Skip to content
Policy · Privacy

Privacy Policy

This page sets out the privacy framework that Delhi Derma Clinic operates under in handling patient and visitor information. It covers what information is collected, why, how it is used and retained, and the rights patients have over the information held about them. The page is presented as a working policy framework; the full legal text is subject to final review by the clinic\'s legal sign-off owner before binding application.

Status: Working draft · pending final legal review · last reviewed May 2026.

Plain-English summary

The clinic collects information patients provide during enquiries, bookings, consultations, and follow-up. This information is used to deliver clinical care safely, schedule visits, communicate about appointments, maintain appropriate medical records, and operate the website and clinic services. Patient information is held with the confidentiality that dermatology practice expects, and is shared with third parties only for specific operational purposes under appropriate handling standards. The clinic does not sell patient information. Patients have rights to access, correct, and raise concerns about information held about them, consistent with the applicable data-protection framework in India. Detailed clauses, named contact points, and final compliance language remain under legal review.

Scope of this policy

This policy applies to information handled in the course of operating Delhi Derma Clinic\'s services and website. It covers patient enquiries, appointment-related information, consultation and treatment records, communication for appointment and follow-up purposes, and analytics information collected through the website. It also covers situations in which the clinic engages third-party processors to operate certain services on its behalf, including hosting, appointment systems, payment processing where applicable, communication tools, and analytics platforms.

The Cookies Policy describes website-tracking and cookie-based collection in more detail. The Patient Consent & Photography Policy describes how photographs and visual records are handled separately and what consent the clinic asks for. Together these policies form the broader framework for how information is treated within the clinic\'s operations.

Information the clinic collects

The clinic collects different categories of information depending on how patients interact with the clinic and the website. Information provided directly by patients includes contact details (name, phone number, email address), reason for enquiry or consultation, appointment scheduling information, and clinical information shared during consultation or treatment that is appropriate to maintain in the medical record. Information collected through normal website operation includes standard analytics signals such as device type, page-view patterns, and broad geographic region — collected through cookie-based tools described in the Cookies Policy.

The clinic does not knowingly collect information beyond what is reasonably needed for the purposes described. Patients are encouraged to share clinical information that is appropriate to their consultation and to ask the dermatologist or staff at any point about how a particular piece of information will be used.

Why information is collected and used

Information is collected and used to deliver dermatology care safely and effectively. This includes scheduling and managing appointments, communicating with patients about visits and follow-up, maintaining medical records that support continuity of care, calibrating treatment plans appropriately, and operating the clinic and website services. Information may also be used to improve services over time — for example, understanding which website information is most useful to patients — and for legitimate operational purposes such as billing where applicable.

Patient information is not used for purposes outside the clinical-and-operational scope without explicit separate consent. Marketing or educational use of clinical photographs, in particular, requires separate explicit consent and is covered by the Patient Consent & Photography Policy.

Sharing with third parties

The clinic uses third-party processors for routine services including website hosting, appointment-management systems, communication platforms, payment processing where applicable, and analytics tools. These processors are expected to handle information only for the purposes the clinic instructs and to follow appropriate confidentiality and data-handling standards. Specific vendor and processor details are subject to confirmation as the clinic\'s administrative arrangements are finalised.

The clinic does not sell patient information. Sharing of information with parties beyond service-delivery processors — for example for legal, regulatory, or safety reasons — is approached carefully and consistent with applicable law. Patients can contact the clinic for questions about how specific information may be shared in a given circumstance.

How long information is retained

Different categories of information have different retention windows appropriate to the purpose they serve. Clinical records have retention requirements informed by professional and regulatory standards for medical practice. Website analytics information follows shorter retention windows linked to the cookie-based tools used. Information collected through enquiries that did not progress to a clinical relationship may be retained for shorter follow-up periods. Specific final retention periods for each category will be published as the clinic\'s administrative and legal review concludes.

Patient rights over information

Patients have rights consistent with the data-protection framework applicable to dermatology practice in India. These typically include access to information held about them, the ability to request corrections to inaccurate records, raising questions about how their information is being used, and withdrawing consent for non-essential uses where applicable. The Digital Personal Data Protection Act and related regulations continue to evolve in their detailed implementation, and the clinic\'s detailed procedures for fulfilling rights requests are under review alongside the broader policy framework.

Patients who wish to exercise rights or raise specific questions can contact the clinic through standard contact channels. The clinic acknowledges queries and works to respond within reasonable timeframes. Specific procedures and named contact-point details for data-related queries will be published as administrative review concludes.

Security and safeguards

The clinic applies reasonable safeguards appropriate to the nature of information held. Physical access controls at the clinic limit who can view patient records, restricted access to digital systems is managed appropriate to staff roles, secure handling of communications follows standard practices for medical settings, and the systems used in scheduling and clinical work follow accepted operational discipline. No system is fully invulnerable, and the clinic encourages patients to report any concern about how their information has been handled so that it can be addressed promptly.

Limitations and exceptions

This policy describes the clinic\'s operating intent. It is not exhaustive on every detail of every situation. Where applicable law requires specific handling of information — for example, in response to lawful requests or for safety reasons — the clinic acts consistent with that law. Where the clinic\'s standard process does not cover a specific situation, patients are encouraged to raise the question directly so that an appropriate response can be provided.

This policy is presented as a working framework. Final binding language, named officer details, and specific compliance clauses are subject to confirmation by the clinic\'s legal sign-off process. Patients seeking binding clarification on a specific point are encouraged to contact the clinic.

Contact and escalation

Patients with questions or concerns about how their information is being handled can contact the clinic through the standard contact channels. The Complaints & Grievance Redressal Policy describes the broader escalation framework for concerns of any nature. Specific named officer details for data-related queries will be published after administrative and legal review concludes; until then, patients are encouraged to use the general contact route and indicate that the query is data-related so that it can be directed appropriately.

Changes to this policy

When meaningful changes are made to this policy, the page is updated and the "last reviewed" date below reflects the new date. Material changes that materially affect how patient information is handled are intended to be communicated through reasonable means, including the website and where appropriate direct communication. Patients are encouraged to revisit the policy periodically.

Legal-review status

This page is the clinic\'s working privacy policy framework presented as a legal-safe draft. The full legal text — including specific clauses, named officer information, vendor disclosures, and detailed compliance language — remains under review with the clinic\'s legal sign-off owner before being finalised in its binding form. The principles described here represent the clinic\'s current operating intent. Specific clauses may be updated when legal review concludes.

Related policies

Frequently asked questions

What information does this clinic collect?

The clinic collects information that patients provide when they enquire, book a consultation, attend a visit, or interact with the website. This typically includes contact details (name, phone number, email address), reason for enquiry, appointment-related information, treatment-related information shared during consultation or follow-up, and communication exchanged for appointment-coordination purposes. The website also collects standard analytics information such as page views, device type, and broad geographic region through cookie-based tools (described separately in the Cookies Policy).

Why is the information collected?

Information is used to schedule and manage appointments, deliver clinical care safely, communicate about visits and follow-up, maintain medical records appropriate to the consultation, and improve how the clinic and its website serve patients over time. Specific clinical information shared at consultation is used to inform the patient's care and is held with the same confidentiality protections that dermatology practice expects.

Is information shared with third parties?

The clinic uses certain third-party tools and processors for routine purposes including website hosting, appointment systems, payment processing where applicable, communication platforms, and analytics. These processors handle data only for the purposes the clinic instructs and are expected to follow appropriate confidentiality and data-handling standards. The clinic does not sell patient information. Specific details of processors and the legal frameworks for data sharing may be updated as the clinic's administrative arrangements are finalised.

How long is information retained?

Information is retained for periods appropriate to the purpose it was collected for. Clinical records have retention requirements informed by professional and regulatory standards for medical practice. Website analytics typically follow shorter retention windows linked to the cookie tools used. Marketing or enquiry information may be retained for follow-up purposes within reasonable windows. Final retention periods for each category are subject to confirmation as the clinic's administrative and legal review concludes.

What rights do patients have over their information?

Patients have rights consistent with the data-protection framework that applies to dermatology practice in India, including rights to access information held about them, request corrections to inaccurate records, raise questions about how information is being used, and withdraw consent for non-essential uses where applicable. The framework around the Digital Personal Data Protection Act and other applicable regulations continues to evolve, and the clinic's detailed implementation of patient rights is being reviewed alongside the policy framework.

How does the clinic protect information?

Reasonable safeguards are applied appropriate to the nature of the information held — physical access controls at the clinic, restricted access to medical records, secure handling of digital communications, and standard practices for systems used in scheduling and clinical work. No system is fully invulnerable, and the clinic encourages patients to report any concerns about how their information has been handled so that they can be addressed promptly.

Are photographs taken at the clinic covered by this policy?

Photographs taken for clinical documentation, treatment planning, or progress tracking are part of the medical record and are handled with the same confidentiality protections as other clinical information. The use of photographs for any non-clinical purpose — including marketing, education, or before-and-after illustration — requires separate explicit consent. The Patient Consent & Photography Policy covers this in detail.

How can questions about data handling be raised?

Patients with questions about how their information is being handled, or who wish to exercise rights related to their information, can contact the clinic through the standard contact channels. The clinic acknowledges queries received and works to respond within reasonable timeframes. Specific procedures, contact-point details, and the named officer responsible for grievance redressal will be published once administrative and legal review concludes.

Does this policy apply to children?

Where the clinic provides care to minors, parental or guardian consent is the basis for collection of information related to the minor's care, consistent with how dermatology practice handles paediatric or adolescent patients. Specific safeguards for handling information related to minors are applied appropriate to the clinical context.

How will changes to this policy be communicated?

When meaningful changes are made to this policy, the page is updated and the "last reviewed" notice at the bottom reflects the new date. Material changes that affect how patient information is handled are intended to be communicated through reasonable means. Patients are encouraged to revisit the policy periodically.

Is this policy legally final?

This page is the clinic's working policy framework presented as a legal-safe draft. The full legal text remains under review with the clinic's legal sign-off owner before being finalised in its binding form. The principles described here represent the clinic's current operating intent; specific clauses, named contact-point details, and detailed compliance language may be updated when legal review concludes. For binding clarification on any specific point, patients are encouraged to contact the clinic directly.

What jurisdiction applies?

The clinic operates in Delhi, India, and the policy framework is intended to be consistent with applicable Indian data-protection and medical-practice regulations as they apply to dermatology practice. Specific jurisdictional clauses and dispute-resolution arrangements form part of the broader Terms & Conditions and are subject to final legal review.

Request a consultation

A short enquiry. We will reach out during clinic hours to confirm your slot.