Babaji Nethralayya Logo

Privacy Policy

Last updated: 16-Aug-2025

1) We respect your privacy

When you visit our website, book an appointment, message us on WhatsApp, attend a camp, or use tele-consultation, you trust us with personal and medical information. We protect that trust with clear rules, limited access, and strong security.

We currently comply with India’s IT Act 2000 & SPDI Rules 2011 and align our practices with the principles of the Digital Personal Data Protection Act, 2023 (DPDP Act), which is in the process of being brought into force by Government notification. We will update this policy as DPDP rules are operationalized.

2) Who we are (Data Fiduciary / Controller)

Babaji Nethralayya Private Limited (“we”, “us”, “our”) runs the Babaji Nethralayya Group of Eye Hospitals (Hyderabad, Kurnool, Tirupati, Madanapalle). This policy covers our websites, forms, WhatsApp lines, call centers, and hospital systems.

Grievance Officer / Data Protection Contact

Name: [Dr Anil Kumar]
Email: care@babajieyehospitals.com
Phone: [+91 7079405060]
Address: [Babaji Nethralayya Private Limited, KPHB Hyderabad]

(Under SPDI Rules, a Grievance Officer must be named and resolve complaints within one month.)

3) What data we collect

You provide directly:

  • Identity & contact: name, age, gender, phone, email, city.
  • Medical info: symptoms, prescriptions, eye scans/reports, medical history (this is “sensitive personal data” under SPDI).
  • Appointment/tele-consult details, feedback, testimonial consent.
  • CSR/Orphan program details (age, caregiver/NGO contact).

Collected automatically:

  • Device, browser, pages viewed, time on page, approximate location (via analytics/cookies).
  • Clicks on Call, WhatsApp, Book, Directions buttons (for service quality & analytics).
  • Security logs (to keep the site safe).

From third parties (where lawful):

  • Insurance/TPA details, payment gateway confirmations, maps/communication tools, ad platforms (aggregated reports).

4) Why we use your data (our purposes)

  • Schedule appointments, deliver consultations/surgeries, manage follow-ups.
  • Tele-consults as per India’s Telemedicine Guidelines (consent, records, privacy).
  • Send clinical reminders (drops, follow-ups), service updates, or health education (only with your consent/opt-in).
  • Improve our websites, measure calls/WhatsApp leads, and reduce friction in booking (analytics).
  • Run and verify CSR/Orphan eligibility and outcomes.
  • Legal compliance, audits, and safety/security (fraud prevention, breach handling).

5) Our legal basis & your choices

  • Consent: when you submit a form, WhatsApp us, or opt-in to updates.
  • Contract / service: to provide the consultation/surgery you asked for.
  • Legitimate interests: service quality, fraud prevention, network security.
  • Legal obligations: medical record retention, public health requests, audits.

You can: withdraw non-essential consents, update/correct your data, or ask for deletion where legally permitted (medical records may need retention). Under DPDP, individuals (Data Principals) will have explicit rights to access, correction, and erasure; we already support these in practice and will update language as rules go live.

6) Children & young people

  • We treat anyone under 18 as a child. We process a child’s personal data only with verifiable consent of a parent/guardian, and we do not show targeted ads to children.
  • For the Orphan/Dependent Young Adult program:
    • Under 18: only eye checkups, glasses, vision therapy, and periodic reviews (no refractive surgery).
    • 18–28: eligibility-based PRK/other procedures after full medical evaluation and informed consent.

7) Tele-consultation privacy (when used)

  • Consent is taken: implied if you initiate; explicit if we initiate or record.
  • We keep records securely and respect confidentiality as per national guidelines.

8) Cookies, analytics & ads

  • We use essential cookies (site operation) and optional ones (analytics/ads).
  • We use services like Google Analytics 4 (GA4) for website performance, Google Tag Manager (GTM) to manage these technologies, Google Ads and Meta Pixel for advertising and conversion tracking, and call/WhatsApp tracking to measure service quality. Data collected for advertising is aggregated and not used to build sensitive medical profiles.
  • You’ll get a cookie banner to accept/reject non-essential cookies. You can also change settings anytime in the footer link (“Cookie Preferences”).
  • We don’t build sensitive medical profiles for ad targeting.

(GDPR note for EU visitors: our site is primarily India-focused; GDPR may still apply if services are offered/monitored in the EU. See “GDPR” below.)

9) How we share data

We never sell your personal data. We share it only when needed:

  • With our doctors/clinical staff to treat you.
  • With service partners under strict contracts (IT hosting, EHR, diagnostics, payment gateways, SMS/email, analytics, maps, WhatsApp).
  • With TPAs/insurers if you seek coverage.
  • With government/authorities when required by law.

10) Storage, security & retention

  • Encrypted servers, role-based access, staff confidentiality, regular audits (SPDI-aligned reasonable security practices).
  • Medical records are retained as per clinical, legal, and insurance norms; non-essential marketing data is kept only as long as needed (then anonymized or deleted).
  • CCTV may operate in premises for safety; footage is retained for limited periods unless required for investigation.

11) Your rights & how to exercise them

You can email care@babajieyehospitals.com to:

  • Access or correct your data,
  • Withdraw marketing consent,
  • Request deletion (where allowed), or
  • Raise a complaint.

Our Grievance Officer will acknowledge and aim to resolve within 30 days (SPDI). If national DPDP mechanisms are notified, you will also be able to escalate to the Data Protection Board.

12) International transfers

If we use global cloud providers or processors, your data may be stored/processed outside India. We use contractual and technical safeguards, and will comply with any cross-border rules notified under the DPDP Act.

13) Third-party links

External links (maps, payments, social, NGO resources) have their own policies. Please review them before sharing data there.

14) Updates to this policy

When laws or our services change, we’ll update this page and revise the “Last updated” date. If changes are material, we’ll show a clear notice on the site.

15) Contact us

Chat with us
WhatsApp icon