Privacy Policy

“We,” “Us,” and “Our” refer to St Thomas Heart Centre. We are dedicated to protecting the privacy, confidentiality, and security of your personal and health-related information. This Privacy Policy explains how we collect, use, store, process, and safeguard your personal data in accordance with applicable Indian laws, including:

  • The Digital Personal Data Protection Act, 2023 (DPDPA)
  • The Information Technology Act, 2000 – Section 43A
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011

This policy applies to all personal information collected through our services, whether online via our website (https://www.stthomasheartcentre.com/) or offline. The terms “You” or “Your” refer to patients, attendants, caregivers, or website visitors.

1. Scope and Applicability

This Privacy Policy applies to:

  • Personal information is collected when you visit St Thomas Heart Centre or use our healthcare services.
  • Information shared during appointments, consultations, registrations, diagnostics, or other related processes.
  • Data collected through our website and other digital platforms.

We ensure that all personal and sensitive data is processed with strict confidentiality and in compliance with applicable laws.

  1. Personal Information We Collect

We may collect and process the following categories of information:

  • Identity Information: Name, age, gender, date of birth, address, phone number, and email address.
  • Health Information: Medical history, diagnostic reports, test results, prescriptions, treatment details, and clinical notes.
  • Financial Information: Billing details, insurance information, and payment-related data.
  • Website and Technical Information: IP address, browser type, device details, and website usage data collected through cookies.
  • Voluntarily Provided Information: Any additional details shared by you through forms, feedback, or direct communication.

 

3. Legal Basis for Processing Personal Data

We process personal data in accordance with:

Digital Personal Data Protection Act, 2023 (DPDPA):

  • Ensuring lawful, fair, and transparent processing of personal data.
  • Collecting consent wherever required.

Information Technology Act, 2000 – Section 43A:

  • Implementing reasonable security practices to protect sensitive personal information.

IT Rules, 2011:

  • Processing sensitive personal data, including medical records, only with consent.
  • Maintaining appropriate safeguards such as access controls, encryption, and periodic audits.

4. Purpose of Data Collection and Use

Your personal information may be used for:

  • Providing medical care, diagnosis, treatment, and follow-up services.
  • Managing hospital administration, patient registration, billing, and medical records.
  • Meeting legal, regulatory, and compliance obligations.
  • Improving healthcare quality, services, and patient experience.
  • Sending appointment reminders, service updates, and relevant health-related communications.

Anonymized and aggregated data may be used for research, analysis, and operational improvements.

5. Consent for Data Processing

By using our services or providing your personal information, you consent to:

  • The collection, use, storage, and processing of your personal data as described in this Privacy Policy.
  • The processing of sensitive personal data for healthcare and related purposes.

You may withdraw your consent at any time, subject to applicable legal and regulatory requirements.

  1. Data Sharing and Disclosure

We do not sell or rent your personal data. Information may be shared only in the following situations:

  • Healthcare Professionals: For diagnosis, treatment, and continuity of care.
  • Service Providers: Including laboratories, diagnostic centers, insurers, or IT service partners, under strict confidentiality obligations.
  • Legal or Regulatory Authorities: When required by law, court orders, or government authorities.
  • Cross-Border Transfers: Only to jurisdictions permitted under the DPDPA and with appropriate data protection safeguards.
  1. Data Security Measures

We adopt reasonable and industry-standard security practices to protect your information, including:

  • Encryption of sensitive data during storage and transmission.
  • Role-based and restricted access to personal information.
  • Regular system monitoring, security audits, and risk assessments.
  • Secure data backups and disaster recovery mechanisms.

While we strive to protect your data, no system can guarantee complete security. Users are advised to safeguard their credentials and inform us of any suspected data breach.

  1. Your Rights

You have the right to:

  • Access: Request confirmation and details of personal data held about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Erasure: Request deletion of personal data, subject to legal obligations.
  • Data Portability: Obtain a copy of your personal data in a structured format.
  • Withdrawal of Consent: Withdraw consent for data processing, where applicable.

Requests can be made by contacting our Data Protection Officer (see Section 12).

  1. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.

  • Medical Records: Retained in accordance with applicable healthcare regulations.
  • Financial and Billing Records: Retained for statutory, audit, and compliance purposes.

After the retention period, data is securely deleted or anonymized.

10. Cookies and Website Technologies

Our website uses cookies and similar technologies to:

  • Improve website functionality and performance.
  • Understand user behavior and enhance user experience.

You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect certain website features.

  1. Updates to This Privacy Policy

St Thomas Heart Centre may update this Privacy Policy periodically. The revised policy will be published on our website. Any significant changes will be communicated appropriately.

  1. Contact Information and Grievance Redressal

For any questions, concerns, or complaints regarding this Privacy Policy or the handling of your personal data, please contact: