CareLocker data privacy statement

Updated on 31 May 2023

CareLocker is a service designed to allow You as the customer to store and transfer your medical data to those persons with whom You choose to share it.

This Data Privacy Statement (“Statement”) explains how Feedback Medical Limited (“Feedback/We”), as the provider of he CareLocker Service will manage any personal information You choose to upload to your CareLocker Account.

We take your privacy very seriously. This Statement provides You with information and assurance regarding our handling of your personal information and sensitive personal information (“Data”) in a secure and professional manner and in accordance with relevant law and regulations.

Below We explain what information We collect and how We handle it. Please read this Statement carefully to understand our approach and practices.

The Data You may provide to us might include name, address, phone number, e-mail address, financial transaction data, contact preferences date of birth, medical images, health data and categories of Data and health investigations.

Data does not include aggregate anonymous information that does not identify an individual person. This aggregate anonymous information
may be collected by us regarding the use of our CareLocker Service in order to monitor or improve the Service.

Our Statement does not restrict or limit our collection or use of aggregate anonymous information If You do not agree with our policies and practices, You can choose to discontinue the usage of CareLocker. By accessing or using CareLocker, You agree to this Statement. This Statement may change/be updated from time to time. Your continued use of CareLocker after We make changes is deemed to be acceptance of those changes, so please check the Statement periodically for updates.

We will alert You on such amendments by posting the date of such last update, or by sending You a communication through an email or SMS to the contact details as provided by You at the time of registration on CareLocker.

Any capitalized words not defined herein shall have the same meaning as ascribed to it in the Terms of Use of CareLocker.

1. Application
This Statement applies to CareLocker and the Services unless specified otherwise. Any Data including any personal information or sensitive personal information provided to or athered by Us under this Statement will be stored and controlled by Feedback.

2. Children Under the Age of 18
The Services provided by Us are not intended for children below the age of 18 (eighteen) years. We have a policy of not collecting Data from children under 18 years of age, if We have the knowledge of the same. If You are under the age of 18 years, We request You to not provide any information to Us or use any of the Services provided by CareLocker. If it comes to our knowledge that We have collected or received Data from a child under the age of 18 years without parental consent, We will delete that information without your consent or prior intimation.

3. Data Collected
When You set up an Account on CareLocker, We collect and store your Data which is provided by you from time to time. Our reason for the collection of such information is to enable You to have a hassle-free, efficient, safe and easy User experience. The kinds of Data We gather from You are listed below;
a. Account Information: We may collect Your Data such as email address, name, phone number etc., provided by You to set up the User Account on CareLocker.
b. Log Information: We collect non-personal information about Your Account such as log files, and website, and performance logs and reports, when You use our Services.
c. Device and Connection Information: We collect Device-specific non-personal information such as e-mail address, Internet Protocol (IP), password, Device version, operating system, the full Uniform Resource Locators (URL) clickstream to, through and from CareLocker (including date and time); cookie number; and any phone number used to call Our customer care number including phone number when You install CareLocker.
d. Cookies: We may use cookies to operate and provide Our Services, and improve Your experiences, understand how Our Services are being used, and customize Our Services. We may use cookies to know Your choices, such as Your language preferences, and customize Our Services for You.
e. Health Records: Any User Content that may be uploaded by You from time to time and any authorizations that You may provide with respect to sharing of your health data.

4. Use of your Data
We use your Data only for the purpose of providing You with CareLocker Service including:

  • Storage of data provided by You related to your health history and clinic results in
    the country of your residence
  • Communication with You regarding your CareLocker Service
  • Ensuring that your data is stored in compliance with Laws
  • To meet any regulatory requirements imposed on us
  • Transfer across country borders only for the purpose of providing You with customer support
    We do not collect your Data when You visit our website unless You choose to upload it to your CareLocker Account.
    We will always process your Data lawfully, fairly and in a transparent manner.
    We will only process your Data with your consent, where We are contractually obliged to do so or where it is in our legitimate interest, unless otherwise permitted by applicable laws or regulations or where there is a legal requirement for us to do so.

5. What We need from you
By accepting CareLocker’s terms of Service, You confirm that You are the legal owner of the Data being provided by You and You are entitled to transfer your Data to allow us to process it on your behalf.
We expect You to protect your Access Credentials and keep it confidential. Do not share it with anyone else. Other than when You log in to your CareLocker Account We will not request your password for any purpose.

6. Disclosure of Data
Your Data is an important part of our Services and We share the same with other entities only as described below –
a) Business purpose- We may share Your Data with another business entity should We (or Our assets) plan to raise capital or seek investment, merge with, or be acquired by that business entity, or in case of re-organization, amalgamation, restructuring of our business. Should such a transaction be undertaken, such business entity (or the new merged/restructured entity) will be required to follow this Statement with respect to your Data.
b) Authorised personnel: We will share Your Data with any data fiduciaries or health facilities as may be authorised by you.
c) Legal compliance- We may share Your Data to comply with the applicable Law, enforce our Statement and Agreement or when directed by any court, tribunal, regulator or any government authority or legal process. We may also share Your Data with other entities and government authorities for detecting, mitigating, investigate fraudulent activities related to CareLocker.
d) With your consent- Other than as set out above, You will receive prior written intimation/notice via email or alert in your Account when information about You might be disclosed or transferred to third parties and You will have an opportunity to choose not to share/transfer such information.
By using or continuing to use CareLocker You agree to Our use of Your Data in accordance with this Statement, as may be amended from time to time by Us in our discretion. You also agree and consent to Us collecting, storing, processing, transferring, and disclosing Your Data with third parties or affiliate service providers for the purposes set out in this Statement.

7. Managing of Your Account and retention of Data
You may delete Your Account at any time or revoke Your consent to Our use of the information provided to Us.
We may retain some of Your Data after the deletion of Your Account or such data, only for legitimate business or legal purposes such as security, fraud prevention or financial record-keeping or as otherwise mandated under applicable Law. When You delete Your Account or such Data, We follow a deletion process to make sure that Your Data is safely and completely removed from Our servers or retained only in anonymized form.

8. Options available to You at any time while using CareLocker
You will always have access to Your Account information and Your User Content on CareLocker for the limited purpose of viewing and, in certain cases, updating that information. In addition, You may at any time while using CareLocker:

  • choose not to provide any Data sought to be collected.
  • request to review and correct, amend or update Your Data. When You update such information, We usually keep a copy of the previous version of the Data for Our records. We may not accommodate a request to change information if We believe the change would violate any law or legal requirement or cause the information to be incorrect.
  • You can, at any time while using CareLocker, withdraw Your consent, given earlier to CareLocker, to use Your Data. However, such withdrawal of consent must be provided to Us in writing at the email id

9. How long will You retain my Data?
We will only retain your Data for as long as there is either a contractual need to do so, where there is a legal requirement or where it is in our legitimate interest to do so. We will retain financial (transactional data) for 7 (seven) years after You have deactivated your Account. Once You deactivate your Account (or fail to renew) any clinical records will be automatically deleted after 180 (1 (one) hundred and eighty) days. We will contact You to remind You that your Data will be deleted when You deactivate your Account and again just before they are deleted. You can of course ask us to delete your clinical records at any time. Once the Data have been deleted, they cannot be recovered.

10. Your Legal Rights

  • Right to access/Subject Access Requests – the Right to Access offers You the opportunity to obtain all of the Data We hold about You as an individual. Under GDPR We have one month to provide all the information We hold about you. This will be only in relation to the person making the request. We will review our systems to provide You with everything and if You can specify what information You require this will help us in responding to your request promptly.
  • Right of Rectification – if You believe the information, We hold about You is incorrect, inaccurate or incomplete this right ensures that You may contact us and We will update it according to your instructions
  • Right to Erasure – under Information Technology Act 2000 and rules made thereunder, You have the option for all records of Data to be erased. There are some legal exceptions to this right to allow us to comply with our own obligations under the law. If We believe We hold information that is no longer necessary to allow us to meet our legal and contractual obligations We will grant your right to erasure
  • Right to Data Portability – GDPR provides You with the opportunity for your Data to be provided back to You in a portable format so that You may transfer it to a different provider without the need for You to provide it again to them.
  • Right to withdraw consent – if for any reason You wish to withdraw consent for us to contact You either entirely or by certain methods We will update your contact preferences within our Systems
  • Right to be Informed – We will provide You with appropriate notifications about our processing activities and ensure that they are precise, transparent and easily accessible, written in plain language and free of charge
  • Right to Restrict Processing – this allows You the opportunity to let us hold your Data but not process it for marketing purposes. If You request this right to be actioned, We will amend your preferences accordingly
  • Right to Object – Under GDPR You can object to processing based on legitimate
    interest or a task being classified as being in the public interest, direct marketing and
    processing for certain types of research and statistics. If You do not want your personal Data collected, please do not provide it to us but in those circumstances You will not be able to access the intended functions of CareLocker.

11. Data Processors
We use the following software providers that process Data on our behalf safely and securely but have no rights to use your Data. They only act on our strict instructions: –
Amazon Web Services Inc (CareLocker data)
Microsoft Corporation (email communications)
Zoho Corporation (helpdesk management)
Halo Service Solutions (helpdesk management)
Except as provided above We will not disclose your Data with other third parties without your permission, unless required by applicable Law or in connection with enforcement action or other litigation.

12. Our Data Security Arrangements
We and any third party with whom We contract to support the CareLocker Service, each operates stringent checks to ensure that your Data is handled securely. Some of our key measures include:

  • Measures to protect against loss of your Data
  • Use of password protections security encrypted systems, firewalls and anti-virus systems
  • Internal Data privacy and security audits
  • Compliance with recognised international audit standards
  • Data protection and security training for all staff
  • Recruitment integrity checks to ensure the reliability of personnel who have access to Data, including appropriate confidentiality undertakings and their commitment not to publish, disclose or divulge any of your Data to any third party unless directed in writing to do so by You or as otherwise permitted by this Agreement.
  • Although We do our best to protect your Data, We are not responsible for circumvention  of any privacy settings or security measures contained on CareLocker. We will review this Statement periodically. We welcome your views and if You wish to comment on our actions or any aspect of this Statement You may do so by emailing us at

13. Limitation on Damages
We shall be liable to pay actual damages only for such offences as are envisaged under the applicable Law. You shall have the right to claim damages on account of any non-compliances by Us subject to sharing with Us satisfactory legal evidences of our non-compliances and the validity of Your claim. Your right to claim shall be limited to statutory damages prescribed under the Act.

14. Disputes
Any disputes arising on account of or out of this Statement shall be governed by the laws of India and the courts at Mumbai shall have exclusive and rightful jurisdiction to adjudicate upon all disputes arising out of this Statement.

15. Grievance officer
In accordance with Information Technology Act 2000 and rules made thereunder, the name and contact details of the Grievance Officer are provided below:

Kind Attn: Chief Information Officer
Address: Feedback Medical Limited, 201 Temple Chambers, 3-7 Temple Avenue,
London, England, England, EC4Y 0DT
If You have questions or any grievances about Our Statement, please contact our Grievance Officer.