Notice of Health Information Privacy Practices

This Privacy Policy summarizes the health information Konna collect or receives in connection with your use of the Platform and describes how personal data, such as personal information, health information, and medical records from time to time, may be used and shared and your choices regarding this data. Please review this section of our Privacy Policy (Section I, “Notice of Health Information Privacy Practices” or “Notice”) highlighting key points about our privacy practices. 

The PLATFORM constitutes a technology platform that facilitates period calculator, period tracker,  healthcare and health-related services by Registered Medical Doctor (“the Doctor” or “Medical Service Provider”) to users, with the assistance of healthcare workers/professionals, if any, using information and communication technologies (“the Services”). The Doctors who deliver Services through Konna Well Being Limited are independent medical practitioners registered with the Bangladesh Medical and Dental Council, and they are under professional responsibility for maintaining strict confidentiality of the health information. Any health data or information related to a user, such as a user’s history, physical findings, information about personal data and information about the actual physiological or biomedical state of an individual independent of its source, investigation, medical data, medical images, medical, pathological or investigation reports, lab reports and/or radiological investigations, medication, diagnosis, health education, counselling, treatment clinical progress and supplementary data; handwritten, printed or electronically generated or audio and visual recordings (“Health Information”) shall be covered by the Privacy Policy. You must first review and sign the Informed Consent for Telemedicine Services (link attached) (“Informed Consent”), thus, providing explicit consent to the collection, use, and sharing of your information as described in this Privacy Policy and as outlined in the Informed Consent. To the extent, anything in this Privacy Policy conflicts with the Informed Consent, the terms of the Informed Consent will control.

How is user privacy protected?

As a trusted partner in facilitating period tracking, ovulation tracking, and online medical and clinical/consultation services by Doctors through the Platform  (collectively referred to as “us”, “we”, and “our”), we understand that information about you and your health is personal. Because of this, we strive to maintain the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical and technical means and otherwise abide by applicable national and district guidelines. Your Health Information is protected by general laws and medical ethics under the  Bangladesh Medical and Dental Council Telemedicine Guidelines July 2020 (“the Guidelines”), the Bangladesh Medical and Dental Council Code of Professional Conduct, Etiquette and Ethics (“the Code of Conduct”), and rules, regulations and direction related to data protection and privacy laws of Bangladesh.

How do we use and disclose information?

We may use and disclose your information for normal business activities, the purposes described in the Informed Consent and in case of any emergency situation related to you that the law sees as falling in the categories of user management, payment and healthcare operations. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:

User Management – We keep a record of the Health Information you provide us. This record may include your name, email address, year of birth, weight, menstrual cycle dates, various symptoms related to your menstrual cycle, other information about your health (including sexual activities), physical and mental well-being, and related activities, including personal life. pregnancy and health, age, height, marital status, medications, your response to medications or other therapies, and information we learn about your medical condition through the online Services. You may also allow us to connect to third-party services, such as Apple HealthKit and Google Fit, to enable us to import Personal Data about your health and activities into the App. This imported data may include sports activities, weight, calories burned, heart rate, number of steps/distance travelled, and other data about your health. We will process this data in order to provide you with the App functionality described below.  When you choose to have this data imported, you are subject to the Google Fit and Apple HealthKit privacy policies and practices. We may disclose this information so that other doctors, nurses, and entities such as laboratories can meet your healthcare needs. 

Personal Data we collect automatically:

When you access or use the Services, we may automatically collect the following information:

Device Information:

• Device model
• Information about the operating system and its version;
• Unique device identifiers (e.g. IDFA);
• Enabled device accessibility features (e.g. display features, hearing features, physical and motor features)
• Mobile operator and network information
• Device storage information
• Version of your device system.

Location Information:

• IP address
• Time zone
• Information about your mobile service provider.

Data about your use of the Services, including, among others:

• Frequency of use
• Areas and features of the Services that you access, visit or use
• Engagement with particular features.

To collect this and other information, we may use cookies and other tracking technologies. See more in our Cookie Policy.

Healthcare Operations – Health information is used to improve our services, train staff, for business management, quality assessment and improvement, and customer service. For example, we may use your health information to review our treatment and services and to evaluate the performance of Doctors providing services to you.

Video call – The consultation is provided by the doctor on a video call. The video call is encrypted by 256 bits encryption method. Therefore, only the doctor and the patient can see the video. We do not record video calls. However, we may take screenshots of the video call to keep a proof of the consultation. These screenshots are securely stored in our server and will only be used if a question is raised by the patient about the quality of the consultation, or to prove whether a consultation has happened at all.

We may also use your health information to:

Comply with national or local laws that require disclosure.

Assist in public health activities such as tracking diseases or medical devices.

Inform authorities to protect victims of abuse or neglect.

Comply with national health oversight activities such as fraud investigations.

Respond to law enforcement officials or to judicial orders, subpoenas or other processes.

Inform coroners, medical examiners and funeral directors of information necessary for them to fulfil their duties.

Conduct research following internal review protocols to balance privacy and research needs.

Avert a serious threat to health or safety.

Assist in specialized government functions such as national security, intelligence and protective services.

Inform military and veteran authorities if you are an armed forces member (active or reserve).

Inform a correctional institution if you are an inmate.

Inform workers’ compensation carriers or your employer if you are injured at work.

Recommend treatment alternatives.

To conduct and support health-related study.

To develop health-related products and improvement activities.

For research studies, if permitted by Informed Consent.

Tell you about our health-related products and services.

Transmission of summary of Health Information to stakeholders, such as lab, other doctors.

Communicate within our organization for treatment, payment, or healthcare operations.

Communicate with other providers, health plans, or related entities for their treatment or payment activities or healthcare operations activities relating to quality assessment and improvement, care coordination and the qualifications and training of healthcare professionals.

Provide information to other independent third parties with whom we do business, such as a record storage provider. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.

We may also use or disclose your personal or health information for operational purposes. For example, we may communicate with individuals involved in your care, such as friends and family or your hired care service providers, and send appointment reminders.

Your Personal Information will be separated from the rest of the Health Information collected from you through the Platform or pseudonymized/ anonymized before it is shared with a third party pursuant to the purposes mentioned above unless the sharing of data/information is for the purpose of patient management, health-care operations and video calls.

All other uses and disclosures not described above may only be done with your explicit written authorization in the form – Informed Consent for Telemedicine Services. We will also obtain your authorization before we use or disclose your health information for marketing purposes or before we would sell your information. You may revoke your authorization anytime; however, this will not affect prior uses and disclosures. In some cases, the laws of Bangladesh may require that we apply extra protections to some of your health information, and in such cases, we will abide by the obligations imposed by the law. 

What are the Doctor’s Responsibilities?

The Doctors are responsible for adhering to the Guideline, the Code of Conduct, general medical ethics and general data protection and privacy laws of Bangladesh. Doctors must:

always maintain the highest standards of professional conduct.

protect patient’s privacy and right to confidentiality, unless the release of information is required by law or public-interest consideration.

provide this Notice of our duties and privacy practices.

abide by the terms of the Notice currently in effect.

tell you if there has been a breach that compromises your health information.

We reserve the right to change our privacy practices and make the new practices effective for all the information we maintain. Revised notices will be posted on the Konna website and mobile application.

Medical records Inspection

As per the laws prevailing in Bangladesh and if required by the Guidelines and Code of Conduct, you may have the following options:

Inspect and copy certain portions of your health information. To the extent permitted by law, we may deny your request. You may request that we provide your health records to you in an electronic format.

Access personal data and receive copies of the data collected.

You may have access to the reports and lab results, if any.

Request amendment of your health information if you feel the health information is incorrect or incomplete. However, under certain circumstances, we may deny your request.

Request that we restrict how we use or disclose your health information. However, we are not required to agree with your requests unless you request that we restrict information provided to a payor, the disclosure would be for the payor’s payment or healthcare operations, and you have paid for the healthcare services completely out of pocket.

Request that we communicate with you at a specific telephone number or address.

Obtain a paper copy of this notice even if you receive it electronically.

Request deletion of personal information through written instruction.

We may ask that you make some of these requests in writing.

Who Will Follow This Notice?

This Notice describes the privacy practices of any Doctors authorized to access and/or enter information into your health records; All departments and units of Konna Well Being Limited and affiliates through which online health services are provided; and

All affiliates and volunteers.

Konna Well Being Limited Platform Privacy Policy

Introduction.

This Section of our Privacy Policy (Section II, “Platform Privacy Policy”) explains how we collect, use, and disclose personal information from and/or about you when you use the Platform or the Services.

THE PLATFORM WILL BE COLLECTING AND TRANSMITTING PERSONAL, MEDICAL AND HEALTH-RELATED INFORMATION ABOUT YOU. IN ORDER TO USE THE PLATFORM, YOU MUST AGREE THAT WE CAN COLLECT AND USE YOUR PERSONAL AND OTHER INFORMATION AS DESCRIBED IN THIS PLATFORM PRIVACY POLICY IN ADDITION TO GRANTING THE INFORMED CONSENT FOR OBTAINING TELEMEDICINE SERVICES. IF YOU DISAGREE, PLEASE DO NOT USE THE PLATFORM.

Our privacy policy explains how we treat your personal data and protect your privacy when you use our Services. By using our Services, you agree that we can use such data following the privacy policy. We collect a variety of information that you provide directly to us. We process your information when necessary to provide you with the Services you requested when accepting our T&C, where we have obtained your prior consent, or where we have a legitimate interest. For example, we may have a legitimate interest in processing your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you or for analytics, research, and reporting purposes. In extreme circumstances, due to life-saving measures arising from your health condition, we may be constrained to use or share your personal information with third parties for your own benefit. We will only use your personal information for providing and improving the Services.

Important Definitions.

When we use the term “Personal Information” in this Privacy Policy, we mean information about you that is personally identifiable to you, such as your contact information (e.g. name, email address, mobile number, photograph, address, date of birth, mother’s name, father’s name, signature, national identity card number, birth and death registration number, fingerprint, passport number, bank account number, driving license, e-TIN number, electronic or digital signature, username, credit or debit card number, voice print, retina image, iris image, DNA profile, security related question or any other identification), personally identifiable health or medical information such as your patient records, reports, documents, images, diagnostics, data etc. (digital or otherwise) utilized in the telemedicine consultation, and any other non-public information that is associated with such information. When we use the term “De-Identified Information”, we mean information that is neither used nor intended to be used to identify an individual personally. When we use the term “Cookies”, we mean the small pieces of information that a Platform sends to your browser while viewing a website. When we use the term “Pixel”, we mean the HTML code snippet that may be embedded in certain parts of the Platform to collect information about the device that you use to access the Platform and your use of the Platform that may be shared with third parties following this Privacy Policy. Lastly, when we use the term “User”, we mean the user of this Platform, either as a patient or doctor/healthcare service provider.

Children under age 13. 

We recognize we have a special obligation to protect the personal information we obtain from children. We do not and will not knowingly collect information from any unsupervised child under the age of 13.

The information we collect or maintain may include:

For patients:

Personal Information including your name, age, email address, password, gender, phone logs, email records, chat/test record, video integration logs etc. and other registration information.

Health information the patient provides us may include information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health-related information. Health information about you prepared or obtained by the Doctor(s) who provide clinical services through the Platform, such as medical and therapy records, treatment and examination notes, and other health-related information.

Information about the computer or mobile device you use, such as what Internet browser you use, the kind of computer or mobile device you use, and other information about how you use the Platform.

For doctors:

Full name, age, BMDC number, Gender, Professional Qualification, Experience Information, Chamber Information. This information will be publicly accessible on our app and website. We also collect confidential personal data such as the NID/Passport number, email address, and Mobile number of the doctors. This information will be only accessible to our internal members of staff. Sensitive data such as passwords will not be accessible by anyone. Other information the Doctor inputs into the Platform or related services such as optional information like a photograph that the Doctor elects to associate with the account. Log-in details and password, demographic information such as gender, and User-generated content that the doctor’s post or share while using the text messaging feature of the PLATFORM.

We may use Personal Information for the following purposes (subject to the restrictions relating to the use of Health Information described in Section I):

To provide the Services.

To improve healthcare quality through the performance of quality reviews and similar activities.

To create De-identified Information such as aggregate statistics relating to the use of the Services.

To notify the Users when Platform updates are available.

To market and promote the Platform and the Services to Users.

To fulfil any other purpose for which you provide us Personal Information.

For the purposes described in Section I relating to the use of Health Information.

To transmit or inform in-person care providers or medical institutions/hospitals/clinics for providing life-saving support.

For any other purpose for which you give us authorization.

We may also disclose Personal Information that we collect, or you provide (subject to the restrictions relating to the use of Health Information described in Section I):

To our subsidiaries and affiliates.

To contractors, service providers and other third parties we collaborate with in furtherance of our business and who are bound by contractual obligations to keep personal information confidential.

As required by law, which can include providing information as required by a court order.

When we believe in good faith that disclosure is necessary to protect your safety or the safety of others, to protect our rights, to investigate fraud, or to respond to a government request.

To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Konna’’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained by the Platform is among the assets transferred.

For any other purpose disclosed by us when you provide the information.

Information We Collect via Technology.

As you use the Platform or the Services, certain information may be passively collected by Cookies, navigational data like Uniform Resource Locators (URLs) and third-party tracking services, including

Platform Activity Information. We may keep track of some of the actions you take on the Platform, such as the content of searches you perform on the Platform.

Access Device and Browser Information. When you access the Platform from a computer or other device, we may collect anonymous information from that device, such as your Internet protocol address, browser type, connection speed and access times (collectively, “Anonymous Information”).

Cookies. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies to make the Platform and Services easier to use, to make our advertising better, and to protect both you and Konna. You can instruct your browser, by changing its options, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. If you do not accept Cookies, however, you will not be able to stay logged in to the Platform. We may also use Pixels to make the Platform and Services easier to use and to make our advertising better by, for example, summarizing usage patterns. We presently do not honor “Do Not Track” requests across all parts of our Platform.

Real-Time Location. Certain features of the Platform use GPS technology to collect real-time information about the location of your device so that the Platform can connect you to a Healthcare Professional who is licensed or authorized to provide Services in the district where you are located. When accessing Google Maps services on our Platform, you are agreeing to Google’s Terms of Service and Privacy Policy.

Mobile Services. We may collect non-personal information from your mobile device or computer. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer you use. In addition, if our application(s) crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).

Analytics Tools. We use tools such as Firebase Analytics to help analyze how Users use the Platform. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyze User and device-related data and information on our behalf. Firebase Analytics uses Cookies to collect information such as how often users visit the Platform, what pages they visit, and what other Platforms they used before coming to the Platform. We use the information we get to improve our Platform and Services. Although Firebase Analytics plants a persistent Cookie on your web browser to identify you as a unique User the next time you visit the Platform, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Firebase Analytics about your visits to the Platform is restricted by the Firebase Analytics Terms of Use and the Google Privacy Policy. You may prevent your data from being used by Firebase Analytics by downloading and installing the Firebase Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/. 

Risk of sending unencrypted emails

The emails we send you are not secure because they are unencrypted. Other people may be able to read and forward the emails we send you and the emails you send us. Emails we send you may include a wide range of identifiers that include but aren’t limited to your name, your email address, your visit number, your patient number, the date you used our service etc.

When you create an account on the App or Website we ask you to give us your email address. We send an email to the email address you give us. If you give us an incorrect email address, we will unknowingly send an email to the wrong person.

Risk of sending unencrypted SMS/text messages

The SMS/text messages we send you are not secure because they are unencrypted. Other people may be able to read and SMS/text messages we send you and any SMS/text messages you send us.

SMS/text messages we send you will include your telephone number. It will be clear that SMS/text messages we send you have come from Konna.

Risk of storing PHI (Protected Health Information) on your mobile

When you use the App or Website there is a risk that your PHI will be stored unencrypted on your mobile. We take a variety of technical safeguards to make sure that your PHI does not leak onto your mobile, but we cannot guarantee that these safeguards work.

Risk of our systems getting hacked and compromised

We take several administrative, technical and physical safeguards to look after the PHI we hold electronically on our servers. But despite these safeguards, no system is full-proof and we cannot guarantee that our systems and your PHI will not be hacked or otherwise compromised by unauthorized third parties.

You have rights over your PHI (Protected Health Information)

Right to obtain a copy of your medical record. We can charge you a fee if we think it’s appropriate.

Right to request that we limit how we use and share your PHI. There may be occasions when we cannot agree to your request.

Right to request that we change or update information held in your medical record. There may be occasions when we cannot agree to your request.

Right to request how we send you PHI. The electronic nature of our service limits our ability to agree to such requests.

Right to a paper copy of this Privacy Policy. The electronic nature of our service limits our ability to agree to such requests.

How to contact Konna to Use your Rights

Please write to us at: info@konna.xyz

What if I have a Complaint?

If you believe that your privacy has been violated, you may file a complaint with us.

Email: operation@konna.xyz

De-Identified Information.

We may use De-Identified Information created by us without restriction.

Information You Share With Third Parties.

This Platform Privacy Policy applies only to information we collect through the Platform and in email, text and other electronic communications set through or in connection with the Platform. This Platform Privacy Policy DOES NOT apply to information collected by any third party. When you click on links on the Platform you may leave our Platform. We are not responsible for the privacy practices of other sites, and we encourage you to read their privacy policies.

Modification of Information.

Members will be able to update some of their information through the Platform. Requests to modify any information may also be submitted to operation@konna.xyz

Limitations on Deletion of Information.

You may request deletion of your Personal Information by us, however, we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete Personal Information, it will be deleted from the active database, but may remain in our archives and we may also retain anonymous information about your use of our services. Once we disclose some of your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. After we delete Personal Information, we may retain De-Identified Data and will continue to use De-Identified Data as permitted under this Platform Privacy Policy.

Steps we take to keep your information secure.

We employ reasonable physical, electronic and managerial security methods to help protect against unauthorized access to Personal Information, such as encryption. But please be aware that no data transmission over the Internet or data storage facility can be guaranteed to be perfectly secure. As a result, while we try to protect your Personal Information, we cannot ensure or guarantee the security of any information you transmit to us.

Right to Non-Discrimination

Konna will not discriminate against you for exercising any of your privacy rights under law, or as set forth in this Platform Privacy Policy.

Changes to the Platform Privacy Policy.

We may change the Platform Privacy Policy from time to time in the future. We will post any revised version of the Platform Privacy Policy on this page. Continued use of our services following notice of such changes will indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes. By using the Platform, you are agreeing to our collection, use and disposal of Personal Information and other data as described in this Platform Privacy Policy, both as it exists now and as it is changed from time to time.

All capitalized terms in the Privacy Policy (Sections I and II) not defined herein shall have the meaning set forth in the Konna Terms of Use.

If you have questions or concerns about our Privacy Practices or would like to report a violation, please contact us by sending an email to complaints@konna.xyz