page loader

Data protection and Privacy Policy


Protection of personal data, protected health information (PHI), and personally identifiable information (PII) is important to Modak Analytics LLP and its clients. Modak Analytics LLP has established this Data Privacy Policy to protect and control the collection, processing, storage, and/or transmission of such data. This policy is intended to be shared with our clients, vendors, business associates, and employees so that they are aware of the policies and practices regarding personal data/PHI/PII managed by Modak Analytics LLP as part of any services delivered.

What does this Privacy Policy cover?

Modak Analytics LLP is committed to protecting personal information in accordance with its responsibilities under various regulatory frameworks and individual rights. As a healthcare solutions company, Modak Analytics LLP’s leadership, management, employees, and its business associates shall strive to protect personal information by:

  • Identifying internal and external interested parties and their involvement in the governance of the organization’s personal information management system.
  • Providing resources and methods to process personal information lawfully, fairly, and transparently.
  • Safeguarding personal information by collecting, processing, storing, and transmitting it for explicit, specified purposes.
  • Providing clear information to individuals about how their personal information can be used and by whom, and respecting individual rights.
  • Ensuring that further processing is not incompatible with the initial purposes.
  • Processing in a secure manner to protect against unauthorized or unlawful processing.
  • Taking steps to ensure personal data are adequate, relevant, and limited to what is necessary.
  • Taking reasonable steps to ensure accuracy of personal information.
  • Following best practices for safe data storage, transmission, and destruction.
  • Implementing appropriate backup and disaster recovery systems.
  • Responding to personal data breaches promptly, assessing the risk to individual rights, and reporting breaches to the Data Protection Cell for further actions as per regulatory requirements.

Note: Our primary purpose for processing personal data is to provide data engineering services to our clients. We do not use the data for any other purposes unless explicitly instructed by our clients or required by law.

General Provisions to This Policy:

  • Applicability: This policy is applicable to all personal information processed at Modak Analytics LLP.
  • Ongoing Compliance: The Data Protection Cell shall be responsible for Modak Analytics LLP’s compliance with this policy.
  • Cognizance: This policy shall be made available to all employees and associates of Modak Analytics LLP as documented information and shall also be communicated appropriately.
  • Review: This policy shall be reviewed at least once annually.

Legal Basis for Processing

Our legal basis for processing personal data is grounded in the contractual relationships we establish with our clients. We process data only as instructed by our clients and in strict adherence to applicable data protection laws.

Governance Structure for Personal Data Protection

Modak Analytics LLP ensures appropriate governance of personal data/PII/PHI through the Data Privacy Cell, consisting of the Data Protection Officer (DPO) and all Business Unit (BU) Single Points of Contact (SPOCs). The Data Privacy Cell is responsible for:

  • Identifying personal data/PII/PHI across all operations and projects.
  • Analyzing risks and implementing control measures.
  • Providing a support framework for managing data subject rights.
  • Addressing requests and grievances of data subjects.
  • Ensuring compliance with data privacy requirements and legal/regulatory obligations.
  • Providing measures for data privacy with processors/subprocessors.
  • Implementing technology and operational controls for data transfer, storage, and destruction.

Methods and Technologies for Collection

Modak Analytics LLP collects personal data/PII/PHI through the following methods and technologies:

  • Collection of Personal Data/PII/PHI Directly from the Individual:
  • Privacy preferences of the individual are respected.
  • Engagements/Programs/Projects:
  • Data collected from participants accessing Modak Analytics LLP websites, portals, platforms, etc.
  • Additional information collected during program enrolment and issuance of unique ID and password.
  • Automatic Collection of Information:
  • Collection of information about the individual’s computer, visits, and use of Modak Analytics LLP websites.
  • Use of cookies and other technologies for data analytics and personalization.

How do we use your personal information?

We may use personal information we collect to:

  • provide and administer our services/product
  • understand our audience and improve how our websites work
  • contact you and answer your questions
  • market and advertise our products and services to you
  • allow you to publish comments
  • keep our systems, users, employees and services safe and
  • provide you with the information or support you requested

Data Subject Rights

As a data processor, we assist our clients in responding to data subject rights requests. Data subjects, as defined by applicable data protection laws, have rights such as access, rectification, erasure, and data portability. We work diligently to support our clients in meeting these obligations.

Before initiating a project, Modak Analytics LLP ensures:

  • Communication with the business Single Point of Contact (SPOC).
  • Review and monitoring of contract-specific clauses.
  • Risk analysis and treatment for the entire project.
  • Confidentiality of PII/PHI and role-based access restrictions.
  • Recognition of covered entities accessing de-identified PII/PHI.
  • Compliance of third parties with Modak Analytics LLP’s policies.
  • Reporting to the Data Protection Officer on updates, problems, and breaches.

Legal Disclaimer

In certain situations, Modak Analytics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. As further required by Law, we may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Access, Correction, Objection regarding Personal Data/PII/PHI

Data subjects have rights to request access, correction, deletion, or transfer of personal data/PII/PHI. Data subjects can assert their rights by contacting Modak Analytics LLP at privacy dpsofficer@ Modak Analytics

Data Security

Modak Analytics LLP adopts reasonable security practices and procedures to safeguard personal information, including administrative, physical, and technical controls.

Data Retention and Destruction

Personal data/PII/PHI will be retained as per project/program agreement and destroyed or archived according to regulatory norms. Clients may request data retention in writing. As a data processor, we assist our clients in responding to data subject rights requests. Data subjects, as defined by applicable data protection laws, have rights such as access, rectification, erasure, and data portability. We work diligently to support our clients in meeting these obligations.

Children's Personal Information

Modak Analytics LLP does not knowingly collect personal data/PII/PHI from children under the age of 16. Parents or guardians can contact privacy [email protected] to delete such information.

Restrictions on Automated Processing and Decision Making

Restrictions on automated processing and decisions with significant effects on data subjects apply. Data subjects have the right to object to automated decision-making.

Other important information

Our sites may contain links to other websites not owned by Modak Analytics. We do not control the content or privacy practices of those sites. Our websites and offerings are directed to people in their business or professional capacities. We do not knowingly solicit information online from, or market online to, children under 13 years of age. You have the right to withdraw consent to process your personal information at any time, but this will not affect any prior processing of your personal information.

Data Breach Notification

In the unfortunate event of a data breach, we commit to promptly notifying our clients without undue delay. Our notifications will include all relevant information to assist our clients in meeting their regulatory obligations.

International Data Transfers

In the course of our services, personal data may be transferred to countries outside the European Economic Area (EEA) or other regions with different data protection laws. When such transfers occur, we implement appropriate safeguards, such as standard contractual clauses or other mechanisms, to ensure the continued protection of personal data.

Updates to the Privacy Policy

To reflect changes in our practices or for legal reasons, we may update this Privacy Policy. We commit to notifying our clients of any material changes to ensure transparency and compliance.