How we protect your personal data and respect your privacy
🛡️ DPDP 2023 Compliant - Digital Personal Data Protection Act 2023
Privacy Policy Overview
Gujarat Epilepsy & Neuro Clinic respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal information in compliance with the Digital Personal Data Protection Act 2023 (DPDP 2023) and applicable Indian data protection laws.
Last Updated: February 2026
Data Controller Information
Data Controller: Gujarat Epilepsy & Neuro Clinic
Address: 1st Floor, 112-114, Elite Magnum, Near Solaris, Bhuyangdev Cross, Sola Road, Ahmedabad, Gujarat 380061
We use Umami, a privacy-focused analytics tool that collects anonymous usage statistics. No cookies are set, no personal data is collected. Umami helps us understand website performance and user behavior without compromising your privacy.
Data collected by Umami includes:
Page views and website traffic patterns
Anonymized browser and device information
Referring websites (if any)
Geographic information (country level only)
No personally identifiable information, IP addresses, or tracking cookies are used.
Contact Information (When You Provide It)
When you contact us through our website, phone, or email, we may collect:
Name and contact details
Email address
Phone number
Medical inquiry details (if provided voluntarily)
Appointment scheduling information
Third-Party Appointment Booking
We use eka.care for online appointment booking. When you book an appointment through eka.care, their privacy policy governs the data collection and use. We recommend reviewing eka.care's privacy policy before booking.
What We Do NOT Collect
Cookies (except essential technical cookies if required)
Personal data through analytics
Tracking across websites
WhatsApp conversation content (we don't store messages)
We use the information we collect for the following purposes:
Healthcare Services: To respond to your medical inquiries and provide healthcare information
Appointment Scheduling: To facilitate appointment bookings and consultations
Communication: To respond to your queries and provide requested information
Website Improvement: To analyze website performance and improve user experience (through anonymized Umami analytics)
Legal Compliance: To comply with applicable Indian healthcare and data protection regulations
Legal Basis for Processing (DPDP 2023)
Under the Digital Personal Data Protection Act 2023, we process your personal data based on:
Consent: When you voluntarily provide information through contact forms or communication
Legitimate Interest: For providing healthcare information and services
Legal Obligation: To comply with Indian healthcare regulations and record-keeping requirements
Vital Interest: In case of medical emergencies requiring immediate response
Data Sharing and Disclosure
We Do NOT Share Your Data
We do not sell, trade, or share your personal data with third parties for marketing purposes.
Limited Disclosure
We may disclose information only in the following circumstances:
With your explicit consent
When required by Indian law or legal process
To protect our legal rights or safety
With trusted service providers who assist in website operations (subject to strict data protection agreements)
Third-Party Services
eka.care: Appointment booking platform (governed by their privacy policy)
Umami Analytics: Privacy-focused website analytics (no personal data collected)
Data Retention
We retain your personal data only as long as necessary for the purposes stated in this policy:
Contact Inquiries: 3 years from last contact (unless longer retention required for medical records)
Website Analytics: Anonymized data retained for 2 years maximum
Medical Communications: Retained as per Indian medical record-keeping requirements
Email Communications: Retained until you request deletion or withdraw consent
Your Rights Under DPDP 2023
As a data principal under DPDP 2023, you have the following rights:
Right to Information: Know what personal data we have about you
Right to Correction: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data (subject to legal obligations)
Right to Data Portability: Receive your data in a structured, commonly used format
Right to Withdraw Consent: Withdraw your consent at any time (where consent is the legal basis)
Right to Grievance Redressal: Lodge complaints regarding data processing
Exercising Your Rights
To exercise any of these rights, please contact us at epilepsyassociates@gmail.com with the subject line "Data Privacy Request" and provide:
Your full name
Contact information used with our clinic
Specific request details
Verification of identity (for security purposes)
Data Security Measures
We implement appropriate technical and organizational measures to protect your personal data:
Encryption: Data transmitted to/from our website uses SSL/TLS encryption
Access Control: Limited access to personal data on a need-to-know basis
Regular Security Updates: Our systems are regularly updated with security patches
Staff Training: Our team is trained on data protection and privacy practices
Secure Storage: Personal data is stored in secure, access-controlled environments
Cross-Border Data Transfer
Your personal data is primarily processed and stored within India. If data needs to be transferred outside India, we ensure:
Appropriate safeguards are in place
Compliance with DPDP 2023 requirements for cross-border transfers
Explicit consent where required
Adequate level of data protection in the destination country
Children's Privacy
Our website is not directed at children under 18. We do not knowingly collect personal data from children without verified parental consent. If you are a parent and believe your child has provided personal data, please contact us immediately.
Communication Preferences
WhatsApp Communications
If you contact us via WhatsApp:
We do not store conversation content on our servers
WhatsApp's privacy policy governs the messaging service
You can stop WhatsApp communication at any time
Email Communications
You can opt out of non-essential email communications at any time by: