DATA PROTECTION STATEMENT
OmRx Pvt Ltd (OmRx in short) accords very high priority to data protection and this policy statement is an assurance of data protection processes followed at OmRx by the management as well as employees. Through this declaration, we commit to the compliance with the applicable Data Protection Regulations and relevant legislation.
OmRx means the company and/or the website and/or App(s) of OmRx or associated Apps
The use of this website/App and its pages, as well as any other pages linked to this website/App which are controlled by OmRx is voluntary and any person unwilling may opt to log out. Further continuation is an endorsement of the willingness to the whole of the conditions.
A data principal would be able to utilize the services offered by the OmRx by submitting to the OmRx through uploading the personal data. This is considered as a consent for the personal data processing.
The processing of personal data, such as name, address, e-mail address, or telephone number or other details of a data principal shall always be in line with the Data Protection Regulations applicable to OmRx. Through this data protection declaration, we would like to inform everyone concerned and the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data principals are informed, by means of this data protection declaration, of the rights to which they are entitled and the obligations associated with the data being uploaded.
As the controller, OmRx has implemented numerous technical and organizational measures to ensure comprehensive protection of personal data processed through this website/App. Adequate security measures are put in place from time to time towards bridging identified gaps in security. However, Internet-based data transmissions may have security gaps despite the best practices in place at a given time. Thus, absolute protection cannot be guaranteed. For this reason, every data principal is free to transfer personal data to OmRx via alternative means, e.g. by telephone or letter or in person. OmRx assures its highest commitment to data protection.
In this data protection statement the following terms when used by OmRx and will have the meaning given below:
In relation to personal data, means the irreversible process of transforming or converting personal data to a form in which a data principle cannot be identified.
1.2 Anonymized Data
Means data which has undergone the process of anonymization.
Consent of the data principal is given freely and willingly. It is specific, informed and unambiguous indication of the data principal’s wish by which he or she conveys agreement to the processing of personal data relating to him or her through this consent given to OmRx.
1.4 Controller or controller responsible for the processing
Controller or controller responsible for the processing is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes, platforms and means of the processing of personal data when so nominated.
Data means and includes a representation of information, symbols, designs, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human or by automated means.
1.6 Data Fiduciary
A Data Fiduciary is an entity or individual who decides the means and purposes of processing personal data.
1.7 Data Principal
Data principal is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
1.8 Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data principal”). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as characteristics, traits, or attributes of identity or as a name, an identification number, symbol, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, biological, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is/ are performed on personal data or on sets of personal data, with or without data from other sources, whether or not by automated means, such as collection, collation, recording, organising, structuring, storing, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction or analysis or extrapolation.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Profiling means any form of processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance and / or conduct at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements etc.
Recipient is any natural or legal person, agency or another body, to which personal data are disclosed, whether a third party or not.
Note: Public authorities which may receive personal data in accordance with the applicable law shall not be regarded as recipients; the processing of the data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
1.13 Third party
Third party is a natural or legal person, public authority, agency or body other than the data principal, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. Name and Address of the controller
OmRx Pvt Ltd.
25A, 6th Cross,
Belagola – 571606, India.
Email – [email protected]
Website – www.OmRx.in
Any data principal or any concerned person may contact Data Controller directly regarding suggestions or queries concerning data protection.
The data principal may at any time prevent or change the setting of cookies through our website/App by means of corresponding settings of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs, as is possible in all popular Internet browsers. If the data principal deactivates the setting of cookies in the Internet browser used, some of the functions may not be available on our website/App.
5. Collection of general data and information
The website/App of OmRx collects a series of general data and information when a data principal or automated system calls up the website/App. This general data and information is stored in the server log files. Collected data may be (a) the browser types and versions used, (b) the operating system used by the accessing system, (c) the website/App from which an accessing system reaches our website/App (so-called referrers), (d) the sub-websites/Apps, (e) Apps linked to the website (f) the date and time of access to the Internet site, (g) an Internet protocol address (IP address), (h) the Internet service provider of the accessing system, and (i) any other similar data and information that may be used in the event of attacks on our information technology systems.
The above information is needed to (a) deliver the content of our website/App correctly, (b) optimize the content of our website/App as well as its advertisement, (c) ensure the long-term viability of our information technology systems and website/App technology, and (d) provide law enforcement authorities with the information as necessary. Therefore, OmRx analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data principal.
Users may export data within the scope permitted under this policy and OmRx is not responsible for the unexpected outcomes or misuse of the data thus exported
6. Registration on OmRx website/App
The data principal has the option to register on OmRx website/App. What personal data is transmitted to the controller is determined by the respective input option used for the registration or thereafter. The personal data entered by the data principal are collected and stored exclusively for internal use by the controller and the processing may happen internally or outside the storage sources of the Data Controller.
By registering on the website/App of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data principal—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate offences committed, if any. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution or for the objectives of consent.
The registration of the data principal, with the voluntary indication of personal data, is intended to enable the controller to offer the data principal contents or services that may only be offered to registered users. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.
The data controller shall, at any time, provide information upon request to each data principal as to what personal data are stored about the data principal. In addition, the data controller shall correct or erase personal data at the request or indication of the data principal, insofar as there are no statutory storage obligations. The entirety of the controller’s employees is available to the data principal in this respect as contact persons.
7. Communication possibility via the website/App
The website/App of OmRx contains information that enables a quick electronic contact to our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data principal contacts the controller by e-mail or via a contact form, the personal data transmitted by the data principal are automatically stored. Such personal data transmitted on a voluntary basis by a data principal to the data controller are stored for the purpose of processing or contacting the data principal.
8. Comments function in the blog on the website/App
OmRx may offer users the possibility to leave individual comments on individual blog contributions on a blog, which may be on the website/App of the controller. A blog is a web-based or App based publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties and the bloggers agree to the natural outcomes of such posts and the data controller is not responsible for the same.
If a data principal leaves a comment on the blog published on this websit/App, the comments made by the data principal are also stored and published, as well as information on the date of the comment and on the user name or pseudonym chosen by the data principal. In addition, the IP address assigned by the Internet service provider (ISP) to the data principal is also logged. This storage of the IP address takes place for security reasons, and in case the data principal violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, thus, of interest to both the controller and the data principal in order to prove compliance with laws against illegal contents. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the legal defense of the data controller or to meet the objective of consent.
9. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data principal only for the period necessary to achieve the purpose of storage or as required by law to which the controller is subject to.
If the storage purpose is not applicable as per consent, or if a storage period prescribed by the applicable law expires, the personal data are routinely blocked or erased in accordance with legal requirements.
10. Rights of the data principal
(a) Right to confirmation
Each data principal shall have the right granted by the applicable law to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data principal wishes to exercise this right of confirmation, he or she may, at any time, contact any employee of the controller.
(b) Right to access
Each data principal shall have the right granted by the applicable law to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the data principal shall have the right to obtain from the data fiduciary a brief summary of processing activities undertaken with respect to the personal data of the data principal.
(c) Right to correction
Data principal shall have the right to correct or rectify any inaccurate personal data concerning him or her without undue delay. The data principal shall also have the right to have the incomplete personal data completed, including by means of providing a supplementary statement or questionnaire The data controller may seek necessary documentary proof to substantiate the claim or submission
If a data principal wishes to exercise this right to correction or completion, he or she may, at any time, contact the controller or the concerned employee. The request in this regard from the data principal shall be in writing.
(d) Right to be forgotten
Data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary where such disclosure:
(i) has served the purpose for which it was made or is no longer required
(ii) when the consent has since been withdrawn
(iii) was made contrary to the law
If a data principal exercise his right to be forgotten he or she may contact the concerned employee or the controller. Where the controller has made personal data public and is obliged to erase the personal data, the controller, taking account of the available technology and the cost of implementation, shall take reasonable steps to erase the data as requested. The request in this regard from the data principal shall be in writing
(e) Right of restriction of processing
Data principal shall have the right to obtain from the controller restriction of processing in the following conditions:
(i) The accuracy of the personal data is contested by the data principal, for a period enabling the controller to verify the accuracy of the personal data.
(ii) The processing is unlawful and the data principal opposes the erasure of the personal data and requests instead the restriction of its use.
(iii) The controller no longer needs the personal data for the purposes of the processing, but they are required by the data principal for the establishment, exercise or defence of legal claims.
If a data principal exercise his right to restriction of processing he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.
(f) Right to data portability
Data principal shall have the right to receive the personal data concerning him or her which was provided to the controller, in a commonly used machine-readable format. Anonymized data shall be exempt from the portability. The controller may continue to retain the data even after portability in case of anonymization.
If a data principal wishes to exercise his right to data portability he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.
(g) Right to object
Data principal shall have the right to object, on grounds prevalent after consent, at any time, to the processing of personal data concerning him or her before withdrawing consent.
OmRx shall no longer process the personal data in the event of an objection, unless OmRx can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data principal, or for the establishment, exercise or defence of legal claims.
In addition, the data principal has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by OmRx for scientific or historical research purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If a data principal wishes to exercise his right to object he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.
(i) Right to withdraw data protection consent
The Data principal shall have the right to withdraw his or her consent to processing of his or her personal data at any time.
If a data principal wishes to exercise his/ her right to withdraw data protection consent he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.
11. Conditions for the exercise of rights mentioned above:
(a)It is clarified that OmRx is collecting and processing the data as a result of contract entered between the data principal and OmRx.
(b)The data provided by the data principal shall be true and authentic. Submission of false data will not give rise to any rights mentioned above and in addition appropriate action may be initiated by OmRx for provision of false data.
(c)OmRx may charge appropriate fee to be paid for actioning the above rights except towards withdrawal of consent.
(d)All requests from data principal in this regard shall be in writing and will be actioned within a reasonable time as notified by OmRx.
(e)In case of refusal in response to a request, OmRx may convey reasons for such refusal.
(f)OmRx is not obliged to accede to the request where compliance to such request would harm the right of any other data principal.
(g) OmRx may not oblige to comply with the request if necessary documentary evidence as required is not provided by the data principal while making any request.
(h)Processing of data for the purposes of legitimate interest including wellbeing of majority stakeholders or especially in case of benefit to the data principal in case of medical emergencies would be permissible at the discretion of OmRx.
12. Use of Analytics
OmRx shall have the option to deploy and use appropriate analytics tools and associated technologies, applications, platforms and / or service providers.
OmRx shall have the option of integrating components of other data analytics on the OmRx website/Apps.
13. Period of Storage
The data collected shall be stored on as required basis to meet the objectives of the consent or as required by law.
14. Use of AI, ML and similar technologies in supported decision making
OmRx does not use automated decision making. However, the emerging and new technologies will be deployed to support decision making.
OmRx may change the contents of this statement may be amended, altered or changed without notice on its own or as required by the changes in law.
OmRx Pvt Ltd.
25A, 6th Cross,
Belagola – 571606, India.
I certify that I have read and understood the data protection policy of OmRx and I concur with the same.