Privacy Policy

1. Introduction

Modern Mediks Ltd (“Modern Mediks”, “we”, “us”, or “our”) is a United Kingdom–registered company operating globally as a healthcare technology provider. Our primary product suite — DoctorsHero — includes DoctorsHero Core, DoctorsHero Appointment, and DoctorsHero PatientCare, designed to support healthcare professionals, hospitals, clinics, and patients in the secure management of healthcare information, appointments, and electronic medical records (EMR).

We are committed to protecting your privacy and ensuring that your personal and medical information is handled in compliance with applicable laws, including the UK Data Protection Act 2018, the UK GDPR, and where applicable, the EU GDPR and other local data protection laws (such as in Bangladesh and the European Union).

2. Scope

This Privacy Policy applies to all users of:

• •DoctorsHero Core — for hospitals, clinics, and individual healthcare professionals;
• •DoctorsHero Appointment — for consultation scheduling and appointment management;
• •DoctorsHero PatientCare — for patients managing their medical history, wellness, and healthcare data;

and to visitors of modernmediks.com and doctorshero.com. All services are owned and controlled by Modern Mediks Ltd, and all personal data processed through any DoctorsHero product is under the direct responsibility of Modern Mediks Ltd as the data controller.

3. Information We Collect

We collect personal and healthcare-related data necessary to deliver our services:

4. How We Collect Data

• •Directly from users upon registration (via doctorshero.com or associated mobile apps).
• •Through healthcare professionals and hospitals who enter or manage patient records within DoctorsHero Core.
• •Automatically through cookies, analytics, and server logs.
• •Through integrations with authorized third-party systems (e.g., pharmacies, laboratories, and research partners).

No data is collected from unauthorized or external sources.

5. Purposes of Data Processing

• •Service Delivery — to provide healthcare management, appointment scheduling, and EMR systems.
• •User Account Management — to create, verify, and maintain accounts for doctors, hospitals, and patients.
• •Payment & Billing — to process subscription fees, invoices, and financial transactions.
• •Medical Research (Internal Use) — to support anonymized or pseudonymized data analytics for service improvement.
• •Communication — to send notifications, alerts, follow-ups, and healthcare-related messages.
• •Security & Compliance — to detect fraud, maintain system integrity, and comply with legal or regulatory requirements.
• •Product Development — to analyze system performance, fix issues, and improve user experience.

6. Lawful Basis for Processing

Modern Mediks Ltd processes personal data under the following lawful bases:

• •Contract: Processing is necessary to deliver our services to you or your organization.
• •Legal Obligation: Required to comply with healthcare, taxation, or data protection laws.
• •Legitimate Interest: For system security, service analytics, research, and limited internal marketing.
• •Consent: For optional data processing, such as marketing communications and cookie-based analytics.

Where consent is required, users can withdraw it at any time.

7. Data Retention

• •Active accounts with medical history are retained for the lifetime of the patient's healthcare record, unless deletion is legally required or approved through review.
• •Accounts with no data or zero activity are automatically deleted after 3 months.
• •Backup data is securely maintained in encrypted form and destroyed upon scheduled rotation.
• •Security audit logs: Retained for 1 year for security analysis and compliance.
• •Session data: Automatically purged after 90 days of inactivity.
• •Deletion requests: Requests for deletion of data that contain medical history are manually reviewed — if the reason is deemed invalid or an attempt to destroy medical evidence, the account will not be deleted.

8. Data Sharing and Disclosure

A. Within the DoctorsHero Ecosystem

• •Doctors and hospitals can only access patients under their care.
• •Shared visibility is limited to non-identifiable information (e.g., name, age, gender, condition summary).

B. With Third Parties

We may share anonymized or limited information with:

• •Medical research organizations, laboratories, and pharmaceutical partners;
• •Third-party analytics services limited to marketing pages;
• •Regulatory authorities, where required by law.

We do not sell or trade personal or medical information. Third parties are bound by strict confidentiality and data-processing agreements.

9. International Data Storage & Transfers

Modern Mediks Ltd maintains regional servers in:

• •United Kingdom — for UK and global operations;
• •Bangladesh — for South Asian users;

Data is stored in the user's regional server to comply with local laws. Where data transfers are necessary (e.g., for technical support or backup), we implement safeguards under the UK GDPR and EU Standard Contractual Clauses (SCCs).

10. User Rights

Depending on your location and applicable law, you have the following rights:

• •Access — obtain a copy of your personal data.
• •Rectification — correct inaccurate or incomplete data.
• •Erasure (“Right to be Forgotten”) — request deletion (subject to medical record retention laws).
• •Restriction — limit processing in certain situations.
• •Data Portability — request your data in structured, machine-readable format.
• •Objection — object to specific processing activities.
• •Withdraw Consent — revoke consent for optional uses at any time.

Users may exercise these rights through the in-app portal, by contacting their hospital/clinic administrator, or by emailing info@modernmediks.com.

11. Security Measures

We employ extensive technical and organizational safeguards:

12. Data Breach Response

In the event of a data breach, Modern Mediks Ltd will:

• •Immediately isolate and secure affected systems;
• •Investigate and assess potential risk and impact;
• •Notify affected users and relevant authorities (as required by the UK ICO or EU supervisory authorities) within statutory time limits;
• •Provide guidance and remediation actions to impacted users;
• •Review and update security protocols to prevent recurrence.

13. Children's Data

DoctorsHero products may include patient profiles for minors (under 16). Such data is handled under strict parental or guardian oversight. Parental consent is required for minors' accounts created directly via the app. Child users have limited feature access but full view of their medical records. No adult or restricted content is delivered to child profiles or notifications.

14. Cookies and Tracking

We use cookies to ensure site functionality and improve user experience. Types include:

• •Essential Cookies — required for login and service delivery;
• •Analytics Cookies — help us understand usage trends (requires consent);
• •Marketing Cookies — only active on marketing pages (requires consent).

Session cookies are HTTP-only, secure (HTTPS only), and use SameSite=Lax policy. Sessions are automatically terminated after 15 minutes of inactivity for security. Users may adjust cookie preferences through their browser settings.

15. Automated Decision-Making

DoctorsHero uses automated decision processes for account approvals for doctors (license validation, identity verification) and subscription activation for automatic plan provisioning. Patients' data is not subject to automated clinical decision-making.

16. Data Access by Modern Mediks Personnel

Modern Mediks team members, including customer support, technical engineers, and compliance officers, may access user data strictly under authorization and only for legitimate business or technical purposes. All personnel are under binding confidentiality and data-processing agreements.

17. Data Ownership

All medical and personal data within DoctorsHero remains the property of the originating healthcare provider or patient, while Modern Mediks Ltd acts as the custodian and controller. We do not claim ownership over any EMR content uploaded by users.

18. Data Retention for Legal Compliance

Certain records (billing, logs, audit trails) may be retained beyond account deletion to comply with legal obligations, regulatory investigations, or dispute resolution requirements.

19. Marketing Communications

We may send you service-related updates, product news, and healthcare awareness messages. You may opt out at any time through your portal settings or by contacting info@modernmediks.com.

20. Third-Party Links

Our websites and mobile apps may include links to external resources (e.g., pharmacies, labs, blogs). We are not responsible for the privacy practices of those websites and recommend reviewing their policies separately.

21. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Users will be notified via official website announcements, email or SMS, and in-app notifications. The effective date at the top indicates the last revision.

22. Contact Information

For all data-protection inquiries or to exercise your rights, contact our Data Protection Officer (DPO):

For UK users, you may also contact the Information Commissioner's Office (ICO) or your local supervisory authority.

23. Acceptance

By accessing or using any DoctorsHero service or Modern Mediks platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy.