Privacy Policy

This Privacy policy and use of personal information is in accordance with Chapter 5 Article 11 -1.2.1(b), chapter 6 Article 12 of The Privacy Act, 2075 (2018), Nepal Law Commission

Chapter 1 : General Provision

This Privacy Policy describes how Dhulikhel Hospital - Kathmandu University Hospital’s GDMapp ("GDM app") protects your personal information when you use this service on the App, theGDM app gestational pregnancy monitoring and improvement app and all related products andservices (collectively, the "Service"). Dhulikhel Hospital - Kathmandu University Hospital(DHKUH) is located at Hospital Road, Dhulikhel Municipality, Kavrepalanchowk district , Nepal .All references to DHKUH include its subsidiaries or affiliates involved in providing the Service.All references to you include your Authorized Individuals, if any.

Your use of the Service is subject to this Privacy Policy as well as our Terms of Use. ThePrivacy policy is organized in 14 chapters and after reading this you will know purpose, itemsthat will be collected, consents we requested, retention, use period, destruction methods andprocedure, sharing and consignment of personal information, rights of users, protectionmethods of yours and your new born child’s information, method of refusal of automaticinformation collection, technical and administrative aspects of information protection,responsible department for the management of information and changes made in privacy policy.

Definitions of Terms used in documents :
Activity Logs :

Activity logs are GDM app’s and its Service Providers' records of when Data is created, accessed, modified, deleted, released, or exported from and/or within the app and its services.

Aggregate Data :
Data that is:

1. Grouped so it does not connect to you as an individual and
2. has names and other identifiers removed or altered. In other words, Aggregate Data is de-identified data and cannot be used to identify you as an individual.

Chapter 2 : Purpose of collection and use of Personal Information

The purpose of collection and use of personal information is for the development of mobileapplications for Nepalese patients with Gestational Diabetes Mellitus (GDM). The app wouldassist patients in self management of GDM by improving their adherence to recommended dietand physical activity regimens. It would also help cliniciansby generating easily digestible visualdisplays of patient data and behaviours, which can add in their clinical decision making andcounselling.

Chapter 3: Items of Personal Information to be collected and collection method

The types of personal information or personal data to be collected from the participants include name of participants, age and/or date of birth, demographic information, preferences and/or opinions of participants, contact details such as email address, mobile number, street address and/or telephone number, information provided by the participants through patient surveys (including our Consent and Disclaimer form), details of services provided to participants and/or that they have enquired about, and the response given to them. The Medical data includes app entries such as date/time/time zone, type and duration of activities, food intake/meal/ingredients, pills taken/injections, blood glucose measurements, notes, blood pressure, weight, laboratory, images/photos, imported values; sensor data such as start date/time, end date/time, time zone, sensor value from an android phone; date; app settings such as display options, activated integrations. blood glucose target range, height, weight, meter/therapy device, medications, type of insulin. Devices such as blood glucose meters can be paired with a participant's device which enables data to be transferred to the GDM app.

Chapter 4: Consent to collection and use of personal information

Each participant should provide written or verbal consent before the collection of personal information as listed in Chapter 3. The participant should be clearly informed regarding the purpose of collection and use of personal information, voluntary participation, who is collecting and using the information, duration and frequency of participants involvement, their responsibilities, risks and benefits involved, maintaining their confidentiality, rights to refuse or withdraw, information about whom and where to contact.

Chapter 5: Retention and use period of information

The personal information collected will be retained in the responsible server for only the necessary duration of the research process.

Chapter 6: Information Destruction procedure and methods

The data related to personal information of participants should be deleted after the expiry of alegal or research related process. The data with its research significance must remain storeduntil the interest worthy of protection has been legally clarified.

Chapter 7: Sharing of collected information

The medical information can be shared anonymously and used for research and statisticalanalysis. This means that all information containing personal identification will be omitted andwill not be shared, which includes, but not limited to any notes, comments, images and alltextual information entered by the user.For research purposes, information like diabetes type,selected measures, gender, country and age might be shared along with the other values afterproper notification to participants.

Chapter 8: Consignment(sub contract) of information processing

The concerned parties (Dhulikhel Hospital- Kathmandu University Hospital and Rutgers, theState University of New Jersey) only can use the data related to personal information. The datashall not be provided to any other party for information processing or analysis. The participantsshall be properly informed if there is need to involve other parties in the information usage.

Chapter 9: Rights of users and legal representatives and how to exercise them

The app users or participants should be well informed about their rights such as right toinformation, right to refuse participation, right to withdrawal, right to confidentiality, etc beforeusing the app as described in chapter 4. The participants should be able to exercise these rights whenever applicable and contact the responsible department mentioned in chapter 13 regardingany legal queries.

Chapter 10: Protection of New born’s Personal Information

New born’s personal information such as gender, birth weight, neonatal Apgar score andneonatal blood glucose should be protected and shared similarly to personal information ofparticipants as described in chapter 7 and chapter 12.

Chapter 11: Installation, Operations and Refusal of automatic information collection viadevice

GDM application is available publicly in google play store & can be downloaded under thepublisher name of Dhulikhel hospital. Application has multiple functions of collecting user’s datasuch as daily food intake, blood glucose, blood pressure, physical activity & personaldemography. For physical activity the app is linked with google fit from where data isautomatically pulled upon but google’s user consent is taken before taking data from an app thatcan be turned off later.

Chapter 12: Technical and administrative aspects of information protection.

The application is bound by TLS protocol and AES-256 encryption algorithm on that & also bysymmetric encryption method called FERNET & password are protected by SHA 256 Hashalgorithm. The personal information data should be treated confidentially and protected againstany unauthorized access or unlawful processing or disclosure. The personnel handling theinformation must be responsible enough to prevent accidental loss, alteration or destruction ofdata. Any kind of data breach should be notified to the responsible personnel as well asparticipants.

Chapter 13: Information Management Department and Contact

The responsible party for information management is the app development team of DhulikhelHospital. The contact details are provided in the website of the app.

Chapter 14: Notice of Privacy Policy

The privacy policy will be available from the website of GDM app and any changes made in thepolicy will be updated in the website and the participants will be informed through appnotifications.