Privacy Policy

This Policy explains how Unimrkt Healthcare collects, holds, uses and discloses Personal Information, including personal Information of study respondents/KOLs/Panel members, personnel, consumers, business professionals, customers, suppliers, vendors, business partners and investors. Unimrkt Healthcare intends that this privacy policy read along with its standard terms, conditions and procedures will support timely compliance with all applicable local as well as international privacy laws and regulations around the world including, but not limited to, the Data Protection Regime under Indian Law and EU General Data Protection Regulation (“GDPR”).

All the studies are executed solely for the purpose of market investigation; with no aim for promotion or advertising across any sector. All information that is communicated is considered confidential. The information presented is intended to gather the audience reactions and should be considered as assumptions about what can be said about a product or diseases. They are neither intended to be used nor actually used to influence decisions in any area.

Unimrkt Healthcare adheres to the requirements of the ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics.

Disclosure of Personally identifiable Information (PII) – Anonymised data and access security

• PII may be collected prior to execution of the survey proposed in this application. At the time of their enrollment, participants may at their own sole option consent to providing additional sensitive data including health data, race/ethnic origin, political/religious opinions, etc.
• The identity of the respondents is confidential and the details shall not be communicated to third parties.
• Individuals authorized to view the responses, whether they are representatives of the study sponsor or third parties, are not permitted to disclose personally identifiable information (PII) about participants to others in their organization or other organizations.
• Any information that could potentially identify a participant (e.g., name, address, place of employment, social security number, zip code) shall not be collected by, or transmitted to our sponsor.
• The information the respondent provides to us will be treated in the strictest confidence and will be aggregated with other participants.
• Only the consolidated results shall be presented to the sponsor of the study, in order to provide an overview of the attitudes in the therapeutic areas that are the subject of this study.
• It is clarified that the manner of information collection and processing undertaken by Unimrkt Healthcare, ensures that at no point in time can any answer, voluntarily provided by a respondent be attributed to any such respondent by name.

Employee training

Unimrkt Healthcare has extensively trained all the employees to ensure a high level of data protection awareness and data protection adherence across the group. Our customers/ sponsors expect that Unimrkt Healthcare employees are compliant with General Data Protection Regulation issued by the European Union (GDPR) and other applicable data protection legislation. Unimrkt Healthcare is continuously evolving by implementing a training program concerning data protection (including GDPR requirements) for all the relevant teams (operations, programming, panel, and voice quality).

Adverse Event Identification & Reporting

If, during the course of survey, patient/caregiver/physician mentions an adverse event that occurred in a patient, during or after taking a drug, Unimrkt Healthcare must pass the information to the pharmacovigilance department of the sponsor laboratory of the study, if it is a product of this laboratory.

• We must report this adverse event, even if participant have already reported it directly to the laboratory or accredited bodies.
• We must ask the participant for details about this adverse event as soon as we become aware of it
• Before completing the adverse event reporting form, participant will be asked for consent to disclose the personal data. In case of refusal, only the participant’s profession will be indicated.

A serious adverse event (SAE) is defined as an event that meets one of the following criteria:

• Is fatal or life-threatening
• Results in persistent or significant disability/incapacity
• Constitutes a congenital anomaly/birth defect
• Requires inpatient hospitalization or prolongation of existing hospitalization, unless hospitalization is for one of the following:
  1. Routine treatment or monitoring of the studied indication, not associated with any deterioration in condition
  2. Elective or preplanned treatment for a preexisting condition that is unrelated to the indication under study and has not worsened since the start of the drug of interest
  3. Social reasons and respite care in the absence of any deterioration in the patient’s general condition
• Is medically significant (i.e., defined as an event that jeopardizes the patient or may require medical or surgical intervention to prevent one of the outcomes listed above); for example, may require treatment on an emergency outpatient basis for an event not fulfilling any of the definitions of an SAE given above and not resulting in hospital admission
• Transmission of infectious agent via medicinal product

What qualifies as Personal Data

Personal data are information that directly or indirectly identifies you as an individual and/or is peculiar and/or exclusive to you as an individual, indirectly meaning when combined with other information, for example, your name, postal address, email address and phone number, or a unique device identifier. Through this website, Unimrkt Healthcare may collect information that can specifically identify you- the user, such as your name, address, telephone number and e-mail address when you chose to yourself voluntarily submit the same. It is clarified that Unimrkt Healthcare does not impose any mandatory condition for the aforesaid submission of your personal data which is voluntarily undertaken by you – the User.

Lawful Collection and Use of Personal Data

Unimrkt Healthcare collects information in multiple ways including from the use of this website as well as other activities such as telephone studies, face to face, online and social media interactions, etc.. Unimrkt shall only use personal data submitted by the User, as set forth in this privacy policy and further subject to the User’s express consent recorded duly in the submission form issued for such purpose. Once submitted Unimrkt may use and disclose such voluntarily submitted data of the User for any of the following reasons:

In the event that Unimrkt Healthcare intends or choses to use or apply the User’s personal data, so collected, in any manner other than what was consented to by the User, Unimrkt Healthcare shall inform the intended User in advance and in such cases where the processing is based on the User’s further consent, use the User’s personal data for a different purpose only with the User’s prior permission:

• To respond to requests made by the Users in terms of the use of the website and/or services provided by Unimrkt Healthcare, including to provide services that have been requested by the User and also to allow the User to participate in activities that they may have chosen to participate in.
• To contact the User and/or to provide the User with general information as well as information about Unimrkt Healthcare products and services from time to time.
• To send the User marketing communications relating to Unimrkt Healthcare’s business which may be regarded as being of interest to the User.
• To share with agents, contractors or partners of Unimrkt Healthcare in connection with services that these individuals or entities perform for, or with, our firm and/or related businesses. However, it is clarified that these agents, contractors or partners are restricted from using the User’s Personal Data in any way other than to provide services for Unimrkt Healthcare. Unimrkt Healthcare may, for example, provide Personal Data submitted by the User to agents, contractors or partners and/or sponsors for hosting their databases, for data processing services, or to send the User information that the User requested, but those parties cannot use the Users Personal Data for their own purposes unrelated to the work they are doing for Unimrkt Healthcare.
• To respond to duly authorized information and statutory disclosure requests of governmental authorities or wherever required under applicable law.
• In connection with the sale, assignment, or other transfer of the business of this website to which the information relates, in which case Unimrkt Healthcare shall require any such future Buyer to agree to treat the personal data in accordance with this privacy policy.
• Contact the User for studies via email, through mobile notifications or texts or any other proposed communication options, as chosen by and consented to by the user at the time of submitting information.
• Inform the User of updates to services as well as privacy policy guidelines, new features and details relevant to the User through communications sent from time-time.
• Select the User for future studies and further lend adequate assistance to the User when the User contacts Unimrkt Healthcare’s support team.
• Allow us to reward the User with the incentives per Unimrkt Healthcare Policy.
• Protect Unimrkt Healthcare from fraudulent behavior by investigating suspected activity in connection with the website or violation of another party’s rights.
• Prevent multiple entries in studies by the same individuals.
• Update, enrich and clean Unimrkt Healthcare’s database to improve the usage and efficacy of data/information, allowing Unimrkt Healthcare to better select and identify the User for studies and receiving communications.

In terms of the Privacy Policy Unimrkt Healthcare has further set out, below more detailed information about how they utilize personal data. The legal basis for data being processed at the receiver’s end i.e. Unimrkt Healthcare’s end is listed as below:

• Unimrkt Healthcare has consent for the use of the User’s personal data voluntarily submitted by them.
• Unimrkt Healthcare needs to use the User’s personal data in order to perform its contractual obligations with respect to the User.
• Unimrkt Healthcare needs to process User data to comply with its legal obligations under applicable law.
• Unimrkt Healthcare needs to process the User’s data in order to protect the User’s vital interests in terms of contractual and statutory compliance requirements
• Unimrkt Healthcare may process User data if it is deemed necessary to perform a task in the public interest or where the use of the User’s personal data is deemed necessary for securing Unimrkt Healthcare’s clients’ legitimate interests (in which case Unimrkt Healthcare will first explain what those interests are to the User concerned).

Unimrkt Healthcare being a responsible and law-abiding corporate entity undertakes not to misrepresent its services, data or scope of operations, at any time and in the event any contrary or mischievous email that concerns the User directly or indirectly, is received by the User purportedly from Unimrkt Healthcare, the User is required to forthwith inform and intimate Unimrkt Healthcare in this regard in order to avoid any unforeseeable and/or damaging circumstances from arising.
In addition to and in terms of the foregoing Privacy Policy Unimrkt Healthcare will also be entitled to use the personal data submitted by the User for the purposes as described below. It is re-iterated that Unimrkt Healthcare does not collect and process more or other types of personal data than is deemed necessary by them in terms of fulfilling their respective purposes and or contractual or statutory compliance.

Third Parties and Data Transfer across Borders:

In terms of this Privacy Policy the User can be assured that Unimrkt Healthcare will protect their privacy and will not make their personal information available to anyone without obtaining the concerned User’s prior agreement as well as express consent, unless it is for research purposes only or if required in terms of applicable law. This includes the User’s name and e-mail address.

Unimrkt Healthcare may share the User’s personal data with companies and related entities within their group or vendors to fulfil their data processing requirements, e.g. data matching, third party service providers, online ad effectiveness measurement, social media data interactions, scientific publication, pharmacovigilance/safety follow up. Where the transfers are across borders or outside the EEA Unimrkt Healthcare shall put safeguards in place to ensure the transfer is made by a legitimate method for the purposes of EU data protection law and secure.

The User’s personal information may be collected, stored, transferred or processed by Unimrkt Healthcare’s sister companies, or 3rd party service providers for research-related purposes, such as data processing, and fulfilment of incentives. However, Unimrkt Healthcare clarifies that its sister concerns, third party vendors and/or service providers are all contractually bound to keep any information they collect and disclose or, which is collected and disclosed to them, confidential and further liable to protect such information with security standards and practices that are equivalent to Unimrkt Healthcare’s own standards in this regard .

Security of Personal Data

The security of the User’s personal data is of pivotal importance to Unimrkt Healthcare and therefore they have put in place a reasonable physical, electronic, and administrative procedure to safeguard the information supplied by the User and collected by them. Access to the User’s personal data is granted only to those employees who require it in order to perform their duties. However, Unimrkt Healthcare cannot reasonably guarantee that all communications shared between themselves and the User or information stored on their servers will be free from unauthorized access by third parties such as hackers. It is therefore assumed under the terms of this Privacy Policy that by agreeing to submit data the User has waived its objections in this regard and has further assumed the risk of such data hacking or resultant leak.

Third Party Websites

As a convenience to the User’s, this website contains links to a number of websites that are believed to offer useful information for the benefit of the User. The policies and procedures described here do not apply to those websites. The User is therefore, directed to contacting those websites directly for information on their respective privacy policies.

Accuracy of Personal Data

Unimrkt Healthcare makes reasonable efforts to keep personal data in their possession or control, which is used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available. In the event the User requires any correction or update of their personal data, they may submit a request in writing to datacontroller@unimrkt.com for making such necessary amendments or change.

International Transfers of Personal Data

• The Personal data submitted through the study is stored in and resides on Unimrkt Healthcare servers located at their data center in India. The respondent/KOL/user personal data may be transferred to one or more Unimrkt Healthcare affiliated companies and/or sister concerns in other countries and used for the purposes described previously. To facilitate Unimrkt Healthcare’s global operations, they may transfer and access Personal Information from around the world, including the United States. This Privacy Policy shall apply even incases which involve transfer of Personal Information to other countries.
• It is clarified that Unimrkt Healthcare’s service providers are contractually bound to respect the confidentiality of the respondent/KOL/user personal data.

Retention of Your Personal Data

• As per existing online norms and as per general practice, Unimrkt Healthcare will delete the User’s personal data if its retention is no longer deemed necessary to achieve the purposes for which such data was originally collected. However, Unimrkt Healthcare may be required to store the User’s personal data for a longer period due to statutory compliance requirements, where ever applicable.
• In addition, if the respondent/KOL/user chooses not to be contacted in future or decides not to pursue its dealings with Unimrkt Healthcare, Unimrkt Healthcare shall be entitled to retain such data for ensuring that the particular respondent/KOL/user opting for such ‘do not disturb’ option is not contacted in the future by means of bulk emailing or recruiting campaigns for market research projects.

Access to Personal Data

• Unimrkt Healthcare may upon written request in this regard, received from the respondent/KOL/user make available such respondent/KOL/user’s personal data in their custody or control collected, used or disclosed, by the respondent/KOL/user per the terms of usage and this Privacy Policy to the extent required and/or permitted by law.
• To make such a disclosure request, requesting access to the respondent/KOL/user personal information the User will be required to submit such a request in writing to datacontroller@unimrkt.com. Upon receipt of such request Unimrkt Healthcare will attempt to process the same within 30 days, including requests regarding the personal data in its possession or control about the respondent/KOL/user’s, what it is being used for, and to whom it has been disclosed, if applicable.
• In certain situations, however, it may not be legally tenable or otherwise feasible to handover such access to the respondent/KOL/user’s data even upon request received in this regard from such User and in such cases appropriate reasons shall be made available to the respondent/KOL/user’s for refusal in this regard.

Infrastructure and Security Framework

• Physical Security
  1. Unimrkt Healthcare’s IT infrastructure is an indigenous and completely in-house system. The advanced facility provides state of the art security that meets several compliances and/or third-party certification standards including GDPR compliance, ISO 270001(Data Security), HIPAA, GLBA, SOC2 and/or SSAE 16.
  2. The facility provides redundancy with multiple backup generators, uninterruptable power supplies and air conditioning units. Physical security includes key card and biometric system to control access to data centers. Security cameras are placed throughout the facilities to record physical activity. High network connectivity is provided with multiple tier-1 network carries, redundancy within and between data centers.
  3. Network operations center provides 24x7x365 on-site monitoring.
  4. No Unauthorized external devices are allowed inside the premises.
• Network Security
  1. Networks are protected by firewalls. The firewalls are configured to deny all traffic by default and only through formalized process are opened up to approved traffic.
  2. The network is capable to analyze the hits that the system is taking and their potential risk.
  3. External access to the network is provided through VPN with the same password policies and two‐factor authentication.
  4. Wifi Access are secure.
  5. USB and CD drives of all the systems are disabled.
  6. Enterprise virus and malware protection provide real time security against virus and malware
  7. Information access is monitored and highly controlled in the system
• Staff and Security Practice
  1. Standard training includes an understanding of Information Security best practices, and a section of staff is also trained on HIPAA Privacy and Security Rules, GDPR compliance standard and EphMRA guidelines. All employees are bound by confidentiality agreements and non-disclosure covenants upon commencement date. The agreement includes non-disclosure provisions.
  2. Unimrkt Healthcare employees have unique user names and are required to use complex passwords and change them every 90 days.
  3. Unimrkt Healthcare employees’ accounts are reviewed for inactivity every week. Upon termination, all employee accounts are reviewed and access removed. Security updates are reviewed and tested in QA environments before production environments.
  4. All laptops have hard drive encryption.
  5. Desktop and laptop updates are managed and completed through a systems management solution
  6. Information access is monitored and highly controlled in the system
• Data protection
• Monitoring and Alerts
  1. IDS (Intrusion Detection System) monitors network traffic for suspicious activity. Unimrkt Healthcare’s IDS are tied into malware features; this extends our capabilities to include endpoint connection monitoring. Events are emailed to security staff as well as logged to a centralized security solution. Triggers and alerts being monitored on over services across our operating services and systems.
  2. Security department runs regular vulnerability scans against systems

Changes to this Policy

Unimrkt Healthcare serves the right, at its own sole discretion, to modify the privacy policy and practices and update and make changes to it at any time. For this reason, the Users are encouraged to refer to this privacy policy on an ongoing basis. This privacy policy is current as of the “last revised” date which appears at the top of this page. Unimrkt Healthcare will treat personal data in a manner consistent with the said privacy policy under which it was collected, unless the User has consented otherwise. By using this website following any privacy policy change, the User freely and specifically gives its consent to collect, use, transfer and disclose its personal data in the manner specified in such then and current privacy policy.