GKNM Logo
Gknm Logo

For Enquiry

0422 430 5212

Ambulance

0422 431 6677
/images/nabh-logo.webp Logo

Quick Links

Quick Links

Privacy Policy

1. Our Commitment to Privacy

G. Kuppuswamy Naidu Memorial Hospital (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and safeguard personal data when you:

  • Visit our hospital or website
  • Book appointments or tele-consultations
  • Contact us via phone, Message or WhatsApp
  • Participate in health camps or outreach programs

We process personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable healthcare regulations in India.

2. Who We Are (Data Fiduciary)

G. Kuppuswamy Naidu Memorial Hospital is the Data Fiduciary responsible for determining the purpose and means of processing personal data.

Grievance Officer / Data Protection Contact

grievanceofficer@gknmh.org
82200 37466
3. Personal Data We Collect

a) Data Provided Directly by You

  • Identity & contact details: name, age, gender, phone number, email, address, city
  • Medical information: symptoms, diagnoses, prescriptions, reports, scans, medical history
  • Appointment, tele-consultation, feedback, and testimonial information

b) Data Collected Automatically

  • Device and browser information
  • Pages visited, time spent, approximate location
  • Click interactions (call, WhatsApp, directions, bookings)
  • Security and access logs

c) Data from Third Parties (Where Lawful)

  • Insurance/TPA information
  • Payment confirmations
  • Technology service providers (aggregated or operational data)
4. Purpose of Processing

We process personal data for the following purposes:

  • Providing medical consultations, surgeries, diagnostics, and follow-up care
  • Scheduling appointments and managing patient communication
  • Conducting tele-consultations in line with national telemedicine guidelines
  • Sending clinical reminders and service-related communications
  • Improving service quality, website usability, and operational efficiency
  • Meeting legal, regulatory, audit, and public health obligations
  • Ensuring safety, fraud prevention, and system security
5. Lawful Basis for Processing

We process personal data on the following lawful grounds under the DPDP Act:

  • Consent: Where you voluntarily provide data or opt in
  • Medical emergency and healthcare provision
  • Legal obligations including medical record retention
  • Purposes permitted under law, including public health and safety

You may withdraw consent for non-essential communications at any time.

6. Children’s Personal Data

We treat individuals under the age of 18 as children. Personal data of children is processed only with verifiable consent of a parent or legal guardian. We do not engage in targeted advertising towards children

7. Tele-Consultation Privacy
  • Consent is obtained as per telemedicine guidelines
  • Records are maintained securely
  • Confidentiality and access controls are strictly enforced
8. Cookies & Analytics

We use:

  • Essential cookies for website functionality
  • Optional cookies for analytics and service improvement

Users can manage cookie preferences through our website controls. We do not use medical data for advertising or profiling.

9. Sharing of Personal Data

We do not sell personal data. Data may be shared only with:

  • Authorized doctors and clinical staff
  • Service providers under strict contractual safeguards
  • Insurers / TPAs upon request
  • Government or regulatory authorities when legally required
10. Data Security & Retention

We implement reasonable security safeguards, including:

  • Role-based access controls
  • Encryption of systems and backups
  • Staff confidentiality obligations
  • Periodic audits and access reviews

Medical records are retained as required by law. Non-essential data is retained only as long as necessary and then anonymized or deleted.

CCTV may operate in premises for safety; footage is retained for limited periods unless required for investigation.

11. Data Breach Management

In the event of a personal data breach, we will take prompt remedial action and notify affected individuals and authorities where required under law.

12. Your Rights as a Data Principal

You have the right to:

  • Access your personal data
  • Request correction or updating
  • Request erasure (subject to legal retention requirements)
  • Withdraw consent for non-essential processing
  • Raise grievances
  • Nominate another person to exercise your rights

Requests can be sent to mailto:grievanceofficer@gknmh.org.

Our Grievance Officer will acknowledge and aim to resolve within 90 days. You will also be able to escalate to the Data Protection Board of India.

13. International Data Transfers

Where global service providers are used, appropriate contractual and technical safeguards are implemented in line with applicable DPDP rules.

14. Third-Party Links

External services are governed by their own privacy policies. We are not responsible for their practices.

15. Updates to This Policy

We may update this policy periodically. Material changes will be notified on our website.