Privacy Policy

Promorphosis Data Protection and Privacy Policy


Personal Information

“Personal information” is defined to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

Sensitive Personal Data or Information

Sensitive personal data or information of a person to mean personal information about that person relating to:

  • passwords;
  • financial information such as bank accounts, credit and debit card details or other payment instrument details;
  • physical, physiological and mental health condition;
  • sexual orientation;
  • medical records and history;
  • biometric information;
  • information received by body corporate under lawful contract or otherwise;
  • visitor details as provided at the time of registration or thereafter; and

Information that is freely available in the public domain will not be regarded as sensitive personal data or information.

Our Commitment

We at Promorphosis Pvt. Ltd. are fully committed to complying with the requirements of the data protection and privacy regulation.

The following summary identifies the steps taken by us to ensure data protection and privacy in our service.

Security Measures in Our Processes

Risk Assessment

During the development of the software, we assessed all the risks in the processing of personal data and we remediated those risks with mitigation processes together with risk control measures. This reflected in all our software. We ensure that we seek only as much information as is required for providing the service efficiently and accurately.


We adhere to the regulations and we accommodate the regulations in terms of our data processing obligations.

ISO 27001

We ensure that our applications are hosted on ISO 27001 compliant server and the data received by them is stored in ISO 27001 certified data centres.

Data Security

All the data transmitted to our service is transferred in an encoded manner using secure TLS (Transport Layer Security). TLS is a secure and proven standard used by banking industry for transmission of sensitive financial data. You can identify secure TLS connection through presence of additional S after http (i.e. https://…). We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation or unauthorized access. We are continuously working to improve our data protection and security methods as the technology progresses.

Data Protection in Our Software

Stored and processed in India

By default, all of your data and your customers data transmitted to us is stored and processed within India. Only the final results are transmitted outside India if you are located outside India. The transmitted data is always sent over a secure (TLS) communication channel.

Privacy by Design

All our software accommodates the security features that help you achieve compliance with the requirements of data protection, privacy and security. Our software has built-in features that ensure accountability and compliance. These features also have mechanisms built-in to protect against malicious attempt to access the data in an unauthorized manner. All of this communication is encrypted.


When you are storing a user’s / customer’s / patient’s (commonly referred as patient in this document) sensitive healthcare information, you must receive consent from them regarding the purpose of getting and storing their data, sharing information and their communication preferences.

Secure Access

Our software through authentication and authorisation features is designed to allow only the intended persons to use the software. Passwords should be changed periodically using complex character requirements.

Backup and Restore

Managed and automated backup and restore processes reduce the stress and worry regarding your data. Our processes are secured and automated with backups stored at an offsite location, within India only.


  1. Any information provided to Promorphosis by Users through use of its products and services will be treated in confidence and will not be disclosed to third parties except as provided in the terms of use or required by law.
  2. Promorphosis does not store or capture personal information from Users unless voluntarily offered.
  3. Where personal data is provided by the User, the same is used only for the stated purpose. The information submitted by the user shall be held for as long as is required to access the service requested, and as required by law. User has the right to withdraw his/her consent at any time. On termination, all personal information will be deleted from our records.
  4. The use of our software and service (e.g. Chornovisor TeleHRV) involves every User’s registration information and browsing history being stored.
  5. Promorphosis at the time of registration asks for and collects certain information about the User, including personally identifiable information, such as name, postal address, phone number, email address, etc. When you provide such information, Promorphosis may use this information to provide member benefits, such as to send notifications of upcoming events, newsletters, publications, etc.
  6. Users can review and amend their personal data. If User updates any of his/her/its information, Promorphosis may keep a copy of the information which User originally provided in its archives for user’s documented herein.
  7. Promorphosis shall not be responsible in any manner for the authenticity of the personal information or sensitive personal data or information supplied by the User.
  8. Promorphosis reserves the right to gather information relating to system usage. Any information gathered is primarily for internal use to allow us to refine and improve this software and services.
  9. Usage of our service and software presumes obtention of express consent by Users from their Patients / Customers (referred as “Patient”) before storing Patient data in Promorphosis’ products and services. It is User’s responsibility as data controller to ensure that the patient data are used in conformity with the applicable privacy laws.

Promorphosis also has limited access to patient information which is Sensitive Personal Information. Promorphosis seeks only absolutely minimal information that is required to provide the service effectively and accurately.

  1. Promorphosis has implemented reasonable security practices and procedures to protect the data in its custody and under its control and the system is hosted with a ISO:27001:2013 information security standard complaint webhosting service which has taken adequate measures to safeguard against malicious denial of service attacks, database hacks, viruses, and other threats by using a Firewall that protects server and critical data by blocking bad traffic while efficiently allowing legitimate traffic to pass through. The Protection System used by the webhosting service offers intelligent, bulletproof security from attacks and other malicious intrusions on our Server. The communication between our software modules that involved access to internet is always carried out over secure encrypted communication channel using HTTPS.

However Promorphosis makes no representation or warranty as to whether information you transmit to the Site will be intercepted by, or otherwise be received by, an unauthorized third party, and you transmit such information at your own risk. Promorphosis shall not be liable for any loss of information howsoever caused whether as a result of any interruption, suspension, or termination of the Service or otherwise.

Promorphosis is not liable for any loss of data technical or otherwise, information, particulars supplied by the User due to the reasons beyond its control like corruption of data or delay or failure to perform as a result of any causes or conditions that are beyond Promorphosis’ reasonable control including but not limited to strike, riots, civil unrest, Govt. policies, tampering of data by unauthorized persons like hackers, war and natural calamities.

Data Protection and Data Security in Our Service and Software

Implementation at two levels:

Server level data protection:

Our software and services are hosted on ISO 27001 certified servers (ISO 27001 is the internationally standard security benchmark, also recommended by the IT Act). The data center is located within India, and is fully compliant with Indian laws.

Software level data protection:

  • The data transfer between the browsers (from client PC) to the server is over HTTPS, using secure socket layer. This ensures that no third party appearing between the browser and server can view the data.
  • Access to authentic users: User data can be viewed only by authenticated The user authentication requires the user to have a valid login and a matching user settable password. App installed and used from a device in user’s custody may locally store user authentication data in order to provide the convenience of automatic login when user accesses his / her account.
  • In order to thwart hacking attempts, our software requires the user to use a STRONG password. The user password must:
    1. Be of at least 8 (eight) characters.
    2. It must have a mix of upper case (A-Z), lower case (a-z), numbers (0-9)  and at least one special character (#!<>?%$&*^ etc.)
  • The password is stored using a one way encryption algorithm, so there is no way of “displaying” the password. Therefore the password cannot be seen by anyone including our staff maintaining the database.
  • Application can be configured to enforce password change at regular interval. Further, the last five passwords used cannot be re-used. If the user forgets his/her password, application allows resetting of password. The password (as indicated earlier) is stored using a one way encryption algorithm, so there is no way of “displaying” the old password.
  • Protection against brute force password hacking: If a user makes three consecutive failed login attempts. The user’s account is automatically locked out for ten minutes. During this time, the user will not be allowed to login even with the valid password. The lock out requires a “silent” ten minute interval (time during which no login attempt is made). When ten minutes of silent lockout period is over, the user’s account is automatically unlocked.
  • Daily scheduled backup of the data for protection against system failure.

Data Disclosure policy

Promorphosis undertakes not to disclose the information provided by the Users to any person, except in the following circumstances –

  • Protect and defend Promorphosis or its Affiliates’ rights, interests or property;
  • Enforce the terms and conditions under which its products and/or services are sold

It is Promorphosis’ policy to cooperate with law enforcement agencies and other governmental organizations. Promorphosis can, and you authorize Promorphosis to, disclose such information which by law is required to be disclosed to law enforcement or other governmental officials.

Promorphosis reserves the right, at any time and without notice, to change this Privacy and Disclosure Policy, simply by posting such changed policy on our website. Any such change will be effective immediately once it is posted on our website.

Any changes to our privacy and disclosure policy will be posted on our website. Regardless of later updates, we will never use the information you submit in a new way without first providing you with an opportunity to prevent that use.

Cookies Policy

The website uses cookies which are stored onto your computer to collect information about how you browse the site. Cookies are used to:

  • measure how you use the website so it can be updated and improved based on your needs
  • remember the notifications you’ve seen so that we don’t show them to you again

Promorphosis may set additional cookies or use third party analytics service to collect information about the pages you have visited in this website, how you got to the site and what you click on while visiting the site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

The website also sets a new cookie for each visit to the website which is deleted when the user closes the browser. Find out more about how to manage cookies.

We don’t collect or store personal information (e.g. name or address) so this information can’t be used to identify who you are.

Breach obligations

If there is any breach on our systems, we are obliged to inform you within 72 hours. You can contact our DPO using the information below regarding Data Protection queries.

Data Protection Officer
Promorphosis Pvt. Ltd.

G-01 A J Arcade, DP Road

Kothrud, Pune 411038

Grievance Redressal

For redressal of any grievance Users may approach the Grievance Officer by

  • Sending a letter at: to attention of “Grievance Officer”, Promorphosis Pvt. Ltd..

G-01 A J Arcade, DP Road, Kothrud, Pune 411038, INDIA.

  • Sending an email to