How we collect, use, and protect your personal and health data
Last Updated: May 1, 2026 | Effective Date: May 1, 2026
This Privacy Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the Information Technology Act 2000, and applicable healthcare regulations including the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002.
Dr. Anil Prasad Bhatt (NMC Registration #046358) is the Data Fiduciary for all personal data collected through this website (dranilbhatt.com). For data-related inquiries, contact:
When you book an appointment, use our contact form, or subscribe to our newsletter, we may collect: full name, email address, phone number, age, gender, and city of residence.
If you use our online tools (NephroAI, Kidney Health Quiz, Diet Planner, Lab Tests tracker), we may process health-related inputs such as symptom descriptions, lab values (creatinine, eGFR, urine reports), dietary preferences, and medication lists. This data is processed locally in your browser and is not stored on our servers unless you explicitly submit a consultation request.
We automatically collect: IP address (anonymised), browser type, device type, pages visited, time spent, and referral source via Google Analytics (GA4).
| Purpose | Legal Basis (DPDP Act) |
|---|---|
| Appointment booking | Consent (Section 6) |
| Patient communication | Legitimate use for medical services |
| Newsletter delivery | Consent (Section 6) |
| Analytics & improvement | Legitimate use |
| Legal compliance | Legal obligation |
We use the following cookies:
We do not use advertising cookies, retargeting pixels, or social media trackers. You can decline analytics cookies via the cookie banner shown on your first visit.
Clinical records created during in-person consultations at Max Hospital or Holy Family Hospital are governed by the respective hospital's privacy policies and the Indian Medical Council regulations. This website does not store clinical records, prescriptions, or diagnostic reports. Any health information shared via WhatsApp or the contact form is used solely for appointment scheduling and preliminary assessment.
Contact form submissions and appointment requests are retained for 12 months from the date of submission. Newsletter subscriber data is retained until you unsubscribe. Analytics data is retained for 14 months as per GA4 default settings. You may request earlier deletion at any time.
Request a summary of personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data, subject to legal retention requirements.
Withdraw consent at any time. This will not affect prior lawful processing.
We implement industry-standard security measures including HTTPS/TLS encryption for all data in transit, secure hosting infrastructure, access controls limiting data access to authorised personnel only, and regular security reviews. Despite these measures, no method of electronic transmission is 100% secure, and we cannot guarantee absolute security.
This website is not directed at children under 18. We do not knowingly collect personal data from minors. If a parent or guardian becomes aware that their child has submitted personal data, please contact us immediately for deletion.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the website after changes constitutes acceptance of the revised policy.
For any privacy-related inquiries, data access requests, or to exercise your rights under the DPDP Act 2023, please contact us:
We will respond to all data requests within 30 days.