Afecto Clinic (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, retain, and protect personal data obtained through our website (afectoclinic.com) in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. By using our website, you agree to the practices described in this Policy.
Types of Data We Collect
We only collect contact details that you provide through our website. This typically includes:
Contact Information: Your name, phone number, email address, or other contact details you submit (for example, when filling out a contact form or requesting information).
Website Usage Data: Basic technical data such as your IP address, browser type, and pages visited may be collected via cookies or analytics tools. This information is used in aggregate for improving our website and analytics purposes, and is not used to personally identify you.
No Sensitive Data: We do not ask for or intentionally collect any sensitive personal data through our website. This means we do not collect information such as health records, medical history, financial information, passwords, or any other sensitive personal details. Although Afecto Clinic is a healthcare provider, no medical or health information is collected via the website.
Children’s Data: Our website and services are not directed to children under 18, and we do not knowingly collect personal data from minors. If you are under 18, please do not submit any personal information on our site. In accordance with the DPDP Act’s requirements for processing children’s data, verifiable parental consent would be required for any such data. Since we do not target or collect data from children, any information inadvertently received from a minor will be deleted promptly once identified.
Purpose of Data Collection and Use
We collect and use your personal data only for the specific purposes described below, and no other purposes:
Providing Information and Services: If you contact us or request an appointment, we use your contact details to respond to your inquiries and provide the information or services you requested.
Marketing Communications: With your consent, we may use your phone number or email to send you updates about our clinics, new services, promotions, or health-related newsletters. These communications are occasional and relevant to Afecto Clinic services. You can opt out of marketing messages at any time by contacting us or using the unsubscribe link (if provided in emails).
Analytics and Improvement: We use website usage data (e.g. via cookies or similar technologies) to understand how visitors use our site and to improve user experience. This may include analyzing which pages are most visited, how users navigate the site, and other engagement metrics. All analytics are performed on aggregated data; we do not use this information to personally identify any user.
We do not use the personal data we collect for any unrelated purposes. In particular, we do not use your information for any automated profiling or decision-making, and we do not sell or share your personal data with any third-party companies for their own marketing or advertising purposes.
Data Sharing and Disclosure
Afecto Clinic does not share your personal data with third parties, except in very limited circumstances necessary for our own operations, as described here:
No Third-Party Marketing: We do not sell, rent, or trade your contact information to any external parties for marketing or any other purposes.
Service Providers: We do not currently employ any external data processors for our website. (If in the future we use trusted service providers for functions like website analytics or email newsletters, we will ensure they are bound by strict confidentiality and data protection obligations, and they will only process your data on our instructions.)
Legal Compliance: We would only disclose personal data if required to do so by law or lawful order (for example, to comply with a court order or government regulation). If such a situation ever arises, we will only share the minimum information necessary and in accordance with applicable laws.
In summary, your personal contact data stays with Afecto Clinic. We treat your information with strict confidentiality and do not disclose it to any third party unless it is absolutely necessary and lawful.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. Specifically:
Contact information (such as phone numbers or emails) provided for inquiries or marketing will be kept until we have responded to your request or as long as you remain subscribed to our communications. If you opt out of marketing or request deletion, we will remove your contact information from our active marketing lists.
Basic analytics data (e.g. website logs) is retained for internal analysis and typically stored for a limited period (e.g. a few months up to a year) to identify trends over time. This data is usually aggregated and not tied to individual identities.
When personal data is no longer needed for the stated purposes, we will delete it or anonymize it in our systems. For example, if you request removal of your data or withdraw your consent for us to contact you, we will erase your contact details from our records (unless we are required by law to retain certain information).
In cases where law or regulation requires us to keep data for a longer period, we will comply with those requirements. Otherwise, we apply the principle of storage limitation, meaning we don’t keep personal data indefinitely.
Your Rights Under the DPDP Act
Under the Digital Personal Data Protection Act, 2023, individuals (data principals) have important rights regarding their personal data. Afecto Clinic is committed to upholding these rights and providing you with full control over your information.
Your key rights include:
Right to Know and Access: You have the right to know whether we hold any of your personal data, and to request a summary or a copy of the personal data we have about you. This means you can ask us to confirm what information we have and why, and we will provide it to you in an easy-to-understand format.
Right to Correction/Updating: If any of your personal data that we hold is inaccurate or outdated (for example, an incorrect phone number or a misspelled name), you have the right to have it corrected or updated. Simply contact us with the correct information, and we will rectify our records promptly.
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances. For instance, if the purpose for which you provided your data has been fulfilled or if you withdraw your consent, you can ask us to erase your data. We will honor such requests as long as we are not required by law to retain the data.
Right to Withdraw Consent: Where our processing of your data is based on your consent (such as receiving marketing emails or SMS), you have the right to withdraw that consent at any time. If you withdraw consent, we will stop the specific processing for which consent was given (e.g. we will stop sending you newsletters) and, if applicable, delete your data as per the Right to Erasure.
Right to Grievance Redressal: We have a mechanism for you to raise any questions or complaints about our handling of your personal data. If you have a privacy-related grievance, you can contact us (see Contact Us section below), and we will address your concern. Every data fiduciary in India is required to establish a grievance redressal system, and if your issue is not resolved within the prescribed time, you have the right to escalate it to the Data Protection Board of India.
Exercising Your Rights: You can exercise any of the above rights by reaching out to us via the contact details provided. We will need to verify your identity to process requests (this is to ensure we don’t disclose or modify someone else’s data inappropriately). Once your request is verified, we will respond and take the necessary action within the timeframe required by law. Under the DPDP Act, organizations are required to address access, correction, updating, or erasure requests within 90 days, and we aim to resolve your request as quickly as possible, well within this limit.
Please note that these rights are subject to certain limitations. For example, we might not be able to delete data that we are legally obligated to keep for a certain period, or we may decline a request if it is excessively repetitive or manifestly unfounded. However, we will inform you of the reason if we cannot fulfill any part of your request.
Data Security Measures
We take data security seriously and implement appropriate technical and organizational measures to safeguard your personal information. While no website or online service can guarantee absolute security, we strive to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security practices include:
Encryption: Any personal data you submit through our website (for example, via contact forms) is transmitted over secure, encrypted channels (HTTPS). We also encrypt sensitive data in storage whenever applicable.
Access Control: Internally, access to personal data is restricted to authorized personnel who need it to perform their duties (for example, responding to inquiries or managing our marketing list). Staff are trained on confidentiality and privacy principles.
Firewalls and Monitoring: Our website and servers are protected by firewalls and security monitoring tools to help detect and prevent unauthorized access or attacks. We keep our systems updated with the latest security patches.
Secure Storage: Contact details and any other personal data are stored in secure systems. We use reputable hosting providers with robust security standards. Regular backups are maintained to prevent data loss.
Incident Response: In the unlikely event of a data breach or security incident, we have procedures in place to contain the incident, assess impact, and notify affected individuals and authorities as required by law. We will inform you as soon as possible of any breach involving your personal data, in plain language and along with advice on protective steps, as mandated by the DPDP regulations.
Your data’s security and privacy are our priority. While we cannot guarantee 100% security, we continually review and enhance our security measures to meet or exceed industry best practices and legal requirements.
Updates to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices or to stay compliant with new laws and regulations. When we make significant changes, we will notify users by posting the updated Policy on our website with a new effective date. We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of the website after any changes to the Policy constitutes acceptance of those changes.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:
Email: info@afectoclinic.com
Phone: +91 978 059 7813 (during business hours)
Address: 400-R Sky Tower, Above Orra Jewellers Parkash Nagar Road, Model Town. Opposite Capital Small Finance Bank. Jalandhar (Punjab) 144003
Data Protection Officer: Afecto Clinic is a small organization and at present, we have not appointed a formal Data Protection Officer (DPO) or a dedicated Grievance Officer. However, we take privacy seriously. For any data-related concerns or grievances, you can reach us through the contact details above. Our team will treat your inquiry with priority and ensure it is resolved in a timely manner. If you are unsatisfied with our response or have unresolved concerns, you have the right under the DPDP Act to raise the matter with the Data Protection Board of India as a further recourse.
We are committed to addressing any privacy questions or issues you may have. Your trust is important to us, and we will do our utmost to ensure your personal data is handled securely and lawfully.
Thank you for reading our Privacy Policy.
