Privacy Policy

Purpose
This Privacy Policy explains how Swagat Superspeciality Surgical Institute & NH (“we/us/our”) collects, uses, shares, and protects your information when you use our Services.
Legal Basis
We process data under applicable Indian laws, including the Information Technology Act, 2000 and related rules on Sensitive Personal Data or Information (SPDI), and as applicable, the Digital Personal Data Protection Act, 2023 and its rules/notifications. Where required, we obtain your consent.
What We Collect
Identity & Contact: name, date of birth/age, gender, contact numbers, email, address. Health/Medical (SPDI): medical history, symptoms, prescriptions, lab reports, images, vitals, allergies. Booking & Transaction: appointment details, order IDs, payment method (tokenized), billing, refunds. Technical: device/browser data, IP address, logs, cookies and similar technologies. Communications: chat messages, call recordings (with prior notice), feedback.
How We Use Data
Provide and improve online consultations, diagnostics, and support. Generate prescriptions, lab orders, and reports. Process payments, refunds, and prevent fraud. Comply with law, medical audit, and quality assurance. Send transactional notices; with your consent, send health updates or promotional messages (you can opt out).
Sharing & Disclosures
We may share information with: Doctors/RMPs and authorized clinical staff involved in your care. Diagnostic partners and logistics providers for sample collection and reporting. Payment gateways/Processors for payments and refunds.
Sharing & Disclosures
IT vendors/cloud hosting, analytics, and customer support providers under confidentiality. Government/regulatory authorities where required by law. We do not sell your personal information.
Cross‑Border Transfers
Data is primarily stored and processed in India. If transferred outside India (e.g., cloud back‑ups or vendor support), we ensure appropriate safeguards and require contractual protection for SPDI.
Security
We use reasonable administrative, technical, and physical safeguards (e.g., access controls, encryption in transit, secure development practices). Payments are handled via PCI‑DSS compliant gateways. No method of transmission/storage is 100% secure.
Data Retention
Medical records are retained for periods mandated by law/clinical policy (typically 3–7 years or longer where legally required). Transaction and invoice data are retained to comply with tax and accounting laws.
Your Rights
Subject to law, you may request access, correction, updating, porting, or erasure of your personal data; withdraw consent; and register a grievance. We will respond within timelines prescribed by law.
Children’s Privacy
For users under 18, parent/guardian consent is required. We do not knowingly collect data from children without such consent.
Cookies
We use cookies for session management, analytics, and personalization. You can control cookies through your browser settings; disabling may affect features.
Third‑Party Links
Our website/app may contain links to third‑party sites. Their privacy practices are governed by their own policies.
Updates to This Policy
We may update this Policy periodically. Material changes will be notified via website/app