Privacy Policy

Nestlabs Diagnostics ("we," "our," or "us"), located at 101 Panchvati, Beside Hitawada Press, Wardha Road, Dhantoli, Nagpur 440012, Maharashtra, India, is committed to protecting the privacy and confidentiality of all patients, visitors, and users of our services.

This Privacy Policy is prepared in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Clinical Establishments (Registration and Regulation) Act, 2010, and the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002.

By using our services, website, or providing your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

2.1 Personal Information

• Full name, date of birth, gender, and age
• Contact details (address, phone number, email)
• Government-issued identification (Aadhaar, PAN, etc.) as required
• Emergency contact information
• Photograph for identification purposes

2.2 Sensitive Personal Data or Information (SPDI)

As per IT Rules, 2011, we collect the following sensitive information with your explicit consent:

• Medical history and health records
• Diagnostic test results (MRI, CT Scan, Pathology, USG, X-Ray reports)
• Physical and physiological conditions
• Biometric information (if applicable)
• Medical prescriptions and referrals
• Insurance and payment information

2.3 Technical Information

• IP address and browser type
• Device information and operating system
• Website usage patterns and preferences
• Cookies and similar tracking technologies

We collect and process your information for the following purposes:

• Healthcare Services: To provide diagnostic tests, generate reports, and deliver quality healthcare services
• Appointment Management: To schedule, confirm, and manage your appointments
• Communication: To send test results, appointment reminders, and important health notifications
• Billing & Payments: To process payments and generate invoices
• Legal Compliance: To comply with medical record retention requirements under Indian law
• Quality Improvement: To improve our services and patient experience
• Emergency Situations: To contact you or your emergency contacts if needed
• Research: Anonymized data may be used for medical research (with additional consent)

We implement reasonable security practices and procedures as mandated under the IT (Reasonable Security Practices) Rules, 2011, including:

• Encryption: All sensitive data is encrypted during transmission and storage using industry-standard SSL/TLS protocols
• Access Control: Role-based access ensures only authorized personnel can access patient data
• Physical Security: Our servers and physical records are stored in secure, access-controlled facilities
• Regular Audits: We conduct periodic security audits and vulnerability assessments
• Employee Training: All staff undergo mandatory data protection and confidentiality training
• ISO 27001: Our information security management follows ISO 27001 standards

In case of any data breach, we will notify affected individuals and relevant authorities as per legal requirements.

We may share your information with:

• Referring Physicians: Your test reports with doctors who referred you for tests
• Insurance Companies: For claim processing, with your consent
• Government Authorities: When required by law (e.g., notifiable diseases under the Epidemic Diseases Act)
• Legal Proceedings: In response to valid court orders or legal processes
• Emergency Services: In medical emergencies to protect your vital interests
• Third-Party Service Providers: For payment processing, SMS/email services (under strict confidentiality agreements)

We DO NOT sell, rent, or trade your personal or medical information to third parties for marketing purposes.

As per Indian medical regulations and the Clinical Establishments Act:

• Medical Records: Retained for a minimum of 3 years from the date of last treatment, or longer as required by law
• Radiology Images (MRI, CT, X-Ray): Retained for 3 years
• Pathology Records: Retained for 3 years
• Medico-legal Cases: Records retained until case resolution and as advised by legal counsel
• Minor Patients: Records retained until 3 years after the patient attains majority (21 years of age)

After the retention period, records are securely destroyed following proper disposal protocols.

Under Indian law, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal and medical records
• Right to Correction: Request correction of inaccurate or incomplete information
• Right to Withdraw Consent: Withdraw consent for data processing (may affect service delivery)
• Right to Information: Know what data we hold about you and how it's used
• Right to Grievance Redressal: File complaints regarding data handling

To exercise these rights, please contact our Grievance Officer (details below).

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any significant changes will be notified through:

• Email notification to registered users
• Prominent notice on our website
• Updated "Last Modified" date on this page

Continued use of our services after policy updates constitutes acceptance of the revised terms.