Legal

Privacy Policy

eCureTrip HealthTech Pvt. Ltd. (operating as The Brown Sage)

Last updated: 16 July 2026

Ecuretrip Healthtech Private Limited (“we”, “us”, “Company,” “Ecuretrip”, or “our”) including our online website(s) www.ecuretrip.com and/or www.thebrownsage.com (“Website”), our mobile applications on iOS and android platform, as and when made available (“Applications”) and/or WhatsApp interface (collectively referred to as the “Platform”) is committed to protect your privacy. This privacy policy (“Policy”) seeks to comply with the provisions of the Information Technology Act, 2000 (“Act”) and the Information Technology (Reasonable Security Practices, Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Rules”) and sets out the manner in which the Company may collect, receive, use, store, process, disclose, transfer and otherwise handle information shared with or collected through the Platform in connection with the Services. This Policy has been prepared to describe to you our practices regarding the Personal Data, we collect, use, store, manage, share, process, and/or transfer through our Platform and/or others channels (if applicable), in connection with our services, as described in our standard terms and conditions available at www.ecuretrip.com and/or www.thebrownsage.com (“Standard T&C”) (collectively, the “Services”). This Policy describes the types of Personal Data the Company collects, why and how the Company uses Personal Data, with whom the Company shares it, and the choices you can make about the Company’s use of Personal Data. This Policy also describes the measures the Company takes to protect the security of the Personal Data and how you can contact the Company about its privacy practices.

By accessing or using the Platform, Services, or any of our offerings, or giving us your Personal Data, or otherwise clicking to accept this Policy, if and when prompted on any of the Platform, you confirm that you understand and consent to this Policy, together with any documents that may be expressly referred to and are incorporated by reference, and, to the extent required under Applicable Law, you consent to the collection, use, storage, disclosure, transfer and processing of your Personal Data in accordance with this Policy. This Policy forms an electronic record and should be read together with the Standard T&C and any other applicable terms made available on the Platform.

The Company processes Personal Data for lawful purposes connected with its business, operations, Platform functions and Services, and only in the manner described in this Policy and as otherwise permitted or required under Applicable Law.

By accepting this Policy, you understand and agree to the collection, use, sharing, transfer, handling and processing of Personal Data as specified in this Policy. If you are providing the Personal Data on behalf of someone else, you confirm that (a) such information is true, accurate and up-to-date; (b) such third person is aware that you have provided their Personal Data; and (c) they consent to both, the disclosure and the use/ processing of their Personal Data in accordance with this Policy.

If you accept this Policy on behalf of another person, you represent and warrant that you have full authority to bind such person to these terms.

Please read the terms and conditions of this Policy carefully, before accessing or using any of our Platforms. You will be deemed to be a “User” who is legally bound by this Policy.

For Users located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) and/or other applicable data protection laws may apply, to the extent relevant to the Company’s processing activities and the relevant User relationship.

1. Definitions and Interpretation

Definitions

For the purposes of this Policy:

  • Account means a unique account created for you to access our Service or parts of our Service using our Platform;
  • Applicable Law means the law in force, as amended from time to time, relating to the collection, storage, processing, and transfer of Personal Data, and includes the Rules and any subsequent rules enacted by any Governmental Authority;
  • Company shall have the meaning as ascribed to the term in the preamble to this Policy;
  • Consent means the consent obtained by the Company from a User in writing, including by way of digital means, prior to the collection of Personal Data regarding the purpose of and usage of such Personal Data;
  • Country refers to India;
  • Device means any device that can access the Services including a computer, a cellphone, or a digital tablet;
  • Governmental Authority means any national, state, local or regional government or governmental agency, department, board, commission, regulatory authority, semi-governmental authority or arbitrator, court, tribunal, judicial or quasi-judicial authority (including, any stock exchange or any self-regulatory organization established under any law);
  • Non-Personal Data shall have the meaning ascribed to the term in paragraph 3 below;
  • “Personal Data” means information that relates to an identified or identifiable natural person and includes Personal Information and SPDI, where applicable. References in this Policy to Personal Data may, depending on the context, include Personal Information, SPDI, practitioner information, account information, transaction information, technical/usage information and other information associated with a User or Practitioner. De-identified, anonymised or aggregated information that does not identify an individual shall be treated separately under this Policy;
  • Personal Information means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. For the purpose of this Policy, Personal Information includes (a) name, e-mail address, phone number, display picture, username, password, residential address, gender, age, and other demographic information provided by a User while availing any of the Services on the Platform or any other kind of SPDI; (b) information provided to the Company through interaction with the customer service representative, other person listed on the Platform, participation in surveys or marketing promotions, or provided to the Company or its representative over the phone or by way of email or other communication channel; (c) providing access to customer’s microphone for optional patient voice notes, or access to camera and/or microphone for teleconsultation, or access to location; (d) disease type, cancer type/ suspected cancer type, treatment-location country, smoking history, family cancer history and other clinical questions; and (e) specifically in respect of Practitioners, NMC registration number, qualifications, specialty, affiliated hospital, language spoken and LinkedIn URL, in all cases, for availing Services from the Platform, subject to explicit consent of such person, and in accordance with the Applicable Law. The Company limits the collection of Personal Information to that which is necessary for its intended purpose.
  • Policy shall have the meaning as ascribed to the term in the preamble to this Policy;
  • Practitioners shall mean duly qualified medical practitioners registered under the Applicable Law, who are authorized to provide any or all the Services on the Platform;
  • Rules shall have the meaning as ascribed to the term in the preamble to this Policy;
  • Service shall have the meaning as ascribed to the term in the preamble to this Policy;
  • SPDI shall have the meaning as ascribed to the term in the Rules;
  • Usage Data refers to data collected automatically, either generated by use of the Service, Platform, or from the Service infrastructure itself (or through the third party analytics service providers), and includes the data in the nature of system administrative data, statistical and demographical data, and operational information and data generated by or characterizing use of the Platform including without limitation Non-Personal Data, cookies, Website/ Applications traffic, time spent on the Platform, number of visits to the Platform and other similar information and behaviour indicating the mode and manner of use of the Platform.
  • Website shall have the meaning as ascribed to the term in the preamble to this Policy; and
  • User (referred to as “You”) means the individual accessing or using the Services, or the company, or other legal entity on behalf of which such individual is accessing or using the Services, as applicable.

Interpretation

The words whose initial letter is capitalized shall have the meanings ascribed to such term in this Policy. The definitions provided hereinabove shall have the same meaning regardless of whether they appear in singular or in plural.

2. Collection of Information

As a visitor, you can browse our Website, Applications, or other Platform or any of our offerings to explore more about us without providing any of your Personal Data, subject to the technical configuration of the relevant Platform and the nature of the relevant feature or service being accessed. However, please note that when using our Platform, the system collects certain Usage Data, which helps us improve the functionality, diagnose technical issues, and enhance overall performance.

Once you register as a User on our Platform or show your interest in procuring information about our Services, please note that we only collect and process a minimal amount of your Personal Data as may be reasonably necessary to provide, facilitate, improve, secure, administer and support the Services. Following is the type of Personal Data collected on our Platform, in addition to any other information that you voluntarily provide to us or authorize us to collect:

3. Type of Data Collected by Us

Sr. NoPurpose and specific use casesType of data collected for the specified use cases
Personal Data collected at the time of visiting/ using the PlatformNo Personal Data is collected before the account creation other than the Usage Data.
Personal Data collected at the time of account creation on the PlatformFull name Date of birth/ age Gender Email address Phone/ mobile number Username Password (in encrypted format) Residential address Country/ location Emergency contact details Qualifications, registration details, specialization, experience, affiliations, profile information, KYC or verification details, consultation availability, payment-related details, fellowships, languages known and LinkedIn URL (in the case of Practitioners or their empanelment) Depending on the requirements, we may or may not collect all or any of the above data at the time of account creation.
Personal Data collected through your interactions with any of the employees or other individuals of the Company or otherwise during availing our Services or offeringsMedical history and records including in the form of PDFs, images, and DICOM scans Patient voice notes in the form of optional audio recordings describing the case along with their text transcripts Specific case details including age, gender, date of birth, disease details, cancer type/ suspected cancer type, treatment-location, country, smoking history, family cancer history, passport details (if necessary) and other relevant clinical questions/ history Diagnosis, imaging, and pathology reports Treatment information and clinical notes Prescriptions and medications Lab results and test reports Consultation notes and doctor correspondence/ Service related correspondence Preference of the Practitioner, depending on the Services opted Limited payment or billing information as needed for our coordination services such as payment order ID, payment ID, amount and payment status, excluding credit/ debit card details, bank account details or UPI credentials, which are processed or dealt with by the payment processor agency Audio/ video streams/ recordings during a doctor-patient consultation, subject to applicable laws Any kind of medical record not provided at the time of initial documents upload on the Platform but provided later to employees or other individuals of the Company for availing our Services including for onward circulation to the Practitioners.
Promotion and marketing communications to send You newsletters, promotional content, confirmations, etc.Email address Mobile number
Automatically collected Data Usage Data collected when You interact with us on a digital medium;Device type and browser information IP address and approximate location Pages visited and interaction data, if available Date and time of access Operating systems and session identifiers Audit loggings for security and compliance purposes recording an immutable audit trail of actions by a User, with their IP address, after redacting the User identifiers.
Compliance with legal obligations to comply with disclosure obligations in accordance with Applicable Law; to respond to summons, subpoenas, search warrants, court orders, or other legal process.Any Personal Data collected by Us

The Platform does not collect, store or access any biometric data. The User voice notes are also the audio recordings used exclusively for transcription and not as a biometric identifier. For devices with biometric authentication, the Applications, as and when available, may offer the convenience of unlocking using face identification or fingerprint recognition. In this regard, please note that we do not/ will not collect, store, or have access to your biometric data, including face identification or fingerprint information.

You affirm that you are solely responsible for the accuracy and truthfulness of your Personal Data shared with us, and the Company is not responsible or accountable for verifying the authenticity of your Personal Data. The Company may, but is not obligated to, undertake limited verification checks itself or through third-party service providers, business partners, healthcare providers or verification agencies, to the extent considered necessary for onboarding, fraud prevention, quality control, legal compliance, practitioner due diligence, service coordination or other legitimate purposes.

We and/or the service providers on our Platform may also collect information made publicly available through other third-party websites including through online or offline databases that are otherwise legitimately obtained and are subject to the third party's terms of use and/or privacy statement.

We only collect and use such information from you that we consider necessary for achieving an efficient and safe experience that is customized for your needs and expectations which in turn helps us to offer tutorials and works that are most likely to meet your needs and demands. The Company shall use technologies such as cookies, clear gifs, log files, and flash cookies for several purposes, including to help understand how you interact with our Platform and/or Services to provide a better experience.

The Company may gather any non-personal information regarding how many people visit the Platform, browser type, pages visited by them, their IP address, versions, operating systems, locations, Device ID, Device manufacturer and type, Device, usage statistics and other technology on the Devices used to access the Platform, maximum offerings purchased by a User etc. Such information shall also include all such Personal Information collected and stored by the Company that undergoes the process of de-identification and is no more identifiable to you or any natural person (hereinafter referred to as “Non-Personal Data”). The Company may also collect Non-Personal Data that you voluntarily provide, such as information included in response to a survey and/or questionnaire.

4. Data Usage

We shall use the Personal Data collected from you for facilitating the Services for the following purposes as detailed below. We understand the importance of your Personal Data and ensure that it is used for the following intended purposes only. We shall only collect the Personal Data on a need basis strictly for the purpose of providing you with the Services.

The Company may also receive information relating to You from third parties, including Practitioners, hospitals, healthcare providers, service providers, business partners, referral sources, public sources, group entities or verification agencies, to the extent permitted by Applicable Law and necessary for the Services, onboarding, coordination, fraud prevention, support, dispute resolution, compliance or other legitimate purposes described in this Policy. Such information may be retained, used, disclosed and otherwise processed by the Company in accordance with this Policy and Applicable Law.

Specifically, we may use your Personal Data to:

  • verify your identity and authenticate your account;
  • enhance your experience, analyze your interaction with the Services and issue any corrective measures if required;
  • for any legal and regulatory / audit purposes (for example, in response to subpoenas, summons, court orders, and law enforcement or governmental requests or investigations), and to protect our legal rights or the rights of others (for example, by working to reduce the risk of fraud or misuse of the Service);
  • respond to your queries about the Services;
  • facilitate the Services by the Practitioners, for completion of expert opinion, tumor board consultation sought by You, and relevant treatment and logistical planning with Practitioners and/or hospitals in India;
  • arrange teleconsultations, appointments, follow-ups and any other type of co-ordination for completion of the Services;
  • deliver to You any notices, alerts, or communications relevant to your use of the Services;
  • customize/ personalize the works being offered;
  • to monitor, analyze, and describe usage patterns and performance of the Service, including aggregate metrics such as total number of visitors, traffic, and demographic patterns;
  • to conduct system administration and system troubleshooting and to diagnose or fix technology problems;
  • aggregate the anonymized information from registered users to perform market research, project planning, product development, troubleshoot problems, analyze user behaviour, marketing purposes, and promotions for the Company and its authorized business partners;
  • for internal record-keeping purposes, to the extent required under Applicable Law;
  • to enforce this Policy and/or the terms of Service or any other related policy;
  • to introduce new features or products/services. These might be our own offers or products/services, or third-party offers or products/services with whom the Company has a tie-up;
  • administer our obligations under any agreement with our business partners;
  • utilize your information for internal analysis and offer location-based services, such as advertising, search results, and personalized content;
  • assist in the facilitation and delivery of Services by us or our business partners/ service providers, process payments and applications, and communicate with you regarding products, services, and promotional offers;
  • enhance our Platform, and/or prevent or detect fraud or abuses on our Platform, and/or allow third parties to perform technical, logistical, or other functions on our behalf. We may integrate information obtained from you with data about you received from third parties;
  • dispatch notices, communications, and suggest services of potential interest to you, update our records, and manage your accounts, including displaying content and customer reviews;
  • to send general notices or important updates about your account, seek your feedback or opinions, and inform you about special deals and offers;
  • with your consent, the Company may access your mobile device id, including the camera, microphone access for optional patient voice notes, camera and microphone access for teleconsultation, in all cases to facilitate services, enhance accessibility, and facilitate logins to the Platform for the various services you opt for; and
  • If you are a vendor or employee of the Company, we use your Personal Data for the purpose of making payments, payrolling and deducting taxes;

In addition, the Company may use Personal Data to enable practitioner discovery, profile display, appointment discovery, search and ranking functions, care navigation, user support, internal training, fraud-risk analysis, platform optimization and platform feature expansion, to the extent permitted under Applicable Law.

We do not use your Personal Data for solely automated decision-making or profiling that produces legal effects or similarly significant effects.

Any technology/ software/ tools or outputs made available through the Platform are intended to assist and support healthcare-related services and shall not be construed as medical advice, diagnosis, treatment recommendation or clinical opinion by the Company.

We have physical, electronic, and procedural safeguards that comply with the laws prevalent in India to protect your Personal Data. We seek to ensure compliance with the requirements laid down under the Act and the Rules to ensure the protection and preservation of your privacy.

5. Minor’s Privacy Policy

Our Services are intended for individuals who are 18 years of age or older. Accordingly, Users must be at least 18 years old to register and use the Platform in their own capacity, except where the Platform permits access and use by a minor’s parent, lawful guardian, authorized attendant or legally authorized representative acting on behalf of a minor or a person requiring support in relation to medical or allied services. In the event that the Services are availed for or on behalf of a minor, such access and use shall be undertaken only by the minor’s parent or lawful guardian, who shall be deemed to have provided consent for the collection, use and processing of the minor’s Personal Data in accordance with this Privacy Policy and applicable laws.

By using the Platform on behalf of a minor, such parent or legal guardian represents and warrants that they have the legal authority to act on behalf of the minor.

If we become aware that we have collected Personal Data from a child without appropriate parental consent, we will take steps to delete such data promptly, subject to Applicable Law and legitimate record-retention requirements.

6. Certain Specific Conditions for Practitioner

Where the User is a Practitioner, the Company may collect, use, process, store and transfer certain Personal Data and professional information of such Practitioner for the purposes of facilitating the Services through such Practitioner.

The Company may display, share or make available certain information voluntarily provided by the Practitioners, including the relevant Personal Data, professional profile details, qualifications, specializations, experience, areas of expertise and other relevant professional information with Users and registered patients through the Platform for the purpose of enabling such Users to identify, evaluate and select an appropriate healthcare professional based on their individual healthcare requirements. Such disclosure shall be limited to information necessary for facilitating informed decision-making and shall be carried out in accordance with this Policy and Applicable Law.

While the Company does a basic KYC check on the Practitioners and/or such onboarding or verification checks as it considers appropriate under the Applicable Law, the Company displays such information on an “as-is” basis and does not independently generate, guarantee or warrant the accuracy, completeness or authenticity of such information.

Accordingly, the Company strongly encourages Practitioners and associated healthcare providers and other Users to periodically review their profile information and notify the Company promptly of any discrepancies, modifications, updates or inaccuracies. The Company may make reasonable efforts to maintain and update such information; however, the responsibility for ensuring the accuracy and completeness of such professional information shall primarily remain with the Practitioner.

The Company acts as a technology-enabled facilitator and coordinator and does not independently practise medicine, provide medical advice, or assume responsibility for the clinical appropriateness, quality, outcome or efficacy of any consultation, diagnosis, treatment, procedure, prescription or healthcare service rendered by any Practitioner or healthcare provider. The inclusion, display, ranking or availability of a Practitioner profile on the Platform shall not be construed as an endorsement, guarantee or warranty by the Company, and any search results, listing order, featured placement, recommendation or visibility parameters may be influenced by relevance, availability, user engagement, commercial arrangements, technical parameters or other platform-determined factors.

7. Data Retention and Period of Storage

We will take appropriate steps to protect your Personal Data from misuse, unauthorized access and/or wrongful disclosure using appropriate security measures based on the nature of the data collected and the manner of processing the same. We will store your Personal Data for such period as may be required and permitted by Applicable Law or for a period necessary to satisfy the purpose for which the Personal Data has been collected. These periods vary depending on the nature of the information and your interactions with us.

We retain your Personal Data including medical records, treatment-related documents, communication records, billing information, and other healthcare-related information for such period as may be necessary to comply with statutory obligations, only for legitimate purposes as specified in this Policy and/or under Applicable Law. We may also retain your Personal Data including your name, contact number, address, and transaction history (for operational purposes), as may be required by us for the purpose of compliance with legal obligations of the Company, to resolve complaints and/or disputes and to enforce the legal obligations under our agreements, which shall be in compliance with the relevant laws. Additionally, on account of pendency of any legal and/or regulatory proceeding or upon receiving any legal and/or regulatory direction, the Company may be required to retain your Personal Data for longer periods. Once these legal or statutory obligations are complete, we undertake to dispose of your data in a manner compliant with Applicable Law.

We will retain your Personal Data only for the period during which the purpose for its usage exists or as per this Policy, after which we undertake to dispose of the same in the manner compliant with the Applicable Law except for any record retention requirements arising under the Applicable Law. Certain laws require keeping the details of transaction logs for longer periods, even after deletion of an account from the Platform, where we undertake to comply with Applicable Law.

We may retain different categories of Personal Data for different periods depending on the purpose of collection, legal obligations, operational requirements and regulatory requirements applicable to such data. The retention timelines indicated below are illustrative and may be extended where required under Applicable Law, regulatory requirements, pending investigations, legal proceedings, dispute resolution processes or other legitimate business purposes of the Company:

Data CategoryRetention Period
Active patient case dataDuration of treatment coordination plus 3 years
Medical records and clinical documents7 years from last interaction
Account and billing information8 years
Communication records3 years from last interaction
Platform usage and log data1 year

The Company may, in appropriate cases, retain Personal Data for longer periods than those stated above where required or permitted under Applicable Law, contractual commitments, medical record obligations, fraud prevention requirements, internal investigations, insurance, taxation, audit, dispute resolution, enforcement needs, business transfer diligence or other legitimate business purposes.

As a User, you always have the right to request in writing for deletion/ withdraw of your Personal Data at any time, however, this may affect the quality of the Services being provided, or this may also limit your ability to use our Services or in certain circumstance, you may not be able to use our Services after deletion of your Personal Data.

8. Cookies

A cookie is a very small text document, which often includes an anonymous unique identifier. These are sent to your browser from the websites that You visit and are stored on your device's internal memory. We use cookies on the Website which helps us to provide information, which is targeted to your interests, keep track of your preferences, evaluate the effectiveness of the Website, analyze trends, identify logged in or registered users and administer the Website. This helps us to provide You with a good experience when You use the Services on the Platform and allows us to improve such services.

We use Google Analytics and the Meta (Facebook) Pixel on the Website to understand user behaviour, identify the most visited sections of the Platform, diagnose technical issues, measure the effectiveness of our advertising and improve our Services. These tools collect Usage Data such as the pages you visit, your device and browser information, your approximate location derived from your IP address, and your interactions with the Website. These tools are used only on our public marketing website. They are not deployed on the patient, practitioner or operations portals, and they are not used to collect, transmit or infer any medical records, case details, diagnosis or other health information. We will update this section if the tools we use change.

You may manage your cookie preferences at any time through browser settings or the cookie consent mechanism made available on the Website. Your continued use of the Website and/or Applications and/or any other Platform after providing consent to the use of cookies shall constitute your acceptance of such cookies. If cookies are disabled, You may still use the Website, but the Website may be limited in the use of some of the features. Your use of the Website or Services with a browser that is configured to accept cookies constitutes acceptance of ours and any third-party cookies.

9. Data Protection and Security

The security of your Personal Data is important to us, and your Personal Data is secured as per reasonable security practices and Applicable Law of the Country.

Any information/data collected by the Company may be stored in servers and systems located in India and/or in such other jurisdictions as may be permitted under Applicable Law and required for the operation, support, maintenance, backup or improvement of the Platform and Services, subject to implementation of reasonable security practices and appropriate technical, contractual or organizational safeguards, where applicable

The Company implements reasonable technical, administrative, physical, contractual and organizational safeguards designed to protect information against unauthorized access, use, disclosure, alteration, loss or destruction, taking into account the nature of the information and the risks associated with processing such information. Such safeguards may include access controls, encryption or pseudonymisation measures, authentication controls, logging, backup practices, vendor controls, training and incident-management procedures, to the extent considered appropriate by the Company.

The Company uses industry standards, and physical, technical, and administrative security measures to keep Personal Data confidential and secure and the Company will not share your Personal Data with third parties, except as otherwise provided in this Policy. We take robust precautions to protect your Personal Data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. We employ many different technological and procedural security measures such as encryption, passwords, and such other appropriate security measures (as stated above) which are reasonably designed to help protect your Personal Data from and against any loss or misuse and unauthorized access or disclosure by individuals inside and outside the Company. However, no method of transmission over the internet, or method of electronic storage is 100% (one hundred percent) secure and reliable, and we cannot guarantee its absolute security. You therefore agree that any security breaches beyond the control of our reasonable security practices are at your sole risk. You may note that the Company is not responsible in any manner whatsoever for the unauthorized use of your Personal Data or for any lost, stolen, compromised passwords, or for any activity in your account including by way of unauthorized password, due to the reasons attributable to you, or if such unauthorized act is connected with your act(s) or omission(s) or your use of the Device. Also, the Company will not be liable for any breach of security or for any actions of any third parties or events which are beyond its reasonable control including but not limited to computer hacking, unauthorized access to data and storage device, breach of security and encryption, crashes, acts of government, bad internet connection.

Further, in case of any actual or suspected personal data breach, security incident or unauthorized access event, the Company may, in accordance with Applicable Law, including GDPR to the extent applicable, and its internal incident-response processes, take such steps as it considers necessary or appropriate, including containing, investigating, documenting, remediating and, where required under Applicable Law, notifying relevant authorities and/or affected persons.

10. Transfer and Disclosure of Personal Data

We use other companies, agents, contractors, Practitioners, healthcare partners and service providers (“Service Providers”) to perform services on our behalf or to assist us with the provision of Services to You. We may engage certain Service Providers to facilitate healthcare coordination services, including diagnostic centres, travel and accommodation partners, cloud infrastructure and hosting providers, payment processing services, communication services (including email, SMS and teleconsultation platforms), technology and IT support services, customer support services and other service providers required for operation, maintenance and improvement of our Services/ Platform. You acknowledge and agree that in the course of providing such Services, the Company may be required to transfer, disclose or share some or all of Your Personal Data with such Service Providers and they may have access to Your Personal Data solely for the purpose of providing their services.

You acknowledge and agree that we may transfer and/or disclose your Personal Data if we believe that such action is necessary to:

  • comply with any legal process served on us or affiliated parties or other legal requirement of any governmental authority;
  • protect the safety of users of the Platform, us, or third parties affiliated with us;
  • mitigate our liability in an actual or potential lawsuit;
  • help investigate or prevent unauthorized transactions or other illegal activities; and
  • protect and defend our rights or property, the Platform, the users of our Platform, and our affiliated parties.

The Company will transfer your Personal Data only for the purposes specified in this Policy to such entities and/or body corporates which ensure at least the same level of data protection, as maintained by the Company and provided for under the Act and/or Rules. The Company may transfer your Personal Data only if it is necessary for the performance of the lawful contract between the body corporate or any person on its behalf and the User, or where the User has consented to such data transfer or is required under Applicable Law. However, a third party to whom the Personal Data is transferred by the Company is only authorized to use the data for legitimate business purposes and not for any other unlawful business. Accordingly, you acknowledge and agree that your Personal Data may be disclosed by us in connection with the Services being provided to you, including in the following manner:

  • Legal obligation: You hereby authorize us to transfer and/or disclose any Personal Data provided by you to any law enforcement and other government officials or governmental bodies as we believe appropriate or necessary to comply with our legal obligations or for investigation of fraud or any other activity which may expose us or you to any legal liability.
  • Information disclosed to third party service providers: We may contract with various third parties for the provision and maintenance of our Platform, Services/ offerings and our business operations, and we may need to transfer and/or share your Personal Data and data generated by cookies with these vendors and service agencies. We do not authorize them to use, transfer, or disclose your Personal Data except in connection with providing their services to us.
  • Information shared with our business partners: We may transfer, disclose and/or share your Personal Data with our business partners that are committed to serving your online needs and related services for purposes defined under this Policy or in the course of making transactions specifically requested by You, which are ultimately connected with the Services being provided to you.
  • Links to external service providers: Our Platform may contain hyperlinks to other websites that may collect any Personal Data about you. We have no control over any websites or resources which are provided by companies or persons other than us and we are not responsible for the privacy practices or the content of those external websites, and your use of any such other website or applications is subject to the terms of use and privacy policy located on such external website or applications. We recommend that you check the external website’s privacy policies to see how the operators of such websites will utilize your Personal Data.
  • Internal departments: We may share, transfer and/or disclose your Personal Data with the internal investigation department of the Company or agencies appointed by us for investigation purposes. Also, if you are an employee, vendor/supplier of the Company, your Personal Data may be shared internally with the relevant departments on a need-to-know basis, subject to compliance with applicable Law.

We may also disclose Your Personal Data where required under Applicable Law, judicial orders, governmental or regulatory directions, or where such disclosure is necessary to prevent serious harm to You or others, safeguard public health interests or protect the legal rights of the Company or any third party. The Company does not sell Your Personal Data to any third party.

Without limiting the foregoing, the Company may share Personal Data on a need-to-know basis with hospitals, clinics, Practitioners, laboratories, diagnostic centres, logistics partners, insurers, payment intermediaries, technology providers, customer support vendors, verification agencies, analytics providers, legal advisors, auditors, potential investors or acquirers, and governmental or regulatory authorities, where such sharing is necessary or appropriate for the Services, business operations, legal compliance, fraud prevention, dispute resolution, internal restructuring, financing arrangements, due diligence, corporate transactions or protection of rights and interests.

11. Your Consent

Any Personal Data collected, used, stored, processed, or transferred by the Company while providing the Services to you will be subject to your explicit consent given by you while visiting any of our Platform to avail our Services/ offerings, to the extent such consent is required under Applicable Law. You understand that for the purpose of providing the Services, the Company may share your Personal Data with certain third parties,and you expressly agree to such Personal Data being shared with them. A general list of third parties with whom the Company is permitted to share the Personal Data has already been indicated in this Policy.

Further, especially for patients in the EEA/UK, we additionally rely on: (a) Performance of a contract - to deliver the medical coordination services You have engaged us for; (b) Legitimate interests - for Platform security, fraud prevention, and service improvement; and (c) Legal obligation - to comply with Applicable Law.

Processing your Personal Data including but not limited to, collecting, storing, deleting, using, combining, sharing, transferring, and disclosing, will take place in India and/or in such other jurisdiction(s) as may be permitted under Applicable Law and required for the operation of the Platform or Services. If you reside outside India, your Personal Data will be transferred, processed, and stored in accordance with the Applicable Law of India.

We take steps to ensure that such transfers are subject to appropriate safeguards:

  • For EEA/UK patients: Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by GDPR; and
  • For all patients: encryption in transit, access controls, and contractual obligations on data recipients.

By using our Services and providing consent, You acknowledge that your personal and medical data will be transferred to India for processing

.

12. Your Rights as a User

  • Accessing information: Subject to Applicable Law, technical feasibility, protection of third-party rights, professional confidentiality obligations, legal privilege, medical-record obligations and the Company’s legitimate business, operational and compliance requirements, you may request access to certain Personal Data processed by the Company and information relating to the processing of such Personal Data.
  • Option to not provide the Personal Data: You may choose not to disclose Your Personal Data to the Company. However, please note that the Company may require some Personal Data to permit you to register with it or for you to take avail of any or all the features of our Platform. As stated above, if you decide not to provide some Personal Data, your ability to use the Platform or certain Services may be limited.
  • Data correction/ restrictions: Subject to the functionality made available on the Platform and Applicable Law, you may access certain account information and request that inaccurate or incomplete Personal Data be updated, corrected or, where appropriate, restricted in relation to certain processing activities.
  • Data erasure or deletion: You may request deletion or erasure of certain Personal Data shared with us, subject to the Company’s retention rights and obligations under Applicable Law and subject to the Company’s legitimate need to retain such data for service, compliance, record-keeping, fraud prevention, dispute resolution or legal-enforcement purposes.
  • Data Portability: You will have a right to request receiving your Personal Data in a structured, commonly used, machine-readable format where technically feasible.
  • Deactivation: You have the right to request deactivation of your user account maintained with us. Once deactivated, we will neither collect nor process your Personal Data, except as set out in this Policy or as required under the Applicable Law.
  • Consent withdrawal: You have a right to withdraw your consent given to us previously for the collection, handling, or processing of any of your Personal Data collected by us prior to such withdrawal request, however, this may impact the quality of our Services being provided to you on any of our Platforms. Post such withdrawal, we may process any of your Personal Data if such processing is required or authorized under Applicable Law in India.

You may withdraw your consent for data processing if you do not agree with the terms of this policy at any time by (a) emailing support@thebrownsage.com with the subject line “Withdraw Consent – Privacy Grievance”; and (b) specifying which consent(s) You wish to withdraw (e.g., data collection, sharing with hospitals, marketing). The Company shall endeavour to process such request within a reasonable period, subject to identity verification, the nature of the request, technical feasibility, legal requirements and operational constraints.

  • Grievance redressal right: The grievance redressal mechanism is set out in paragraph 18 of this Policy.
  • Nomination right: Where the Platform enables such feature and subject to Applicable Law, the Company may permit a User to designate or notify an authorized representative, nominee, attendant or lawful successor for limited account, support or grievance-related purposes.
  • Making available privacy policy in other language: If you wish to read and view the privacy policy in any other language, we will be happy to arrange for the same. However, in the event of any discrepancy or conflict between the English version of the privacy policy and versions in other languages, the English version will prevail over any other translated versions.

For patients in the EEA or UK, you may also have the right to: (a) object to processing based on legitimate interests; and/or (b) lodge a complaint with a supervisory authority in your jurisdiction.

If you would like to exercise any of these rights, please contact our designated officer at the following:

Name: Mr. Sushil Sanu

Email us at: support@thebrownsage.com

Contact: +91 92747 21800

The Company shall endeavour to acknowledge and respond to such requests within a reasonable period, subject to identity verification, the complexity of the request, technical feasibility, legal requirements and operational constraints. Where GDPR applies, the Company may respond within the timeline permitted under GDPR.

Please note that exercise of any of the above rights may affect the quality of the Services being provided by us, or this may also limit your ability to use our Services or in certain circumstance, you may not be able to use our Services after deletion of your Personal Data. Deleting your account by the Company may also result in termination of our Services to you.

13. Marketing and Promotion

Subject to your prior consent, we may send periodic promotional or information to your email or mobile number registered with us. You may opt to discontinue such communications by following the opt-out instructions contained in the email or your mobile number, if available.

We may require reasonable amount of time to process any opt-out requests. If you opt out of receiving emails or communications on the mobile number about recommendations that we think may interest you, we may still send emails on a case-to-case basis, including service-related, transactional, operational, legal or compliance communications where necessary.

14. Privacy Policy Updates

This Policy elucidates the Company’s current data protection practices and policies. The Company reserves the right to update this Policy from time to time. The Company will notify you whenever there is a change in the Policy by posting a conspicuous notice on the Website/ Applications/ other Platform and by way of an announcement over the email or through our Platform at least 30 days before material changes take effect or by pop-ups on the Website/ Applications/ other Platform regarding its then applicable data protection policies. The Policy shall come to effect from the date of such update, change or modification. We encourage you to review this Policy periodically to stay informed about any changes. Your continued use of our Platforms or provision of data or information thereafter will imply your unconditional and absolute acceptance of such updates to our Policy. This Policy applies to all of the Company’s Platforms, including our desktop Website, mobile Website, and Applications.

15. Disclaimer

While we are committed to protecting your privacy and securing your Personal Data in the manner as specified in this Policy, we neither promise nor warrant that your Personal Data will always remain private and secured.

The Company neither warrants nor assures that the information provided on the Platform is entirely accurate and error-free. In case of any discrepancies, Users are advised to verify the information by getting in touch with us. Information provided on our Platform might get updated or changed from time to time, in such case it shall be the duty of the user to verify the contents of the Platform.

16. Limitation of Liability

Notwithstanding anything contained in this Policy or elsewhere, the Company shall not be held liable or be responsible to you for (a) to the maximum extent permitted under Applicable Law, any indirect, incidental, special, punitive, exemplary or consequential losses, or any loss of profit, goodwill, revenue, business opportunities or anticipated savings arising out of performance or non-performance of its obligations hereunder; (b) any actions or inactions of any third-parties that receive your Personal Data; and (c) any loss, damage, or misuse of your Personal Data, if such loss, damage or misuse is attributable to a Force Majeure.

In respect of the above, the term “Force Majeure” means any event that is beyond the reasonable control of the Company, including but not limited to acts of god, fire, flood, explosion, sabotage, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, computer hacking, civil disturbances, unauthorised access to data and storage device, breach of security and encryption, crashes, epidemic, pandemic and/or any other similar events not within the control of the Company.

17. Governing Law and Dispute Resolution

The governing law and the dispute resolution provisions, as specified in the Standard T&C, shall mutatis mutandis, apply to this Policy.

18. Questions and Suggestions and Grievance Officer

The Company has appointed a Grievance Officer to redress customer grievances relating to any complaints under this Policy. Details of the Grievance officer are provided below:

Name: Mr. Sushil Sanu

Address: Ecuretrip Healthtech Private Limited, 1602, Sankalp Square 3A, Besides Taj Skyline,Sindhu Bhavan Road, Ahmedabad - 380059

Email: support@thebrownsage.com with the subject line “Privacy Grievance”

Contact: +91 92747 21800

The grievance raised by the User will be acknowledged within 48 hours, and the same will be investigated and resolved within 30 days.

19. Standard Terms and Conditions

Please also visit our Standard Terms and Conditions section which establishes the use, disclaimers, and limitations of liability governing the use of our Services. You can access the same by clicking here: https://www.thebrownsage.com/standard-terms