Privacy Policy

Effective Date: 15 May 2026

This Privacy Policy (“Policy”) is published in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable laws in India.

It governs the collection, use, storage, and protection of personal data by Bapashri Orthocare (“Hospital”, “we”, “us”, “our”), acting as a Data Fiduciary, in relation to users (“Data Principal”, “you”) accessing this website (“Website”).

By using the Website, you consent to the practices described in this Policy.

1. DEFINITIONS

1.1 Personal Data means any data about an individual who is identifiable by or in relation to such data.

1.2 Data Principal means the individual to whom the personal data relates.

1.3 Data Fiduciary means the entity (Hospital) that determines the purpose and means of processing personal data.

1.4 Processing means collection, storage, use, or handling of personal data in any manner.

2. NATURE OF DATA COLLECTED

2.1 The Hospital may collect the following Personal Data:

(a) Name

(b) Mobile number

(c) Email address

(d) Appointment-related details submitted voluntarily

2.2 The Website does not intentionally collect sensitive personal data or medical records, unless voluntarily shared by the Data Principal.

3. PURPOSE OF PROCESSING

3.1 Personal Data is collected and processed strictly for the following purposes:

(a) Appointment scheduling and confirmation

(b) Patient communication and coordination

(c) Hospital operational management

(d) Responding to user inquiries

3.2 The Hospital shall process Personal Data only for specified, explicit, and lawful purposes.

4. CONSENT OF DATA PRINCIPAL

4.1 By submitting Personal Data through the Website, the Data Principal provides free, specific, informed, and unambiguous consent for processing such data.

4.2 The Data Principal may withdraw consent at any time by contacting the Hospital. Upon withdrawal, the Hospital shall cease processing data unless retention is required under law.

5. LEGITIMATE USE UNDER DPDP ACT

5.1 The Hospital may process Personal Data without explicit consent where permitted under the DPDP Act, including:

(a) For medical emergency response

(b) For compliance with legal obligations

(c) For reasonable purposes such as appointment coordination and communication

6. DATA DISCLOSURE & SHARING

6.1 The Hospital does not sell, rent, or trade Personal Data.

6.2 Personal Data may be shared only:

(a) With authorized hospital personnel

(b) With insurance companies or TPAs for claim processing

(c) With laboratories or healthcare partners for treatment coordination

(d) When required under applicable law or government order

7. DATA SECURITY SAFEGUARDS

7.1 The Hospital implements reasonable security safeguards to protect Personal Data against:

Unauthorized access

Alteration

Disclosure

Loss or misuse

7.2 While efforts are made to secure data, the Hospital does not guarantee absolute security of digital transmissions.

8. DATA RETENTION

8.1 Personal Data shall be retained only for as long as necessary to fulfill the purposes stated in this Policy, or as required under applicable laws.

8.2 After the retention period, data shall be securely deleted or anonymized.

9. RIGHTS OF DATA PRINCIPAL

9.1 Under the DPDP Act, the Data Principal has the following rights:

(a) Right to access information about Personal Data processed

(b) Right to correction and updating of inaccurate data

(c) Right to erasure, subject to legal and medical record requirements

(d) Right to grievance redressal

9.2 Requests may be submitted using the contact details provided in this Policy.

10. GRIEVANCE REDRESSAL

10.1 The Hospital shall appoint or designate a Grievance Officer to address complaints or concerns regarding data processing.

10.2 Users may contact the Grievance Officer for the resolution of any privacy-related issues.

11. COOKIES AND TRACKING

11.1 The Website may use cookies or analytics tools solely for:

Improving website performance

Enhancing user experience

11.2 Cookies do not access or store sensitive medical information.

12. THIRD-PARTY LINKS

12.1 The Website may contain links to external websites.

12.2 The Hospital is not responsible for the privacy practices or content of such third-party websites.

13. CHILDREN’S DATA

13.1 The Website is not intended to knowingly collect Personal Data from individuals under the age of 18 without consent from a parent or legal guardian.

14. LIMITATION OF LIABILITY

14.1 The Hospital shall not be liable for any unauthorized access or breach arising from circumstances beyond reasonable control, including cyberattacks or technical failures.

15. MODIFICATION OF POLICY

15.1 The Hospital reserves the right to amend, modify, or update this Policy at any time.

15.2 Continued use of the Website constitutes acceptance of such changes.

16. GOVERNING LAW & JURISDICTION

16.1 This Policy shall be governed by the laws of India.

16.2 Any disputes shall be subject to the exclusive jurisdiction of the courts in Gujarat, India.

17. CONTACT INFORMATION

For any questions, grievances, or data-related requests, contact:

Bapashri Hospital

Address: Dayalu Complex, Char Koshiyanaka, Modasa Road, Lunawada – 389230

Phone Number: +91-63539 69191

Email Address: [email protected]