The types of Personal Data that DATRI collects shall include:
Information required to be provided by the donor in the “Donor Registration Form” (Annexure A), consent of the donor by signing the consent form (Annexure B) that they have understood the processes and collecting cheek swab samples to do HLA (Human Leukocyte Antigen) typing; or
Information received pre and post the medical checkup of the donor (either directly or indirectly).
- Information provided by a patient or a hospital/medical practitioner.
- Information provided by the volunteer.
For users providing money as donors:
- Information provided by a user in the process of donating money.
For DATRI Employees & Associates:
- Information provided or collected from its employees during the start of engagement with DATRI.
Any other relevant document or information which DATRI may deem fit to collect or requires for you to provide, in compliance with the DATRI’s internal rules, regulations or policy
(collectively referred to as “Personal Data”). This Personal Data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Information Technology Act, 2000, the Indian Contract Act, 1872 and as per the applicable laws of India.
The purpose of this Policy, as amended from time to time, is to give an understanding, on how DATRI intends to collect, store, transfer and use the information provided to DATRI. The Policy may be subject to changes, as required from time to time. Upon updating the Policy, we may revise the “Updated” date at the bottom of this Policy. This Policy is applicable to every individual providing any such Personal Data to DATRI.
For the purpose of this Policy,
- “You/You” or “your/Your” shall mean every individual, person, employee, donor, patient and/or discloser of any such Personal Data.
- You shall disclose the Personal Data only to such person who is authorized to collect data or information on behalf of DATRI, including but not limited to, employees of DATRI, representatives, (authorized) volunteers (collectively called as “DATRI Personnel”)
By providing us your information via clicking on the submit/register tab, you hereby consent to the collection, storage, disclosure, processing, and transfer of such information for the purposes as disclosed in this Policy. You are providing the information out of your free will. You have the option not to provide us the data or personal information sought to be collected if you do not agree with this Policy.
Further, you will have the option not to provide your consent, or withdraw any consent given earlier, provided that the decision of not to provide consent/withdrawal of the consent is intimated to DATRI in writing. If you do not provide us personal information or withdraw the consent provided to DATRI with regard to any of your personal information at any point in time, DATRI shall have the option not to provide the benefits for the purpose of which the said personal information was sought.
PERSONAL INFORMATION AND ITS USAGE
Every Personal Data of the donor which is provided to DATRI is stored under a unique code, ensuring that the Personal Data is used only for the queries received from the patients without disclosing the identity of the individual (“DATRI Database”).
The Personal Data collected is used follows:
- for fulfilling the objectives and vision of DATRI;
- for maintaining your employment records, and provide you with related benefits and services and to engage in/ carry out the activities that would enable and assist in providing you the benefits and any services arising out of such employment;
- to administer or otherwise carry out our obligations in relation to any agreement you have with us;
- responding to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims; and
- investigating, preventing, or taking actions regarding illegal activities, misrepresentations, suspected fraud, or as otherwise required by law.
- for responding to the queries received by DATRI from hospitals/medical practitioners for information regarding the requirement of blood stem cells.
- to manage membership details of the donors and information collected by DATRI during various volunteer functions as and when organized.
- for collecting and processing appropriate Personal Data only to the extent that it is needed to fulfill operational or any legal requirements;
- for research in the areas of population genetics, pharmacogenetics, disease association, transplant outcome, and other immune and non-immune related genes without revealing the identity of the discloser.
DATRI at all the times shall:
- meet its obligations to specify the purposes for which Personal Data is used;
- collect and process appropriate Personal Data only to the extent that it is needed to fulfill operational or any legal requirements;
- ensure the quality of Personal Data used;
- apply strict checks to determine the length of time Personal Data is held;
- ensure that the rights of individuals about whom the Personal Data is held, can be fully exercised under the applicable laws;
- take the appropriate technical and security measures to safeguard Personal Data;
- ensure that personal data is not transferred from one territory to another, without suitable safeguards.
- procure consent of the discloser for using the Personal Data for any tests or experiments.
Any questions or concerns about the interpretation or operation of this Policy should be taken up in the first instance at the time of disclosing the Personal Data to the DATRI Personnel.
DATRI may also remove all the personally identifiable information and use the rest of the data/information for historical or statistical purposes.
You hereby consent that the collection disclosure, storage, processing and transfer of any Personal Data or any other information as disclosed under this Policy shall not cause any loss or wrongful gain to you if the same is used for the purposes stated in this Policy.
You authorize us to transfer, share, part with your Personal Data, across borders and from your country and jurisdiction to any other countries and jurisdictions across the world (including India), with our agent/third-party service provider/partners and other agencies or medical outlets/experts for purposes specified under this Policy or as may be required by law.
All individuals who are the subject of Personal Data held by DATRI are entitled to:
- Seek clarification from DATRI for the kind of information that will be stored in the DATRI Database and the purpose of storing the information.
- Obtain access to the Personal Data and/or ask any DATRI Personnel on the process of obtaining access to its Personal Data. You may send such requests, updates (if any) and corrections to DATRI at firstname.lastname@example.org, and all reasonable efforts shall be taken to provide you with access to your Personal Information and incorporate the changes (as notified by you) within a reasonable period of time.
- At any time, ask DATRI Personnel to remove the Personal Data from the DATRI Database, by providing a duly written request at email@example.com and all reasonable efforts shall be taken to remove your Personal Data from the DATRI Database within a reasonable period of time and same shall be notified to you through the contact information provided by you in the Donor Registration Form.
- Check that any Personal Data that you provide to DATRI is accurate and up to date.
- Inform DATRI of any changes to the information that you have provided, e.g. changes of address, medical symptoms, etc.
- Check and ensure that any information sent out or disclosed by DATRI shall be in accordance to the terms of this Policy.
- Take all necessary safeguards to protect the disclosure of information by DATRI Personnel.
- Ensure that data is kept securely with necessary precautions against physical loss or damage, and that both unwanted access and disclosure is restricted. All DATRI Personnel are responsible for ensuring that any Personal Data which they receive is kept securely and that it is not disclosed either orally or in writing or otherwise to any unauthorized third party.
DATRI aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 15 days of receipt of a written request unless there is good reason for delay. In such cases, the reason for delay will be explained to the individual making the request.
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. Such activity is “unauthorized” if it occurs in contravention of this Policy. An example of a privacy breach is personal information becoming lost or stolen or personal information being mistakenly emailed to the wrong person.
DATRI follows the privacy breach incident protocol in accordance with the following five steps.
The first step under this protocol is the responsibility of an individual or individuals who first become aware of the potential breach. The second through fifth steps are the responsibility of the DATRI Personnel, working in cooperation with the necessary stakeholders.
Step 1: Reporting the Breach – Any discloser of the Personal Data who becomes aware of a possible breach of privacy involving personal information in the custody or control of the DATRI, will immediately inform the DATRI Grievance Management Team via email ID firstname.lastname@example.org. DATRI Grievance Management Team shall inform the incident to Senior Management. As soon as the breach has been confirmed to have or have not occurred, the DATRI Grievance Management Team shall implement the remaining four steps of the breach incident protocol.
Step 2: Containing the Breach – The DATRI Grievance Management Team will take the following steps to limit the scope and effect of the breach. These steps will include:
- Work with respective teams to immediately contain the breach by, for example, stopping the unauthorized practice, recovering the records, shutting down the system that was breached, or correcting weaknesses in security; and
- In consultation with DATRI Senior Management, notify the police if the breach involves, or may involve, any criminal activity.
Step 3: Evaluating the Risks Associated with the Breach – To determine what other steps are immediately necessary, the DATRI Grievance Management Team, working on the issue, will assess the risks associated with the breach.
Step 4: Notification – If required, a notification detailing the steps taken to rectify the breach of privacy, shall be issued to the individual whose personal information has been inappropriately collected, used or disclosed.
Step 5: Prevention – Once the immediate steps are taken to mitigate the risks associated with the breach, the DATRI Grievance Management Team will investigate the cause of the breach. If required, this shall include a security audit of physical, organizational and technological measures.
We use data collection devices such as “cookies” on certain pages of the Website to help analyse our web page flow, measure promotional effectiveness, and promote trust and safety.
You are always free to decline our cookies if your browser permits, although in that case you may not be able to use certain features on the Website and you may be required to re-enter your password more frequently during a session.
Furthermost of our cookies are “session cookies”, meaning that they are automatically deleted from your hard drive at the end of a session.
DATA DISPOSAL/ REMOVAL POLICY
At any time, the individual who has provided the Personal Data to DATRI, has a right to approach DATRI for removal of his/her Personal Data from the DATRI Database, by providing a duly written request at email@example.com. DATRI shall take reasonable measures and efforts to remove such Personal Data from the DATRI Database, within a reasonable period of time and shall notify the individual via the contact information provided in the Donor Registration Form.
Disclaimer: When a file is deleted, the operating system does not completely remove the file from the disk; rather, the file deletion removes only the reference to the file from the file system table. The file remains on the disk until a subsequent file is created over the original file. However, even after the file is overwritten, it is possible to recover data from the original file by studying the magnetic fields on the disk platter surface. The only way to prevent these kinds of inadvertent file-sharing or file access is to appropriately clean (e.g., sanitize) the hard drive or other media by performing a data wipe or over-write, or to physically destroy the hard drive or other media before it reaches its next owner or destination.
DATRI warrants to the take all the required measures to ensure that the appropriate data disposal procedures are followed and the data in the systems are erased permanently, by following the appropriate data disposal measures.
The need to process data for normal purposes has been communicated to all data subjects. DATRI agrees that the Personal Data collected is very sensitive in nature, for example, information about health, race or gender, and ensures that express consent of the discloser is obtained in order to process the data in the DATRI Database.
RETENTION OF DATA
DATRI ensures that Personal Data shall not be retained in the systems for a duration which is longer than, as prescribed under the applicable laws. All DATRI Personnel’s are responsible for ensuring that information is not kept for a longer duration than necessary unless specified or required under the applicable laws.
It is entirely at your discretion, whether or not to disclose the Personal Data to DATRI. You are required to understand that your Personal Data shall be (directly or indirectly) used for a noble cause, at your will. We urge you not to provide any false information or data, if you do not seriously wish to collaborate with DATRI. It is a matter of life and death for those in need of blood stem cells, in an emergency or otherwise.
Annexure A Donor Registration Form
Last Update: 29th September 2020