Privacy Policy

Apex Hospitals Pvt. Ltd. (Apex Hospitals, we, us, or our) is committed to respecting the privacy of every individual who shares their information or data with us. Your privacy is important to us, and we take all necessary measures to ensure that your information is handled securely and by applicable laws.

This Privacy Policy applies to the collection, storage, processing, disclosure, and transfer of your Personal Information (defined below) as per the laws, particularly when you use the website of Apex Hospitals Pvt. Ltd. (“www.apexhospitals.com”) for any information or services.

**By accessing our website or using our Services, you agree to the terms of this Policy.**

The terms ‘**You**’ or ‘**Your**’ refer to you as the **User** (registered or unregistered) of the Website and/or Services, and the terms ‘**We**,’ ‘**Us**,’ and ‘**Our**’ refer to **Apex Hospitals Pvt. Ltd.**

1. **Access**

We collect your Personal Information directly from you, from third parties, and automatically through our website. This Personal Information may include details such as the type of device you are using, the time you logged on to our Website, your IP address, and other Personal Information as listed in Clause 7 below.

2. **Consent**

By using our website and/or Services, and by providing your Personal Information, you consent to the collection, storage, processing, disclosure, and transfer of your Personal Information under this Policy and any amendments thereof.

You acknowledge that the Personal Information you provide is shared out of your free will and with an understanding of its intended use. We shall not be liable for any loss caused due to the provision of incorrect or incomplete Personal Information by you.

3. **Control Over Your Personal Information**

Under Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, you have the right to withdraw your consent at any point by writing to us at care@apexhospitals.com. Withdrawal of consent may affect our ability to provide Services or access to the Website. You may also rectify or update your Personal Information by contacting the Grievance Officer as mentioned in Clause 20.

4. **Right to Erasure (Right to be Forgotten) **

Under the General Data Protection Regulation (GDPR), patients have the right to request the erasure of their personal data, commonly referred to as the right to be forgotten, under the following circumstances:

1. **Data No Longer Necessary:** The personal data is no longer necessary for the purposes for which it was collected or processed.

2. **Withdrawal of Consent:** The patient withdraws their consent, and there is no other legal ground for processing the data.

3. **Objection to Processing: **The patient objects to the processing of their data, and there are no overriding legitimate grounds for continued processing.

4. **Unlawful Processing: **The personal data has been processed unlawfully.

5. **Legal Obligation: **The data must be erased to comply with a legal obligation under EU or member state law.

6. **Data Collected from a Minor: **The personal data was collected in relation to the offer of information society services (e.g., online services) to a child without proper consent.

However, this right is not absolute and may be restricted under certain conditions, such as when the data is necessary for:

- Compliance with a legal obligation.

- Public health purposes.

- Archiving in the public interest, scientific or historical research, or statistical purposes.

- Establishment, exercise, or defense of legal claims.

**Scope of the Right to Erasure:**

Patients have the right to request the deletion of their personal data where:

- The data is no longer necessary for the originally collected or processed purpose.

- Consent for data processing has been withdrawn, and there is no other legal basis for processing.

- The patient objects to data processing, and there are no overriding legitimate grounds for continued processing.

- The data has been processed unlawfully.

- Erasure must comply with legal obligations.

**Exemptions to the Right to Erasure:**

The right to erasure may not apply where data processing is necessary:

- For medical diagnosis, treatment, and continuity of care.

- To comply with legal obligations, such as record-keeping laws in healthcare.

- For public health purposes or scientific research.

- For the establishment, exercise, or defense of legal claims.

**Request Procedure:**

- Requests for data erasure must be submitted in writing to care@apexhospitals.com along with proof of identity.

- Upon receiving a valid request, the hospital will review the case and respond within the legally required timeframe.

**Data Erasure Process:**

- If the request is approved, all relevant personal data will be securely deleted or anonymized.

- In cases where complete erasure is not possible due to legal or medical requirements, the data will be restricted from further processing.

**Third-Party Notification:**

If the data has been shared with third parties, Apex Hospitals Pvt. Ltd. will take reasonable steps to notify them of the erasure request, where feasible.

**Contact Information:**

For inquiries or to submit a request related to the Right to Erasure, please contact care@apexhospitals.com.

5.** Handling Data of Patients Under the Age of 18**

At Apex Hospitals Pvt. Ltd., we are committed to safeguarding the privacy and confidentiality of all patients, including minors under the age of 18. In compliance with applicable laws and regulations, the following principles apply when handling the personal and medical data of minors:

**Data Collection and Consent:**

- Personal and medical data of patients under 18 will be collected only when necessary for providing medical care and treatment.

- Consent for the collection, use, and disclosure of such data will be obtained from a parent or legal guardian, except in cases where the minor can lawfully consent to their treatment as permitted by applicable laws.

**Purpose Limitation**

Data collected will be used solely for medical diagnosis, treatment, billing, and other healthcare-related services.

**Data Security:**

Appropriate technical and organizational measures will be implemented to ensure the security and confidentiality of the minor’s data, protecting it from unauthorized access, alteration, or disclosure.

**Data Sharing:**

Personal data will not be shared with third parties without consent from a parent or legal guardian, except when required by law or in cases where disclosure is necessary to protect the health and safety of the minor.

**Access and Control:**

Parents or legal guardians have the right to access and request corrections to their childs data, subject to legal limitations and considerations in cases where the minor has consented to their own care.

**Retention and Deletion:**

Data will be retained only for as long as necessary to fulfill the purpose of treatment and regulatory requirements. Once no longer required, the data will be securely deleted or anonymized.

This policy ensures the responsible handling of sensitive data while prioritizing the health, safety, and privacy rights of our minor patients. If you have any questions regarding this clause, please contact our Grievance Officer(“Data Protection Officer”)-

Contact Information:-

Contact No: +91 9829030011

Email Address: care@apexhospitals.com

6. **Changes to the Privacy Policy**

We may update this Privacy Policy from time to time with or without advance notice. Please refer to the “Last Updated” date at the end of the Policy to identify recent changes.

7. **Personal Information Collected**

The kinds of information we collect about you include but are not limited to the following:

- Name, birth date, age, and gender.

- Address, phone number, and email address.

- Medical records, history, and physical, physiological, and mental health conditions.

- Payment and financial information, including insurance details.

- Login credentials and user details during registration.

- Usage data, including time, frequency, and pattern of Website use.

- Device information such as IP address, browser type, and operating system.

- Records of interaction with our representatives.

- Any other information willingly shared by you.

8. **How We Collect Personal Information**

We may collect your Personal Information through:

- Patient registration forms.

- Interactions with healthcare professionals or representatives.

- Your use of the Website’s features.

**Cookies and similar technologies (see Clause 9).**

- Information shared on third-party websites accessed through links on our website.

- Payment Information via debit , credit card details and other modes of payment.

**9. Use of Personal Information**

Your Personal Information may be used for the following purposes:

- Providing healthcare services and improving Website functionality.

- Conducting research and analytics to enhance our offerings.

- Communicating appointment details, payment reminders, and updates.

- Sending promotional materials or advertisements.

- Sharing with business partners to enable effective service delivery.

- Complying with legal requirements or responding to legal processes.

- Aggregating non-identifiable data for statistical and business intelligence purposes.

10. **Collection of sensitive data: **

Sensitive personal data refers to information that requires enhanced protection due to its nature. This includes but is not limited to:

- Health Data: Medical history, diagnosis, treatment details.

- Genetic and Biometric Data: Information related to genetic testing or biometric identification.

- Sexual Orientation and Gender Identity.

- Religious or Philosophical Beliefs.

- Racial or Ethnic Origin.

- Political Opinions.

a. **Purpose of Collection and Use**

Sensitive data will only be collected and processed when strictly necessary for:

- Medical diagnosis, treatment, and care management.

- Compliance with legal and regulatory obligations.

- Public health purposes or scientific research, with appropriate safeguards.

- Explicit patient consent where required by law.

b.** Legal Basis for Processing Sensitive Data**

Sensitive data will only be processed under the following legal conditions:

- Explicit Consent: The patient has provided clear, informed consent.

- Medical Necessity: When required for providing healthcare services.

- Legal Compliance: To fulfill regulatory or reporting obligations.

- Public Interest: For public health monitoring or scientific research.

- Provision Of State Services: To provide subsidies, benefits,services,licenses or other permits from the state.

- User information: Such information will not be considered as sensitive if it is freely available and accessible in the public domain or is furnished under the Right to Information Act, 2005 or any other law for the time being in force.

c.** Data Protection and Security Measures**

We implement robust security measures to protect sensitive data, including:

- Encryption: Sensitive data is encrypted during storage and transmission.

- Access Controls: Restricted access limited to authorized personnel with a need-to-know basis.

- Confidentiality Agreements: Staff handling sensitive data are required to sign confidentiality agreements.

- Regular Audits: Periodic security audits to ensure compliance with privacy standards.

d. ** Data Sharing and Third Parties**

Sensitive data will only be shared with:

- Authorized healthcare professionals involved in the patients care.

- Third-party service providers under strict data protection agreements.

- Regulatory bodies when required by law.

- Affiliated companies and Units: For processing on behalf of the hospital, ensuring compliance with the hospital’s privacy policy and security measures.

All third parties are required to uphold the same standards of security and confidentiality.

e. **Retention and Deletion of Sensitive Data**

Sensitive data will be retained only as long as necessary for the purposes outlined above or as required by law. Once no longer required, data will be securely deleted or anonymized.

f. **Patient Rights**

Patients have the following rights regarding their sensitive data:

- **Right to Access:** Request access to their sensitive data.

- **Right to Rectification:** Correct inaccuracies in their data.

- **Right to Erasure: **Request deletion where legally applicable.

-** Right to Restrict Processing:** Limit how data is used in certain situations.

- **Right to Nominate: **You have the right to nominate an individual who can exercise your rights on your behalf in event of death or incapacity.

11. **Sharing and Transferring Personal Information**

With your consent, we may share your Personal Information with third-party service providers, cloud providers, business partners, and affiliates. Some of these entities may operate outside your country, and while data protection laws may differ, we ensure contractual obligations to adhere to this Policy.

12. **Cross-Border Data Transfers **

In compliance with applicable data protection laws and regulations, we ensure that all cross-border data transfers involving personal and medical information are conducted with the highest standards of privacy and security.

a. **Purpose of Cross-Border Transfers:**

Personal and medical data may be transferred across borders only for purposes directly related to patient care, treatment coordination, billing, administrative functions, data storage, or collaboration with authorized healthcare professionals and service providers.

b. **Data Security Measures:**

- All transferred data will be encrypted and protected using industry-standard security measures.

- Access to transferred data will be restricted to authorized personnel and third parties bound by strict confidentiality obligations.

- Regularly backing up data to prevent loss due to technical issues.

c.** Patient Rights and Control:**

Patients have the right to be informed about the transfer of their personal data to another country.

Upon request, patients can obtain information about the specific safeguards in place for their data transfers.

13. **Data Breach Notification **

Definition of a Data Breach:

A data breach is defined as unauthorized access, disclosure, alteration, or loss of personal or medical data due to a security incident.

**Notification Timeline:**

- Upon discovering a data breach, Apex Hospitals Pvt. Ltd. will assess the scope and severity of the breach immediately.

- Affected individuals and relevant regulatory authorities will be notified as soon as reasonably possible and no later than the timeframe required by applicable laws.

**Content of Notification:**

The breach notification will include:

- A description of the nature and extent of the breach.

- The types of personal data affected.

- The likely consequences of the breach.

- Measures taken to address and mitigate the breach.

- Recommended actions for affected individuals to protect themselves from potential harm.

- Contact information for further inquiries.

**Preventive Measures:**

Following a breach, Apex Hospitals Pvt. Ltd. will take all necessary steps to prevent future incidents, including strengthening security measures and staff training.

**Accountability and Compliance:

- Affected individuals have the right to seek clarification on how the breach occurred and the steps taken for resolution.

- All breaches will be documented internally, including details of the incident, impact assessment, and remedial actions taken.

14. **Use of Cookies**

a. **What Are Cookies?**

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. They help us improve your browsing experience by remembering your preferences and enabling key functionalities.

b. **Types of Cookies We Use and Their Purpose**

i. **Essential Cookies:**

- **Purpose: **Required for the basic operation of the website, such as security, authentication, and accessibility.

- **Duration: **Session-based, deleted when you close your browser.

ii. **Performance and Analytics Cookies:**

- **Purpose: **Collect anonymous data on how visitors interact with the website to improve its functionality and user experience.

- **Duration:** Persistent, but automatically deleted after a set period (e.g., 6 months).

**iii. Functional Cookies:**

- **Purpose: **Enable enhanced features and personalization, such as remembering language preferences.

- **Duration:** Persistent but limited (e.g., 12 months).

iv. **Targeting and Advertising Cookies:**

- **Purpose: **Used to deliver relevant advertisements based on user activity across websites.

- **Duration: **Persistent (up to 12 months).

c. **Duration of Cookie Storage**

Cookies remain on your device for varying periods depending on their type:

-** Session Cookies: **Deleted when the browser is closed.

- **Persistent Cookies:** Remain until manually deleted or expire after a set period.

d. **Managing Cookie Preferences**

You have full control over cookie preferences and can:

- Adjust your settings via our Cookie Consent Banner when you first visit our site.

- Disable cookies through your browser settings, though this may affect website functionality.

e. **Third-Party Cookies**

We may use third-party cookies from trusted service providers for analytics, performance tracking, and targeted advertising. These providers are required to comply with applicable data protection regulations.

f. **Updates to This Policy**

We may update this Cookie Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page with the effective date.

15. ** Security**

We adopt reasonable security measures such as encryption and access controls to protect your Personal Information. However, the internet is not 100% secure, and we cannot guarantee absolute protection against unauthorized access or data breaches.

We shall conduct a **Data Protection Impact Assessment (DPIA)** and comprehensive audit once every year, report the results to the Board and ensure any algorithmic software used does not pose a risk to the User

16. **Third-Party References and Links**

Our website may include references to third-party sites, which are governed by their privacy policies. We are not responsible for their content, privacy practices, or terms of use.

a. Third-Party Compliance:

- All third-party service providers must comply with applicable data protection laws and the terms outlined in this Privacy Policy.

- They are required to implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and security of patient data.

b. **Data Use Limitation:**

- Third parties are authorized to access and process patient data strictly for the purposes specified in their contractual agreement with Apex Hospitals Pvt. Ltd.

- The data must not be used for any unauthorized purposes, including marketing, data resale, or unrelated activities.

17. **Rectification/Correction of Personal Information**

To update or correct your Personal Information, you may contact us at care@apexhospitals.com. We will make reasonable efforts to incorporate changes promptly.

18. **Compliance with Laws**

Your use of the Website and Services must comply with the applicable laws of your jurisdiction. Any non-compliance may result in restricted access.

19. **Retention of Personal Information**

We retain your Personal Information for a minimum of three years from the last use of our website or Services, or as required by law.

20. **Grievance Officer**

We have appointed a Grievance Officer to address your privacy concerns. You may contact the Grievance Officer at:

Email: care@apexhospitals.com

Phone: +91 9829030011

Last Updated: 25/01/2025

Health In A Snap, Just One App.

Video consultations
Access lab reports
Apex home care services
Weight loss plans
KNOW MORE
newsnews
mobile app
footer logo
emailcare@apexhospitals.com
email+91 9829030011
email0141-4101111
email+91 9929380108

Download Our App

app storeplay store

Locations

Loading...

Centre of Excellence

Cardiology
CardioThoracic Surgery
Gastroenterology
General Surgery
Haemato-Oncology
Icu And Critical Care
Internal Medicine
Nephrology
Neurology
Neurosurgery
Oncology
Orthopaedics
Urology
Vascular Surgery

Quick Links

about us
Contact Us
Academics
Careers
Doctors
Medical Tourism
Get Estimate
Blogs & Articles
News
Events
Symptoms
Health Checkup
Terms & Conditions
Privacy Policy
Sitemap
phone