Patient Privacy Statement

1. TYPES OF INFORMATION COLLECTED

   We may collect various types of information about you when you avail any of the Services, including the kinds of information defined and detailed in Exhibit A (collectively, “Information”). Some of the Information may be classified as Personal Information (as defined in Exhibit A), and we may collect, process, use, transfer or disclose such Personal Information for the purposes set out in this Statement. Some of the Information may be classified as Sensitive Personal Data or Information (“SPDI”) under the SPDI Rules and is treated as such under this Statement.

2. PURPOSES

   We and/or our affiliates may collect, use, process, disclose, transfer, or store your Information, whether in or outside India, including for the following purposes (collectively, the “Purposes”):

   Medical Care

   • To provide/deliver medical care, treatments and/or procedures and other related services;
   • To contact you or your Authorized Representatives in case of emergency or in relation to your medical condition, including providing appointment details, updates, test results, available services, notifications, etc.; and
   • For billing and invoicing related purposes, including for enabling the request or receipt of payment for you or other third parties on your behalf.

   Operational Considerations

   • To conduct or maintain our business or operations or those of our affiliates;
   • To analyse the use of our resources, troubleshooting problems and improve our Services;
   • For the general business purposes;
   • To receive payment from you, your insurance carrier, third party administrators of insurance companies, government/corporate sponsors, or other third parties;
   • To conduct audits and quality assessment procedures;
   • To respond to any queries that you may have and to communicate information to you, including sending you e-mails or other communications regarding updates to this Statement; To take feedback on our Services; and For any other lawful purpose.

   Compliance

   • To comply with applicable law, standard operating procedures and best practices;
   • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving public health, potential threats to the safety of any person, violations of Our policies, or as otherwise required by law, including to:
     • Conform to legal requirements or comply with legal process;
     • Protect our rights or property or our affiliated companies;
     • Protect national security;
     • Protect the personal safety of other individuals availing the Services or the public; or
     • Government agencies, regulators, courts and tribunals pursuant to statutory requirements including those arising from the Epidemic Diseases Act, 1897, MCI Regulations, and Right to Information Act, 2005 or for any other disclosure required by or under applicable law.

   Disclose

   To disclose or transfer your Information to:

   • Other physicians, hospitals, healthcare agencies, affiliates, or any other third parties, in relation to your medical care;
   • Third party administrators of insurance companies, government sponsors, or other third parties who may make payments on your behalf for the Services availed by you;
   • Our agents, contractors or third-party service providers that process or will be processing your Information on our behalf, including to those who provide administrative or other services to us (e.g., lawyers, accountants, mailing houses, telecommunication companies, information technology companies and data centres); and
   • a third party who acquires or proposes to acquire our business units, whether such acquisition is by way of merger, divestiture, consolidation or purchase of all or a substantial portion of our assets and who will have the right to continue to use the Information provided to us by you.

   Other Data Rights

   We and our affiliates may use your de-identified and/or anonymized Information (whether by itself or in conjunction with other information), whether in or outside India, for the following purpose:

   • To conduct scientific research;
   • To improve existing, or create new, products, software and/or services; and
   • For other commercial purposes in compliance with applicable law.
3. ACCESS TO INFORMATION
   

If you would like to obtain a copy of your medical records (in addition to your discharge summary), you need to submit a request letter (along with your government-issued ID proof) to us, in the format prescribed by us. Each copy of the medical record will be made available at a charge of Rs. 500 (Rupees Five Hundred only), or such other fees as may be revised from time to time. We will provide the same within 72 (seventy-two) hours of receiving such request.

4. CHANGES TO YOUR INFORMATION   
   

You may review or delete your Information that qualifies as SPDI. You may also correct, update, or change your Information where possible. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. Access to, or correction, updating, or deletion of your Information may be denied or limited by us if it would render the Information inaccurate or incomplete, violate another person’s rights and/or is not otherwise permitted by applicable law.

5. RETENTION OF INFORMATION
   

   We will retain Information in the formats and for the duration prescribed under applicable law or our Statement. We will retain your Information for as long as needed to provide you the Services or any other Purposes for which you have provided your consent to us. We will not retain such Information for longer than is required for the purposes for which the Information may lawfully be used or is otherwise required under any other law for the time being in force.We will put in place measures to ensure that your Information in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable after: (a) the Purposes for which that Information were collected is no longer being served by the retention of such Information; and (b) retention is no longer necessary under any applicable law.Your data may be anonymized, de-identified and/or aggregated, and the resulting data may be held by us, our affiliates, associates, agents, representatives, and other authorized third parties, for as long as necessary for us to provide the Services effectively or for other Purposes.

6. SECURITY OF YOUR INFORMATION
   

   We endeavour to maintain physical, operational, managerial, technical and procedural safeguards that are appropriate to protect your Information against loss, misuse, copying, damage, modification, unauthorized access or disclosure. We will not be responsible for any breach of security or for any actions of any third parties or events that are beyond our reasonable control, including acts of Government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, etc.

7. DISCLAIMER AND LIMITATION OF LIABILITY
   

   You are to ensure that Information provided to us is accurate, true and up to date at all times. We will not be liable for any loss, damage or prejudice suffered by you due to your failure to provide accurate, true or up to date Information or due to your provision of false, inaccurate or misleading Information. None of us, our affiliates, our employees, consultants, directors, will be liable or obligated for any indirect, incidental, special or consequential damages with respect to collection and processing of your Information under any tort, contract, negligence, strict liability or other legal or equitable theory, even if you have been advised of the possibility of such damages.Your information may be disclosed in ways not foreseeable pursuant to the description in this Statement due to legal and/or regulatory requirement or for reasons beyond our control. Therefore, although we are committed to protecting your privacy, we do not promise, and you should not expect, that your Information or private communications will always remain private.

8. CHANGES TO THE STATEMENT
   

   We reserve our right to change, modify, add, or update portions of this Statement, at our sole discretion. We may update this Statement from time to time, with or without advance notice, and as required by latest regulations.

9. GRIEVANCE OFFICER AND CONTACT INFORMATION
   In accordance with the IT Act, the name and contact details of the Grievance Officer are provided below:

• You may contact Mr. Mukti Ranjan at:
• Email– muktiranjans@americanoncology.com
• Phone– 040 6719 1919(available from 9 AM to 6 PM)
• Postal address– Privacy Officer, Door No. 1-100/1/CCH, ,Nallagandla Village, Serilingampally Mandal, Hyderabad, Telangana 500019

If you have any questions in relation the above, or if you wish to withdraw your consents, please contact our Grievance Officer at the contact details given above. You may object and/or withdraw your consent at any time. However, if you choose to withdraw your consent, we may not be able to continue to provide the Services to you.

At your request, you may be provided copies of this Privacy Statement and General Consent Form in vernacular languages such as Hindi, Punjabi, Marathi, Telugu, Oriya and Urdu. Such translated versions of the Privacy Statement and General Consent Form are for the purposes of information only and the English version of such documents shall prevail and be binding on the parties.