INFEDIS PRESTIGE NETWORK - PRIVACY POLICY

Last Updated: 31/12/2025

This Privacy Policy (“App Privacy Policy”) explains how Infedis Infotech LLP (“Infedis”, “we”, “our”, “us”) collects, uses, stores, shares, and protects personal data of users (“User”, “Doctor”, “you”) who access or use the Infedis Prestige Network mobile application (“App”).

Infedis Infotech LLP is a limited liability partnership incorporated under the laws of India, having its registered office at Office 108, Suyog Center, Gultekdi, Pune – 411037.

This App Privacy Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the DPDP Rules, 2025, and shall be read together with the master Infedis / Hidoc Dr. Privacy Policy.

In case of any inconsistency, this App Privacy Policy shall prevail for use of the App.

. 1. Roles under the DPDP Framework

• Data Fiduciary: Infedis Infotech LLP
• Data Principal: Registered users of the App

Infedis acts as the Data Fiduciary and is responsible for lawful, fair, and transparent processing of personal data in accordance with the DPDP Act and Rules.

2. Scope and Applicability

This App Privacy Policy applies exclusively to personal data collected and processed through the Infedis Prestige Network mobile application

It does not override or replace the master Infedis / Hidoc Dr. Privacy Policy, which continues to apply at an ecosystem level to other digital assets, except to the extent this App Privacy Policy specifically governs App usage.

3. Categories of Personal Data Collected

Depending on the nature of usage, we may collect the following categories of personal data:

A. Identity & Professional Data

• Name, mobile number, email address
• Medical registration number, specialty, practice details
• Profile information provided during onboarding

B. Financial & KYC Data (Rewards Processing)

• UPI ID (mandatory for reward redemption)
• KYC details, where required for verification
• Reward history, coin balances, redemption records

C. Referral & Engagement Data

• Referral status and confirmation records
• Coin accruals, rankings, and engagement summaries

D. Usage, Behavioural & Analytics Data

• App interactions (views, clicks, redemptions)
• Engagement with notifications and offers
• Behavioural signals used for engagement optimisation

E. Technical & Device Data

• Device identifiers, IP address
• App logs, crash reports, operating system details

F. Communication Data

• In-app notifications
• Automated engagement messages

Important Clarification:

The App does not directly collect patient-identifiable personal data. Any insights displayed are aggregated, anonymised, and intended solely for professional engagement and analytics purposes.

4. Purpose of Processing

Personal data is processed strictly for the following lawful purposes:

• User registration, authentication, and account management
• Referral tracking and validation
• Automated coin calculation, rewards administration, and redemption processing
• Offline fulfilment coordination, where applicable
• Dashboard insights, rankings, and engagement summaries
• Engagement analytics and communication optimisation
• Fraud detection, misuse prevention, and audit checks
• Compliance with legal, regulatory, and contractual obligations

Processing is limited to what is necessary, proportionate, and purpose-bound, in line with DPDP principles.

5. Legal Basis for Processing

Personal data is processed on the basis of:

• Explicit consent, where required under the DPDP Act and Rules
• Performance of a contract, i.e., provision of App features and services
• Compliance with legal obligations
• Legitimate interests, limited to security, fraud prevention, analytics, and service improvement, where such interests do not override Data Principal rights

6. Consent, Notice & Withdrawal

• Clear and standalone notices are provided at the time of data collection
• Mandatory data is required for core App functionality (e.g., UPI for rewards)
• You may withdraw consent at any time using in-app mechanisms or by contacting the Grievance Officer

Withdrawal of consent may result in:

• Restricted access or termination of the App account
• Inability to process rewards or redemptions
• Deletion of personal data, subject to legal retention obligations

Withdrawal shall not affect processing lawfully carried out prior to such withdrawal.

7. Data Sharing & Disclosure

Personal data may be shared:

• Internally, with authorised Infedis’ personnel on a strict role-based access basis
• With service providers (cloud hosting, analytics, payment processing, fulfilment partners) under binding data-processing agreements
• With government authorities, regulators, or law enforcement agencies when required by applicable law

Medical representatives may access only non-clinical, operational data necessary for App administration.

We do not sell or rent personal data.

8. Data Storage and Retention

Personal data is stored securely using industry-standard safeguards.

Data is retained:

• For as long as the user account remains active
• As required for rewards processing, audits, and dispute resolution
• As mandated by applicable laws

Upon fulfilment of purpose or lawful request, data is deleted or anonymised unless retention is legally required.

9. Security Safeguards

We implement reasonable and appropriate technical, organisational, and administrative measures, including :

• Encryption of data in transit and at rest
• Secure authentication mechanisms
• Role-based access controls
• Logging, monitoring, and audit trails

While we strive to protect personal data, no system is completely secure, and users are encouraged to safeguard their credentials.

10. Rights of Data Principals

As a Data Principal, you have the right to:

• Access your personal data
• Request correction or updating of inaccurate data
• Request erasure of personal data (subject to legal retention)
• Withdraw consent
• Nominate another individual to exercise rights in the event of incapacity or death
• Lodge a grievance or complaint

11. Data Breach Response

In the event of a personal data breach:

• Affected users will be notified without undue delay
• The Data Protection Board of India will be notified, where applicable, preferably within 72 hours, in accordance with DPDP Rules

12. Grievance Redressal

In accordance with the DPDP Act and Rules, you may raise grievances or exercise your rights by contacting

Grievance Officer:
Name: Vanshika Pradhan
Email: vanshikapradhan@hidoc.co

Requests will be acknowledged within 24 hours and resolved or closed within 90 days.

13. Cross-Border Data Transfers

Where personal data is processed or stored outside India (e.g., cloud infrastructure or service providers), Infedis shall ensure compliance with safeguards prescribed under the DPDP framework and applicable regulations in force at the relevant time.

14. Changes to This Privacy Policy

Infedis reserves the right to update this App Privacy Policy. Material changes will be notified through the App or other appropriate channels. Continued use of the App after such updates constitutes acceptance.

15. Contact

For any questions or concerns regarding this App Privacy Policy, please contact:

Infedis Infotech LLP
Email: vanshikapradhan@hidoc.co