Last Updated: [1st August’2024]
This Privacy Policy pertains to Bellowell Private Limited (“BPL” , “we” , “our” or “us”), which operates healthcare services under the brand name 'Bellowell'. Bellowell Private Limited is a company incorporated under the laws of India, with its registered and corporate office located at L-11/12 DLF Phase-2, Sector-25, Gurugram, Haryana-122108, India.
We acknowledge that users of our program and services may have inquiries regarding the collection of their information. This Privacy Policy outlines the types of information we collect through consent forms and web-based applications, and the purposes for which we use this information.
This website does not automatically collect any specific personal information from you (such as your name, phone number, or email address) that would enable us to identify you individually. You may visit this site without disclosing any personal information or undergoing a prior registration process, unless you choose to provide such information. Additionally, this site does not utilize cookies. Bellowell will not identify users or their browsing activities, except where required by a law enforcement agency.
Your email address may be recorded only if you voluntarily provide it and will be used solely for the purpose for which you have provided it.
Bellowell Private Limited ("BPL," "we," "our," or "us") is committed to recognizing its responsibility to handle the information it collects about individuals with care and to respect their privacy regarding their "personal information." The term "Personal Information" in this privacy statement refers to any information from which your identity is apparent or can be reasonably determined.
We collect certain personal information through our consent form, provided either in print or digitally, which includes details about the medical and demographic information of students. Specifically, we collect general check-up data, including immunization records, allergies, dental data, eye care data, nutrition data, ENT data, physiotherapy data, and other health-related information of school-going minor students (collectively referred to as "Medical Data").
When you consent to use Bellowell services, including but not limited to the Comprehensive School Health Program, this Medical Data is uploaded and saved onto our Electronic Health Record software or drive, while the original forms are kept or returned to the respective school(s). This Medical Data is used for the health and behavioural assessment of the student(s).
The medical data collected through the consent form is securely stored and made accessible only to the respective student and their parents through a protected dashboard. Due to privacy and data protection protocols, this information is not accessible to school principals or staff. This medical record is retained until the child graduates from 12th Standard, leaves the school, or the legal guardian(s) of the student withdraw their consent. In such cases, the data is transferred to the legal guardian(s).
BPL processes Customer Data (as defined below) to provide you with a smooth, efficient, and customized experience with BPL. The collection, use, and disclosure of Customer Data enable BPL to offer services and products that are most likely to meet your needs and requirements. This Privacy Policy outlines BPL's policies and responsibilities regarding the collection, use, and disclosure of Customer Data.
BPL is committed to protecting the privacy and security of the personal data we collect from students and parents as part of our healthcare services. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with applicable laws and regulations.
We are committed to protecting the privacy and personal data of individuals. To affirm our dedication, we provide this notice detailing our information security practices and policies concerning the collection, storage, and use of personal data, including sensitive personal data, received from providers, users, or you under lawful contracts or directly from individuals. We ensure that all our employees adhere to our privacy and security policies. BPL has established policies, standards, and procedures to safeguard privacy and personal information.
This Privacy Policy demonstrates our commitment to protecting the privacy and personal information of our providers and users. Your use of and access to our services are governed by this Privacy Policy. By confirming your acceptance of this Privacy Policy (through the methods provided on this website), by using the services, or by otherwise providing us with your information, you consent to the practices and policies outlined herein, including our collection, use, processing, and sharing of your information.
If you are approving the use of services on behalf of a child, you represent that you are authorized to accept this Privacy Policy on their behalf. We reserve the right to change, modify, add, or delete portions of this Privacy Policy at our sole discretion, at any time. If you do not agree with this Privacy Policy, you may withdraw or delete your personal information, or choose not to provide us with any further information.
Personal information, including sensitive personal data, is received, processed, or stored by BPL solely under valid contracts established with providers or users. The types of personal information we may collect include, but are not limited to:
At any time, providers may request access to their own personal information maintained by BPL for various purposes, including but not limited to:
BPL will address such requests promptly upon verifying the authenticity of both the requester and the request.
For any questions, concerns, or grievances regarding this Privacy Policy or BPL's privacy practices, please contact our Data Protection Officer at bellowelldpo@gmail.com.
Bellowell collects personal data, including names, addresses, telephone numbers, age, and medical/health information, which is provided by the lawful guardian(s) of the minor with their written consent via a consent form.
We do not obtain or solicit personal data from any individual or corporate entity directly or indirectly.
BPL collects and processes personal data, including sensitive personal data and other health-related information of children, in strict accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the IT Act, 2000. The primary purpose of collecting this data is to provide comprehensive healthcare services, generate health reports, and offer personalized medical information based on individual health assessments. The data is securely stored and processed by authorized health specialists and doctors to ensure the highest level of care and accuracy. Furthermore, the collected Medical Data is shared in compliance with the IT Act, which requires robust data protection and security measures. This approach ensures that BPL adheres to the necessary legal standards and protects the privacy and security of the personal data collected.
BPL ensures that all personal data, including Medical Data of school-going minor students, is securely stored in a MySQL database hosted on Hostinger. In compliance with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, BPL implements stringent encryption and security measures to prevent unauthorized access. Additionally, BPL adheres to data protection and privacy regulations to ensure that all data storage practices are aligned with current data protection standards.
Personal data collected by BPL is processed solely by authorized health specialists and doctors for the purpose of conducting health investigations and generating reports. This processing is carried out in strict compliance with applicable laws, ensuring that personal data is handled with the highest standards of confidentiality and security, with restrictions on tracking and profiling children. Data is not transferred across departments within the company except for authorized purposes. BPL enforces and mandates the protection of personal data and the prevention of unauthorized access or misuse. This guarantees that all processing activities are conducted with the required safeguards and oversight.
BPL exercises stringent control over the sharing of personal data, ensuring that it is not shared outside the jurisdiction in which it was collected and that any sharing of data within the jurisdiction is properly authorized. This practice adheres to the requirements of applicable laws, which mandate the protection of personal data within legal boundaries. To support school healthcare programs, BPL only shares aggregated statistics with school principals and relevant government authorities, ensuring that individual student identities are not disclosed. This practice aligns with the principles outlined in applicable laws, which promote data minimization and anonymization.
BPL does not transfer directly or indirectly personal data to third parties or affiliated companies, maintaining full control and confidentiality over the data collected. This practice complies with applicable laws, requiring explicit prior permission from the Data Principal before sharing their sensitive personal data with third parties, except in cases of legal obligations or requests from government agencies, which must be in writing and for specific purposes. The data is not published or further disclosed by the recipient. By refraining from third-party data sharing, BPL ensures that all personal data, including sensitive medical information of children, remains secure and confidential, further demonstrating our commitment to data privacy and protection as mandated by applicable laws.
BPL is dedicated to upholding the highest standards of data security and privacy. We have implemented a comprehensive array of organizational and technical measures designed to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures comply with the Digital Personal Data Protection Bill 2023.
BPL's security features and practices include:
Input Validation and Sanitization: Ensures user inputs conform to expected formats and removes harmful characters.
SQL Injection Prevention: Utilizes prepared statements and parameterized queries.
Cross-Site Scripting (XSS) Prevention: Escapes user-generated content before rendering it on web pages.
Cross-Site Request Forgery (CSRF) Protection: Implements CSRF tokens in forms.
Password Hashing: Employs robust hashing algorithms for secure password storage.
Session Management: Manages sessions securely, including regenerating session IDs upon login.
Access Control: Implements role-based access control (RBAC).
Multi-Factor Authentication (MFA): Enhances security.
Transport Layer Security (TLS): Ensures encryption of all data transmitted between the client and server.
Database Encryption: Encrypts sensitive data stored in the database.
File Upload Security: Validates and sanitizes file names and types to prevent the upload of malicious files.
Custom Error Pages and Logging: Implements custom error pages and maintains detailed logging of user activities.
Regular Security Audits and Updates: Conducts regular security audits, code reviews, and updates all dependencies. Performs comprehensive website security scans, and monitors aspects such as malware, blocklists, DNS, uptime, malicious redirects, and SEO spam every 6 hours.
Vulnerability Assessment and Penetration Testing (VAPT): Regularly conducts VAPT to identify and address security vulnerabilities.
Local Hosting and Data Sovereignty: Hosts data on servers located within India to comply with local data sovereignty laws.
SSL & Firewall: Utilizes SSL for data in transit and employs web application firewalls. Data at rest is encrypted using secure hashing algorithms to ensure data integrity and security.
BPL is firmly committed to upholding the highest standards of data privacy and security. To ensure full compliance with data protection regulations, BPL has appointed a dedicated Data Protection Officer (DPO). The primary duties of the DPO include overseeing the implementation of data protection policies and ensuring adherence to applicable laws. The DPO also acts as the point of contact for addressing any data protection issues or concerns, providing guidance on best practices, and ensuring that all data processing activities comply with relevant legal requirements.
Additionally, the DPO conducts regular data protection assessments and audits to identify potential vulnerabilities in our data handling processes and to ensure that our security measures remain current and effective. These assessments cover various aspects of data security, including data collection, storage, processing, and sharing practices. Any identified gaps or weaknesses are promptly addressed and mitigated.
Through the efforts of the DPO, regular data protection assessments and audits, and the implementation of robust security measures, BPL demonstrates its steadfast commitment to protecting the privacy and security of the personal data it collects and processes. This comprehensive approach ensures that BPL remains compliant with legal requirements and maintains the trust of its users by safeguarding their sensitive information.
BPL is dedicated to maintaining a transparent and accessible privacy policy in full compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules 2011"), and the Information Technology Act, 2000. Our privacy policy is comprehensive and readily available on our website, as required by SPDI Rule 4. This ensures that all stakeholders, including students, parents, and healthcare professionals, can easily understand how their personal data is collected, used, stored, and protected by BPL.
In addition to making our privacy policy publicly accessible, BPL regularly reviews and updates its compliance practices to align with new rules and regulations issued by the Central Government under Section 87 of the IT Act. This section authorizes the government to implement regulations for the protection of sensitive personal data, and BPL is committed to adhering to these evolving standards. Our Data Protection Officer (DPO) plays a pivotal role in overseeing compliance with existing regulations and ensuring that our privacy practices remain current.
By continuously updating our compliance practices, BPL demonstrates its commitment to upholding high standards of data privacy and security. This not only ensures adherence to legal requirements but also strengthens the trust and confidence of our stakeholders in our ability to protect their sensitive information.
BPL is dedicated to upholding the highest standards of transparency and compliance with applicable data protection laws, specifically the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology Act, 2000. We ensure that all data subjects are fully informed about the data collection processes, including the purpose of data collection, the intended recipients of the data, and details about the collecting agency, as required. BPL is committed to transparency to build trust with our stakeholders and to ensure they are aware of how their personal data is handled.
For data processing involving children, BPL has established stringent mechanisms to obtain and verify parental consent, recognizing the importance of protecting the privacy of minors. Our consent forms clearly specify the purposes for which data will be used, ensuring that parents or legal guardians are fully informed and consent to these purposes. Additionally, we obtain separate consents for different purposes where applicable, ensuring that each aspect of data usage is explicitly approved. This approach not only complies with legal requirements but also respects the autonomy and privacy of our users.
To ensure comprehensive compliance, BPL adheres to restrictions on tracking and profiling children by implementing robust verification processes to confirm that consent is genuinely obtained from parents or legal guardians. This includes detailed consent forms and clear communication about data usage, fostering an environment of informed consent. By adopting these measures, BPL reinforces its commitment to protecting the privacy and rights of its users, especially minors, and ensures that data processing activities are conducted in a lawful, transparent, and ethical manner.
BPL strictly adheres to the principles of data retention and purpose limitation in compliance with data protection laws. We ensure that personal data is not retained longer than necessary to fulfill the purposes for which it was collected or as mandated by applicable laws. This policy demonstrates our commitment to safeguarding user privacy and minimizing risks associated with prolonged data retention.
To ensure adherence to these regulations, BPL has established specific procedures for data deletion and defined timelines for erasing data once it is no longer needed. Our data retention policy provides clear guidelines on the duration for retaining different types of data, based on legal requirements and the purposes for which the data was initially collected. Once the retention period expires or the data is no longer required for its intended purpose, it is securely deleted from our systems. This includes implementing technical measures to ensure complete and irreversible deletion of digital data, as well as securely disposing of any physical records. By rigorously enforcing these data retention and deletion procedures, BPL ensures that personal data is managed responsibly and in accordance with the highest standards of data protection.
BPL is dedicated to implementing and maintaining robust security practices and procedures to protect personal data, in compliance with data protection laws. BPL adheres to the IS/ISO/IEC 27001 certification, which establishes best practices for an information security management system (ISMS). This certification underscores our commitment to safeguarding personal data and ensuring that our security measures align with international standards.
To ensure adherence to relevant standards, BPL performs and documents regular security audits and updates, which include comprehensive evaluations of our information security policies, procedures, and controls. These assessments identify any vulnerabilities or areas for improvement. By systematically reviewing and updating our security measures, BPL remains vigilant against emerging threats and upholds the highest levels of data protection. Additionally, our security practices involve rigorous employee training programs to ensure that all staff members understand and comply with our security policies. This comprehensive approach to security helps protect personal data, maintain user trust, and comply with legal and regulatory requirements.
BPL is committed to promptly and effectively addressing any discrepancies or grievances related to personal data. In accordance with data protection laws, BPL has appointed a Grievance Officer responsible for managing and resolving complaints within one month. The Grievance Officer plays a vital role in ensuring the timely and efficient handling of complaints, thereby maintaining user trust in our data protection practices.
Grievance Officer: A designated Grievance Officer is responsible for managing data protection complaints and concerns.
Contact Information: The Grievance Officer can be contacted at bellowelldpo@gmail.com.
Submission: Individuals may submit their grievances via email, telephone, or postal mail.
Acknowledgment: The receipt of the grievance will be acknowledged within 3 business days.
Investigation: The grievance will be thoroughly investigated within 15 business days, involving relevant departments as necessary.
Resolution: A resolution or update will be provided to the complainant within 30 business days. If additional time is required, the complainant will be informed of the extended timeline and the reasons for the delay.
Escalation: If the grievance is not resolved to the complainant's satisfaction, they may escalate the issue to higher authorities within the company or to the relevant regulatory bodies.
BPL ensures that personal data if required to be transferred due to legal requirements or medical emergency, within India is afforded the same level of protection required by Data Protection Laws. Our commitment to data protection extends beyond our internal operations, necessitating a thorough evaluation and verification of the data protection standards of any third-party recipients prior to data transfer. This process guarantees that any data shared or processed by external entities adheres to the same stringent security and privacy protocols that BPL maintains internally.
To uphold these high standards, BPL conducts comprehensive assessments of the data protection practices of third-party recipients. This includes verifying their compliance with applicable data protection laws and certifications, such as IS/ISO/IEC 27001, and ensuring they implement robust security measures to protect the data. BPL not only meets legal requirements but also reinforces its commitment to safeguarding the privacy and security of users' personal data.
BPL complies with the Data Protection Laws concerning the disclosure of sensitive personal data. We ensure that prior permission from data providers is obtained before disclosing their sensitive data, except where such disclosure is explicitly stipulated in a contract or is necessary for legal compliance. To uphold compliance and safeguard user privacy, BPL meticulously reviews and updates its contractual agreements to incorporate these requirements. By clearly outlining the conditions under which sensitive data may be disclosed, we provide users with a transparent understanding of how their data will be managed.
Furthermore, any disclosure of sensitive data for legal compliance purposes is strictly confined to what is legally required and is conducted with the highest level of care to ensure the privacy and security of the data involved.
BPL is dedicated to safeguarding the privacy and security of children's personal data in accordance with Data Protection Laws. Prior to processing any personal data of a child, BPL secures verifiable consent from a parent or lawful guardian. This approach ensures that data collection and processing activities are transparent and authorized, thereby protecting the child's privacy and rights. Our consent mechanisms are designed to be thorough and dependable, including written consent forms and other verifiable methods to confirm parental or guardian approval.
To ensure further compliance, BPL has established specific measures to prevent unauthorized tracking and profiling of children. Our data processing activities involving children are rigorously monitored and restricted to necessary and explicitly consented purposes. By adhering to these protocols, BPL maintains the privacy and security of children's personal data, demonstrating our commitment to ethical data practices and compliance with legal standards.
BPL acknowledges the importance of fulfilling the obligations for Significant Data Fiduciaries as specified by Data Protection Laws. As an organization qualifying as a Significant Data Fiduciary due to the volume and sensitivity of the data we handle, we ensure full compliance with the additional responsibilities imposed on us.
To address these obligations, BPL has appointed a dedicated Data Protection Officer (DPO) who manages our data protection practices and ensures adherence to all applicable regulations. The DPO is tasked with conducting regular data protection assessments and audits to identify and address any potential risks. Furthermore, BPL implements enhanced security measures to protect personal data, including advanced encryption techniques, secure access controls, and regular vulnerability assessments. These measures ensure that our data protection practices are both robust and current, demonstrating our commitment to safeguarding the privacy and security of our users' personal data in accordance with the DPDP Act.
BPL is dedicated to maintaining the highest standards of data protection and security. In accordance with the Information Technology Act, we recognize our liability to pay damages for any negligence resulting in wrongful loss or gain to individuals due to a failure to implement reasonable security practices. To address this, BPL has established a comprehensive policy for managing data breaches and compensating affected individuals.
Our policy delineates the procedures for promptly identifying, responding to, and mitigating data breaches. It includes specific guidelines for notifying affected individuals and providing appropriate compensation for any losses incurred due to negligence. To ensure compliance with the IT Act's requirements, we regularly review and update our security measures, conduct audits, and employ advanced data protection technologies. This approach underscores our commitment to protecting personal data and maintaining the trust our users place in us.
BPL is dedicated to adhering to the rules and regulations established by the Central Government for the protection of sensitive personal data, as required by the Information Technology Act. To ensure compliance, BPL routinely reviews and updates its data protection practices in alignment with any new rules and regulations issued by the Central Government. This involves staying current with the latest legal requirements and incorporating them into our data protection policies and procedures.
We have implemented a robust framework to safeguard sensitive personal data, including advanced security measures, regular audits, and comprehensive staff training in data protection practices. By following these regulations, BPL underscores its commitment to upholding the highest standards of data privacy and security. This proactive approach not only ensures compliance with the IT Act but also strengthens our commitment to protecting the sensitive personal data of our users.
The contents of this website may not be reproduced, in whole or in part, without prior authorization from Bellowell Pvt. Ltd. Furthermore, the contents may not be used in any misleading or objectionable manner. When referenced as part of another publication, proper acknowledgment of the source is required. Permission to reproduce this material does not extend to any content identified as copyrighted by a third party. Authorization to reproduce such third-party material must be obtained from the relevant departments or copyright holders.
BPL reserves the right to update this Privacy Policy periodically in accordance with applicable laws. Any changes will be communicated by posting the revised Privacy Policy on our website. It is advised that you review this Privacy Policy regularly to stay informed of any updates.
Bellowell Pvt. Ltd. does not offer specific medical advice to its users. Instead, it provides general information to assist users in understanding their health, diagnosed conditions, preventive measures, screening, supportive care, and related topics. The information provided is intended for educational purposes regarding health and disease and will be updated as necessary. This information should not be used for self-diagnosis or treatment, and Bellowell Pvt. Ltd. assumes no responsibility or liability for such use. For specific personal health concerns, users are advised to consult their treating physician for professional guidance.
Bellowell Pvt. Ltd. shall not be held liable for any data breaches resulting from unauthorized access to its website, despite implementing all reasonable security measures to protect against such incidents.
