This policy describes how Madhavi Netralaya collects, uses, stores, and protects personal information when you use our website, enquiry channels, and online payment features.
Summary: We minimise data collection. We do not use this website as a electronic medical record system. Online appointments and payments are processed via Zoho Bookings; we do not store complete card numbers on our servers.
Madhavi Netralaya, Near Maharaja College Gate, South Ramna Road, Ara, Bihar 802271, India, is responsible for personal data processed in connection with this website. Contact: info@madhavinetralaya.com, telephone 1800-571-9090.
Please do not submit detailed clinical information through general contact forms, the AI chat widget, or unsecured messaging. Our website uses automated PHI detection to block diagnoses, test results, prescriptions, and government ID numbers in chat and feedback channels.
Clinical records are maintained under our hospital’s separate internal policies. Online booking via Zoho Bookings is for scheduling and payment only — avoid entering clinical narratives in free-text fields.
Where you voluntarily disclose health-related information to us online, we will use it only to respond to your request or to arrange care, and we will protect it in line with applicable law, professional ethics, and HIPAA-aligned safeguards.
We process personal data fairly and lawfully for: responding to enquiries, scheduling appointments, taking legitimate advance payments for consultation, complying with accounting and regulatory duties, defending legal claims, and securing our systems. Where consent is required under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), we will obtain it explicitly (for example, dedicated consent checkboxes before payment or messaging).
We may share limited data with:
We do not sell personal data to third parties for marketing. For HIPAA-aligned operations, we require appropriate data processing agreements (DPAs) or business associate agreements (BAAs) with vendors that may process health-related data.
We retain identifiers and transaction metadata for as long as needed to honour appointments, meet tax and corporate obligations, and resolve disputes. Technical logs are kept for limited periods according to hosting configuration.
We use TLS encryption for website transport, access-controlled servers, PHI pattern blocking on chat and feedback APIs, origin-restricted API access, and vendor contracts that require safeguards. No security practice is perfect; if a breach materially affects you, we will address it under applicable law including any notification duty.
Depending on the DPDP Act and other applicable rules, you may have rights to access, correction, erasure, grievance escalation, and consent withdrawal where processing was consent-based. Please write to the contact details above. You may also use India’s Data Protection Board mechanisms when in force.
Primary processing occurs in India. If any sub-processor stores data outside India, we rely on lawful transfer tools and agreements required at that time.
We may update this policy to reflect legal, operational, or technical changes. The “Effective” date at the top will be revised, and continued use of the website after updates constitutes notice where permitted by law.