Data Processing Agreement
Data Processing Agreement
Last Updated: [06-11-2025]
This Data Processing Agreement (“Agreement”) forms part of the Service Terms between MedoNext (operated by GOUR SOFTWARE & SERVICES PVT. LTD.), referred to as the “Service Provider”, and the subscribing healthcare organization (“Client” or “Hospital”).
Purpose: This Agreement governs how MedoNext collects, stores, processes, and protects patient data on behalf of healthcare institutions.
1. Definitions
- Personal Data: Any information relating to a patient or identifiable individual.
- Processing: Operations performed on data such as storage, retrieval, organization, transmission, and deletion.
- Controller: The Client (Hospital/Clinic) that decides how patient data is used.
- Processor: MedoNext, which processes data only under Client instructions.
2. Roles & Responsibilities
The Client (Hospital):
- Owns and controls all patient records.
- Ensures data entered into MedoNext is accurate and lawful.
MedoNext (Processor):
- Processes data solely to deliver hospital management services.
- Does not sell, share, or use data for any commercial purpose.
3. Security & Data Protection
- End-to-End Encryption for stored and transmitted data.
- Secure Cloud Hosting with Firewall & Access Controls.
- Multi-Level Authentication for accounts & admin controls.
- Daily automated and encrypted backups.
4. Data Access & Authorization
- Access to patient data is strictly role-based.
- Client admins manage user permissions and staff logins.
- MedoNext support team may only access data when authorized for troubleshooting.
5. Data Retention & Backups
- Data remains stored securely as long as the subscription is active.
- Clients may request data export at any time (PDF, Excel, EMR records).
- Upon cancellation, data may be retained for **60 days** before secure deletion.
6. Third-Party Services
- Access to patient data is strictly role-based.
- Client admins manage user permissions and staff logins.
- MedoNext support team may only access data when authorized for troubleshooting.
5. Data Retention & Backups
- Data remains stored securely as long as the subscription is active.
- Clients may request data export at any time (PDF, Excel, EMR records).
- Upon cancellation, data may be retained for **60 days** before secure deletion.
6. Third-Party Services
MedoNext may use secure cloud and messaging integrations (e.g., WhatsApp, SMS APIs) — all are compliant and do not view patient medical details.
7. Breach Notification
If any security incident occurs, MedoNext will notify the Client immediately and initiate mitigation steps.
8. Compliance Standards
- Digital Personal Data Protection Act (DPDP), India 2023
- GDPR (where applicable)
- NABL data workflow standards (for labs)
9. Contact for Data & Compliance
Support: support@medonext.com
Address: S-39, Singapore Township Annex, Talwali Chanda, Mangalya, Indore, Madhya Pradesh, 453771, India