Subsequent to collecting personal data, we respect the choices of users on what information they intend to provide and how personal these information will be. We ensure that no data will be shared or transmitted for whatever purpose, without prior permission from the users. Individuals are given the choice to opt out of any transfer of personal data for any purpose other than for what it has been collected initially.
- Individuals are provided with clear and easily available mechanisms for exercising their choice
- For certain sensitive personal information, the company will obtain express consent from the individuals
Consistent with the Principles, Rapid Care may transfer personal information to any third party or to the individual, in connection with the operation of its business, and as consistent with the purpose for which the personal information was collected and agrees to comply with the stipulated Notice and Choice principles. It also agrees to enter into a contract with the third-party controller who assures that the data will be processed for specific and limited purposes only, after getting the consent of the individual.
In the case of personal data being transferred to any third party who acts as an agent, the company ensures that
- Data can only be transferred for specified and limited purposes
- Privacy protection as required by the principles is provided
- Unauthorized processing of data is avoided
- Appropriate steps will be taken for ensuring that data is transferred in the way that is consistent with the organization’s obligations under the principles
Users are facilitated to view, and if required, contest the accuracy of personal information collected by the company. Users are provided with access to information about where and how the personal data is going to be used. The company takes responsibility for providing access to users on their personal data collected and stored.
REASONABLE SECURITY PRACTICES AND PROCEDURES
In the event of collecting personal information, the company commits to take appropriate and reasonable measures for protecting the information in its possession to ensure a level of security appropriate to the risk of misuse, loss, and unauthorized access.
Rapid Care has formulated and documented its Information Security Policy based on IS/ISO/27001:2013 standards and adopts reasonable security practices and procedures in line with the Policy including technical, operational, managerial, and physical security control measures in order to protect personal information from unauthorized access or disclosure while it is under Rapid Care’s control. The Policy limits access to personal information on business need basis. Bound by non-disclosure agreement, our employees will protect the confidentiality of personal information.
Rapid Care is responsible for protecting the data against destruction and alteration. It assures users that their personal information will be protected well and it will be totally secure.
- Information will be retained for only as long as it serves the intended purpose and only to the extent that it is compatible with the purposes for which it was collected.
- Consistent with principles, personal data will be limited to the relevant purpose of processing
- The company takes responsibility for ensuring that data is reliable for the intended use, and that it is current, complete, and accurate and reliable for its intended use.
- Recourse mechanisms are readily available
- Follow-up procedures to verify that the organization’s assertions about privacy practices are true
- Remedial measures for non-compliance with principles
- Mechanism for arbitrating claims
- The company and its recourse mechanisms will promptly respond to requests and inquiries about information related to the privacy shield
- If an individual invokes arbitration, it becomes the obligation of the company to arbitrate claims
Rapid Care may amend, update, or modify this Policy at any time as and when the need arises or as per the requirements of law.