Privacy Policy

4.1 Personal Identifiers

First name, last name, date of birth, age, gender, postal address, email address, mobile number(s), and other contact information you provide.

4.2 Health Information (Special Category Data)

We collect health information to facilitate accurate appointment booking and coordination with partner diagnostic centers.

• Medical test type (e.g., MRI, CT Scan, Ultrasound, Blood Test, PET CT)
• Scan area or body part to be examined
• Clinical symptoms, medical history, or reason for test (provided by you or physician)
• Prescriptions or referral letters from treating physicians
• Relevant medical reports or imaging from previous investigations
• Medications you are currently taking
• Allergies (including contrast media allergies)
• Implants, metal hardware, or other contraindications
• Pregnancy status (when relevant for imaging)
• Dietary restrictions or pre-test preparation compliance

Why We Collect This: To recommend appropriate diagnostic centers, verify machine compatibility, identify potential contraindications, ensure accurate pricing, and reduce booking errors. This information helps our partner centers prepare properly and ensure your safety.

4.3 Why We May Request Prescriptions or Medical Documents

We may request one or more of the following documents:

• Prescriptions
• Referral letters
• Previous reports
• Clinical notes
• Scan recommendations

These documents may be requested to:

• recommend suitable centres
• verify machine compatibility
• estimate accurate pricing
• verify scan protocols
• reduce booking errors
• improve appointment coordination

Providing medical documents does not establish a doctor-patient relationship with Health Point IND.

4.4 Payment and Financial Data

Credit/debit card numbers (tokenized not stored in full), billing address, payment gateway transaction IDs, invoice details, discount codes used, and payment status. Payment processing is handled by PCI-DSS compliant third-party gateways.

4.4 Communication Data

Emails, SMS, WhatsApp messages, chat conversations with customer support, and feedback you submit. We retain these for appointment coordination, complaint resolution, and service improvement.

4.5 Technical and Usage Data

IP address, browser type and version, device type and OS, time zone, pages visited, time spent on pages, search queries, referring/exit pages, cookies and similar tracking identifiers, location data (if you enable location services).

4.6 Uploaded Documents

Prescriptions, medical reports, imaging files (DICOM format), referral letters, identity proofs, and other supporting documents you upload to facilitate booking.

5.1 Directly from You

• When you register an account
• When you book an appointment or diagnostic test
• When you fill out forms or questionnaires
• When you upload medical documents or prescriptions
• When you communicate with us via email, chat, phone, or SMS
• When you provide feedback or file a complaint
• When you respond to surveys or feedback requests

5.2 Automatically Through Technology

• Cookies and Local Storage: We use persistent and session cookies to recognize you, remember preferences, and track usage patterns.
• Web Beacons and Pixels: Transparent images on our website track which pages are visited and when.
• Server Logs: Automatically recorded when you access our website (IP address, browser type, access times).
• Analytics Tools: Google Analytics and similar services collect anonymized usage data to improve user experience.
• Device Information: Device identifiers, operating system, browser type, and settings.

5.3 From Third Parties

• Payment Processors: Transaction confirmations and payment status
• Partner Diagnostic Centers: Appointment confirmations, report delivery confirmations
• SMS/Email Service Providers: Delivery confirmations for notifications
• Analytics Providers: Aggregated usage statistics

6.1 Core Service Delivery

• Process and confirm appointment bookings
• Share necessary health information with partner diagnostic centers for test scheduling
• Verify machine compatibility and appropriate diagnostic center selection
• Calculate accurate pricing based on test complexity and facility rates
• Send appointment reminders and pre-test instructions
• Process cancellations and rescheduling requests
• Facilitate payment processing securely

6.2 Communication and Support

• Send booking confirmations, payment receipts, and invoices
• Provide customer support via email, phone, or chat
• Send appointment reminders before your scheduled test
• Share test preparation instructions and dietary guidelines
• Send report delivery notifications from partner facilities
• Respond to your queries and complaints

6.3 Service Improvement and Analytics

• Analyze usage patterns to improve website functionality and user experience
• Identify technical issues and optimize platform performance
• Generate anonymized statistical reports on booking trends
• Test new features and services

6.4 Fraud Prevention and Security

• Detect and prevent fraudulent bookings and payments
• Verify identity for security purposes
• Monitor for unauthorized access or suspicious activities
• Investigate and prevent abuse of our services

6.5 Legal and Regulatory Compliance

• Comply with legal obligations under Indian law
• Respond to lawful requests from courts, law enforcement, or regulatory authorities
• Maintain records for regulatory audits and compliance verification
• Protect the legal rights and property of Health Point IND

6.6 Marketing and Communications (With Your Consent)

• Send promotional offers, discounts, and new service announcements (only if you opt in)
• Send promotional offers and updates via email, SMS, or WhatsApp only if you opt in
• Conduct surveys to gather feedback on our services
• Share health tips and wellness information related to diagnostic tests
• You can withdraw consent for marketing communications at any time by clicking "Unsubscribe" in our emails or sending a request to info@healthpointind.com

6.7 WhatsApp and Communication Consent

By contacting Health Point IND through WhatsApp, telephone, email, website forms, social media platforms, or other communication channels, you consent to receive appointment updates, booking confirmations, support communications, and service-related notifications.

6.8 Data Deletion Requests

Users may request access, correction, or deletion of personal information. However Health Point IND may retain information where necessary for:

• legal compliance
• accounting
• fraud prevention
• dispute resolution
• healthcare booking records
• regulatory obligations

7.1 Partner Diagnostic Centers and Imaging Facilities

We share the following with partner facilities to coordinate your appointment:

• Your name, contact number, and email
• Appointment date and time
• Test type and scan area
• Clinical information and symptoms (for clinical correlation)
• Prescriptions and relevant medical documents
• Allergies and contraindications
• Payment status and amount paid
• Emergency contact information

Important: Partner facilities are independent data controllers and maintain their own privacy policies. We are not responsible for their handling of your data. Please review their privacy policies separately.

7.2 Service Providers and Processors

We share data with trusted service providers under Data Processing Agreements that ensure equivalent data protection:

• Payment Gateways: Razorpay, PayU, or similar (for secure payment processing they receive tokenized card data only)
• SMS Service Providers: For appointment reminders and updates
• Email Service Providers: For transactional and marketing emails
• WhatsApp Service Providers: For appointment reminders and customer support messages, only with your consent
• Web Hosting and Cloud Infrastructure: For secure data storage and backup
• Analytics Providers: For anonymized usage analysis
• Customer Support Platforms: For ticket management and communication

Data Processing Agreements: All third-party processors are bound by legally enforceable Data Processing Agreements that comply with Indian law and prohibit them from using your data for any purpose other than providing services to Health Point IND.

7.3 Legal Authorities and Compliance

We may disclose your information to:

• Courts, judges, or judicial authorities in response to valid court orders
• Law enforcement agencies (police, CBI, etc.) in compliance with lawful requests
• Government regulatory bodies and healthcare authorities
• This disclosure occurs only when required by law and we will not voluntarily share unless mandated

7.4 Business Transfers

If Health Point IND is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction. We will provide notice and the acquiring entity will be bound by this Privacy Policy or a similar policy.

7.5 With Your Explicit Consent

We will not share your information beyond what is described above without your explicit, informed consent. For example, if you request a referral to a specific physician or facility beyond our partner network, we will seek your permission before sharing relevant data.

Reviews and Testimonials: If you provide reviews or testimonials, we may publish them with your consent. Such content is provided for informational purposes only and does not constitute medical advice, endorsement of outcomes, or verification of the medical accuracy of statements.

9.1 What are Cookies?

Cookies are small text files stored on your device that help us recognize you and remember your preferences. We use both session cookies (deleted when you close your browser) and persistent cookies (remain on your device).

9.2 Types of Cookies We Use

9.3 Managing Your Cookie Preferences

• Use our cookie consent banner to manage preferences at any time
• Adjust browser settings to block or delete cookies (note: this may affect website functionality)
• Use "Do Not Track" browser feature (we honor DNT signals)
• Opt out of Google Analytics at: tools.google.com/dlpage/gaoptout

9.4 Other Tracking Technologies

• Web Beacons/Pixels: Invisible images on our website and emails to track which pages are viewed
• Server Logs: Automatically recorded IP address, browser type, referring page, access time
• Local Storage: Browser-based storage similar to cookies for faster loading

10.1 Right to Access

You can request a copy of all personal data we hold about you in a machine-readable format (CSV, JSON, etc.).

10.2 Right to Rectification

You can correct inaccurate or incomplete personal data (name, contact info, medical details). You can update this yourself in your account settings or request our help.

10.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, except where we must retain it for legal reasons (see Section 8.2).

10.4 Right to Data Portability

You can request all your data be transferred to another service provider in a structured, machine-readable format.

10.5 Right to Consent Withdrawal

You can withdraw consent for marketing communications, analytics, or optional data processing at any time by:

• Clicking "Unsubscribe" in our emails
• Updating preferences in your account settings
• Sending a request to info@healthpointind.com

10.6 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can file a complaint with the Data Protection Board (DPB) established under DPDP Act.

10.7 How to Exercise Your Rights

Email us at info@healthpointind.com with:

• Full name and registered email/phone number
• Specific right you want to exercise (access, correction, deletion, portability, etc.)
• Description of the data or request
• Proof of identity (we may request this for security)

Timeline: We will respond promptly and in accordance with applicable law to your rights requests.

11.1 Security Measures

We implement industry-standard security measures to protect your data:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted (https://)
• Database Encryption: Health data and sensitive information are encrypted at rest
• Access Controls: Only authorized employees and contractors access personal data
• Multi-Factor Authentication (MFA): Admin accounts use MFA for additional security
• Regular Security Audits: Third-party security assessments of our infrastructure
• Firewalls and Intrusion Detection: Network protection against unauthorized access
• Data Backup: Regular encrypted backups to recover from data loss

11.2 Payment Card Security

Payment processing complies with PCI-DSS (Payment Card Industry Data Security Standard). We do not store full card numbers only encrypted tokens for future transactions. All payment gateways (Razorpay, PayU) are PCI-DSS certified.

11.3 No Absolute Security Guarantee

Important: While we use industry-standard security, no system is 100% secure. We cannot guarantee absolute protection against unauthorized access, data breaches, or cyber attacks. Use strong passwords, enable two-factor authentication on your account, and never share login credentials.