privacy-vs-security-conundrum.jpg

Privacy Policy

This privacy policy describes how we, The Pulmonary Rehab, of Mumbai, Maharashtra, India, ("The Pulmonary Rehab", "we" or "us") collect, store and process information about individual visitors to this website.

 

This privacy policy only applies to website of The Pulmonary Rehab on which this privacy policy is stored or from which reference is made to this privacy policy by means of a link (hereinafter: "website"). This privacy policy does not apply to linked website that are not owned and controlled by The Pulmonary Rehab.

 

Commitment to data protection 

Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website. 

 

In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the General Data Protection Regulation ("GDPR"), and only as described in this privacy policy. However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.

 

In the next sections we explain when and how we process personal data about you when you visit our website.

 

Purposes of use of personal data and legal basis 

a) Log Files

We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal device.

 

b) Contact requests and Enquiries

Enquiries may include your name, address, e-mail address, the subject of your contact and your message. We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR. 

 

c) WhatsApp 

We offer visitors to contact us via the messaging service WhatsApp of WhatsApp LLC. If you contact us via WhatsApp, we process the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with your consent (Art. 6 para. 1 lit. a) GDPR) or the provision of a contractual or pre-contractual measure to process and respond to your request (Art. 6 para. 1 lit. b) GDPR).

 

d) Registration and services

When registering and using our service, it is necessary, among other things, to provide your name, e-mail address and postal address and, if applicable, your payment data. We process and store the personal data provided when you place an order solely for the purpose of providing you with the ordered products. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

 

e) Cookies and similar technologies 

For the processing of personal data using cookies and similar technologies on our website, please refer to our Cookie Policy, which is part of this privacy policy.

 

f) Comment function on our blog 

For comments in our blog, we collect in addition to your comment, details of when the comment was created and, if you do not post anonymously, the username you have chosen will be stored. You have choices about the information on your comment. You don’t have to provide additional information on your comment; however, comment information helps you to get more from our Services. It’s your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add personal data in your comment that you would not want to be available.

 

The comments and the associated data (e.g., IP address) are stored and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g., offensive comments).

 

The storage of comments is based on your consent (Art. 6 para. 1 lit. b) GDPR). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

g) Testimonial 

Within the Testimonial section, we may display certain personal information, share certain details, knowledge and insights. When you approve and submit your Testimonial to us your consent is obtained, and you have choices about the information in your Testimonial. 

The storage of Testimonials is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

h) Support Group
As a client you may be able to access our support services through our support group. In this regard, we process personal data in the course of providing our contractual services. The processing is based on Art. 6 para. 1 lit. b) GDPR and your consent Art. 6 para. 1 lit. a) GDPR in regard to Special Category Data (Art. 9 GDPR). For further information please see our Support Group Privacy Policy.

 

Transfer of personal data 

The Pulmonary Rehab will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions. 

 

The Pulmonary Rehab is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for The Pulmonary Rehab pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations. 

 

The service providers commissioned by The Pulmonary Rehab process your data exclusively in accordance with our instructions. The Pulmonary Rehab remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.

 

Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil The Pulmonary Rehab's legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).

 

Storage and retention 

Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period. We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us. 

 

The Pulmonary Rehab is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, The Pulmonary Rehab may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 (1) (c) GDPR for compliance with a legal obligation to which we are subject. The Pulmonary Rehab is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of The Pulmonary Rehab, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of The Pulmonary Rehab pursuant to Art. 6 (1) (f) GDPR. Insofar as the disclosure of health data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.

 

International transfers

Our main operations are based in India and your personal information is generally processed, stored and used within India. In some instances, your personal information may be processed outside India. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within India. Where we need to transfer your data outside India, we will use approved standard contractual clauses in contracts for the transfer of personal data to third countries.

 

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of The Pulmonary Rehab.

 

Direct marketing in the context of a customer relationship

We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, quotation and advertising purposes, The Pulmonary Rehab is entitled to contact you for these purposes via the communication channels you have ticked in this consent.

 

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. 

 

  • information about the processing of your personal data.

  • obtain access to the personal data held about you.

  • ask for incorrect, inaccurate or incomplete personal data to be corrected.

  • request that personal data be erased when it’s no longer needed or if processing it is unlawful.

  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.

  • request the restriction of the processing of your personal data in specific cases.

  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’).

  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. 

  • You also have the right in this case to express your point of view and to contest the decision

  • Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

 

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. 

 

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

 

Security and confidentiality 

To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction and to ensure its availability.

 

Online presences in social media 

We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.

 

Personal information and children 

Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.

 

Wix

We use the services of the homepage provider Wix.com Ltd, Namal 40, 6350671 Tel Aviv, Israel. Hereinafter referred to as "wix.com". The registered office in Europe: Wix.com Luxembourg S.a.r.l., 5 Rue Guillaume Kroll, L - 1882 Luxembourg. Wix.com collects two types of data: personal information (which can be used to uniquely identify an individual) and non-personal information (which is not used for identification purposes). Wix.com collects such information about our users and visitors, as well as users of users and others who provide it to us. Wix.com may also collect, solely for and in the interest of our users, similar data related to visitors and users of our users' web sites or services. Wix.com collects and uses data to provide our services and make them better and safer, as well as to contact our visitors, users and job applicants, and to comply with legal requirements applicable to Wix.com.

 

Wix.com may store and process personal information in the United States, Europe, Israel or other jurisdictions - either itself or through our affiliated companies and service providers. The data storage providers with whom Wix.com works are contractually obligated to protect your data. Wix.com may also collect, process and store such data in other locations, including the United States.

 

Wix may collect and process data about our users. We do so solely on behalf of and at the direction of our users. Our users are solely responsible for their users of user’s data, including for its legality, security and integrity. Wix has no direct relationship with users of users.

 

We may share the data of our visitors, users and their users of users with various third parties, including certain service providers, law enforcement agencies and application developers. In doing so, the data may only be shared in accordance with this policy.

 

Links to other website 

The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.

 

Changes 

This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

 

Queries and Complaints 

Any comments or queries on this policy should be directed to us using the following contact details.

 

The Pulmonary Rehab 

Mumbai, Maharashtra, India

 

Web: www.thepulmonaryrehab.com

E-Mail: Care@ThePulmonaryRehab.com

WhatsApp and SMS: +91 9029 39 00 01 (Whatsapp / SMS only)

Facebook: https://www.facebook.com/profile.php?id=100065208805298
Instagram: https://www.instagram.com/thepulmonaryrehab/

 

 

Support Group Privacy Policy

This privacy policy informs you about how we, The Pulmonary Rehab, of Mumbai, Maharashtra, India, ("The Pulmonary Rehab", "we" or "us"), collect, use, disclose and otherwise process personal data when you use our Support Group Services. Your privacy is an important concern for us. We take the protection of your personal data and its confidential treatment very seriously. 

 

Your personal data is processed exclusively within the framework of the applicable statutory provisions of the General Data Protection Regulation (GDPR).

 

Responsible for data processing and contact details

Responsible for data processing is, 

 

The Pulmonary Rehab 

Mumbai, Maharashtra, India

 

Web: www.thepulmonaryrehab.com

E-Mail: Care@ThePulmonaryRehab.com

WhatsApp and SMS: +91 9029 39 00 01 (Whatsapp / SMS only)

Facebook: https://www.facebook.com/profile.php?id=100065208805298
Instagram: https://www.instagram.com/thepulmonaryrehab/

 

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us.

 

Definitions

In order to make our Privacy Policy both easy to understand and to avoid complex legal jargon, we first need to explore the following definitions. 

 

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Personal Data is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, details such as name, address, e-mail address, telephone number, date of birth and nationality, but also information that necessarily arises during our business relationship with you, such as details about you, and related wishes and requests regarding our Support Group Services, booking, attendance or payment data. 

 

Special category data is personal data that needs more protection because it is sensitive. This may include personal data revealing racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, or data concerning health. In order to process special category data, we first need to obtain consent. 

 

Consent means any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

 

Data categories

Due to our obligation to fulfil the contract concluded with you, we process:

  • Master data (General personal data, such as name, e-mail address, telephone numbers, postal or residential address, gender, date of birth)

 

  • Special category data (religious belief, ethnic origin, Health data to the extent strictly necessary for the service)

 

  • Payment information (data that is required for the necessary for the processing of payments and to issue invoices).

 

Purposes and legal basis of data processing

Below you will find an overview of the purposes and legal basis of data processing in the context of our business relationship with you.

 

  • Preparation and implementation of our business relationship with you

We process personal data if this is necessary for the preparation and implementation of the Support Group Services Agreement with you. The purposes here include in particular the preparation and processing of our services, the handling and implementation of our services as well as the support and service before, during and after the business relationship with you.

 

The data processing is based on Article 6(1)(b) of the GDPR. In doing so, you must provide those personal data that are necessary for the preparation, implementation and follow-up of our business relationship with you. Without this data, we will not be able to process your request or fulfil the contract.

 

We will delete the data if it is no longer necessary for the purposes, we pursue in preparing, executing and following up a contract and no other legal basis intervenes. If the latter applies, we delete the data after the other legal basis ceases to apply.

 

  • Fulfilment of legal obligations

We also process your personal data to comply with legal obligations to which we are subject. These obligations may arise, for example, from commercial law, tax law, money laundering law, financial law, criminal law or registration law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of fulfilling state control and information obligations.

 

The data processing is based on Article 6(1)(c) of the GDPR. If we collect data on the basis of a legal obligation, you must thereby provide those personal data that are necessary for the fulfilment of the legal obligation. Without the provision, we may not be able to process your request.

 

We delete the data after the legal obligation ceases to apply unless there is another legal basis. If the latter applies, we delete the data after the other legal basis ceases to apply.

 

  • Safeguarding legitimate interests

We also process your personal data to protect the legitimate interests of us or third parties. We pursue the following interests, which are also the respective purposes, in doing so:

 

    • Answering enquiries that are not relevant to the contract

    • Ensuring data security

    • Ensuring data availability

    • Business management

 

The data processing is based on Article 6(1)(f) of the GDPR. In cases where you have to provide data for this purpose, we expressly point this out. Without the provision, we may not be able to process your request.

 

We delete the data if it is no longer required for the purposes we are pursuing, and no other legal basis applies. If the latter applies, we delete the data after the other legal basis ceases to apply.

 

  • Consent

If you have given your consent for certain purposes including the processing of special category data Article 9 of the GDPR, the purposes will be determined by the content of this consent in each case.

 

The data processing is based on Article 6(1)(a) of the GDPR. In cases where you have to provide data for this purpose, we expressly point this out. Without the provision, we would not be able to comply with your request covered by the consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

 

We delete the data if they are no longer required for the purposes we are pursuing, or you have revoked the consent and no other legal basis applies. If the latter applies, we delete the data after the other legal basis ceases to apply.

 

Recipients of personal data

We only pass on your personal data to external recipients if this is necessary for the provision of our services, if there is other legal permission or if we have your consent to do so (See “Purposes and legal basis of data processing”). This may include the following:

 

  • Processors

External service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance (e-mail services, scheduling services, client relationship management services and booking providers, legal advisers, accounting services) for the provision of content relevant to the contract. All processors are carefully selected by us and regularly checked to ensure that your privacy is protected. The service providers may only use the data for the purposes specified by us.

 

  • Public authorities

Authorities and government institutions, such as public prosecutors, courts or tax authorities, to which we must transfer personal data for legally compelling reasons.

 

Online Meetings

We use Zoom to conduct our Support Group Services and online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. The legal basis for this is our legitimate interest in effective customer communication in accordance with Art. 6 Para. 1 lit. f) GDPR and, insofar as it concerns an enquiry to enter into or fulfil a contract, also Art. 6 Para. 1 lit. b) GDPR. As well as you consent Art. 6 para. 1 lit. a) GDPR in regard to Special Category Data (Art. 9 GDPR). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

Transfer of data

As a matter of principle, we do not pass on any data to third parties without consent. From this except for transfers that we carry out on the basis of a legal or contractual obligation or on the basis of our mutual or on the basis of our mutual interests as mentioned above. (See” Recipients of personal data”)

 

Automated decision-making and profiling

We do not use automated decision-making or profiling.

 

Operational data protection

Appropriate administrative, technical and physical security measures are implemented in our processes to protect all data from unauthorized access. Data is stored only as long as necessary for the provision of the agreed services and for legitimate operational purposes, unless there are legal or laws or regulations, or due to litigation or government investigations, to retain it for a longer period of time.

 

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. 

 

  • information about the processing of your personal data.

  • obtain access to the personal data held about you.

  • ask for incorrect, inaccurate or incomplete personal data to be corrected.

  • request that personal data be erased when it’s no longer needed or if processing it is unlawful.

  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.

  • request the restriction of the processing of your personal data in specific cases.

  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’).

  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. 

  • You also have the right in this case to express your point of view and to contest the decision

  • Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

 

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. 

 

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

 

Contacting us and exercising your rights

You can contact us free of charge if you have any questions about the processing of your personal data and your data subject rights. To exercise any of your aforementioned rights, please contact us. Please ensure that we are able to clearly identify you.

 

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

 

Changes and updates to the privacy policy

We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. 

privacy-vs-security-conundrum.jpg