Thank you for visiting our website and for your interest in Heedoc (hereinafter “Heedoc”, “we”,
“our” or “us”). This policy explains how we handle personal information when you use our website
and related services, in line with the Privacy Act, 2075 (2018) and other
applicable laws of Nepal.
Additional policies and cross-border processing
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with
dedicated data protection laws, additional disclosures may apply. Where relevant, we align our practices with
recognized international standards, including the EU General Data Protection Regulation (GDPR), in addition
to Nepali law.
Our services may involve supporting professional documentation and council-related workflows (for example,
Nepal Nursing Council renewal and Certificate of Good Standing). Where we process sensitive or
health-related information strictly as needed to deliver those services, we apply confidentiality safeguards
consistent with professional standards and applicable requirements in Nepal. The United States Health
Insurance Portability and Accountability Act (HIPAA) does not apply to our Nepal-focused portal services;
if you use other Heedoc offerings subject to different rules, separate notices may apply.
When an institution or professional you have a relationship with uses our tools to manage information about
you, that party may act as the primary controller of your data; in those cases, their privacy notice may also
apply alongside this policy.
Information collection when visiting our website
When you use our website for information only and do not submit forms or otherwise send us data, we collect
the technical information your browser transmits to our server (commonly referred to as server log data),
such as requested pages, approximate timing, and IP address. We use this information to operate and secure
the site. It is not used for unrelated purposes. We may review logs where there are concrete indications of
misuse or a security need.
Cookies
To make our website work reliably and to enable certain features, we use cookies and similar technologies.
Some cookies are deleted when you close your browser (session cookies). Others remain for a defined period
(persistent cookies) so we or our partners can recognize your browser on a later visit. Depending on the
cookie, limited information such as browser type, general location, or IP-related signals may be processed.
For more detail, see our Cookie Policy where we publish one; you can also control cookies through your
browser settings. If you disable cookies, some features may not work as intended.
Advertising
We may work with advertising or analytics partners who use cookies or similar technologies to measure
performance and to help present relevant content. Third-party cookies may be stored when you visit our site.
Where required by law, we rely on appropriate consent or legitimate interests and you may adjust preferences
through your browser or applicable consent tools.
Contacting us
When you contact us (for example through our contact form or email), we collect the personal information you
provide. We use it only to respond to your inquiry, follow up as needed, and for related technical
administration. We delete or anonymize this information after your request is fully handled, unless a
longer retention period is required by applicable law or legitimate business records (for example tax or
accounting rules in Nepal).
Information processing when you use our services
If you submit applications or documents through our portal (such as license renewal, Certificate of Good
Standing, or combined express workflows), we collect and use the personal information shown on the relevant
forms to perform the contract, communicate with you, coordinate with councils or authorities as your case
requires, and process payments. After the service is completed, we retain information only as needed for
legal, tax, and accounting obligations under Nepali law (including relations with the Inland Revenue
Department and other regulators where applicable), and then delete or restrict it in line with those
obligations, unless you have agreed to further use or another lawful basis applies.
Direct marketing
We may send information about our services, offers, or updates where permitted. The legal basis may be your
consent or our legitimate interest in promoting our services, consistent with Nepali law. You can opt out of
marketing communications at any time using the unsubscribe link in emails or by contacting us.
Commercial and business relationships
We process information about clients, partners, employers, educational institutions, and healthcare or
professional organizations in Nepal and elsewhere when needed to deliver services, respond to enquiries, and
manage contracts. Purposes include performing agreements, administration, communication, quality
improvement, and, where appropriate, marketing aligned with your choices. Legal bases include contract,
pre-contract steps, legal obligation, and legitimate interests, balanced against your rights.
We share personal information with third parties only where necessary for these purposes or as required by
law—for example payment processors, cloud hosting, communications tools, logistics or courier services,
banks, auditors, accountants, legal advisers, or tax authorities including the Inland Revenue Department of
Nepal.
Administration, finance, and office operations
We process data for bookkeeping, invoicing (including VAT/PAN-related records where applicable), archiving,
and compliance. Retention and deletion for contractual and operational data follow the same principles as
above. We may retain business contact details for suppliers and partners on an ongoing basis where
proportionate.
Fraud prevention and payment processing
Where applicable, we provide payment service providers with information they need as our processors to
prevent fraud, handle disputes, support accounting, and optimize payment flows. This supports our legitimate
interests in secure payments and fraud prevention.
How we protect your personal information
Heedoc is committed to protecting personal information. We implement safeguards appropriate to the
sensitivity of the data, including physical, administrative, organizational, and technical measures such as
secure networks, access controls, monitoring and testing, and information security policies. Associates with
access to personal data are required to protect confidentiality. When disposing of records, we use secure
deletion, shredding, or equivalent methods.
No method of transmission or storage is completely secure. You should protect your account credentials, use
strong passwords, sign out on shared devices, and keep your contact details up to date.
Vendors and commercial partners
We work only with vendors and partners who meet our data protection expectations and, where required,
appropriate contractual commitments. Personal information is not shared with a new vendor for processing until
reasonable assurance is in place regarding confidentiality and security.
Training, audits, and retention
Staff who may access personal information receive onboarding and refresher training on this policy and
related procedures. We review practices periodically to confirm that retention remains necessary and that
information is destroyed securely when no longer needed, with destruction logs where appropriate.
Data incidents
If we become aware of a breach that may affect your personal information, we will work to contain it,
investigate, and notify affected individuals and, where required, competent authorities in Nepal, as soon as
reasonably practicable, together with a summary of steps we are taking to reduce harm.
Confidentiality and policy violations
Employees and contractors must keep personal and proprietary information confidential and limit access to
those with a legitimate need. Serious or repeated breaches of this policy may result in disciplinary action
under our internal policies, up to and including termination of engagement where appropriate.
Your rights (Nepal)
Under the Privacy Act, 2075 (2018) and related Nepali frameworks, you may have rights to transparency,
access, correction of inaccurate data, withdrawal of consent where processing is consent-based, and
objection to certain processing such as direct marketing, subject to legal exceptions. Depending on your case,
you may also request deletion or restriction of personal information where no overriding legal obligation
requires retention.
To help protect your privacy, we may verify your identity before fulfilling a request. Unless applicable law
allows a reasonable fee, we generally do not charge for responding to rights requests related to your own
data. We do not discriminate against you for exercising your privacy rights in relation to services we offer
on ordinary commercial terms.
Sale of personal information: We do not sell your personal
information in the sense of exchanging it for money with unrelated data brokers. If our practices change, we
will update this policy and provide any notices required by law.
Categories of information we may collect and share
Depending on how you use Heedoc, we may collect categories of information such as:
- Identifiers and contact details (name, email, phone, postal address in Nepal or abroad, account username, device or online identifiers, IP address, cookies and similar technologies).
- Financial information needed for payments (for example payment card details are typically handled by our payment processor rather than stored on our servers).
- Commercial information (services purchased, inquiries, and related history).
- Internet or similar activity (interactions with our website, forms, and communications).
- Professional or education-related information you submit for council or verification workflows.
- Photos or documents you upload as part of an application.
- Inferences we may draw from the above to improve support or security.
We collect this information from you directly, from your organization where they refer you, from service
integrations you authorize, and in limited cases from public sources or partners involved in delivering the
service. We use it for the purposes described in this policy, including providing and improving services,
security, analytics, short-term contextual use, debugging, and compliance. We may disclose relevant categories
to processors and partners such as hosting providers, payment processors, email and support tools, analytics
providers, and professional advisers, always subject to appropriate safeguards and applicable Nepali law.
International transfers
Some of our service providers may process data outside Nepal. Where that happens, we take steps that are
reasonable in the circumstances—such as contractual protections and vendor security reviews—to help protect
your information in line with this policy and applicable law.
Changes to this privacy policy
We may update this policy when our processing activities change. Material changes will be posted on this page
with an updated date. If a change requires your cooperation (for example new consent), we will explain that
separately where required by law.
Concerns and contact
If you have questions about this policy, believe your information has been misused, or wish to exercise your
rights, please contact us through our
Contact
page or the details we publish on our website. We will respond within a reasonable time in accordance with
applicable Nepali law.
