This Privacy Policy explains how Shift Healthcare Solutions ("Company," "we," "us," or "our") collects, uses, discloses, and protects information when you use our healthcare workforce management platform ("Platform"). This policy complies with the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

1. Information We Collect

1.1 Personal Information

We collect the following personal information:

• Identity Information: Full name, date of birth, gender, photograph
• Contact Information: Email address, mobile number, postal address
• Professional Information: Medical registration numbers, licenses, certifications, educational qualifications, work experience
• Financial Information: Bank account details, PAN number, salary expectations, payment history
• Biometric Information: Fingerprints or facial recognition data (if enabled for security)
• Health Information: Vaccination records, health certificates (for healthcare workers)

1.2 Technical Information

• Device information (device type, operating system, browser type)
• IP address and location data
• Usage patterns and interaction data
• Cookies and similar tracking technologies
• Log files and analytics data

1.3 Platform Usage Data

• Shift applications and preferences
• Communication between users
• Ratings and reviews
• Search history and preferences
• Performance data and feedback

2. How We Collect Information

2.1 Direct Collection

• Information you provide during registration
• Profile updates and document uploads
• Communications through the Platform
• Feedback and survey responses

2.2 Automatic Collection

• Technical data through cookies and tracking technologies
• Usage analytics and performance metrics
• Location data (with your consent)
• Device and network information

2.3 Third-Party Sources

• Verification from medical councils and licensing bodies
• Background checks from authorized agencies
• References from previous employers
• Integration with healthcare facility systems

3. Purpose of Data Collection

We collect and process your information for the following purposes:

3.1 Platform Services

• Creating and managing user accounts
• Facilitating job matching between professionals and facilities
• Processing shift applications and assignments
• Enabling communication between users
• Payment processing and financial transactions

3.2 Verification and Safety

• Verifying professional credentials and licenses
• Conducting background checks as required
• Ensuring compliance with healthcare regulations
• Maintaining platform security and preventing fraud

3.3 Improvement and Analytics

• Analyzing usage patterns to improve services
• Developing new features and functionalities
• Conducting research for healthcare workforce insights
• Optimizing platform performance

3.4 Legal Compliance

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Maintaining records as required by law
• Protecting our legal rights and interests

4. Data Sharing and Disclosure

4.1 Within the Platform

We share limited information between Platform users to facilitate healthcare staffing:

• Professional profiles visible to healthcare facilities
• Facility information visible to healthcare professionals
• Ratings and reviews (anonymized when appropriate)
• Communication necessary for shift coordination

4.2 Service Providers

We may share information with trusted third-party service providers:

• Payment processors for financial transactions
• Background verification agencies
• Cloud storage and hosting providers
• Analytics and marketing service providers
• Customer support and communication tools

4.3 Legal Requirements

We may disclose information when required by:

• Court orders and legal proceedings
• Law enforcement agencies
• Regulatory authorities (medical councils, healthcare departments)
• Tax authorities and government agencies

4.4 Business Transfers

In case of merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• End-to-end encryption for sensitive data transmission
• Secure data storage with industry-standard encryption
• Regular security audits and vulnerability assessments
• Multi-factor authentication for account access
• Intrusion detection and prevention systems

5.2 Administrative Safeguards

• Strict access controls and authorization protocols
• Regular employee training on data protection
• Incident response and breach notification procedures
• Data retention and disposal policies

5.3 Physical Safeguards

• Secure data centers with restricted access
• Environmental controls and monitoring
• Backup and disaster recovery systems

6. Data Retention

We retain your information for different periods based on the type of data and purpose:

6.1 Account Information

• Active accounts: Until account deletion or termination
• Inactive accounts: 3 years from last activity
• Professional credentials: 7 years for compliance purposes

6.2 Transaction Records

• Payment records: 7 years as per Indian tax laws
• Shift history: 5 years for dispute resolution
• Communication logs: 2 years unless required for legal proceedings

6.3 Legal Requirements

Some information may be retained longer if required by law, ongoing legal proceedings, or legitimate business needs.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Correction

• View and download your personal information
• Correct inaccurate or incomplete information
• Update your profile and preferences

7.2 Data Portability

• Request a copy of your data in machine-readable format
• Transfer your information to another service provider

7.3 Deletion and Erasure

• Delete your account and associated data
• Request removal of specific information
• Right to be forgotten (subject to legal obligations)

7.4 Communication Preferences

• Opt-out of marketing communications
• Choose communication channels (email, SMS, WhatsApp)
• Control notification settings

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

8.1 Types of Cookies

• Essential Cookies: Required for platform functionality
• Performance Cookies: Help improve platform performance
• Functional Cookies: Remember your preferences
• Analytics Cookies: Understand usage patterns

8.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries outside India. We ensure adequate protection through:

• Adequacy decisions by Indian authorities
• Standard contractual clauses
• Certification schemes and codes of conduct
• Specific safeguards and security measures

10. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information promptly.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites or integrate with external services. We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing information.

12. Data Breach Notification

In case of a data breach affecting your personal information, we will:

• Notify relevant authorities within 72 hours
• Inform affected users without undue delay
• Provide details about the breach and mitigation steps
• Offer assistance and support as needed

13. Grievance Redressal

If you have concerns about our privacy practices:

13.1 Grievance Officer

Contact our Grievance Officer:

• Name: Data Protection Officer
• Email: privacy@shift-healthcare.com
• Phone: +91-11-4567-8901
• Response Time: 30 days maximum

13.2 Escalation

If unsatisfied with our response, you may approach:

• Cyber Crime Cell of your local police
• Data Protection Board of India (when established)
• Consumer courts under Consumer Protection Act, 2019

14. Compliance with Indian Laws

This Privacy Policy complies with:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices) Rules, 2011
• Digital Personal Data Protection Act, 2023
• Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002
• Clinical Establishments Act, 2010

15. Updates to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will:

• Post the updated policy on our Platform
• Notify users of material changes via email or platform notifications
• Provide a reasonable notice period before changes take effect
• Maintain an archive of previous policy versions

16. Consent Withdrawal

You may withdraw your consent for data processing at any time by:

• Updating your account settings
• Contacting our support team
• Submitting a written request to our Grievance Officer

Note that withdrawing consent may limit your ability to use certain platform features.