As of 27 June 2019

  1. Why we are excited to protect your data?
  2. We are excited and thankful that you are entrusting us with your personal data. Healthpass would not be able to exist without your trust!

    At Healthpass, we fully recognize that you will only use our app and entrust us with your personal data if we treat it to the highest confidentiality standards. Quite like a bank where you would only deposit your money if you trust the bank.

    For double protection, we comply with all Pakistani privacy laws and regulations, and additionally we follow the General Data Protection Regulation of the European Union, widely regarded as one of the strictest in the world.

    The below gives you more details on how we go about it.

  3. What is Personal Data?
  4. Personal data means any information relating to an identified or identifiable natural person ('data subject'), e.g. your name, your phone number etc.

    Data that does not allow us or anyone else to identify you is not considered Personal Data. E.g. if your phone number is anonymized then it is not personal data any more, for example: “051-3456xxxxxx”.

  5. Who controls your personal data?
  6. Data Controller is a legal term for the company that controls what happens with your personal data. Since Healthpass is a brand of Medicount Private Limited, we at Medicount Healthcare Private are the Data Controller.

    Although we are the Data Controller, you remain the key decision maker when it comes to your own personal data. With Healthpass, you always stay in control of what happens to your data. For example, you decide how much data you want to share with us. You can also withdraw your data again. Section 9 below tells you more about your rights.

    Please note that in the course of using the Platform, you may also utilize the services of other Data Controllers. For example, when you pay for a Telehealth consultation, you may be using the payment facility of an electronic wallet provider or of a credit card company. They would then know that you have paid for our Telehealth service. Please bear in mind that such Data Controllers have different terms of service and privacy statements.

  7. What personal data do we collect from you?
  8. While using the Healthpass Platform, we may collect and process several categories of personal data from you. Some of that data is classified as “sensitive”. So please study the following list carefully before giving your explicit consent:

    • Data that clearly identifies you, such as your name and surname, gender, date of birth, CNIC number
    • Your contact details (address, mobile number, email etc.)
    • The location of your mobile phone (e.g. to show you the distance to the nearest medical provider)
    • Information about your mobile phone (type, operating system etc.)
    • Information about your Healthpass Platform usage (duration, pages viewed, payments made etc.)
    • Your calls with our customer service hotline
    • Sensitive Data: Details about your health or your dependants’ health, such as for example:
      • (a) medical check-up results
      • (b) lab report results
      • (c) information on your health status that you pass to our inhouse doctors or to 3rd party doctors and medical providers via our Platform or via any other media of communication (email, phone etc.
      • (d) prescriptions and doctor reports that come out of your usage of our telehealth service
      • (e) prescriptions, doctor reports and other related health documents (e.g. xray scans) that you share or store yourself on the Platform or that – upon your explicit approval - we collect on your behalf from our Healthpass network providers for your convenient storage and access on our Platform
      • (f) information from the itemized bills of our network of medical providers

    Please note that whenever you share or authorize us to collect personal data of other persons, like your spouse and children, you confirm that you are fully authorized to do so on their behalf.

  9. How will we collect your personal data?
  10. We collect your personal data mostly through the Healthpass Platform. We may also collect personal data if you make phone calls to Healthpass, e.g. to our customer service or telehealth service, or if you send us email, social media messages (Facebook, Whatsapp etc.) or letters. Please note that calls may be recorded for analytics and quality assurance.

    Lastly, we may collect personal data on your behalf from our Healthpass network providers for your convenient storage on the app, e.g. lab test reports. Please note that such “concierge” collection and upload service has to be expressly approved by you on the Platform. Acceptance of this Privacy Notice and the overarching Terms of Service for Users is not enough.

  11. How will we use your personal data?
  12. We use your personal data for the following purposes

    • To verify your identity for the usage of the Platform and for any (financial) transactions
    • To provide you a seamless experience of the Platform, such as sharing your profile with our telehealth team and 3rd party medical specialists when you connect to them via the Platform
    • For verifying your eligibility for any complementary services that you may benefit from free of charge.
    • To contact you when necessary e.g. in case a verification call is warranted or to resolve any complaint
    • To conduct client surveys
    • For quality assurance purposes
    • To analyze how you make use of our Platform (e.g. telehealth service) to improve our service and develop new solutions. We may also combine your personal data with that of other Healthpass users to discover larger trends and new service opportunities. For example, if we learn from your personal data and that of other users that many of you suffer from a particular chronic illness, we may develop a new service to help our users with paying for the treatment of this illness
    • To promote and market our services to you and to inform you of special offers, promotions or competitions of Healthpass and our related Healthpass network providers, including by way of direct mail and telemarketing, except if you expressly object to this. We shall not be sending you information and promotions about medical providers where you have not yet used Healthpass, unless you explicitly request us to do so.
    • To prevent fraud and money laundering and as required by law or regulation

    If any third party holds your contact information first in the course of using our Platform (e.g. your telecommunication provider or your medical provider), you authorize us to procure your contact information from such third party in order to fulfil the above purposes.

    It is not a statutory or contractual requirement that you share your personal data with us. However, where you fail to provide us with this data, we will be unable to give you access to the Platform and its various services. We therefore rely on your consent to this data privacy policy as the legal basis for our data collection and the provision of our Platform to you.

    We will not utilize your personal data for any purpose not known and disclosed to you.

    We will not share your personal data to third parties outside the Medicount Group for advertising purposes.

  13. Who will have access to your personal data?
  14. The staff of the Medicount Group will be granted access to your personal data on a strict needto-know basis. That is done to allow you to use and benefit from the Platform. For example, telehealth doctors would have access to your relevant medical records on file to be able to address your health concerns. A clerical staff in our accounting department would not get such access

    For the storage and processing of your personal data, we may rely on the data processing services of contracted companies, so called “data processors”. This is similar to a torch (Healthpass Platform) that needs batteries from a third-party battery factory (data processors) to work properly. We ensure that our data processors are bound by this privacy notice, including giving data access to their staff on a strict need-to-know basis only.

    In addition, we employ security systems such as password encryption that meet or exceed industry standards to protect your data from unlawful access, hacks and misappropriation. However, sadly, no method of transmission of data over the internet, or method of electronic storage can be guaranteed to be 100% secure.

    Lastly, if required by law enforcement agencies or any regulator to share personal data, we will first check the legality of such request, and if this is proven to be the case, we will share your personal data with such public authorities

  15. Where will my personal data be stored and processed?
  16. Your personal data may be stored and processed within Pakistan and outside Pakistan, e.g. in the European Union, depending on where the best suited data storage processing facilities exist.

    If we transfer your personal data outside Pakistan, we will ensure that it is stored and processed according to standards at least as good as those required in Pakistan and only used for the purposes set out in this Privacy Policy.

  17. What are your rights in respect of your personal data?
  18. You are the key decision maker on how we handle your personal data. At any point in time you have the following rights in respect of your personal data:

    • The right to access the personal data that we hold about you
    • The right to have your personal data rectified where it is inaccurate or incomplete
    • The right to have your personal data erased
    • The right to obtain restriction of processing in certain circumstances, for example where you have contested the accuracy of the personal data, for the period to enable us to verify the accuracy of that personal data
    • The right to data portability, i.e. to receive your personal data in a structured, commonly used and machine-readable format so you may store it privately or take it to another company
    • the right to withdraw your consent to this privacy notice at any time

    Please note that exercising your above rights is free of charge, but it may temporarily or permanently render the Healthpass Platform unusable for you.

    For exercising any of the above rights please contact us at the contacts given in below “contact” section.

    In each case, we will try to contact you within 72 hours, utilizing your latest given contact details, to arrange the next steps, e.g. correction of data, erasure of data, export of data etc.

  19. How long do we keep your personal data?
  20. We will keep your personal data for as long as permitted under Pakistani law. If you withdraw your consent, or request an erasure of your personal data, we will retain your data for a further four weeks to allow us for a proper winding down of your relationship with us. After those four weeks we will completely delete your personal data from our records.

    However, in a few cases we may need to keep your data for longer:

    • If required by law
    • If required to defend any legal claims
    • If required for a proper winding down of your relationship with us where that process takes longer than four weeks (e.g. if we fail to reach you in that period of time)

  21. How can you contact us?
  22. For any query regarding your personal data, or for any execution of your above rights, you can contact our Customer Service at:

    +92-800-75757 (toll free)

    Healthpass (Medicount Pvt. Ltd.)

    attn. Operations Department / Data Privacy

    Emirates Tower

    2nd Floor

    M-13, F-7 Markaz

    Islamabad, 44000


  23. How often do we update this privacy notice?
  24. We will update the privacy notice from time to time as required. Any updates of our privacy notice will be reflected on our website Printed versions may be outdated. We therefore recommend that you check back into our online privacy notice from time to time. Your continued use of Healthpass following any such modification constitutes your agreement to the privacy notice so modified.