Privacy Policy
Last updated: 28 April 2026 • Effective from: 28 April 2026
This Privacy Policy is issued by Dr. Anil Prasad Bhatt ("we", "our", "us") and explains how we collect, use, store, and protect your personal data when you use the website dranilbhatt.com. We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 of India.
1. Information We Collect
When you interact with our website, we may collect the following categories of information:
a. Information you voluntarily provide
- Identification data: name, age, gender, date of birth
- Contact data: phone number, email address, postal address, country
- Health-related data: kidney health symptoms, medical history, current medications, lab values (when entered into NephroAI tools or appointment forms)
- Appointment data: preferred consultation date, time, and hospital location
- Communication data: any messages, queries, or feedback sent to us via WhatsApp, email, or contact forms
b. Information collected automatically
- Technical data: IP address, browser type, device type, operating system, language preference
- Usage data: pages visited, time spent on pages, click patterns, referring URL
- Cookies and similar technologies: session cookies, analytics cookies (Google Analytics), advertising cookies (Meta Pixel)
2. How We Use Your Information
We process your personal data only for the following lawful purposes:
- To schedule and confirm medical consultations
- To provide medical advice, second opinions, or transplant evaluations
- To respond to your queries via phone, email, or WhatsApp
- To deliver NephroAI tools (GFR calculator, CKD predictor, symptom triage, etc.) — these tools process your inputs locally where possible
- To improve our website experience and content
- To comply with legal, regulatory, and medical record-keeping obligations under Indian law
- To send you appointment reminders, follow-up care information, and (with your consent) educational health content
3. Lawful Basis for Processing
Under the DPDP Act, 2023, we process your personal data based on:
- Consent — when you submit a form, book an appointment, or accept cookies
- Legitimate medical interests — to provide the medical services you have requested
- Legal obligation — to comply with healthcare record retention laws and statutory reporting
4. Sharing of Your Information
We do not sell, rent, or trade your personal data. We may share limited information only with:
- Hospital partners (e.g., Max Healthcare, Holy Family Hospital, RENACARE) — solely to coordinate your appointment or treatment
- Authorised medical staff — Dr. Bhatt and his clinical team for diagnosis and care
- Service providers — secure hosting (Hostinger), analytics (Google), advertising (Meta), live chat (Tawk.to) — bound by confidentiality and data protection contracts
- Regulators / law enforcement — only when legally required
5. Data Retention
Medical records are retained as required under Indian healthcare regulations — typically a minimum of three (3) years from the last consultation. Non-medical contact and analytics data is retained only as long as necessary for the purpose collected, after which it is anonymised or deleted.
6. Your Rights Under the DPDP Act, 2023
As a Data Principal, you have the following rights:
- Right to access — obtain a copy of the personal data we hold about you
- Right to correction — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (subject to medical retention laws)
- Right to grievance redressal — raise a concern about how we handle your data
- Right to nominate — designate a person to exercise your rights in case of death or incapacity
- Right to withdraw consent — withdraw previously-given consent at any time
To exercise any of these rights, contact us at nephrology.ckdr@gmail.com with the subject line "DPDP Request".
7. Data Security
We implement reasonable security practices and procedures to protect your personal data, including:
- HTTPS / SSL encryption across the website
- Restricted access to medical records — only authorised staff
- Secure hosting with Hostinger (ISO 27001 certified data centres)
- Periodic security audits and vulnerability assessments
However, no internet transmission is 100% secure. By using this website, you acknowledge that you submit information at your own risk.
8. Cookies and Tracking
We use cookies for:
- Essential — site functionality and session management
- Analytics — Google Analytics 4, to understand how visitors use the site
- Advertising — Meta Pixel, to measure campaign effectiveness
You can disable cookies in your browser settings. Doing so may affect site functionality.
9. Children's Privacy
Our services are intended for adults (18+) and parents/guardians acting on behalf of minor patients. We do not knowingly collect personal data from children under 18 without verified parental consent. If you believe we have collected such data inadvertently, contact us immediately for deletion.
10. International Patients
If you access this site from outside India, you understand that your data will be processed in India under Indian law. We take reasonable steps to ensure cross-border data handling complies with applicable laws.
11. Changes to This Policy
We may update this Privacy Policy periodically. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via prominent notice on this page.
12. Grievance Officer
In accordance with Section 8 of the DPDP Act, 2023, our designated Grievance Officer is:
Dr. Anil Prasad Bhatt
Email: nephrology.ckdr@gmail.com
Phone: +91 98181 83957
Address: Max Super Speciality Hospital, Sector 128, Noida, Uttar Pradesh 201304, India
We will acknowledge your grievance within 24 hours and resolve it within 30 days, as required by law.
13. Contact Us
For any questions about this Privacy Policy or our data practices, reach out via:
See also: Terms of Service