Terms and Conditions – Cognitive Healthcare International

Terms and Conditons

Website Policy
Data Retention Policy
Support Policy
Refund Policy
Accessibility Policy
Security Breach Policy

1. Website Policy

1.1. General Terms

1.1.1. “The Company” shall mean Cognitive Healthcare International.

1.1.2. Use of this website is governed by this website policy and you agree to be bound by them each time you access the website.

1.1.3. The material on this website is provided purely for your information and you should seek further guidance and make independent inquiries before relying on it. The Company may make alterations to the website at any time. You will be deemed to accept such alterations when you next use the website following any such alteration.

1.1.4. Any employment placement will be subject to The Company’s current standard employment terms and conditions.

1.1.5. The information on this website is updated from time to time. Whilst The Company has made every effort to ensure the accuracy and completeness of information on this website, The Company makes no representations or warranties whatsoever, express or implied, as to the quality, accuracy or completeness of such information.

1.1.6. The Company may without notice modify, suspend or discontinue the website or any part of it at any time without any liability to you or any third party.

1.1.7. To the full extent permitted by law, The Company accepts no liability in contract, tort or otherwise (including liability for negligence), for loss or damage of any kind including without limitation, direct or indirect loss or damage, loss of business, revenue or profits, corruption or destruction of data, or any other consequential loss or damage arising out of your use or inability to use the website (or other site linked to the website) or in connection with any computer virus or system failure and The Company excludes any such liability even if The Company is expressly advised of the possibility of such damage or loss.

1.1.8. You will indemnify The Company against all costs, losses, expenses or other liabilities incurred by The Company arising from the use of the website by you.

1.2. Lawful Use

1.2.1. You will use the website for lawful purposes only.

1.3. Links

1.3.1. You should note that The Company provides links to web sites maintained by others. The Company accepts no responsibility or liability for the accuracy or legality of any content contained in such websites. The fact that you may use one of these links to access other websites is not an endorsement by The Company of any content contained in those websites. Neither you nor any third party may link another site to The Company’s website without The Company’s prior written consent

1.4. Copyright

1.4.1. Unless otherwise stated, the copyright and similar rights in this web site and in all the material contained on this website belong to The Company. You are only permitted to copy or print extracts of the material for your own personal use. You may not use any of this material for commercial or public purposes.

1.4.2. Without The Company’s written permission, you may not (whether directly or indirectly including through the use of any program) create a database in an electronic or other form by downloading and storing all or any part of the pages from this website. Without the permission of The Company, no part of this website may be reproduced, transmitted to or stored on any other website, disseminated in any electronic or non-electronic form, or included in any public or private electronic retrieval system.

1.5. Changes to these Terms and Conditions

1.5.1. The Company may add to or change this policy from time to time. You are deemed to have accepted changed or additional policy statements when you access the website following any such change or addition.

1.6. The Accuracy of your Registration Information

1.6.1. You are responsible for ensuring that any information you provide to The Company, is accurate, complete and your own. If The Company has any reason to believe that any information you have supplied is false, inaccurate or not your own, we may remove your ability to log-in to the site and may prohibit you from using this site. The Company is entitled, forthwith and without notice, to remove from the website any such information found to be false, inaccurate, incomplete or not your own.

1.7. Your Username and Password

1.7.1. You are responsible for all use of this site made using your user name and password, whether or not such use is made by you or by someone else using your user name and password. You are responsible for protecting and securing your user name and password from unauthorized use. Your user name and password must not be disclosed to another person. If you believe there has been a breach of security of your user name or password, such as theft or your username or password becoming known to someone else or unauthorized use, you must notify The Company.

1.8. Information that you post on the website

1.8.1. The Company reserves the right, at your cost, at any time to remove any material from the site which it believes to be salacious, defamatory or offensive or which The Company believes may be in breach of a third party’s rights, such as a third party’s intellectual property or confidentiality rights. You agree to indemnify The Company on a full and continuing basis against any loss or damage suffered or costs (including legal costs) incurred by The Company in defending any action brought against The Company as a result of any information you have posted on the website.

1.9. Governing Law and Applicable Legislation

1.9.1. This website policy is governed by International law and you agree that the international courts shall have exclusive jurisdiction to determine any matter or dispute arising out of or in connection with use of this website and this policy.

1.9.2. The Company has the right at any time to terminate or suspend access to, or use of, the website where The Company reasonably believes you have infringed this policy.

2. Data Retention Policy

This policy ensures that Cognitive Healthcare International (CHI) protects and maintains necessary records and documents. Additionally, this policy ensures that records that are no longer needed by CHI are discarded/destroyed at the appropriate time.

2.1. Administration

2.1.1 “Data Retention Schedule” contains a schedule that serves as the retention and disposal/destruction for the physical and electronic records.

2.1.2 Modifications may be made to this Data Retention Schedule to ensure compliance with appropriate legislation.

2.1.3 All retained information will be used solely for the purposes described in our Privacy Policy.

2.2. Suspension of Record Destruction in the Event of Legal Proceedings or Inquiries

2.2.1. It may become necessary to retain data beyond the limits set forth in this Policy.

2.2.2. Data retention may be prolonged in the event of any ongoing investigation or to ensure compliance with any other legal obligation.

2.3. Security of Personal Information

2.3.1. CHI will take reasonable technical and organizational precautions to prevent loss, misuse or alteration of your personal data.

2.3.2. CHI will store personal information in databases and logs.

2.3.3. CHI does not store any paper copies of Personal Information. Personal Information is only stored electronically.

2.3.4. Customers should acknowledge that the transmission of information over the internet is inherently insecure, and while CHI will do everything in its power to protect information, CHI cannot guarantee the security of data sent over the internet.

2.3.5. Customers will be responsible for keeping their Username and Password for accessing CHI website and/or mobile application confidential. CHI will never ask for a password other than when needed to log into our website or mobile application.

2.4. Destruction of Data

2.4.1. Unless otherwise noted specifically below, data will be destroyed based on the Data Retention Schedule.

2.4.2. Methods of Destruction: Data containing health information and any personal data will be destroyed to industry standards for safe electronic deletion.

2.4.3. Right to Deletion: CHI recognizes the users right to their own personal data. As such, all personal data will be deleted upon request of the user.

2.5. Amendments and Updates to the Policy

2.5.1. CHI may update this policy from time to time. New and material changes to this policy will be posted at this link.

2.6. DATA RETENTION SCHEDULE

2.6.1. The Data Retention Schedule below outlines CHI Policy for maintaining and destroying records as necessary.

Record Type	Storage Location	Person Responsible for Storage	Retention Time Period
Audit Logs (Database)	CHI Private Cloud	DevOps Administrator	Last 7 years
Backups	CHI Private Cloud, AWS	DevOps Administrator	Last 7 years
Patient Health Record Data	CHI Private Cloud	DevOps Administrator	As per agreed terms
Patient Financial Transactions	CHI Private Cloud	DevOps Administrator	Last 7 years

3. Support Policy

3.1. Scope

3.1.1. Cognitive Healthcare International (CHI) establishes and maintains a process to provide customer support for the CHARMS application. The Support Service Agreement is based on the sales contract and does not replace them in any way.

3.2. Content of CHI Helpdesk Technical Support

3.2.1. CHI Helpdesk team will work to diagnose problems and performance deficiencies of the CHARMS Software that will be reported by CHI customers.

3.2.2. CHI Helpdesk team will exert its best effort to cure such reported and reproducible errors in the Software.

3.2.3. CHI Helpdesk team will provide E-mail and Online Chat support on a business day basis. Business days are defined as Monday to Saturday 24 hrs a day.

3.2.4. CHI Helpdesk team will offer 24×7 server monitoring and server related issue support for SaaS license customers.

3.3. CHI Helpdesk Standard Support SLA Chart

Severity	Issue Type	Support Hours	Response Time	Submission Method
Critical	Service not accessible e,g. Server Down. (SaaS products)	24 x 7	2 hours	CHI Help Desk / Email / Live Chat
High	Software Related – Partial Service Interruption	24 hrs a day Monday – Saturday	12 Hours	CHI Help Desk / Email / Live Chat
Medium	Software Related – Non Critical	24 hrs a day Monday – Saturday	24 hours	CHI Help Desk / Email / Live Chat
Low	Software Related	24 hrs a day Monday – Saturday	48 hours	CHI Help Desk / Email / Live Chat

3.4. Severity Levels

3.4.1. Critical: Whole System outage of a production server product. Complete inability to service client requests

3.4.2. High: CHI Helpdesk operations can continue in a restricted fashion, although long-term productivity might be adversely affected.

3.4.3. Medium: Partial, non-critical loss of CHI Helpdesk functionality. Impaired operations of some components, but allows the user to continue using CHI Helpdesk.

Not all Severity Medium problems will require a workaround. CHI Helpdesk team may, in its reasonable discretion, respond to a Severity Medium problem by making the Error a feature request and downgrade the severity.

3.4.4. Low: General usage questions or product feature requests. Product feature requests will be tracked in order to provide updates to customers, but do not have a response SLA associated with them.

3.5. Submission Notes/ Requirements:

3.5.1. The web interface at https://helpdesk.cognitivehealthintl.com is the method for submitting tickets to the CHI Helpdesk support team.

3.5.2. From this interface, Customers may submit any severity level ticket, as well as view previously submitted tickets.

3.5.3. Service requester must have knowledge about the technical details associated with the service request; CHI Helpdesk will classify all tickets as severity Low by default.

3.6. Software Issue Report

3.6.1. Following a report made by a CHI Helpdesk customer, the CHI Helpdesk team will contact the reporter within one business day, in order to obtain required information. Normally, initial contact times will be much shorter than a complete working day.

3.6.2. The Support team will attempt to reproduce the issue in house. During this process, the customer will be obliged to make his best effort to accommodate the support team’s request for data.

3.6.3. CHI Helpdesk team will categorize the customer’s request as either a feature request or a certified bug, and will proceed accordingly.

3.7. Bug Handling

3.7.1. If the issue is reproduced, the Support team will try to provide a workaround or an alternative solution while collaborating with the CHI Helpdesk Development team to fix the issue.

3.7.2. The Support team will keep the customer updated on the progress of the bug-fix process.

3.8. Feature Request Handling

3.8.1. The CHI Helpdesk Support team will check if the required functionality does exist in the software and if it does, will instruct the customer on how to implement it.

3.8.2. If otherwise, the CHI Helpdesk Support team will attempt to provide a workaround or an alternative approach to the customer’s requirement.

3.8.3. CHI Helpdesk Product owner will decide whether, when and how such requested features are to be integrated within CHI Helpdesk, based on the available resources, business requirements and road-map.

3.8.4. Implementation of additional or enhanced functionality will be communicated via the usual CHI Helpdesk communication channels, e.g. the CHI Helpdesk Blog, or website.

3.8.5. CHI Helpdesk provides custom development services for feature requests. Such development will not be covered by CHI Helpdesk Technical support agreement.

3.9. Escalation Procedure

3.9.1. At CHI Helpdesk we pride ourselves on delivering world-class support to our customers. When a ticket is submitted to our support staff, our highly skilled and trained CHI Helpdesk experts will work to resolve the issue as quickly as possible.

3.9.2. If for some reason you are not satisfied with your support experience or do not think we are meeting the SLA criteria above, please escalate your concern to sales@cognitivehealthintl.com

4. Refund Policy

This is applicable for countries where CHARMS billing and online payments are enabled.

4.1. Cancellation of Appointment

4.1.1. In case of cancellation or non-confirmation of the appointment by CHARMS due to any reasons, three options are available to the patients:

4.1.1.1. Patient may ask for rescheduling the appointment with the specialist doctor. Payment will be adjusted for new appointment.

4.1.1.2. The advance payment may be added as credit in the account of the patient and will be adjusted in due course for future consultations.

4.1.1.3. Patient may claim a refund of the payment.

4.2. Terms and Conditions for Claiming Refunds

4.2.1. The patient should necessarily have the valid payment reference for the investigations, so as to be able to get the refund.

4.2.2. In case the patient misses or cancels the appointment and not inform CHI before 3 hours of the appointment time, then patient shall not be entitled to any refund.

4.2.3. In case the patient’s credit card/debit card/payment account has been accidentally overcharged, patient should notify CHARMS for the same at the earliest.

4.2.4. The cancellation should be backed with a valid reason.

4.3. Refunds Process

4.3.1. CHARMS shall process all the valid refund cases within 7 working days.

4.3.2. The refunded amount may be credited to the Patient’s account so as to be adjusted in future consultations of himself or of any other person.

4.3.3. The refund shall be made by e-Banking or by Demand Draft or by other mode, depending upon the suitability of both, CHARMS and the patient.

5. Accessibility Policy

5.1. Accessibility and Usability Policy

5.1.1. Cognitive Healthcare International (CHI) is committed to providing an app that is accessible to the widest possible audience, regardless of technology or ability.

5.1.2. We are actively and continuously working to increase the accessibility and usability of this website and, in doing so, adhere to internationally accepted standards and guidelines.

5.1.3. This website strives to meet the Web Content Accessibility Guidelines Version 2.0 (WCAG 2.0) at a minimum “Double-A” (AA) rating.

5.1.4. The guidelines, drawn up by the World Wide Web Consortium (W3C), explain how to make web content more accessible to people with disabilities.

5.1.5. We seek to ensure that this website is accessible to people who use assistive technology such as screen readers and speech-input software and those unable to use a mouse or a pointing device.

5.2. Accessibility features that can be found on this website include:

5.2.1. Color contrasts that assist with accessibility.

5.2.2. Text that can be resized.

5.2.3. Page layouts are flexible, meaning that pages are resized according to the width of the browser window.

5.2.4. Headings are coded so that they can be read by screen readers.

5.2.5. Tables are laid out in tabular form, with headings and summaries that make them more accessible.

5.2.6. Form fields have labels and follow a logical tab sequence to ensure easier navigation.

5.2.7. We use cascading style sheets (CSS) to determine the presentation of our website – this assists those using screen-reading devices

5.2.8. New images are accompanied by appropriate alternative text that can be read by screen readers.

5.2.9. Compliance with the Federal Section 508 Standards requirements of the U.S. Rehabilitation Act, as amended in 1998. For more information about these standards, visit the Section 508* website.

5.2.10. Many documents available by downloading PDFs through Adobe Acrobat Reader, a free PDF file reader.

5.3. Supported Desktop Browsers

5.3.1. Microsoft Edge Browser

5.3.2. Firefox

5.3.3. Apple Safari

5.3.4. Google Chrome

5.4. Supported Mobile and tablet native browsers

5.4.1. Google Chrome

5.4.2. Safari

5.5. Browser Versions

5.5.1. Browser updates are available free of charge from the different browser providers (Microsoft, Firefox, Apple and Google). We recommend that users of our website upgrade their browser versions whenever possible, as new versions are faster, have the latest security features and provide an improved browsing experience.

5.5.2. To ensure that our apps continues to offer a high level of accessibility, we perform periodic accessibility audits using a range of testing tools to flag and address errors.

5.5.3. While CHI strives to adhere to the accepted guidelines and standards for accessibility and usability, rapid changes in technology mean it is not always possible to do so in all areas of the website. We are, however, continually seeking solutions to address accessibility issues.

5.6. Adobe Acrobat Information:

5.6.1. Installation: If you do not have Adobe Acrobat Reader installed on your computer, click here to download and install a free version of Adobe Acrobat Reader.

6. Security Breach Policy

6.1. Purpose of Security Breach Policy

6.1.1. Purpose of this Security Breach Policy is to establish general guide line for Cognitive Healthcare International (CHI) to enable quick and efficient recovery from security incidents; respond in a systematic manner to incidents and carry out the steps necessary to handle an incident; and minimize disruption to critical computing services or loss or theft of sensitive or mission critical information.

6.1.2. The sections below describe:

1. 1. Who to notify upon discovery of an incident?
  2. procedures for handling and recovering from an incident in a manner appropriate to the type of security incident; and
  3. how to establish a reporting format and evidence retention procedure.

6.1.3. This policy provides an overview of the process. Any questions about this Policy should be directed security@coginitivehealthintl.com

6.2. Overview of Workflow

6.2.1. When a security incident is detected or reported, key first steps are to

1. 1. contain the incident,
  2. initiate an investigation of its scope and origins, and
  3. decide if it qualifies as a Breach.

6.3. Overview of Roles

6.3.1. Incident Handler: This role is filled by IT security staff from CHI.

6.3.2. System Administrator: This role is filled by the technical staff responsible for deploying and maintaining the system at risk. Also referred to as a “first responder” in the context of this process.

6.3.3. System Owner: This role is filled by the staff member or management member who has responsibility for the business function performed by the system.

6.3.4. Network Operations: This role is filled by the technical staff responsible for network infrastructure at the site housing the system at risk.

6.4. Identification

6.4.1. The identification phase of incident response has as its goal the discovery of potential security incidents and the assembly of an incident response team that can effectively contain and mitigate the incident:

1. - Identify a potential incident.
  - Notify internal stakeholders
  - Notify external stakeholders (customers)
  - Quarantine

6.5. Verification

6.5.1. Primary goal of this phase to confirming that the compromise is genuine and presents sufficient risk to engage the Critical Incident Response (CIR) process to Classify and Verify the breach.

6.5.1.1. The order of the steps above can vary from incident to incident, but for the CIR process to be initiated the criticality of the asset must be confirmed, and it must be confirmed that the triggering event is not a false positive.

6.5.1.2. All external stakeholders (customers) will be notified after the verification.

6.6. Containment

6.6.1. The incident handler will collect data from system administrators in order to quickly assess the scope of the incident, including:

1. - Preliminary list of compromised systems
  - Preliminary list of storage media that may contain evidence
  - Preliminary attack timeline based on initially available evidence

6.6.2. Preserve forensic evidence:

1. - System administrators will capture first responder data if the system is turned on.
  - The incident handler will capture disk images for all media that are suspected of containing evidence, including external hard drives and flash drives.
  - The incident handler will dump network flow data and other sensor data for the system.
  - The incident handler will create an analysis plan to guide the next phase of the investigation.

6.7. Analysis

6.7.1. The analysis phase is where in-depth investigation of the available network-based and host-based evidence occurs. The primary goal of analysis is to establish whether there is reasonable belief that the attacker(s) successfully accessed High Risk Data or Data on the compromised system.

6.7.2. Secondary goals are to generate an attack timeline and ascertain the attackers’ actions. All analysis steps are primarily driven by the incident handler, who coordinates communications between other stakeholders, including system owners, system administrators, and relevant compliance officers.

6.7.3. Questions that are relevant to making a determination about whether data was accessed without authorization include:

1. - Suspicious Network Traffic
  - Attacker Access to Data
  - Evidence that Data Was Accessed
  - Length of Compromise
  - Method of Attack
  - Attacker Profile

6.8. Recovery

6.8.1. The primary goal of the recovery phase is to restore the compromised host to its normal business function in a safe manner.

6.8.2. The system administrators will remediate the immediate compromise and restore the host to normal function. This is most often performed by reinstalling the compromised host; although if the investigation confirms that the attacker did not have root/administrator access other remediation plans may be effective.

6.8.3. The system administrators will make short-term system, application, and business process changes to prevent further compromise and reduce operating risk.

6.9. Internal Reporting

The final report serves two (2) main purposes.

6.9.1.1. First, a recommendation is made to the and relevant compliance officers as to whether the incident handler and the responsible officials feel there is a reasonable belief that High Risk Data, or Data was subject to accidental or unlawful destruction, loss, or alteration, or unauthorized disclosure or access, and the degree of probability of risks to data subjects or that the security or privacy has been compromised. The report must be made in sufficient time to allow notification, if appropriate, within any legally-mandated time period.

6.9.1.2. Second, a series of mid-term and long-term recommendations are made to the owners of the compromised system/files, including responsible management, suggesting improvements in technology or business process that could reduce operating risk in the future.

6.10. Data Retention

6.10.1. The incident handler will archive the final report in case it is needed for reference in the future; reports must be retained for seven (7) years.

6.10.2. Incident notes should be retained for six (6) months from the date that the report is issued.

This includes the confluence investigation page, processed investigation materials like grepped file-timelines and filtered network-flows, etc.

6.10.3. Raw incident data should be retained for thirty (30) days from the date that the report is issued.

6.10.4. Request Tracker (RT) tickets from the ticketing system related to the investigation should be retained for three (3) years.

1.1. Cognitive Healthcare International built the CHARMS Mobile app as a Free app. This SERVICE is provided by Cognitive Healthcare International at no cost and is intended for use as is.

1.2. This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

1.3. If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

1.4. The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are accessible at CHARMS Mobile App unless otherwise defined in this Privacy Policy.

1.5. We need to scan Bluetooth devices in the background when the phone is locked or the app is in the background and for scanning, we need location permission. Communicating with devices through Bluetooth is our core functionality.

2. Information Collection and Use

2.1. For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this privacy policy.

2.2. The app does use third-party services that may collect information used to identify you.

2.3. CHI recognizes the user’s right to their own personal data. As such, all personal data will be deleted upon request of the user.

3. Log Data

3.1. We want to inform you that whenever you use our Service, in case of an error in the app we collect diagnostic data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

3.2. To provide desired health care services, Patient Health Data may be accessed by the Patient’s Caregiver or Health Practitioner. CHARMS system keeps a log about who has accessed the patient’s data and the Patient can view that log information.

4. Cookies

4.1. Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.

4.2. This Service does not use these “cookies” explicitly. However, the app may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

5. Service Providers

5.1. We may employ third-party companies and individuals due to the following reasons:

- To facilitate our Service;
- To provide the Service on our behalf
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.

5.2. We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

6. Security

6.1. We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

6.2. Patient provides consent to enable access of health-related data for Caregivers and Health Practitioners to provide desired healthcare services.

7. Links to Other Sites

7.1. This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

8. Children’s Privacy

8.1. These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do the necessary actions.

9. Changes to This Privacy Policy

9.1. We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

LIVE LONGER, HAPPIER & HEALTHIER!
SUBSCRIBE WITH CHI