Privacy Policy of Lab

Laboratory Partner Privacy Policy

This Laboratory Partner Privacy Policy (“Policy”) describes how Dr. Wound App (“Company,” “we,” “our,” or “us”) collects, uses, processes, and protects the information of Laboratory Partners (“you,” “your,” or “Laboratory”) who enrol and provide diagnostic and pathology services through the Dr. Wound App (“Platform”).

This Policy applies exclusively to laboratories, diagnostic centres, and pathology service providers registered on the Dr. Wound App for the purpose of offering home diagnostic collection, testing, and reporting services to users (“Patients” or “Customers”).

1. Introduction

Dr. Wound App is a healthcare technology platform that connects users with verified laboratory service providers for diagnostic tests and home sample collection.

We facilitate bookings, payments, and communication but do not:

  • Employ or control phlebotomists, sample collectors, or technicians,
  • Handle, store, or process biological samples, or
  • Issue, verify, or alter test results or reports.

All diagnostic services, sample collection, and report generation are performed entirely by the Laboratory Partner, who bears full professional, ethical, and legal responsibility.

2. Legal Compliance

This Policy is prepared in accordance with:

  • The Information Technology Act, 2000 (India) and IT Rules, 2011,
  • Digital Personal Data Protection Act, 2023 (DPDP Act),
  • Consumer Protection (E-Commerce) Rules, 2020,
  • Clinical Establishments (Registration and Regulation) Act, 2010, and
  • International best practices such as GDPR (where applicable).

3. Information We Collect from Laboratories

We collect the following categories of data from Laboratory Partners during registration and ongoing use of the Platform:

a. Registration and Business Information

  • Legal entity name, trade name, and address
  • Laboratory license or registration number (NABL/ISO or local authority)
  • Authorized representative details (name, designation, contact number, email)
  • Tax details (GSTIN, PAN)
  • Banking information for settlement of payments

b. Operational Information

  • Diagnostic test catalogue, pricing, and available services
  • Turnaround time, pickup slots, and working hours
  • Reports and communication metadata (timestamps, delivery confirmation)

c. Personnel Information (as required for verification)

  • Names and IDs of phlebotomists, technicians, or authorized representatives
  • Contact numbers or service coverage area

Note: The Company does not collect or control personal data of individual collectors who are not direct employees of the Platform.

d. Technical and Usage Data

  • Device identifiers, IP address, and app usage logs
  • Login timestamps, API interactions, and access activity
  • Cookies or analytics data for service performance monitoring

4. Purpose of Data Collection

We collect and process laboratory data for the following lawful purposes:

Purpose Legal Basis
Verification of laboratory credentials and licenses Legal compliance
Listing diagnostic services and processing bookings Contractual necessity
Processing payments and settlements Contractual necessity
Communication and notifications related to orders Legitimate interest
Fraud prevention, audits, and quality checks Legitimate interest
Compliance with health and safety regulations Legal obligation

We do not collect or access any medical test data, samples, or diagnostic reports generated by the Laboratory Partner.

5. Handling of Patient Data

  • Patient data (name, contact, test details, and address) shared with the Laboratory is solely for the purpose of fulfilling the booked diagnostic service.
  • The Laboratory Partner acts as a separate and independent data controller for all health and medical data it collects or generates during sample collection and testing.
  • The Laboratory must comply with all applicable medical confidentiality laws and data protection standards, including:
    • Secure handling and disposal of biological samples,
    • Encryption of medical reports and patient identifiers,
    • Restricted access to authorized medical personnel only.
  • Dr. Wound App does not process or analyse any health test results or laboratory data, except for metadata such as booking ID, status, and timestamp.

6. Sharing and Disclosure of Information

We may share Laboratory Partner information with:

  • Customers (Patients): Only the laboratory’s name, location, and test information necessary for booking confirmation.
  • Payment gateways: For settlements and payment reconciliation.
  • Regulatory or accreditation bodies: If legally required for audit or verification.
  • Third-party service providers: IT, hosting, communication, or analytics partners bound by confidentiality obligations.

We do not sell, rent, or trade laboratory data for marketing purposes.

7. Data Retention

  • Registration and business data are retained as long as the Laboratory remains active on the Platform.
  • Financial and transactional data may be retained for up to 3 years for accounting and tax compliance.
  • Upon termination or withdrawal, the Platform may retain minimal necessary information to comply with legal obligations and dispute resolution.

8. Data Security

We implement robust technical and organizational safeguards including:

  • Data encryption (in transit and at rest)
  • Firewalls and secure servers
  • Role-based access controls
  • Multi-factor authentication for partner login
  • Periodic security audits and vulnerability assessments

However, as with any digital service, absolute security cannot be guaranteed. Laboratories must ensure equivalent or stronger safeguards for handling patient data independently.

9. Laboratory Partner Responsibilities

By enrolling as a Laboratory Partner, you agree to:

  1. Maintain legal compliance with applicable clinical, health, and data protection laws.
  2. Ensure that all sample collectors, technicians, and personnel follow safe and hygienic procedures.
  3. Handle all patient interactions, sample collection, and report generation independently and professionally.
  4. Protect patient privacy and maintain confidentiality of all test results.
  5. Issue reports directly under the Laboratory’s name and responsibility.
  6. Refrain from sharing patient data or reports with any unauthorized person or platform.
  7. Ensure prompt communication with patients regarding test status, rescheduling, or issues.
  8. Indemnify Dr. Wound App against any claims arising from test inaccuracies, mishandling, or professional misconduct.

10. Payment and Settlements

  • The Platform will collect payment from Patients on behalf of the Laboratory and remit settlements (minus applicable commission and taxes) to the Laboratory’s registered bank account.
  • Settlement timelines will follow the standard payment cycle of 7 business days after service completion.
  • All taxes and compliance filings remain the sole responsibility of the Laboratory.

11. Relationship Between Parties

  • The relationship between Dr. Wound App and the Laboratory Partner is strictly that of independent contractors.
  • Nothing in this Policy or any agreement creates an employer–employee, principal–agent, joint venture, or partnership relationship.
  • The Laboratory is solely responsible for the actions, negligence, or misconduct of its employees, collectors, or technicians.

12. Legal Basis and Consent

  • By enrolling as a Laboratory Partner, you provide explicit consent for processing your business and operational information for legitimate purposes outlined in this Policy.
  • You agree to abide by applicable data protection, clinical, and ethical standards governing medical data handling.

13. Data Subject Rights

Under the DPDP Act and applicable laws, Laboratory Partners have rights to:

  • Access their stored data;
  • Request correction or rectification;
  • Request deletion or withdrawal (subject to legal retention obligations); and
  • Restrict or object to certain processing activities.

Requests can be directed to drfootapp@gmail.com

14. Third-Party Integrations

If Laboratories use third-party software, APIs, or devices (e.g., report generation systems, data sync tools), the Laboratory is solely responsible for:

  • Ensuring such tools comply with privacy and security standards; and
  • Not transmitting patient data to unauthorized or unverified third parties.

15. Breach Notification

In the event of a data breach involving laboratory data, both parties shall:

  1. Notify each other within 72 hours of discovery, and
  2. Cooperate to assess impact, contain the breach, and notify affected individuals (if legally required).

16. Dispute Resolution and Governing Law

  • This Policy and all related matters shall be governed by the laws of India.
  • Any dispute shall first be attempted to be resolved amicably.
  • If unresolved, disputes shall fall under the exclusive jurisdiction of courts in Hyderabad.
  • Arbitration, if applicable, shall follow the Arbitration and Conciliation Act, 1996, with a sole arbitrator appointed by the Company.

17. Policy Updates

We may modify this Policy periodically to reflect regulatory updates or operational changes. Revised versions will be published on the Platform, and continued use by the Laboratory signifies acceptance of the updated Policy.

18. Contact Information

For questions, grievances, or privacy-related requests:

Data Protection Officer – Dr. Wound App
Email: drfootapp@gmail.com
Phone: 8977541193