Privacy Policy

1. Introduction

Welcome to AMRIT ("we", "our", "us"). AMRIT (Accessible Medical Records via Integrated Technologies) is a digital health platform developed by Piramal Swasthya to empower frontline health workers and support interoperable health record systems. We are committed to protecting the privacy and security of personal data of individuals ("you", "your", "data subject") whose information is collected or processed in connection with our platform. This Policy describes how we collect, use, disclose, store, and protect your information, and your rights in relation to that information.

2. Scope & Applicability

This policy applies to all personal data that we process via the AMRIT platform, whether you access the service via our website or apps, or as a beneficiary, frontline health worker, healthcare organization or partner.

If you are outside India, this policy still applies in so far as AMRIT processes your data (and will take into account applicable laws of your jurisdiction to the extent relevant).

3. What Data We Collect

We collect and process the following categories of data as part of our platform operations:

  • Patient / beneficiary identifiers (e.g., ABHA ID, name, date of birth, gender)
  • Health records and clinical data (diagnoses, treatments, visit records, medications)
  • Contact information (phone number, email, address)
  • Health worker / user account information (role, organization, login credentials)
  • Usage and device data (device identifiers, IP address, application usage logs)
  • Consent records and audit trails

We collect only the minimum amount of data necessary for the specified purpose (data minimization).

4. Purpose of Processing

We process personal data for the following purposes:

  • To enable access to and management of patients' electronic health records through the AMRIT platform
  • To support frontline health workers in providing care, by providing relevant patient history and decision-support tools
  • To ensure interoperability with national systems such as ABDM (Ayushman Bharat Digital Mission) and other health information systems.
  • To comply with applicable regulatory, legal or reporting obligations
  • To improve our services, analytics, research (with anonymized/de-identified data)

Data will not be used or processed for any purpose other than those specified, unless further consent is obtained or permitted under law.

5. Legal Basis & Applicable Laws

We process your personal data in accordance with applicable laws and best practices. For operations in India, the primary applicable legal frameworks include the Indian IT Act 2000 (and associated Rules) and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

If you are a user in any other jurisdiction, we will apply the law relevant to that jurisdiction as applicable.

6. Data Sharing, Disclosure & International Transfers

We may share your data with:

  • Healthcare providers, labs, or other entities (with your consent or as required by law) in order to provide services.
  • Third-party service providers who act as processors on our behalf (under contractual obligations).
  • Government agencies or regulatory authorities when required by law or to comply with reporting obligations.

Where personal data is transferred outside India, we ensure appropriate safeguards are in place and such transfer is either with your consent or otherwise permitted by law.

7. Data Retention & De-identification

Your personal data will be retained only for as long as necessary for the purposes outlined in this Policy or as required by applicable law. When your data is no longer needed for those purposes, we will securely delete or de-identify it.

De-identified or aggregate data may be retained longer and used for research, analytics or service improvement, provided it cannot be traced back to you.

8. Data Security & Privacy by Design

We implement appropriate technical and organizational measures to safeguard your personal data, including:

  • encryption in transit and at rest,
  • access controls,
  • audit logging,
  • secure authentication mechanisms,
  • regular security assessments and monitoring.

We follow a "privacy by design" and "privacy by default" approach when designing, developing and deploying AMRIT.

9. Your Rights

Subject to applicable law, you have the following rights with respect to your personal data:

  • Right to access: you may request information about the personal data we hold about you.
  • Right to correction / rectification: you may ask us to correct or update inaccurate or incomplete data.
  • Right to deletion / erasure: you may request that we delete your personal data when it is no longer needed for the purpose for which it was collected or processed and no legal obligation to retain it remains.
  • Right to withdraw consent: if our processing is based on your consent, you may withdraw it at any time.
  • Right to object to processing: you may object to processing in certain cases.
  • Right to complain: you may contact our designated person or file a complaint with the relevant supervisory authority (in India, the Data Protection Board once constituted).

To exercise your rights, please use the contact details below.

10. Cookies & Tracking

Our platform may use cookies or similar technologies to improve user experience, security, analytics and service performance. Where personal data is collected via these technologies, we will seek your consent, as required by applicable law.

11. Children's Data

If you are under 18, or if we process data relating to children, we will obtain consent from a parent or legal guardian and apply additional safeguards. We do not knowingly permit children to register or use the platform without such consent and supervision.

12. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. The revised version will be posted on our website with an updated "Last updated" date.

13. Contact & Grievance Redressal

For any queries, requests or complaints about this Privacy Policy or our data practices, you can contact dpo@piramalswasthya.org.

If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority.

14. Acknowledgement & Consent

By using the AMRIT platform, you acknowledge that you have read this Privacy Policy and consent to the collection, use and sharing of your personal data as set out above.

Last updated: 14/11/2025