Data controller: G M Health Venture LLP.

Primary contact / grievance email:

If you are a resident of India and have a data protection issue, you may also refer to the provisions of the Digital Personal Data Protection Act, 2023. We maintain a process to address rights requests and will respond within legally required timeframes.

We may collect:

• Identity & contact data: name, DOB/age, gender, address, phone, email, emergency contact.
• Health & medical data: medical history, clinical notes, diagnosis, prescriptions, images, lab reports, treatment plans collected only as necessary for providing healthcare.
• Payment & financial data: billing name, billing address, last 4 digits of card (if stored by payment gateway), transaction IDs. Sensitive financial details are handled by PCI-compliant payment gateways; we do not store full card details.
• Device & usage data: IP address, device identifiers, cookies, analytics, session logs.
• Communications: WhatsApp messages, emails, consent records, recorded teleconsultations (where consented), appointment logs.
• Special categories: health data is considered sensitive personal data and is processed only with explicit consent for the purpose of treatment and healthcare delivery.

We process personal data for:

• Delivering healthcare services (consultation, therapy, inpatient care).
• Providing teleconsultations and prescriptions in accordance with the Telemedicine Guidelines.
• Billing, payment processing, invoicing and tax compliance.
• Order fulfilment for product sales and shipping.
• Communication (appointment confirmations, reminders, receipts, newsletters where consented).
• Quality, safety, clinical audits, medical research/aggregate anonymized analysis (only where anonymized or with explicit consent).
• Legal compliance, record retention and handling complaints or claims.

For Indian residents, we will process data in accordance with the DPDP Act 2023 and applicable laws; for foreign patients, we will comply with any applicable local regulatory obligations but will process most patient records within India unless otherwise specified.

4.1 We obtain consent for processing where required (especially sensitive health data). Consent for telemedicine is recorded as implied (if patient initiates) or explicit (if RMP initiates) as per Telemedicine Guidelines.

4.2 Patients/Customers have rights to access, correct, port, restrict or erase their personal digital data to the extent permitted by law. Requests should be sent to sukrutham@gmail.com or care@sukruthamayurveda.org. We will verify identity before acting on rights requests.

4.3 Certain clinical records must be retained for statutory periods and cannot be deleted if retention is required by law.

We retain personal and medical records as required by clinical best practices and applicable laws. Routine appointment and transactional records are retained for a minimum period consistent with healthcare record requirements; clinical records (including teleconsultation records) are retained as required for continuity of care and legal compliance.

We may share personal data with:

• Practitioners and clinical staff involved in your care.
• Payment processors and banks for processing payments (subject to their privacy and security terms).
• Courier, shipping partners for delivery of products.
• Regulatory, law enforcement or insurance authorities where required or permitted by law.
• Third-party service providers (cloud hosting, analytics, telemedicine platforms, email/WhatsApp providers) under contract and confidentiality obligations.

Any transfer of personal data outside India will be subject to applicable law and appropriate safeguards.

We implement reasonable technical and organisational measures (access restrictions, encryption, role-based access, secure servers) to protect personal data. However, no internet transmission is completely secure; use of our services is at the user’s own risk for residual risks.

We use cookies and analytics to improve site performance and user experience. Marketing communications are sent only with prior consent (where required) and users may opt out of promotional messages at any time.

We do not knowingly collect data of minors without consent of a parent or guardian. If a minor’s data is collected, verifiable parental consent will be sought where required by law.

For privacy grievances contact sukrutham@gmail.com / care@sukruthamayurveda.org.