cookies? How do we use cookies?
This section will apprise you with information on how EHRSAFE uses cookies installed on your devices. The use of cookies may sometimes be related to personal data collection and processing, therefore we recommend you read the same, if you wish to know how we use your personal information.
What are cookies and what we use it for?
A Cookie is a small text file that a website or an application stores on your computer system, tablet, mobile phone or any other device, information relating to your navigation on that website/application. Cookies are important to providing services online in that they facilitate and improve browsing on a particular website and provide a more user-friendly experience(“Cookie/Cookies”).
For example, cookies can help a website remember your preferences (language, country, etc.) and patterns (interests of the users, quicker searches etc.) while browsing and on future visits. On occasion, if a website has obtained your informed consent in advance, it may use cookies, tags or other similar devices to obtain information that enables it to show you, either from its own website or from a third-party websites or any other means, advertising based on the analysis of your browsing habits.
We also use Cookies for different purposes. For example, we use some Cookies to provide a seamless Services when you create an account on the Platform, but have not used to avail our Services.
To assist you, we've provided a more detailed explanation of the types of Cookies we use below categorized by the purpose of the Cookies
Essential Cookies
These cookies are essential for the operation of the Platform. They include, for example, Cookies that enable you to log into secure areas of the Platform, progress or complete a purchase or make use of other online Services that we provide. They also include cookies that help us understand how you use our Platform, allowing us to improve the overall experience without being able to identify or target you or any other customer individually. If you disable these Cookies then you may not be able to use the Platform fully or at all.
Functional Cookies
These cookies are used to recognize you when you return to the Platform. This enables us to personalize our content for you, greet you by name, provide your details if you are registered and remember your preferences (for example, your choice of language or region) and to identify to you say where you don't complete a purchase (so we can inform you of this and provide assistance).
Marketing Cookies
These cookies record your visit to the Platform, the pages you have visited and actions you have taken. However, we do not use marketing cookies
Who uses the information stored in Cookies?
The information stored in the Cookies from the Platform is used exclusively by EHRSAFE
How can I manage the use of Cookies on this Platform?
We take your explicit consent on how we can use cookies when you visit our Platform. However, you can always change your preferences at any time by visiting Cookies Settings.
You will be able to activate or deactivate Cookies according to your preferences, except for any Cookies that are strictly necessary for the functioning of the Platform. Do note that blocking certain Cookies may affect your experience in using the Platform and its functionalities.
10. Changes to this Privacy Policy
This Privacy Policy was last updated on 22 April 2025 This Privacy Policy is subject to change as and when there are any changes in the laws/regulations relating to the data protection or there are any updates on the Platform. In such an event, we will undertake to update our Privacy Policy and notify you of such changes via e-mail ID you have provided to us. We request you to regularly check your email or this Privacy Policy for the updates.