Privacy Policy

Indian Spinal Injuries Centre (“ISIC”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, and security of personal data collected from individuals who interact with our website www.isichealthcare.org (“Website”). We recognise the sensitivity of health information and the importance of safeguarding it in accordance with applicable laws.

This Privacy Policy explains how ISIC collects, uses, stores, processes, shares, and protects personal data when you visit, access, or use our Website, submit information through online forms, request appointments, make enquiries, or otherwise engage with our digital services.

By using the Website, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein, subject to your rights under applicable law.

For the purposes of this Policy:

1. “You” or “User” refers to any patient, attendant, visitor, applicant, vendor, or any person accessing or interacting with the Website.
2. “Personal Data” means any data about an individual who is identifiable by or in relation to such data.
3. “Sensitive Personal Data or Information (SPDI)” includes health information, medical records, biometric data, and other sensitive categories defined under applicable law.

ISIC is committed to ensuring compliance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as applicable to the operation of this Website.

This Privacy Policy applies to all personal data collected, received, stored, processed, or otherwise handled by ISIC through its Website and any online services, forms, or features accessible through it.

1. This Policy governs data collected when you:
   1. visit or browse the Website;
   2. submit appointment requests, queries, or feedback forms;
   3. access or download information or documents;
   4. communicate with us through Website-linked email addresses or contact forms;
   5. make online payments;
   6. engage with ISIC content, tools, or features hosted on or integrated with the Website.
2. This Privacy Policy applies to all categories of Website users, including:
   1. Patients, prospective patients, and their attendants/caregivers;
   2. Individuals seeking appointments, consultations, or service information;
   3. Website visitors and general users;
   4. Vendors, suppliers, consultants, and service providers contacting us through the Website;
   5. Applicants submitting online job or training enquiries;
   6. Any person who voluntarily chooses to provide information while interacting with the Website.
3. This Policy does not apply to:
   1. data collected offline at ISIC’s physical facilities unless submitted through Website-linked channels;
   2. data collected through third-party portals or platforms linked from the Website;
   3. data processed exclusively for employment or vendor contracting purposes outside the Website environment (these may be governed by separate internal policies or contractual terms).

By using the Website, you agree that your personal data will be handled in accordance with this Privacy Policy and the laws applicable in India.

ISIC may collect the following categories of personal data when you access or use our Website or submit information through online forms or digital touchpoints.

1. Personal & Contact Information:
   1. Full name
   2. Age, gender, date of birth
   3. Address and location details
   4. Email address
   5. Mobile number
   6. Emergency contact details
2. Identification & Verification Information (collected only if voluntarily submitted for specific services):
   1. Government-issued ID details such as Aadhaar, PAN, Passport, or Voter ID
   2. Patient registration number / UHID
   3. Details required for insurance, TPA processing, or claim verification
3. Health & Medical Information (Sensitive Personal Data or Information / SPDI). If you choose to submit clinical details through online forms or enquiries, we may collect:
   1. Medical history and pre-existing conditions
   2. Diagnostic reports and prescriptions voluntarily uploaded
   3. Symptoms or clinical details shared for appointment or consultation requests
   4. Past or ongoing treatment information
   5. Information shared for teleconsultation or remote medical review

Note: ISIC does not mandate uploading SPDI through its Website unless required for the specific service you request.

4. Financial & Payment Information:
   1. Payment-related details (masked card information, transaction IDs)
   2. Billing information
   3. Insurance or TPA details (if voluntarily provided)

ISIC does not store full debit or credit card details; these are processed securely by authorised payment gateways.

5. Employment / Vendor Information, if submitted through Website contact forms:
   1. Job applications, CVs, and qualifications
   2. Vendor onboarding details voluntarily shared
   3. Professional contact information
   4. Company details (for suppliers or vendors)
6. When you browse or interact with the Website, we may automatically collect the following Technical & Usage Information:
   1. IP address
   2. Browser type, device type, and operating system
   3. Pages visited, time spent, and browsing patterns
   4. Cookies and similar tracking technologies
   5. Referring URL or website from which you visited
   6. Approximate location inferred from IP address

   This data helps improve Website functionality, security, and user experience.

7. Information You Voluntarily Provide:
   1. Messages, queries, or feedback submitted through forms
   2. Information shared during live chat or enquiry channels
   3. Any documents, notes, or attachments you choose to upload

You are responsible for ensuring that any information you submit is accurate, complete, and not misleading.

1. ISIC collects personal data through lawful and transparent means when you interact with our Website. Personal data is collected directly from you when you:
   1. submit information through online forms, such as appointment requests, enquiries, or feedback; or
   2. voluntarily upload medical documents or communicate with us through Website-linked email addresses.
2. We also collect certain information automatically when you visit the Website, including your IP address, browser and device details, pages viewed, and usage patterns. This information is gathered through cookies, analytics tools, and standard web logs to improve Website functionality and security.
3. In some cases, we may receive limited information from authorised third-party service providers, such as payment gateway partners for transaction confirmations or insurers or TPAs when you initiate claim-related queries.
4. If you submit personal data on behalf of another individual, such as a patient or dependent, you confirm that you are authorised to do so and that the individual has been informed about this Privacy Policy.

ISIC processes personal data collected through its Website in accordance with the Digital Personal Data Protection Act, 2023 and other applicable Indian laws. We process your personal data only where one or more of the following legal bases apply:

1. Consent: We process personal data based on your consent when you voluntarily submit information through appointment forms, queries, uploads, or any other Website-based interaction. You may withdraw consent at any time, subject to the limitations specified under this Policy and applicable law.
2. Performance of Healthcare or Related Services: Where you request appointments, information, or services through the Website, ISIC processes your data to respond to your request, verify identity, contact you, or provide necessary support and administrative functions.
3. Compliance with Legal or Regulatory Obligations: ISIC may process personal data to comply with obligations under applicable laws, regulatory requirements, court orders, or directions issued by authorities, including obligations relating to medical records, insurance, tax, or audit.
4. Legitimate Interests: We may process certain personal or technical information to maintain Website security, prevent misuse, analyse Website performance, improve user experience, and ensure smooth operation of online services. These activities are carried out in a manner that does not override your fundamental rights and freedoms.
5. Vital Interests: In exceptional circumstances, ISIC may process personal data to protect your safety or the safety of others, including responding to an emergency request initiated through the Website or a related communication channel.

1. By accessing or using the Website and by voluntarily providing personal data through online forms, uploads, enquiries, or communications, you provide your consent for ISIC to collect, process, store, and use such data in accordance with this Privacy Policy and applicable law.
2. If you submit Sensitive Personal Data or Information (SPDI), including health or medical information, such submission will be deemed to constitute your explicit consent for ISIC to process such information for the purpose of responding to your request, facilitating appointments or services, or for any related lawful purpose.
3. If you are submitting personal data on behalf of a minor (i.e., a person below 18 years), you confirm that you are the parent or legal guardian of the minor and are authorised to provide such consent on their behalf. ISIC may require reasonable steps to verify such authorisation.
4. You may withdraw your consent at any time by submitting a written request to ISIC through the contact details provided in this Policy. However, withdrawal of consent will not affect:
   1. the lawfulness of processing already carried out prior to withdrawal; or
   2. ISIC’s ability to retain certain data where required by law or medical record retention obligations.
5. If you withdraw consent for the processing of information necessary for providing a service requested by you (such as scheduling an appointment or responding to an enquiry), ISIC may be unable to fulfil such request.
6. You are responsible for ensuring that all personal data submitted by you is accurate, complete, and not misleading. Submission of false, incomplete, or misleading information may impact ISIC’s ability to respond to your requests or provide services.

ISIC uses personal data collected through the Website only for lawful, specific, and limited purposes. Depending on how you interact with the Website, your information may be used for one or more of the following purposes:

1. Healthcare-Related Purposes:
   1. To process appointment requests, schedule consultations, or respond to service enquiries;
   2. To review medical information voluntarily submitted by you for preliminary assessment or routing to the appropriate clinical team;
   3. To contact you regarding appointments, follow-ups, or service-related communications.
2. Administrative and Operational Purposes :
   1. To verify identity, respond to online queries, or manage Website-based interactions;
   2. To process billing or payment information, if applicable;
   3. To maintain internal records, logs, and documentation for operational efficiency.
3. Teleconsultation or Remote Review (if requested by you):
   1. To facilitate remote consultations using information and documents you provide;
   2. To enable clinical review by authorised ISIC healthcare professionals.
4. Legal and Regulatory Compliance:
   1. To comply with obligations under applicable laws, medical record standards, insurance requirements, tax laws, and directions issued by authorities;
   2. To maintain audit trails and records required for regulatory or accreditation purposes.
5. Website Functionality, Security, and Improvement:
   1. To analyse Website usage, troubleshoot issues, and enhance performance;
   2. To prevent misuse, detect security incidents, and ensure safe operation of the Website.

6. Research, Analytics, and Quality Improvement: Personal data may be used in anonymised or aggregated form for internal research, quality assessment, service improvement, or statistical analysis. No identifiable information will be disclosed in such activities.

7. Communication and Notifications:
   1. To send service updates, confirmations, or responses to your queries;
   2. To contact you for feedback on Website experience or services utilised.

ISIC does not use Website-collected personal data for targeted advertising, nor does it sell personal data to third parties.

1. ISIC does not sell or trade personal data collected through the Website. Personal data is shared only on a need-basis and strictly for lawful and service-related purposes.
2. ISIC may share personal data with authorised members of its clinical, administrative, or support teams for the purpose of responding to your appointment request, enquiry, or service interaction.
3. Personal data may be shared with third-party service providers engaged by ISIC, such as:
   1. payment gateway partners for processing online transactions;
   2. insurance or TPA entities when you initiate a claim-related request;
   3. IT and Website service providers who support Website operations, analytics, and security.

   Such third parties are required to protect personal data and use it only for the specific purpose for which it is shared.

4. ISIC may share personal data with governmental authorities, regulators, law-enforcement agencies, or courts when required to comply with applicable laws, legal processes, or orders.
5. Where personal data is used for research, audit, or statistical analysis, it is processed only in anonymised or aggregated form without disclosing your identifiable information.
6. ISIC hosts and processes all Website-related personal data within India and does not transfer such data outside India. If, in the future, any transfer of personal data outside India becomes necessary for providing a service requested by you or for any lawful purpose, such transfer will be carried out only with your consent and in accordance with applicable law.

1. ISIC retains personal data collected through the Website only for as long as necessary to fulfil the purposes for which it was collected, or as required under applicable laws, regulations, or medical record retention standards.
2. Personal data submitted through appointment forms, enquiries, or other Website interactions may be retained for a reasonable period to respond to your request, maintain administrative records, or improve service operations.
3. Medical information or documents voluntarily uploaded through the Website may be retained for the duration necessary to review your request or provide relevant support, unless a longer retention period is required under applicable medical or legal obligations.
4. Transaction-related data (including payment confirmations and billing records) may be retained for the period required under tax, accounting, and regulatory laws.
5. Technical and usage data collected automatically (such as logs, analytics data, and cookies) may be retained for system security, troubleshooting, or Website performance purposes, subject to standard retention cycles.
6. When personal data is no longer required, ISIC will delete, anonymise, or securely dispose of such data in accordance with applicable legal and organisational standards.

The Website may use cookies and similar technologies to improve functionality, enhance user experience, and analyse how the Website is used. These technologies may collect limited technical information such as your IP address, browser type, device details, and pages visited, which helps us maintain and optimise the Website.

You may disable cookies through your browser settings; however, doing so may affect certain features or the overall performance of the Website. Cookies do not give ISIC access to any information stored on your device other than what you choose to share through your browser.

ISIC implements reasonable administrative, technical, and organisational safeguards to protect personal data collected through the Website from unauthorised access, disclosure, alteration, or misuse. These measures include secure server configurations, access controls, monitoring mechanisms, and industry-standard security practices appropriate for the nature of the data processed.

While ISIC takes all reasonable steps to protect your information, no online platform can guarantee absolute security. In the event of a data breach involving personal data collected through the Website, ISIC will take prompt steps to contain the incident and, where required under applicable law, notify affected users or relevant authorities in a timely manner.

1. Subject to applicable law, you have the right to access the personal data you have provided to ISIC through the Website and to request correction of any inaccurate or incomplete information.
2. You may request deletion of your personal data, except where ISIC is required to retain such data under medical, legal, regulatory, or operational obligations.
3. You may withdraw your consent for the processing of personal data submitted through the Website. However, withdrawal of consent may affect ISIC’s ability to respond to your requests or provide certain services.
4. You have the right to raise a grievance regarding the processing of your personal data, and to nominate another individual to exercise your rights in accordance with applicable law.
5. Requests relating to the above rights may be submitted through the contact details provided in this Privacy Policy.

The Website may contain links to external websites or online platforms operated by third parties. ISIC does not control and is not responsible for the content, privacy practices, or security standards of such third-party websites. Accessing these links is at your discretion, and we encourage you to review the privacy policies of any external websites you visit.

1. The Website is not intended for use by minors without the involvement of a parent or legal guardian. If personal data relating to a minor (below 18 years of age) is submitted through the Website, it must be provided by the parent or lawful guardian.
2. By submitting such information, the parent or guardian confirms that they are authorised to do so and consent to the processing of the minor’s personal data as described in this Privacy Policy.

ISIC may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, organisational practices, or the features available on the Website. Any updated version will be posted on this page with a revised “Last Updated” date. Your continued use of the Website after such changes constitutes your acknowledgement and acceptance of the updated Policy.

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, you may contact ISIC at the details below:

Data Protection Officer (DPO)

Indian Spinal Injuries Centre (ISIC)

Sector C, Vasant Kunj,

New Delhi – 110070, India

Email: webmaster@isichealthcare.org

Phone: 011 4225 5225

The DPO will review your request or grievance and respond in accordance with applicable law.

This Privacy Policy shall be governed by and interpreted in accordance with the laws of India. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts at New Delhi, India.

NOTE: By accessing or using the Website, or by submitting any personal data through the Website, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, processing, and storage of your information as described herein, subject to your rights under applicable law.