Dr. Morepen Labs

Privacy Policy

Your privacy and data security are our top priorities

Last Updated: March 2026

Introduction

Dr. Morepen Labs ("Dr. Morepen Labs", "we", "us", "our") is a pathology and diagnostics service operated under the Medipath Division of Morepen Laboratories Limited.

We are committed to safeguarding the privacy, confidentiality, and security of personal and health-related data of our patients, customers, partners, and users of our internal platforms, e.g. Lab Information System (LIS), websites, as well as the Dr. Morepen Sync mobile application ("App").

Compliance Framework

  • Digital Personal Data Protection Act, 2023 (India)
  • Applicable Rules and Notifications under DPDPA
  • General Data Protection Regulation (GDPR) principles
  • Healthcare, laboratory, and data protection regulations

"By using our services, website, diagnostic centers, home collection services, or Dr. Morepen Sync App, you agree to the practices described in this Privacy Policy."

Scope of This Policy

This Privacy Policy applies to:

1

Patients availing diagnostic services of any kind through Dr. Morepen Labs or its recognised Partners.

2

Users of the Dr. Morepen Sync mobile application for accessing health data and pathology reports.

3

Visitors to labs.drmorepen.com browsing our product catalogue or other sections.

4

Individuals interacting with our call centers, customer care, and home collection services.

5

Healthcare professionals engaging with laboratory reports generated at our laboratories.

6

Business partners, vendors, and service providers engaged with Dr. Morepen Labs.

Categories of Data We Collect

Personal Identification Data

Information required for generating profiles and medical lab reports.

Full nameDate of birthGenderMobile numberEmail addressResidential addressGovernment ID

Sensitive Personal Data / Health Data

Critical health information collected for clinical accuracy.

Test resultsMedical historyPrescription detailsDoctor referencesImaging recordsSample metadata

Transaction and Billing Data

Data required for secure payments and regulatory audits.

Payment detailsBilling addressOrder historyTest packages

Data Sources

Direct patient registration (online or offline)
Home collection requests
Through LIS Platform, Website and Internal Portals
Dr. Morepen Sync app registration
Healthcare provider referrals
Customer support interactions
Cookies and analytics tools on our website
Health Camps and Marketing initiatives

Purpose of Data Processing

We process personal data strictly for lawful purposes, including:

Conducting pathology tests and delivering reports to our end users, i.e. Patients, Attendants, Partner Clients, i.e. Hospitals, Clinics.

Enabling secure access to reports through Dr. Morepen Sync, or other channels as preferred by the Patient.

Appointment scheduling and home sample collection fulfillment

Billing and payment processing

Regulatory and statutory compliance

Quality assurance (IQCs, EQAs) and potential accreditation requirements

Fraud prevention and security monitoring

Internal audits and process automation

Customer support and grievance redressal

Improving quality of testing, and service delivery as well as operational efficiency

We do not sell personal health data.

Data Security Measures

We follow strict quality control, data security, and privacy protocols:

End-to-end encryption of sensitive data
Secure storage environments
Role-based access controls (RBAC)
Multi-factor authentication
Automated compliance checks
Periodic internal and third-party audits
Network monitoring & intrusion detection
Secure API integrations
Data minimization practices
"Dr. Morepen Lab's IT Platforms and Apps are designed to comply with core GDPR principles of EU and DPDPA 2025 requirements by the Government of India."

Data Sharing and Disclosure

Internal Sharing

Within Morepen Laboratories Limited (Medipath Division) strictly on a need-to-know basis.

Healthcare Professionals

Reports may be shared with referring doctors upon patient authorization.

Third Party Service Providers

IT infrastructure providers (Limited to LIS, Partner Portal, Sync App)Payment gatewaysLogistics partners for home collectionSMS/email service providersCloud hosting providersPartner laboratories for sample processing

* All third parties are contractually bound by confidentiality and data protection obligations.

Data Retention

Dr. Morepen Labs, as a pathology service provider, reserves the right to retain the customer and health information, for the duration required by medical, legal, tax, and regulatory requirements.

We also strictly follow retention guidelines as required by laboratory accreditation norms. Other than that, we retain required information for legitimate archival and audit purposes, as deemed necessary.

Data is securely deleted once retention periods expire (as applicable).

Protection Policies

01

Dr. Morepen Labs has implemented the highest international market practices and security policies to protect the personal data that it has under its control - from unauthorised access, improper use or disclosure, unauthorised modification, and unlawful destruction or accidental loss.

02

Dr. Morepen Labs implements reasonable security practices and procedures, and has a comprehensive documented information security programme that contains managerial, technical, operational, and physical security control measures.

03

We take Your right to privacy very seriously and, other than as specifically stated in this Privacy Policy, will only disclose Your Personal Information in the event it is required to do so by law, rule, regulation, law enforcement agency, governmental official, legal authority or similar requirements.

04

Your Personal Information is maintained by Dr. Morepen Labs, in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time.

05

Dr. Morepen Labs has provided you with Dr. Morepen Sync App, which is compliant with the core privacy guidelines of GDPR Act of EU and DPDP Act 2025 of Government of India. We urge you to ensure enabling the right privacy protocols, e.g. Enabling Two Factor Authentication, Disabling Screenshot Ability from App.

06

Dr. Morepen Labs recommends using the Dr. Morepen Sync app for accessing your Lab Reports. If you require the reports to be shared with you in a different form, i.e. Via paper copy, email, SMS or WhatsApp, after giving us your consent to share the reports via aforementioned channels, we can not be held responsible for any potential privacy breach.

07

It is important for You to protect against unauthorized access to Your password, Your computer and Your mobile phone. If You suspect any unauthorized use of Your login to App including Account, You must immediately notify Dr. Morepen Labs by sending an email to dpo.devices@morepen.com.

08

Dr. Morepen Labs makes relevant User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds all such employees to strict confidentiality obligations.

09

Dr. Morepen Labs is not responsible for the confidentiality, security or distribution of Your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties.

Cross-Border Data Transfers

Dr. Morepen Labs does not process patient, customer or partner data outside India. Services of Dr. Morepen Labs currently are limited to the Republic of India (Indian territory) only.

Your Rights

1

Access

Access your personal data via Dr. Morepen Sync App.

2

Correction

Correct inaccurate data via app ticket or written complaint at drmorepenlabs@morepen.com.

3

Withdrawal

Withdraw consent (where processing is consent-based).

4

Deletion

Request deletion (subject to regulatory retention requirements) of your health data.

5

Restriction

Restrict processing (subject to regulatory retention requirements).

6

Portability

Data portability (where technically feasible).

For any privacy or data security related complaints, you may lodge a complaint with the Data Protection Officer at Morepen Laboratories Limited by writing at dpo.devices@morepen.com.

Cookies and Analytics

Our website and App may use cookies for:

Session management
Performance optimization
Analytics
Security

Users may control cookie settings through browser preferences.

Children's Privacy

Our services are intended for individuals under medical supervision. For minors, consent must be provided by a parent or legal guardian in accordance with applicable law.

Updates to This Policy

We may update this Privacy Policy periodically to reflect:

Regulatory changes
Operational improvements
Technological updates
Service-related changes

Updated versions will be posted on our website and App with the revised effective date.

Grievance Redressal & Data Protection Officer

We have appointed a Grievance Officer / Data Protection Officer (DPO) in accordance with DPDP Act 2025 requirements.

Contact Details

Mr. Amrit Ravi

Vice President - Data Protection Officer

Morepen Laboratories Limited

dpo.devices@morepen.com

We aim to respond to privacy-related queries within the timelines prescribed under applicable law.