Privacy Policy

1. Introduction

Dr Atul Kasliwal ("we," "our," or "us") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information that we receive from users of our website ("Website") and through our cardiology practice services.

This Privacy Policy applies to all personal data and protected health information we collect through our Website, in our office, over the phone, through email, and through any other means. By using our Website or services, you consent to the collection and use of information in accordance with this Privacy Policy.

We comply with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and regulations thereunder, as well as medical confidentiality requirements under the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Identity Information: Name, date of birth, age, gender, photograph
• Contact Information: Address, email address, telephone numbers
• Emergency Contact Information: Names and contact details of next of kin or emergency contacts
• Government Identification: Aadhaar number, PAN card, or other identification documents as required by law
• Financial Information: Payment details, billing address, insurance information

2.2 Protected Health Information (PHI)

As a medical practice, we collect and maintain protected health information, including:

• Medical history, including past illnesses, surgeries, and family medical history
• Current medications, allergies, and immunization records
• Physical examination findings and vital signs
• Diagnostic test results (blood tests, ECG, echocardiogram, angiography, etc.)
• Treatment plans, prescriptions, and medical procedures performed
• Clinical notes, consultation records, and progress notes
• Referral information to and from other healthcare providers
• Insurance and billing information related to medical services

2.3 Information Collected Automatically

When you visit our Website, we may automatically collect certain information:

• Usage Data: Information about how you access and use the Website, including pages viewed, time spent on pages, and navigation paths
• Device Information: IP address, browser type and version, operating system, device identifiers
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking Technologies: We use cookies and similar technologies to track activity on our Website (see Section 9 for details)

2.4 Information from Third Parties

We may receive information about you from:

• Other healthcare providers who refer you to us or to whom we refer you
• Insurance companies for verification and billing purposes
• Diagnostic laboratories and imaging centers
• Pharmacies for medication management
• Family members or representatives authorized by you

3. How We Collect Information

We collect information through various methods:

• Direct Interactions: When you visit our clinic, schedule appointments, fill out forms, or communicate with us
• Website Forms: When you submit contact forms, appointment requests, or newsletter subscriptions
• Phone Communications: During phone calls for appointment scheduling or medical consultations
• Email Communications: When you send us emails or we correspond with you
• Medical Consultations: During in-person or telemedicine consultations
• Medical Records: From previous healthcare providers with your authorization
• Automated Technologies: Through cookies and analytics tools on our Website

4. How We Use Your Information

4.1 Primary Uses

We use your information for the following purposes:

• Medical Treatment: To provide, manage, and coordinate your medical care
• Diagnosis and Testing: To diagnose conditions and order appropriate tests
• Prescriptions: To prescribe and manage medications
• Appointment Management: To schedule, confirm, and manage appointments
• Communication: To communicate with you about your health, treatment options, and appointment reminders
• Follow-up Care: To provide follow-up care and monitor your health progress
• Emergency Care: To provide emergency medical care when necessary

4.2 Administrative and Business Uses

• Payment and Billing: To process payments, submit insurance claims, and manage billing
• Practice Management: To manage our practice operations and improve our services
• Legal Compliance: To comply with legal and regulatory requirements
• Quality Improvement: To monitor and improve the quality of our services
• Research: For medical research purposes (only with your explicit consent and after de-identification where possible)

4.3 Website and Marketing Uses

• Website Functionality: To provide and maintain our Website
• Customer Service: To respond to your inquiries and requests
• Marketing Communications: To send you health tips, newsletters, and practice updates (you can opt out at any time)
• Analytics: To understand how users interact with our Website and improve user experience

5. Legal Basis for Processing (DPDP Act Compliance)

Under the Digital Personal Data Protection Act, 2023, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for specific purposes (e.g., marketing communications)
• Contractual Necessity: Processing is necessary for providing medical services you have requested
• Legal Obligation: Processing is required to comply with legal and regulatory requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention)
• Vital Interests: Processing is necessary to protect your vital interests or those of another person (e.g., emergency medical care)

6. Disclosure of Your Information

6.1 Healthcare Providers

We may share your protected health information with:

• Other physicians, specialists, and healthcare professionals involved in your care
• Hospitals, diagnostic centers, and laboratories for tests and procedures
• Pharmacies for prescription fulfillment
• Emergency medical services when necessary

6.2 Insurance and Payment

We may disclose your information to:

• Health insurance companies for claims processing and payment
• Third-party billing services and payment processors

6.3 Legal and Regulatory

We may disclose your information when required by law:

• To comply with court orders, subpoenas, or legal processes
• To public health authorities for disease reporting and prevention
• To medical councils and regulatory bodies as required
• To law enforcement in cases of suspected criminal activity
• To prevent serious harm or threat to health and safety

6.4 Service Providers

We may share information with trusted service providers who assist us in:

• Website hosting and maintenance
• Email and communication services
• Appointment scheduling systems
• Medical record storage (electronic health records)
• Analytics and marketing services

All service providers are contractually obligated to maintain the confidentiality and security of your information.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets involving our practice, your information may be transferred to the acquiring entity, subject to the same privacy protections.

7. Data Security

7.1 Security Measures

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of sensitive data in transit and at rest
• Secure socket layer (SSL) technology for our Website
• Restricted access to personal information on a need-to-know basis
• Password-protected and encrypted electronic health record systems
• Physical security measures for paper records
• Regular security audits and vulnerability assessments
• Staff training on privacy and security practices
• Secure disposal of information when no longer needed

7.2 Data Breach Notification

In the event of a data breach that may compromise your personal or health information, we will notify you and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Medical Records: Retained for a minimum of 10 years from the date of last treatment, or longer as required by medical council regulations
• Billing Records: Retained for 7 years as required by tax laws
• Website Data: Retained as long as necessary for operational purposes
• Marketing Data: Retained until you withdraw consent or we determine it is no longer necessary

When information is no longer required, it will be securely destroyed or de-identified.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your device when you visit our Website. They help us provide a better user experience and understand how our Website is used.

9.2 Types of Cookies We Use

• Essential Cookies: Necessary for the Website to function properly
• Analytics Cookies: Help us understand how visitors use our Website (e.g., Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (if applicable)

9.3 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Website.

10. Your Rights

Under the Digital Personal Data Protection Act, 2023, and other applicable laws, you have the following rights:

10.1 Right to Access

You have the right to request access to your personal and health information that we hold.

10.2 Right to Correction

You have the right to request correction of inaccurate or incomplete information.

10.3 Right to Erasure

You have the right to request deletion of your personal information, subject to legal and medical record retention requirements.

10.4 Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used format.

10.5 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

10.6 Right to Object

You have the right to object to processing of your personal information for marketing purposes.

10.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Data Protection Board of India if you believe your rights have been violated.

10.9 Right to Nominate

You have the right to nominate an individual to exercise your rights in the event of your death or incapacity.

10.10 Exercising Your Rights

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within 30 days.

11. Access to Medical Records

You have the right to access your medical records. Requests for medical records should be made in writing. We may charge a reasonable fee for copying and administrative costs. In certain limited circumstances, we may deny access to specific information as permitted by law.

12. Children's Privacy

Our services may be provided to minors (individuals under 18 years of age). When treating minors, we obtain consent from parents or legal guardians as required by law. We are committed to protecting the privacy of minors and handle their information with special care.

13. International Data Transfers

Your information is primarily stored and processed in India. If we transfer information outside India, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on our Website and updating the "Effective Date" at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Regulatory Authorities

If you believe your privacy rights have been violated, you may file a complaint with:

17. Consent

By using our Website and services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Website or services.

Last Updated: October 1, 2025