Privacy Policy

1. Introduction

Nectarine Medical, operated by Nectarine Private Limited ("we," "us," or "our"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our telehealth platform and services.

This policy applies to all users of our services, including patients, healthcare providers, partner organizations, and website visitors. By using our services, you consent to the data practices described in this policy.

2. Data Controller Information

3. Information We Collect

3.1 Personal Information

• Identity Data: Full name, date of birth, gender, nationality
• Contact Data: Email address, telephone numbers, postal address
• Authentication Data: Username, password, security questions
• Profile Data: Preferences, feedback, survey responses

3.2 Health Information

• Medical history and current health conditions
• Symptoms, diagnoses, and treatment plans
• Prescription and medication information
• Consultation notes and medical records
• Biometric data (when provided)

3.3 Technical Data

• IP address and browser information
• Device identifiers and operating system
• Usage data and platform analytics
• Video consultation recordings (when consented)
• Cookies and similar technologies

4. How We Use Your Information

4.1 Providing Healthcare Services

• Facilitating video consultations with healthcare providers
• Processing and fulfilling prescription orders
• Maintaining accurate medical records
• Coordinating care between healthcare providers

4.2 Platform Operations

• Creating and managing user accounts
• Processing payments and billing
• Providing customer support
• Ensuring platform security and integrity

4.3 Legal and Regulatory Compliance

• Meeting healthcare regulatory requirements
• Conducting safety monitoring and reporting
• Responding to legal requests and court orders
• Preventing fraud and abuse

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: Where you have given clear consent for specific processing activities
• Contract: To fulfill our contractual obligations in providing healthcare services
• Legal Obligation: To comply with healthcare regulations and legal requirements
• Vital Interests: To protect life and health in emergency situations
• Legitimate Interests: For fraud prevention, security, and service improvement

6. Data Sharing and Disclosure

6.1 Healthcare Providers

We share relevant health information with licensed healthcare providers involved in your care, including:

• Doctors and specialists conducting consultations
• Pharmacists processing prescriptions
• Medical transcription partners for documentation

6.2 Service Providers

We may share data with trusted third-party service providers who assist in:

• Cloud hosting and data storage (AWS, ISO-27001 certified)
• Payment processing and billing systems
• Customer support and communication tools
• Security monitoring and fraud prevention

6.3 Legal Requirements

We may disclose information when required by law, including:

• Court orders and legal proceedings
• Regulatory investigations and audits
• Public health emergencies
• Child protection concerns

7. International Data Transfers

Your data is primarily stored in data centers located in your country of residence to ensure compliance with local data protection laws. When international transfers are necessary, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for transfers to approved countries
• Binding Corporate Rules for intra-group transfers
• Your explicit consent where required

8. Data Retention

We retain your personal data for different periods depending on the type of information:

• Medical Records: As required by local healthcare regulations (typically 7-25 years)
• Account Information: For the duration of your account plus 3 years
• Consultation Recordings: 7 years or as required by local law
• Marketing Data: Until you withdraw consent or object to processing
• Financial Records: 7 years for tax and accounting purposes

9. Your Data Protection Rights

Under GDPR and other applicable laws, you have the following rights:

To exercise these rights, please contact us at privacy@nectarinemedical.com. We will respond within 30 days of receiving your request.

10. Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: End-to-end encryption for all data transmission and storage
• Access Controls: Role-based access with multi-factor authentication
• Monitoring: 24/7 security monitoring and incident response
• Compliance: ISO-27001 certified hosting infrastructure
• Regular Audits: Independent security assessments and penetration testing
• Staff Training: Regular privacy and security training for all employees

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized experiences
• Ensure security and prevent fraud

You can control cookie settings through your browser preferences. Some functionality may be limited if you disable certain cookies.

12. Children's Privacy

Our services are designed for users 18 years and older. For patients under 18, we require appropriate parental or guardian consent before providing services. We implement additional safeguards for pediatric patients in accordance with applicable laws.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes through our platform or by email. The "Last Updated" date at the top of this policy indicates when it was last revised.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: