Privacy Policy

Belleza Rohini Hair Transplant Clinic (“Clinic”, “we”, “us”, or “our”) is committed to safeguarding the privacy, confidentiality, and security of personal and medical information shared by users (“you”, “your”). This Privacy Policy explains in detail how information is collected, used, stored, disclosed, and protected when you access or use https://bellezarohini.com (“Website”) and Belleza Rohini Mobile Application (“App”).

1. WHAT INFORMATION DO WE COLLECT?

We collect information strictly on a need-to-know basis and only to the extent necessary to provide medical, consultation, and administrative services

(a) Personal Identification Information

We may collect personal details voluntarily provided by you, including:

• Full name
• Mobile number
• Email address
• Age and gender (where required)
• Address or location details (if shared)

This information is typically collected when you submit enquiry forms, book appointments, request consultations, or communicate with us.

(b) Medical and Health-Related Information

For the purpose of medical evaluation and treatment planning, we may collect:

• Scalp photographs or treatment images
• Hair loss history and progression details
• Medical conditions disclosed by you
• Medication history (if shared)

Such data is treated as confidential medical information and accessed only by authorized professionals.

(c) Automatically Collected Technical Information

When you access the Website and Mobile Application, we may automatically collect:

• IP address
• Browser type and version
• Device and operating system details
• Date, time, and duration of visits
• Pages viewed and navigation patterns

This data is collected for security, analytics, and performance optimization and does not directly identify you.

2. HOW DO WE USE YOUR INFORMATION?

The personal and medical information collected by the Clinic is used strictly for lawful, legitimate, and necessary purposes connected with providing medical services, patient care, and administrative support.

Your information may be used for the following purposes:

• To respond to enquiries, consultation requests, and communications submitted through the Website and Mobile Application, email, phone, or messaging platforms;
• To schedule, manage, confirm, reschedule, and coordinate appointments, consultations, procedures, and follow-up visits;
• To carry out medical evaluation, preliminary assessment, diagnosis support, treatment planning, and progress monitoring by qualified medical professionals;
• To maintain accurate patient records, medical history, treatment documentation, and internal clinical notes as required by medical standards and applicable laws;
• To process payments, refunds, and coordinate EMI arrangements through authorized payment gateways or financial institutions;
• To send appointment reminders, treatment instructions, post-procedure guidance, follow-up communications, and other service-related notifications;
• To improve Website and Mobile Application functionality, optimize services, enhance user experience, and ensure operational efficiency;
• To comply with legal, regulatory, ethical, audit, and record-keeping obligations imposed under applicable laws and medical regulations.

The Clinic does not use personal or medical information for unsolicited marketing, promotional messaging, or advertising without explicit consent, and does not sell, trade, or commercially exploit user data in any manner.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

The Clinic maintains strict confidentiality of all personal and medical information provided by users and patients.

Your information may be shared only on a limited, need-to-know basis, and only where such sharing is necessary and lawful, including:

• With doctors, surgeons, medical professionals, and clinic staff who are directly involved in your consultation, treatment, or care;
• With payment gateways, banks, or EMI service providers solely for the purpose of processing payments, refunds, or financing arrangements;
• With IT service providers, software vendors, or cloud hosting platforms engaged for Website and Mobile Application operation, data storage, or technical support, subject to contractual confidentiality and data protection obligations;
• With government authorities, courts, or regulatory bodies where disclosure is required under applicable law, legal process, or regulatory mandate.

The Clinic never sells, rents, licenses, or commercially shares personal or medical information with third parties for marketing, advertising, or unrelated commercial purposes.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Yes. The Website and Mobile Application may use cookies and similar tracking technologies to support technical functionality and improve user experience.

These technologies may be used to:

• Ensure proper functioning of Website and Mobile Application features and pages;
• Improve loading speed, performance, and stability of the Website and Mobile Application;
• Analyze visitor behavior, traffic patterns, and usage trends for internal improvement purposes;
• Enhance Website and Mobile Application security, detect misuse, and prevent unauthorized access.

Cookies used by the Website and Mobile Application do not collect medical information or sensitive personal data. Users may choose to disable cookies through their browser settings; however, doing so may affect the availability or performance of certain Website and Mobile Application features.

5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

The Website and Mobile Application is owned and operated from India, and personal and medical information is primarily stored on secure servers located within India or on reputable cloud infrastructure providers (such as Google Cloud) that maintain industry-standard security practices.

In limited technical or operational circumstances where data processing may occur outside India (for example, due to cloud hosting or infrastructure support), the Clinic ensures that:

• Adequate technical and organizational safeguards are in place to protect the data;
• Processing complies with applicable Indian data protection laws and standards;
• Access to such data remains restricted, controlled, and limited to authorized personnel.

The Clinic does not intentionally transfer personal data internationally for commercial exploitation or marketing purposes.

6. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

The Website and Mobile Application may contain links or references to third-party websites or platforms for informational or convenience purposes.

The Clinic does not own, control, operate, or monitor such third-party websites and assumes no responsibility for:

• The content, accuracy, or reliability of third-party websites;
• The privacy policies, data collection practices, or security standards adopted by such websites;
• Any transactions, interactions, or communications carried out on third-party platforms

Users are advised to review the privacy policies and terms of use of any third-party website before sharing personal information. The Clinic shall not be liable for any loss, damage, or misuse of data arising from third-party websites or services.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

The Clinic retains personal and medical information only for as long as it is reasonably necessary to fulfill the purposes for which such information was collected and processed.

Information may be retained for the following purposes:

• To provide medical consultations, treatment, surgery, and post-procedure follow-up care;
• To maintain patient medical records, treatment history, and clinical documentation as required under applicable medical laws, ethical guidelines, and professional standards;
• To comply with statutory, regulatory, accounting, tax, audit, or legal obligations, including obligations relating to dispute resolution or legal proceedings.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

The Clinic implements reasonable, appropriate, and industry-standard administrative, technical, and organizational safeguards to protect personal and medical information from unauthorized access, misuse, alteration, loss, or disclosure.

These measures include, but are not limited to:

• Restricted and role-based access to sensitive and medical information;
• Secure servers, controlled databases, and protected storage environments;
• Internal confidentiality obligations binding doctors, staff, and authorized personnel;
• Administrative safeguards, internal policies, and periodic staff awareness and training regarding data protection and confidentiality.

While the Clinic takes data security seriously and adopts reasonable protective measures, no method of transmission over the internet or electronic storage system is completely secure. Users acknowledge and accept that absolute security cannot be guaranteed, and the Clinic shall not be responsible for breaches occurring despite reasonable safeguards.

9. DO WE COLLECT INFORMATION FROM MINORS?

The Website and Mobile Application and Services are not intended for use by individuals below the age of 18 years without the supervision and consent of a parent or legal guardian.

The Clinic does not knowingly collect personal or medical information from minors without appropriate consent. If it is discovered that personal data of a minor has been collected inadvertently or without valid parental or guardian consent, the Clinic shall take reasonable steps to delete or restrict such information promptly, in accordance with applicable laws.

Parents or guardians who believe that a minor has provided personal information may contact the Clinic for appropriate action.

10. LIMITATION OF LIABILITY FOR UNAUTHORIZED ACCESS

While the Clinic adopts reasonable and appropriate technical and organizational security measures, the Clinic shall not be liable for unauthorized access, hacking, data breaches, or security incidents that occur despite such safeguards.

This includes breaches resulting from:

• Cyber-attacks or sophisticated hacking attempts;
• Malware, ransomware, or other malicious software;
• Acts or omissions beyond the Clinic’s reasonable technical or operational control.

Nothing in this clause shall limit or exclude liability to the extent such limitation or exclusion is prohibited under applicable law.

11. WHAT ARE YOUR PRIVACY RIGHTS?

Subject to applicable Indian laws, including the Digital Personal Data Protection Act, 2023, users have the following rights in relation to their personal data:

• The right to request access to the personal information held by the Clinic;
• The right to request correction, updating, or completion of inaccurate or incomplete personal data;
• The right to withdraw consent for processing of personal data where such processing is based on consent, subject to legal and medical record retention requirements;
• The right to request deletion of personal data, where such deletion is not restricted by applicable law, medical ethics, or regulatory obligations.

Requests for exercising these rights may be made by contacting the Clinic using the contact details provided in this Privacy Policy. The Clinic shall address such requests within a reasonable time and in accordance with applicable laws

12. DO WE MAKE UPDATES TO THIS POLICY?

Yes. The Clinic may update, revise, or modify this Privacy Policy from time to time to reflect:

• Changes in applicable laws or regulatory requirements;
• Updates in medical, technical, or operational practices;
• Enhancements to data protection, security, or compliance measures.

Any changes to this Privacy Policy shall be posted on the Website and Mobile Application with an updated “Last Updated” date. Continued access to or use of the Website and Mobile Application after such updates shall constitute acceptance of the revised Privacy Policy.

13. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

For any questions, concerns, or privacy-related requests, please contact:

📍 Rohini Sector 8, Delhi, India

📧 info@bellezarohini.com