Privacy Policy

Last Updated: February 8, 2026

This Privacy Policy governs the collection, use, storage, and disclosure of information by the software solutions provider in relation to software solutions provided to healthcare facilities, laboratories, and medical centers.

1. Definitions and Interpretation

Personal Data means any information relating to an identified or identifiable natural person as defined under the Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023.
Software means the software solutions, applications, platforms, and related services provided by the Service Provider.
Processing means any operation performed on data including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or erasure.

2. Role and Responsibility

2.1 Data Processor Status

The Service Provider acts solely as a data processor and not as a data controller. All Personal Data accessed, processed, or stored through the Software remains under the exclusive ownership and control of the Client.

The Client is solely responsible for:

Obtaining all necessary consents from data subjects
Ensuring lawful basis for data processing
Complying with applicable data protection laws
Ensuring accuracy and completeness of data entered into the Software

3. Data Collection and Processing

3.1 Data Collected

The Software may facilitate processing of the following categories of information:

Patient demographic information
Medical history and health records
Laboratory test results and reports
Billing and financial information
User credentials and access logs

3.2 Purpose of Processing

Data is processed solely for providing Software functionality as per the Client’s instructions. The Service Provider does not use Client data for any other purpose.

4. Data Storage and Security

4.1 Security Measures

The Service Provider implements commercially reasonable security measures including:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security audits and updates
Backup and disaster recovery procedures

4.2 Data Location

Data may be stored on servers located in India or other jurisdictions. Data residency preferences are followed where technically feasible.

4.3 No Guarantee Disclaimer

While reasonable security measures are employed, no system is completely secure. The Service Provider makes no warranty that the Software or data will be free from unauthorized access, loss, corruption, or breach. Use of the Software is at the Client’s own risk.

5. Data Sharing and Disclosure

The Service Provider does not share Client data except:

When authorized by the Client in writing
With third-party service providers under confidentiality obligations
When required by law or governmental authority
To protect legal rights or public safety as required by law

6. Data Retention and Deletion

Data is retained for the service duration and any legally required period. Upon termination, the Service Provider shall, upon written request:

Return Client data in an agreed format, or
Permanently delete Client data

Data may be retained only as required by law or legitimate business purposes.

7. Client Rights and Obligations

7.1 Client Rights

The Client retains full rights to access, modify, correct, or delete data.

7.2 Client Obligations

Ensure data accuracy
Maintain credential confidentiality
Obtain required consents
Comply with healthcare and data protection laws
Maintain independent backups
Report suspected security incidents promptly

8. Limitation of Liability

To the maximum extent permitted by law, the Service Provider is not liable for indirect, incidental, consequential, punitive, or commercial damages, data loss, system failures, unauthorized access, regulatory violations by the Client, or third-party service failures. Total liability shall not exceed fees paid in the twelve months preceding the claim.

9. Indemnification

The Client agrees to indemnify and hold harmless the Service Provider from claims arising from misuse, legal violations, consent failures, data inaccuracies, credential compromise, or third-party claims.

10. Force Majeure

The Service Provider is not liable for delays or failures caused by events beyond reasonable control.

11. Data Breach Notification

If a data breach is identified, the Service Provider shall notify the Client within seventy- two hours, provide reasonable details, and cooperate in mitigation. Regulatory and patient notifications remain the Client’s responsibility.

12. Third-Party Services

The Service Provider is not responsible for privacy or security practices of third-party services integrated with the Software.

13. Cookies and Tracking Technologies

Cookies and session technologies may be used for functionality only and not for advertising or analytics without consent.

14. Amendments to Privacy Policy

This Privacy Policy may be modified with notice. Continued use constitutes acceptance.

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Courts in India have exclusive jurisdiction.

16. Severability

Invalid provisions do not affect remaining provisions.

17. Entire Agreement

This Privacy Policy and the Terms and Conditions constitute the entire agreement.

18. No Waiver

Failure to enforce rights does not constitute waiver.

19. Contact Information

Medmarks
No.897/e, 3rd floor, next to income tax department, koramangala 6th block, Bangalore, 560034
Email: support@medmarks.in

By using the Software, the Client acknowledges that it has read, understood, and agrees to be bound by this Privacy Policy.