eCW Privacy Policy

Privacy Policy

Effective Date: December 19, 2024

Last Updated: December 19, 2024

1. Introduction

1.1. This Privacy Policy (this "Privacy Policy") informs you what Personal Information (defined below) eClinical India Pvt. Ltd. ("eCI," "we," "us," or "our") may collect, how eCI collects such Personal Information, how eCI uses such Personal Information collected: (i) from our employees; and/or (ii) by us in connection with the Services (defined below) we provide to the users of our Sites and/or mobile applications, and our customers (i.e., health care providers or their firms) ("Providers") (collectively "you," or "your"), and your choices related to your Personal Information.

1.1.1. "Services" means eCI's products and services, such as our websites ("Sites"), electronic medical records systems, practice management systems, healthcare provider customer portals ("Provider Portals"), patient portals ("Patient Portals", collectively with Provider Portals, "Portals"), software and mobile applications for the foregoing, etc. [Note to Client: Please note that the definition is broad enough to cover all the offerings proposed to be covered under this policy - HMIS, CMIS, OPRA, Healow India PHR app online, Healow App.]This Privacy Policy applies wherever it is posted, and it is part of and incorporated into applicable Terms of Use Agreements ("Terms of Use") for the Sites, the Portals, and other Services, and into any applicable Terms and Conditions for our software and mobile applications ("Terms and Conditions"). Any terms capitalized herein but not defined shall have the meanings assigned to such terms in the applicable Terms of Use or Terms and Conditions. By visiting or using the Services or otherwise affirming the acceptance of an agreement into which this Privacy Policy is incorporated by reference, you acknowledge and agree to accept the practices described in this Privacy Policy regarding the collection, use, disclosure, and transfer of your Personal Information. If you do not agree to the terms of this Privacy Policy, please do not use the Services. This Privacy Policy is not a contract and does not create any contractual rights or obligations. Your use of the Services is governed by the applicable Terms of Use or Terms and Conditions of the respective Services.

2. The Personal Information We Collect

2.1. When you access and use the Services, we may collect the following types of information:

2.1.1. "Personal Information" is information that identifies an individual or relates to an identifiable individual or household. It may include the following categories: name, date of birth, address, email, phone number, hospital name, etc. The types of Personal Information collected, and the uses thereof depend on the purposes for which we collect the Personal Information (e.g., whether you are a visitor to our Sites, a user of our Portals, or a customer of our Services). As used in this Privacy Policy, Personal Information does not include Patient Data.

2.1.2. "Patient Data" refers to any information related to an individual's health and medical history. It includes personal details, such as name, age, and contact information, as well as medical records, diagnoses, treatments, and test results.

2.1.3. "Usage Data" is information that we automatically collect about your use of the Sites and includes the sort that Web browsers and servers typically make available, through Web server logs, Web beacons, cookies and other similar tracking technologies, about the devices you use to access our Sites, as well as information on how you interact with our Sites. We do not deploy non-essential third-party cookies or similar tracking technologies on the Portals; however, we may collect log information including Usage Data for internal uses or uses by our service providers on our behalf, such as ensuring the security and integrity of our Services. Usage Data may include the IP address of a device or internet service used to connect your device to the Internet and may provide information about your Location; computer and connection information such as your browser type and version; operating system and platform; confirmation when you open e-mail that we send you; purchase history; and the URLs which lead you to and around the Site including the date and time of access. Usage Data may overlap with Location Information. Usage Data generally does not directly identify an individual but may constitute Personal Information in some instances.

3. How We Collect Your Personal Information

3.1. eCI uses information collected from users of the Services to personalize and improve your visit and experience, to provide the Services to you or our customers, and for other purposes set out below. When you use the Services, eCI may collect Personal Information in the following ways described below.

3.2. Information You Provide to eCI: eCW collects Personal Information when you use and interact with the Services, such as when you:

3.2.1. Communicate with eCI about our Services whether by letter, e-mail, online chat window, or telephone.

3.2.2. Complete and submit forms to us on our Sites or Provider Portals (e.g., to register for an account on a Provider Portal, authenticate yourself to verify your authorized use of the Services, to register for our events, to request a demo, or to subscribe to our newsletters);

3.2.3. Visit our offices.

3.2.4. Attend one of our events or conferences.

3.2.5. Visit our Sites or interact with us on social media and provide us Personal Information; or Apply for jobs.

3.3. Information collected from Providers: We collect information about the Provider through lead directory, cold calls, referrals, websites and other publicly available means.

3.4. Information collected from Vendors: We collect contact information and other relevant data from vendors who provide administrative services essential for our daily operations, as well as information necessary for integrations with laboratories or diagnostic imaging centers.

3.5. Information that eCI Collects Automatically: When you use the Services, eCI may automatically collect Usage Data subject to the settings of your device that you use to access the Services. With your consent, we may also collect information from your device to facilitate your use of certain features of the Services. eCI may use this data to analyze trends and statistics to improve your online experience or our customer service. We do not deploy non-essential third-party cookies or similar tracking technologies on our Portals but may collect Usage Data for purposes such as ensuring the security and integrity of our Services.

3.6. Information from Other Sources: eCI may collect Personal Information from other sources such as the Internet and other publicly available sources and databases, data aggregators, marketing companies, and other third parties, including sources from which you authorize us to obtain Personal Information about you on your behalf. If you authorize us to collect information from a third party, or if you authorize a third party to send us information, and you later decide that you no longer want us to obtain that information, you may need to contact the third-party source directly and request that they stop transmitting information to us. For more information about how those third parties collected and used your Personal Information, please review the privacy policy of the respective third party.

4. eCI as a Data Processor

4.1. Certain Services we provide to our customers or make available to their patients, such as the Portals, as well as certain support operations, involve access to, and the processing of, Patient Data. This Patient Data is provided to us pursuant to a service agreement, or other document with terms and conditions for the Services (the "Customer Documents") that we have entered with our customers (health care providers or their firms, "Providers") that also govern our use of Patient Data of their patients provided by our Provider customers or their patient users.

4.1.1. This Privacy Policy supplements the Customer Documents. eCI only uses such Patient Data as a "Data Processor" of its Providers, who are "Data Fiduciary," in accordance with any instructions or restrictions provided to eCI by the Provider and in full compliance with the applicable provisions of DPDPA.

4.1.2. If you are a patient of a Provider, our use and disclosure of your Patient Data is governed by the Customer Documents with your Provider and other applicable laws — not by this Privacy Policy. Your Provider's collection, use, disclosure, and transfer of such Patient Data are governed, in turn, by your Provider's terms and conditions and privacy practices between you and your Provider. Please submit all requests and questions related to your Patient Data directly to your Provider. We are not responsible for how our Provider customers treat Patient Data we collect on their behalf, and we recommend you review their own privacy policies.

4.1.3. Our Sites are generally not intended to collect or retain any Patient Data. Thus, sections of this Privacy Policy that discuss Personal Information collection on the Sites do not apply to Patient Data, and we do not request, obtain, use or disclose any Patient Data through our Sites such as www.eclinicalworks.in.

5. Use of Information Collected By eCI

Why and how eCI processes the information provided by you is set out below:

Information Categories Why and How eCI Processes this Information
Information collected from users of Sites and mobile applications and Analytics Cookies We use the information collected to:
  • Administer user accounts.
  • Provide Services
  • Respond to users' questions and concerns.
  • Market and communicate about our products, services, events, and other offerings.
  • Conduct research and analysis.
  • Send personalized marketing outreaches via emails or messaging applications.
Information collected from Providers We use the information collected to:
  • Administer Provider accounts.
  • Provide Services.
  • Respond to Providers' questions and concerns.
  • Market and communicate about our products, services, events, and other offerings.
  • Process payments, administer fees, provide Providers with invoices, or resolve billing issues.
  • Conduct research and analysis.
  • Carry out our legal obligations and enforce eCI's rights under any contract to which we are party.
  • Protect the rights, property or safety of eCI or others, as necessary and appropriate.
  • Send personalized marketing outreaches via emails or messaging applications.
Information collected from Employees We use the information collected to:
  • Comply with laws or regulations to which eCI is subject.
  • Support, communicate, administer payroll, expenses, remuneration, expense reimbursements, background checks and employee benefits including bonuses, investment plans, loans, pensions, medical insurance, life insurance, and disability plans.
  • Investigate potential misconduct.
  • Monitor the employees' use of our information and communication systems and provide for security of the IT system to ensure compliance with our IT policies.
  • Ascertain the employees' fitness to work, managing sickness absence.
  • Perform our contractual obligation to calculate and pay the employees' salary, tax and other related benefit schemes.
Information collected from Vendors We use the information collected to:
  • Conduct diligence regarding our vendors and partners and administer vendor/partner relationships.
  • Process payments, administer fees, provide vendors with invoices, or resolve billing issues.
  • Carry out our legal obligations and enforce eCI's rights under any contract to which we are party.
Patient medical information We use the information collected to assist Providers on various support cases.
Information collected from Job applicants We use the information collected to:
  • To analyse their candidature for the job profile.
  • Monitor recruitment statistics
  • To communicate with applicants regarding the decision. Our use of the job applicants’. Personal Information may be based on our legitimate interest to ensure network, information security and business performance improvement.

6. Sharing and Disclosure of Personal Information

6.1. We reserve the right to disclose and/to share certain categories of Personal Information described above, without further notice to you, unless required by the law, with the following categories of third parties:

  • Internal Sharing: eCI may disclose Personal Information to its parent company, subsidiaries, entities under common ownership, affiliates and other related companies without authorization.
  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal information with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal information while performing their duties to us.
  • Business Transfers (Transaction): If we are involved in a merger, acquisition, financing due diligence, reorganization, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a "Transaction"), your personal information and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, (v) protect against legal liability, and/or (vi) enforce any legal right or claim.
  • With Our Customers: eCI may disclose Personal Information, including Sensitive Personal Information, to its customers consistent with the Customer Documents. "Sensitive Personal Information" refers to Personal Information regarding more sensitive areas, such as government ID and certain other financial information, gender, marriage status, race/ethnicity, or veteran or disability status.

7. Advertising and Third-Party Data Collection

eCI may enter into relationships with third-party advertising companies to drive traffic to and serve ads on our Site. These third-party companies may also collect information through Data Collection Technologies described in Section 6 to measure the effectiveness of their ads and to personalize advertising content.

7.1. You may opt-out of receiving marketing communications from us by following the instructions included in such a communication or by contacting us as provided in the Contact Information Section 15. If you opt out, we may still send you non-marketing communications, such as those about your account or our ongoing business relationship.

7.1.2. Internal Sharing: eCW may disclose Personal Information to its affiliates (including parents, entities under common ownership, and subsidiaries, such as Healow, LLC), and other related companies without authorization.

7.2. You may review and request changes to the Personal Information we have collected about you by contacting us as provided in the Contact Information Section 15 below.

8. Biometric Data

In connection with the Services, eCI may collect or store biometric data, such as fingerprints or facial geometry scans that may identify you, which are used for authentication and verification of your identity. This information may be biometric data under certain laws governing the collection, use, storage, and disclosure of biometric data. By providing such information, you acknowledge that you have been advised of, and understand that, eCI, and its agents and contractors, may collect, use, store, and disclose biometric data for the purposes described in this Privacy Policy, or as otherwise described in the Services. We will not sell, lease, or trade your biometric information. We will retain such biometric data only until the occurrence of the first of the following, at which point the data may be scheduled for deletion: (a) the purposes outlined in this Section 8 have been satisfied, (b) any date of deletion required by applicable law.

Notwithstanding the foregoing, (1) eCI will not delete biometric data that is Patient Data unless requested by the applicable Provider, and (2) except as provided in subsection (1), the collection, use, storage, disclosure, and retention of biometric data that is Patient Data through the use of any of the Services shall be governed by Section 4 of this Privacy Policy and any applicable Customer Documents, not by this Section 8.

9. Security of Personal Information

eCI has reasonable and appropriate safeguards in place to help protect the Personal Information eCI collects from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Although eCI attempts to protect the Personal Information in our possession, no security system is perfect, and eCI cannot promise that your Personal Information will remain secure in all circumstances.

10. Retention of Personal Information

eCI will retain your Personal Information as needed to fulfill the purposes for which it was collected. eCI will retain and use your Personal Information as necessary to comply with eCI's business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.

11. Links to Third Party Websites

Our Sites may contain certain links to third party websites. eCI is not responsible or liable for the privacy practices or content found on these websites. You should check the privacy notice and policies of each website you visit. Links to third party websites are provided solely for your convenience and any use or submission of data to such websites shall be at your sole risk.

12. Children's Privacy

Our Sites are not directed toward individuals under the age of 18. We do not promote our Sites to individuals under 18, and we do not knowingly collect any Personal Information through our Sites from individuals under 18. Access to our Portals is separately governed by the Portals' posted Terms of Use.

13. Changes to the Privacy Policy

eCI may change this Privacy Policy at any time. Unless we say otherwise, changes will be effective upon the last updated date at the top of this Privacy Policy. Please check this Privacy Policy regularly to ensure that you are aware of any changes. We may try to notify you of material changes to this Privacy Policy, which if we do so may be by means such as by posting a notice directly on the Services, by sending an e-mail notification (if you have provided your e-mail address to us), or by other reasonable methods. In any event, if you use the Services after changes to this Privacy Policy, you have accepted the changes. If you do not agree with the changes, please stop using the Services.

14. Privacy Rights

Where provided for by law and subject to any applicable exceptions, you may have the right:

Your rights under the Digital Personal Data Protection Act, 2023 ("DPDPA") are:

14.1. The right to access your Personal Information

14.2. The right to correct your Personal Information

14.3. The right to erasure of your Personal Information

14.4. The right to restrict the processing of your Personal Information

14.5. The right to object to the processing of your Personal Information

14.6. The right to redress with respect to personal data breach or a breach by eCI of its obligations in relation to your Personal Information

14.7. The right to withdraw consent

If you would like to exercise any or all these rights, you may do so by contacting us "privacy". After we receive your request, we may request additional information from you to verify your identity. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.

15. Contact Information

If you have any grievances, or questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address below:

Address: eClinical India Pvt. Ltd
403-404VenusAtlantis
Nr.Shell Petrol Pump
100 Feet Road Prahalad Nagar
Ahmedabad:380015
GSTIN/UIN:24AAECE0045J1Z0
Email address: privacy
Phone number: 079 4022 2000

16. COMPLAINTS TO THE DATA PROTECTION BOARD OF INDIA

If you want to make a complaint in respect of a personal data breach or a breach by eCI of its obligations in relation to your Personal Information or the exercise of your rights under the DPDPA, you can submit complaints to the Data Protection Board of India.

eClinicalWorks | © 2025 All rights reserved | Privacy Policy | Terms Of Use | Your Privacy Choices | Accessibility