Privacy Policy – MedCeps (India)

Effective Date: March 2025
Last Updated: March 2025

MedCeps ("we", "our", or "us") is committed to protecting the privacy of individuals whose data is captured through our Electronic Data Capture (EDC) platform. This Privacy Policy outlines how we collect, use, share, and protect personal data in compliance with the Digital Personal Data Protection Act, 2023 and other applicable Indian laws.

1. What We Collect

We may collect the following types of data:

a) Personal Data (of Users/Researchers):

• Full name, email address, mobile number
• Designation and institutional affiliation
• Login and authentication credentials

b) Patient/Subject Data:

• De-identified or pseudonymized health data
• Study-specific medical details (as entered by authorized users)

c) Device & Usage Data:

• IP address, browser/device info
• Platform usage patterns (for performance and security)

We do not knowingly collect personal data directly from patients. All clinical data must be entered by authorized personnel under proper ethical approval and informed consent protocols.

2. Purpose of Processing

We use data for:

• Facilitating secure clinical data capture
• Managing authorized user access and roles
• Ensuring compliance, audit trails, and regulatory reporting
• Anonymized statistical and operational analysis

3. Lawful Basis

Our processing is based on:

• Consent (for personal data you voluntarily provide)
• Legal obligation (e.g., retention under Indian medical regulations)
• Legitimate interest (platform performance, security)

4. Data Sharing

We do not sell your data. We may share it:

• With authorized researchers and institutions
• With service providers under strict confidentiality agreements (e.g., cloud hosting)
• If required by law, courts, or regulatory authorities

5. Data Security Measures

We follow reasonable security practices and procedures under the IT Act, 2000 and DPDP Act:

• Encryption (at rest and in transit)
• Role-based access control
• Two-factor authentication (2FA)
• Regular audits and backups

6. Your Rights under Indian Law

You may have the right to:

• Request access to your personal data
• Correct or update inaccuracies
• Withdraw consent (where applicable)
• Lodge a grievance or complaint with our Data Protection Officer (DPO)

To exercise these rights, please contact: info@mediception.cm

7. Data Retention

We retain data for the duration of the clinical study and as per applicable laws and sponsor agreements. De-identified data may be retained for research or audit purposes.

8. Grievance Redressal

We have appointed a Grievance Officer as per Indian IT Rules:

• Grievance Officer: Punit
• Email: info@mediception.com
• Response Time: Within 15 working days

9. Changes to the Policy

We may update this policy and will notify users via email or system notification.