Privacy Policy

1. Introduction

SwasthaLink (“we”, “us”, or “our”) operates the SwasthaLink platform — a digital healthcare workforce infrastructure connecting healthcare professionals, hospitals, and institutions across Nepal. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our website at swasthalink.com and related services (collectively, the “Platform”).

By creating an account or using the Platform you agree to this Policy. If you do not agree, please do not use the Platform.

2. Definitions

• Personal Data — any information that identifies or can identify a natural person.
• Credential Data— professional registration numbers, license documents, and qualifications issued by Nepal's healthcare councils.
• Professional User — a registered healthcare professional (doctor, nurse, pharmacist, lab technician, health assistant, or other licensed professional) using the Platform.
• Hospital User — a hospital, clinic, medical college, health post, NGO, or other healthcare institution using the Platform.
• Council — Nepal Medical Council (NMC), Nepal Nursing Council (NNC), Nepal Health Professional Council (NHPC), Nepal Pharmacy Council (NPC), or other recognized statutory body.

3. Data We Collect

3.1 Professional Users

• Full name, date of birth, gender, nationality
• Email address, phone number
• Province, district, address
• Profession, specialization, years of experience
• Council registration number, license number, issue and expiry dates
• Uploaded credential documents (certificates, registration cards)
• Profile photo (optional)
• Job application history and employment records you choose to add

3.2 Hospital Users

• Institution name, type, and registration number
• Contact name, email, phone
• Province, district, address
• Specialties offered
• Job postings and applicant pipeline data

3.3 All Visitors

• IP address, browser type, device type
• Pages visited, click paths, time on page
• Cookies and similar tracking technologies (see Section 14)

4. Legal Basis for Processing

We process your data on the following bases:

• Contract performance — to provide credential verification, job matching, and platform services you have requested.
• Legitimate interests — to improve the Platform, prevent fraud, and maintain platform security.
• Legal obligation — to comply with applicable Nepal law, including the Privacy Act 2075 (2018) and Electronic Transactions Act 2063 (2006).
• Consent — for optional communications such as newsletters and marketing emails.

5. How We Use Your Data

• Verify healthcare credentials against council records
• Maintain verified professional profiles
• Match professionals with relevant job opportunities
• Enable hospitals to search and assess verified candidates
• Facilitate job applications and hiring pipelines
• Send account, application, and verification status notifications
• Improve Platform features and detect abuse
• Send optional marketing communications (only with your explicit consent, which you may withdraw at any time)
• Comply with legal obligations

6. Data Sharing

We share your data only in the following circumstances:

• Verification councils — we transmit your registration number and name to the NMC, NNC, NHPC, NPC, or other relevant council solely to confirm license validity. No additional personal data is shared beyond what is required for verification.
• Hospital Users (job applicants) — when you apply for a job, your verified profile (name, credentials, specialization, experience) is shared with the posting hospital. You control what is visible on your profile.
• Service providers — we use trusted third-party infrastructure providers (hosting, database, email, analytics) who are bound by data processing agreements and may not use your data for their own purposes.
• Legal requirements — we may disclose data if required by a valid court order, government authority, or to protect the rights, property, or safety of SwasthaLink, its users, or the public.
• Business transfer — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

We do not sell your personal data to third parties.

7. Cross-Border Data Transfer

SwasthaLink is based in Nepal. Our infrastructure providers may process data in other jurisdictions. Where data is transferred outside Nepal, we ensure adequate safeguards are in place — including standard contractual clauses or equivalent protections — consistent with the Nepal Privacy Act 2075.

8. Health & Credential Data Special Protections

Credential Data (license numbers, registration documents, certificates) is treated as sensitive personal information. We apply the following additional protections:

• Encryption at rest and in transit (TLS 1.2+, AES-256)
• Access restricted to authorised SwasthaLink personnel on a need-to-know basis
• Credential documents stored separately from profile data with stricter access controls
• All access to credential documents is logged for audit purposes

9. No Patient Clinical Data

SwasthaLink is a healthcare workforce platform. We do not collect, store, or process patient clinical records, medical histories, diagnoses, prescriptions, or any patient health information. If you believe patient data has been inadvertently submitted to the Platform, contact us immediately at [email protected].

10. Data Retention

11. Your Rights (Nepal Privacy Act 2075)

Under Nepal's Privacy Act 2075 and its implementing regulations you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate or incomplete data be corrected
• Deletion — request deletion of your data, subject to legal retention obligations
• Objection — object to processing based on legitimate interests
• Portability — receive your profile data in a machine-readable format
• Withdraw consent — for processing based on consent, withdraw at any time without affecting prior processing

To exercise any right, email [email protected] with the subject line “Privacy Rights Request”. We will respond within 30 days.

12. Security

We implement industry-standard technical and organisational measures including TLS encryption, hashed passwords (bcrypt), role-based access controls, regular security reviews, and vulnerability monitoring. However, no system is completely secure. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect unauthorised access.

13. Children

The Platform is intended for healthcare professionals and institutions. Users must be at least 18 years of age and hold a valid professional registration or be acting on behalf of a registered institution. We do not knowingly collect data from minors. If we learn that a minor has provided data, we will delete it promptly.

14. Cookies

We use the following categories of cookies:

• Strictly necessary — authentication session tokens; cannot be disabled.
• Functional — remember your preferences (language, filters).
• Analytics — aggregate usage statistics to improve the Platform (opt-out available in your account settings).

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings, but disabling strictly necessary cookies will prevent login.

15. GDPR Disclosure

SwasthaLink is primarily governed by Nepal law. If you are a data subject located in the European Economic Area (EEA), the United Kingdom, or Switzerland and use the Platform, you may have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right to lodge a complaint with your local supervisory authority. Please contact us at [email protected] for any GDPR-specific requests.

16. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email and an in-app notice at least 30 daysbefore taking effect. The “Effective date” at the top of this page will always reflect the current version. Continued use of the Platform after the effective date constitutes acceptance.

17. Contact Us

For privacy inquiries, data requests, or to report a concern:

18. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Nepal, including the Privacy Act 2075 (2018) and the Electronic Transactions Act 2063 (2006). Any dispute arising under this Policy shall be subject to the exclusive jurisdiction of the courts of Kathmandu, Nepal.