Effective Date: 08/10/2025
Yashoda Super Speciality Hospital & Medicity, M/s Yashoda Hospital and Research Centre Ltd. (collectively, “Yashoda”, “we”, “us”) provides websites, mobile applications, and connected services (the “Services”). This Privacy Policy explains how we collect, use, share, and protect personal information of users of the Services. By using the Services, you agree to this Policy and our Terms of Use.
1. Scope and Definitions
2. Legal Basis and Applicability: We process personal data as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the 2011 SPI Rules, as applicable. We rely on consent, performance of healthcare services, compliance with legal obligations, vital interests (medical emergencies), and other legitimate uses permitted by law. Where consent is required, it will be free, specific, informed, unconditional, unambiguous, and given by clear affirmative action, with easy withdrawal via our portal or by contacting us.
3. Data We Collect
We collect the following categories of data:
4. Purpose Limitation and Use
We use your data for the following purposes:
We do not publish your personal information on our website unless you have provided explicit consent for testimonials or directory listings, with the right to request removal at any time.
5. Disclosures to Partners and Third Parties We share data with service providers and Partners (e.g., diagnostics, pharmacy, payment, IT hosting, communications, insurers/TPAs, analytics in de-identified form, SMS/email providers, customer support, auditors, legal authorities) under written contracts, who process data only on our instructions, implement security measures, and are subject to confidentiality. If data is transferred outside India, it will be done per applicable law and with reasonable safeguards; we will maintain accountability.
6. Sensitive Personal Data and Health Information Sensitive health data is handled with stricter controls, including need-to-know access, encryption in transit and at rest where feasible. Telemedicine audio/video interactions may be recorded only with notice/consent where required, stored securely, and used for care quality and dispute resolution. For research involving identifiable data beyond care, we seek explicit consent or an ethics waiver; otherwise, only de-identified/anonymized data is used.
7. Cookies and Tracking: We use cookies for essential functions and, with your consent, for analytics and personalization. Types include strictly necessary, performance/analytics, functionality, and advertising (if any). You can manage preferences in Cookie Settings and opt-in to non-essential cookies. We use third-party analytics (e.g., Google Analytics with IP anonymization) and provide opt-out options.
8. Data Retention: We retain medical records and other data for periods required by law (typically 3–10 years depending on state regulation and record type) or longer where mandated for medico-legal purposes. Transaction and billing data are retained per tax/financial law. Account data is retained while active and deleted or anonymized after 30 days of inactivity, subject to legal holds. Criteria for retention are available on request.
9. Your Rights and Requests: You have the right to request access, confirmation, correction, updating, portability (where feasible), withdrawal of consent, deletion/erasure (subject to legal exceptions), and grievance redressal. Requests can be made via our portal or by contacting the Grievance Officer. We will acknowledge requests within 24–72 hours and resolve them within 15–30 days, subject to identity verification.
10. Children’s Privacy: We define minors as under 18 years of age. We obtain verifiable parental/guardian consent before processing children’s personal data via the App/Website and use age gates where feasible. We do not engage in behavioral advertising or profiling of children.
11. Security Measures and Breach Response: We implement administrative, technical, and physical safeguards, including encryption in transit (TLS 1.2+), encryption at rest for health data, role-based access, multi-factor authentication for admin, logging/monitoring, secure software development, regular vulnerability scans and penetration tests, vendor due diligence, data minimization, least privilege, and periodic training. We maintain incident response procedures, monitor 24x7, assess breaches, and notify affected individuals and authorities as required by law within applicable timelines, taking steps to mitigate harm.
12. Automated Decision-Making and Profiling: We do not make decisions that produce legal or similarly significant effects solely based on automated processing. If clinical decision support exists, it supports clinicians and is not a substitute for medical judgment.
13. Social Media and Third-Party Links: Our Services may include social media features and links to third-party sites. We do not control third-party tracking by social plugins and, where implemented, disable plugins by default until user interaction.
14. Payment Processing: Payments are processed via PCI-DSS compliant gateways. We do not store full card data; tokenization is used where applicable.
15. International Users Notice: Our Services are targeted to users in India. If accessed from other regions, data will be processed in accordance with this policy and applicable Indian laws; local rights may vary.
16. Changes to This Policy: We will post updates to this Privacy Policy here and, where material, notify you and seek consent if required. The Effective Date and Version will be displayed at the top of this policy.
17. Contact and Grievance Officer: Email: grievance.ym@yashodahospital.org Address: Yashoda Super Speciality Hospital & Medicity, H-1, 24, 26 & 27, Kaushambi, Ghaziabad – 201010, Uttar Pradesh. Working hours and response timelines are available on our website.
