Privacy Policy — Germanten Hospitals

Privacy Policy

Privacy Policy — Germanten Hospitals

Germanten Hospitals (“we,” “us,” “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, transfer, disclose, and secure your personal and health-related data when you use our website (www.germantenhospitals.com), our hospital services, telemedicine, diagnostics, or other interactions (collectively, our “Services”).
This policy is intended to comply with applicable Indian laws and also addresses obligations under the EU General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA). If you are located in the EU/EEA, additional rights and protections may apply.

2. Scope & Applicability

This policy applies to data collected online, offline, and via third parties in relation to our Services.
For users in India, we aim to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) once it becomes operational.
For users in the EU/EEA or if we process their data, we comply with GDPR principles and obligations.
Where there is a conflict between local law and GDPR, we will apply the stricter requirement that protects your rights.

3. Definitions

Definitions Table
Term Meaning
Personal Data / Personal Information Any information relating to an identified or identifiable individual (e.g. name, contact, identifiers)
Sensitive / Special Category Data Health data, biometric data, medical history, test results, etc. (under GDPR classification)
Processing Collection, storage, use, disclosure, alteration, deletion, or other operations on personal data
Data Subject / You The individual whose personal data is processed (i.e. patient, website visitor, user)
Data Controller / Data Fiduciary We decide how and why your data is processed
Data Processor Third parties we engage to process data on our behalf

4. What Information We Collect

  1. Information You Provide
    • Identification & contact information: name, address, email, phone
    • Demographics: date of birth, gender
    • Health & medical information: medical history, diagnosis, treatment, lab reports, images
    • Payment & billing information, insurance/TPA details
    • Communication preferences, feedback, survey responses
    • Login credentials (username, password)
    • Information in forms (appointment request, contact us, telemedicine forms)
  2. Information Collected Automatically
    • Device & browser data: IP address, browser type, operating system
    • Website usage: pages visited, time spent, referrer URL, click paths
    • Cookies, web beacons, tracking technologies
    • Location data (if permitted by device/browser)
  3. Information from Third Parties
    • Referrals, labs, diagnostics providers, clinics
    • Insurance companies, payment gateways, TPAs
    • Affiliates, business partners (with consent or contractual requirement)

5. Purposes of Processing & Legal Bases

Purpose Legal Basis (India / DPDP) Legal Basis (GDPR / EU)
Providing medical, diagnostic, telemedicine services Consent, medical necessity Consent, necessity for health care / vital interests
Managing appointments, reminders, follow-ups Consent, contractual, legitimate interest Contract performance, legitimate interest
Billing, claims, payment processing Consent, compliance with laws Legitimate interest, legal obligation
Communication (e.g. newsletters, promotions) Consent (opt-in) Consent (explicit)
Internal operations, quality control, training Consent or legitimate interest Legitimate interest
Research, aggregated statistics (non-identifiable) Use with anonymisation or consent Legitimate interest, research exceptions
Compliance, legal obligations, audits Legal compliance Legal obligation

You have the right to withdraw consent at any time (subject to legal or medical constraints).

6. Disclosure / Sharing of Your Data

  • Service providers, partners, labs, diagnostic centers
  • Insurance / TPA entities
  • Other healthcare providers or hospitals in case of referral or continuity of care
  • Affiliates or group companies
  • Legal or regulatory authorities (when required by law)
  • Entities involved in mergers, acquisitions, or corporate restructuring
  • In anonymised or aggregated form for research, reporting

We require third parties to safeguard the confidentiality, security, and appropriate use of your data.

7. International / Cross-Border Transfers

If your data is transferred outside India (for example, for processing, backup, or analytics), we will take appropriate safeguards in line with applicable laws (e.g. standard contractual clauses, binding corporate rules). Under GDPR, cross-border transfer is permitted only with adequate safeguards or in jurisdictions approved by the EU.
Under India’s DPDP/DPDPA rules (once in effect), cross-border transfers will be allowed only under conditions defined by India’s government / subordinate rules.

8. Data Retention & Deletion

We retain your data only as long as needed for the purposes listed (medical care, billing, compliance, legal claims). After that, we securely erase or anonymize it. If retention is required by law, we will retain it for the statutory period.

9. Data Security

We maintain reasonable appropriate physical, technical and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction of your data. Access is limited to authorized personnel.
However, no system is perfectly secure. If a data breach occurs, we will evaluate and respond promptly, notifying affected individuals and regulators where required by law (under GDPR or local law).

10. Your Rights

Depending on your jurisdiction:

  • Access / correction: You can ask to see your data and correct inaccuracies
  • Deletion (“right to erasure”): Request deletion, unless legally required to retain
  • Restriction of processing / object: Limit or object to certain uses
  • Portability: Get your data in a structured, machine-readable format (where applicable)
  • Withdraw consent: You can withdraw any consent you provided
  • Complain to authorities: In India to designated authority (once DPDP is operational), in EU to data protection authority

To exercise your rights, contact us (details in section 13). We may require identity verification before fulfilling requests.

11. Children’s Data

We do not knowingly seek data from children under 18. If we learn that we collected such data without parental or guardian consent, we will delete it. For users in EU, parental consent will be required where applicable under GDPR rules relating to minors.

12. Cookies & Tracking Technologies

  • Enabling login sessions
  • Remembering preferences
  • Analytics of website usage
  • Marketing / advertising (with your consent)

You can block or disable cookies through your browser settings, but that may affect the functionality of the website.

13. Grievance / Contact Information

Germanten Hospitals
4-8-138/1/B, Opposite Pillar #150, PVN Rao Expressway, Main Road, Attapur, Hyderabad – 500048, Telangana, India
Email: privacy@germantenhospitals.com |
or info@germantenhospitals.com
Phone: +91 9989635555
If you are in the EU/EEA, you may also lodge a complaint with your local data protection authority.

14. Changes to This Policy

We may update this policy over time (for example, when DPDP rules come into force or if we expand services). We will post the revised “Last updated” date and, when changes are material, notify you by email or via the website before they take effect.

Last updated: 2024-06-13