Medica Logo
Login
Join Us

Privacy Policy

Introduction

Welcome to the MEDICA Digital Health Services ("MEDICA," "we," "us," or "our"). This Privacy Policy outlines our practices regarding the collection, use, disclosure and safeguard of personal information when you use our mobile application and related services including but not limited to doctor's appointment reservation, virtual consultation with a doctor, clinical history and prescription storage.

We are required to comply with the laws and regulations that apply to protecting your data and how it is used as per the Personal Data Protection Act (PDPA) of Sri Lanka, the services being provided.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so, including:

  • Consent: When you provide explicit consent for specific processing activities.
  • Contractual Necessity: When processing is required to fulfill a contract with you.
  • Legal Obligation: When required to comply with legal or regulatory requirements.
  • Legitimate Interest: When processing is necessary for our legitimate interests, provided it does not override your rights.

Information we Collect

Looking after your personal information

We are committed to protecting your privacy and the data we collect and use to provide our services. We are required to comply with the laws and regulations that apply to protecting your data and how it is used.

This privacy notice explains how we use information about you and how we keep it safe, and protect your privacy.

This privacy notice applies to any personal data/information collected by the user and automatically collected by us or on our behalf, by any format email, online, or consultations face to face and virtually.

User provided data/information

  • Account Information: When you register on the MEDICA app or website, we collect personal information such as your name, email address, mobile number, date of birth, gender and contact details.
  • Health Information: Users may voluntarily provide health-related information, including medical conditions, allergies, prescriptions, and other health records.
  • Communication Data: Information exchanged between users, healthcare professionals, and caregivers within the app or during face to face or virtual consultation.

Automatically collected data/information

  • Device Information: We collect device-specific information, including device model, operating system, and unique identifiers.
  • Usage Information: We gather data on how users interact with the app, including page views, clicks, and feature usage.
  • Log Information: Server logs may capture details such as IP addresses, access times, and app errors.

What information do we collect?

Depending on your circumstances and the nature of the health care you require, we may collect the following information about you:

  • Your general details (such as name, gender, date of birth, contact/mobile number, email address, address)
  • Details about your doctor or consultants
  • Your medical history
  • Any medications you are taking
  • Details about your physical or mental health
  • Your family details (for example, your next of kin, emergency contacts)
  • Your lifestyle and social circumstances
  • Investigation results and diagnostic images

You have the right to receive a copy of your medical records through the mobile app or website.

How do we use your information

  • Personalized Services: We use the collected information to provide personalized healthcare services, including health record management, appointment scheduling, and communication features.
  • Communication: We may use contact information to send important notices, updates, and promotional materials. Users can opt out of promotional communications.
  • Analytics and Improvements: Aggregate and anonymized data may be used for analytics, research, and app improvements.
  • To provide your care: The doctors and other health professionals caring for you need to keep records about your health and the treatments you have received from the MEDICA, in order to be able to provide you with the most effective care. It is in your interests as a patient for a full and complete record to be collected, so that we have accurate, up to date information about you. The doctors and healthcare professionals can view and edit all or some of the data during face to face or virtual consultation.

Data sharing and disclosures

  • With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.
  • Healthcare Providers and Caregivers: For the purpose of facilitating healthcare services, we may share relevant user information with authorized healthcare providers and caregivers.
  • Legal Compliance: We may disclose information when required by law, legal processes, or to protect our rights and interests.
  • Improve our Services: We may also need to use some information about you to: manage the healthcare services we provide; help investigate any complaints, claims or incidents; help us to plan new services; help us keep track of spending on our services; assist in clinical audits of the quality of our services.

How do we protect your information?

Everyone working for MEDICA has a legal duty to maintain the highest levels of confidentiality, and all MEDICA operations staff receive training in how to handle your information securely. Except in certain specific circumstances, your records will generally only be seen by those involved in providing or administering your care by healthcare professional while face to face or virtual consultation.

Your healthcare electronic records held on computer systems are protected by appropriate technology (such as data encryption and access controls). We employ industry-standard security measures to protect all user data from unauthorized access, disclosure, alteration, and destruction.

Data Security Measures

We implement strict security measures to protect personal data, including:

  • Encryption: All sensitive data is encrypted in transit and at rest.
  • Access Controls: Role-based access restrictions apply to all systems.
  • Regular Security Audits: We conduct periodic audits to ensure compliance.

Data Breach Notification

In case of a data breach, we will notify affected users and relevant authorities within 72 hours of us being aware of such breach.

How long will we keep your information?

There is often a legal reason for keeping your personal information for a set period of time and such time you request to delete your information and no longer wish to continue with our services.

We retain personal data only as long as necessary for legal, business, and security purposes:

  • ID Data: Stored for 1 year after account closure/deletion.
  • Health Data: Stored to comply with healthcare regulations.
  • Technical Data collected through the use of our services: Anonymised and retained for security auditing.

Once retention periods expire, data is securely deleted or anonymized.

What are your rights?

Under the PDPA you have a number of rights as a data subject you have the right to access, correct, delete, or request the portability of their personal information.

  • The right to be informed: We are required to inform you about how we collect and use your personal information (for example, by the information given in this Privacy Notice).
  • The right to access: By law you are entitled to request a copy of the information we hold about you on the app and our servers through the mobile app and website.
  • The right to rectification: You may request that we make changes to any data we hold about you that is incorrect or incomplete through the mobile app and website.
  • The right to erasure: You can delete the user profile through the mobile app and website. Doing so we will ensure all your data is deleted/removed from access and our servers. You will be no longer have access to any of the health information stored during the use of MEDICA and you may not be able to request us to restore any of your personal details and health records.
  • The right to restrict processing: You may request that we restrict the processing of your information in certain circumstances. In most cases a restriction of processing is a temporary measure while we investigate your concerns. The right to restrict processing is not an absolute right, and we may decide not to restrict the processing of your information if we consider that processing to be necessary for the purpose of the public interest or for the purpose of your legitimate interests.
  • The right to data portability: We are not legally required to provide your information in a machine-readable form you can download, store locally any of the information accessible through the mobile app and website. You can request via email for your data in a structured, machine-readable format email or download. Protecting your data once downloaded is your responsibility.
  • Rights related to automated decision making (including profiling): MEDICA make automated decisions about patients or carry out evaluations based on any automated processes (profiling).

To exercise these rights, contact us at support@medica.lk. We will try to process your request immediately and all requests will be processed within 30 days.

Data Protection Impact Assessments

Under PDPA regulations we are required to carry out a Data Protection Impact Assessment (DPIA) when undertaking new projects which involve the processing of personal data. Completing a DPIA helps us to identify any data risks at an early stage and to take steps to minimise these risks as part of the project development process.

Contact Information and Complaints

For any PDPA related inquiries, please contact our Data Protection Officer (DPO):

Children's Privacy

The MEDICA app or website is not intended for users under the age of 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

Updates/Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our practices. Users will be notified of material changes.

Where can I get further advice?

For questions, concerns, or requests regarding this Privacy Policy, please contact us at info@medica.lk.