2.1 Information You Provide

When you book an appointment, register as a patient, or contact us, we may collect:

• Full name, date of birth, and gender
• Contact details: phone number, email address, and home address
• Medical history, current medications, allergies, and symptoms
• Lab results, prescriptions, and consultation notes
• Payment details (processed securely via our payment gateway — we do not store card numbers)
• Identity documents where required for insurance or verification purposes

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and browser type
• Pages visited, time spent, and referral source
• Device type and operating system
• Cookies and usage data (see Section 7 on Cookies)

2.3 Information from Third Parties

We may receive information about you from:

• Referring doctors or healthcare providers
• Insurance companies, where you have authorised a claim
• Google Analytics, which provides aggregated, anonymised data about website usage

3.1 Providing Healthcare Services

• To book and manage your appointments
• To enable your doctor to review your medical history and provide appropriate care
• To issue prescriptions, lab reports, and referral letters
• To coordinate home healthcare visits, sample collection, and medicine delivery
• To facilitate teleconsultation sessions

3.2 Communication

• To send appointment confirmations, reminders, and follow-up messages via SMS, WhatsApp, or email
• To respond to your enquiries submitted via our website or email
• To notify you of service updates or changes relevant to your care

3.3 Payments

• To process consultation fees and service charges via our secure online payment gateway
• To generate and maintain billing records and receipts
• To assist with insurance claim processing where applicable

3.4 Website Improvement

• To analyse website traffic and user behaviour via Google Analytics in order to improve our website experience
• To monitor and maintain the security and performance of our website

3.5 Legal & Regulatory Compliance

• To comply with applicable Indian healthcare regulations and legal obligations
• To respond to lawful requests from government or regulatory authorities

We process your personal data on the following legal grounds:

• Consent — where you have given us explicit consent, such as signing up for health updates or submitting teleconsultation requests.
• Contract — where processing is necessary to provide the healthcare services you have requested.
• Legal obligation — where we are required by law to retain or share certain information.
• Legitimate interests — where we process data to operate our website, prevent fraud, or improve our services, provided this does not override your rights.

For sensitive medical (health) data, we rely on your explicit consent and/or the necessity of processing for healthcare purposes under applicable law.

5.1 Digital Records

Nama Med uses an AI-integrated ERP system to store patient records securely in digital format. Access to medical records is restricted to authorised healthcare staff directly involved in your care.

5.2 Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted storage of patient data
• Secure HTTPS connections on our website
• Role-based access controls for staff
• Regular system audits and security reviews

5.3 Payment Security

Online payments are processed through a third-party payment gateway. Nama Med does not store, access, or retain your card or bank account details. All payment transactions are encrypted and handled in accordance with applicable security standards.

5.4 Retention Period

We retain your medical records for as long as is required under Indian healthcare regulations and as necessary to provide continuity of care. Website usage data collected via Google Analytics is retained in accordance with Google's standard data retention settings. You may request deletion of non-medical personal data at any time (subject to legal retention obligations).

We do not sell or rent your personal information to any third party. We may share your information only in the following circumstances:

• With your treating doctors and healthcare staff at Nama Med, on a need-to-know basis.
• With diagnostic laboratories or specialist partners involved in your care, with your knowledge.
• With your insurance provider, where you have authorised a claim submission.
• With our payment gateway provider, solely to process transactions.
• With Google Analytics, in anonymised and aggregated form, for website analytics.
• With government bodies, regulators, or law enforcement when legally required.
• With any other third party where you have given us explicit consent.

Any third-party service providers we work with are required to handle your data in accordance with applicable privacy laws and are not permitted to use it for their own purposes.

Our website uses cookies to enhance your browsing experience and to collect analytical data. The types of cookies we use include:

• Essential cookies — required for the website to function correctly (e.g. booking sessions).
• Analytics cookies — used by Google Analytics to collect anonymised data on how visitors use our website. This helps us understand traffic patterns and improve our content and services.

You can control or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website. By continuing to use our website without changing your cookie settings, you consent to our use of cookies as described above.

For more information on how Google Analytics uses your data, visit: https://policies.google.com/privacy

For teleconsultation sessions, the following applies:

• Consultation sessions may be conducted via video or phone call. These sessions are not recorded without your explicit consent.
• Digital prescriptions and reports shared via email or WhatsApp are transmitted using standard encryption. We recommend you keep these documents secure and not share them with unauthorised persons.
• If you are accessing teleconsultation from outside India, your data may be transmitted across international borders. By using this service, you consent to such transfer, subject to appropriate safeguards.

As a patient and user of our services, you have the following rights regarding your personal data:

• Right to access — you may request a copy of the personal and medical data we hold about you.
• Right to correction — you may ask us to correct inaccurate or incomplete information.
• Right to deletion — you may request deletion of your personal data, subject to legal and medical retention requirements.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to data portability — you may request your data in a structured, machine-readable format where technically feasible.
• Right to raise a complaint — if you believe your data has been mishandled, you may raise a complaint with us directly or with the relevant data protection authority.

To exercise any of these rights, please contact us at contact@nama.med. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

In the event of a personal data breach that is likely to affect your rights or interests, Nama Med will:

• Notify the Data Protection Board of India (DPBI) within 72 hours of becoming aware of the breach, as required under the DPDP Act 2023 and DPDP Rules 2025.
• Inform affected patients promptly, with clear details of the nature of the breach, the data involved, likely consequences, and the steps we are taking to address it.
• Maintain an internal record of all data breaches, including those not reportable to the DPBI, for audit and accountability purposes.

We have implemented technical and organisational measures to minimise the risk of data breaches. In the event of a breach, our team will act swiftly to contain it, assess its impact, and notify all relevant parties in accordance with applicable law.

If you suspect any unauthorised access to your personal or medical data, please contact us immediately at contact@nama.med.

We retain your personal and medical data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law:

• Medical records, consultation notes, prescriptions, and lab reports are retained for a minimum of 7 years from the date of last treatment, in accordance with standard Indian medical practice norms and the Clinical Establishments Act.
• Records relating to minors are retained until the patient turns 25 years of age, or for 7 years from the date of last treatment, whichever is later.
• Billing and payment records are retained for 8 years for tax and accounting compliance under Indian law.
• Website usage data collected via Google Analytics is retained in accordance with Google's standard data retention settings (default: 26 months).
• Marketing communication preferences and contact data are retained until you withdraw consent or request deletion.

Once the applicable retention period expires, your data will be securely deleted or anonymised so that it can no longer be linked to you. You may request early deletion of non-medical personal data by contacting us at contact@nama.med, subject to our legal and regulatory obligations.

Nama Med provides paediatric services, and we may collect health information about minors with the consent of a parent or legal guardian. We do not knowingly collect personal data from children under 18 for marketing or non-medical purposes without verifiable parental consent.

If you believe we have inadvertently collected such information, please contact us at contact@nama.med and we will take prompt action to delete it.

Our website may contain links to third-party websites, including social media platforms (Facebook, Instagram, LinkedIn, YouTube) and external resources. This Privacy Policy applies only to www.nama.med. We are not responsible for the privacy practices of any third-party websites and encourage you to review their respective privacy policies.

We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal obligations. Any updates will be posted on this page with a revised effective date. We encourage you to review this page periodically. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: contact@nama.med