Legal

Privacy Policy

We take your privacy seriously. Here's exactly how we handle your data.

Last updated: May 2025

🔒

Health data encrypted at rest & in transit

🚫

We never sell your data

📋

DPDP Act 2023 compliant

1. Overview

Dandamudi Health Office Services Pvt. Ltd. ("DHOS", "we", "us", or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and the rights you have over it. This policy applies to all DHOS services including our website, Health ATM kiosks, telemedicine platform, e-pharmacy, e-diagnostics, AI implementation tools, and analytical dashboards. By using DHOS services, you consent to the practices described in this policy. If you do not agree, please do not use our services.

2. Data We Collect

We collect different types of information depending on how you interact with us: Identity & Contact Data • Full name, date of birth, gender • Email address, phone number, postal address • Government-issued ID (Aadhaar, PAN) where legally required Health & Diagnostic Data • Vital signs (blood pressure, heart rate, BMI, temperature, SpO2, etc.) • Lab test results generated via Health ATM kiosks • Telemedicine consultation notes and prescriptions • Health history and lifestyle information you voluntarily provide Technical & Usage Data • IP address, device type, browser, operating system • Pages visited, features used, session duration • Cookies and similar tracking technologies (see Section 9) Payment Data • Transaction reference numbers (we do not store full card details — all payments are processed by certified payment gateways)

3. How We Use Your Data

We use your data to: • Provide and operate DHOS services, including diagnostic testing, telemedicine, and health analytics. • Display and share your health reports with you and your chosen healthcare providers. • Process payments and maintain billing records. • Send appointment reminders, test result notifications, and service updates. • Improve the accuracy, safety, and functionality of our AI and diagnostic algorithms — using anonymised or aggregated data only. • Comply with applicable legal, regulatory, and public health obligations. • Detect and prevent fraud, abuse, and security incidents. • Conduct medical research and population health analysis in anonymised form, subject to applicable ethics requirements. We will not use your health data for advertising or sell it to third-party marketers.

5. Data Sharing

We share your data only in limited circumstances: Healthcare Professionals Doctors, nurses, and specialists involved in your telemedicine consultations receive only the health information necessary to provide care. Service Providers Trusted third-party vendors (cloud hosting, payment processing, SMS/email delivery) process data on our behalf under strict data processing agreements. Government & Regulatory Bodies We may disclose data when required by law, court order, or public health authority. Business Transfers If DHOS is involved in a merger or acquisition, user data may be transferred, subject to the same privacy protections. We do not sell, rent, or trade your personal or health data to any third party for commercial purposes.

6. Data Retention

We retain your data for as long as necessary to provide our services and to comply with applicable laws: • Health records and diagnostic reports: minimum 7 years, as required by Indian medical record regulations. • Account data: retained for the duration of your account and 3 years thereafter. • Payment records: 8 years, as required by Indian tax law. • Marketing preferences and consent records: until you withdraw consent plus 3 years. After the applicable retention period, data is securely deleted or anonymised.

7. Data Security

We implement technical, administrative, and physical safeguards to protect your data: • End-to-end encryption for health data in transit (TLS 1.2+) and at rest (AES-256). • Role-based access controls limiting data access to authorised personnel only. • Regular security audits, vulnerability assessments, and penetration testing. • Secure, certified data centres hosted within India. • Staff training on data protection and privacy practices. Despite these measures, no system is completely secure. In the event of a data breach affecting your rights, we will notify you and the relevant authorities as required by law.

8. Your Rights

Under the DPDP Act, 2023 and applicable law, you have the right to: • Access — request a copy of the personal data we hold about you. • Correction — request that inaccurate or incomplete data be corrected. • Erasure — request deletion of your data, subject to legal retention obligations. • Portability — receive your data in a structured, machine-readable format. • Withdraw Consent — for processing based on consent, including marketing, at any time. • Nomination — nominate a person to exercise your rights in the event of your death or incapacity. • Grievance Redressal — raise a complaint with our Data Protection Officer. To exercise any of these rights, please contact us at contact@dhos.co.in. We will respond within 30 days.

9. Cookies & Tracking

Our website uses cookies and similar technologies to: • Remember your preferences and login sessions. • Analyse website traffic and usage patterns (using anonymised analytics tools). • Ensure security and prevent fraud. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of some features. We do not use third-party advertising cookies or behavioural tracking for ad targeting.

10. Children's Privacy

DHOS services are not directed to children under 18 without parental or guardian consent. When a minor uses DHOS services, we require verifiable consent from a parent or legal guardian. We do not knowingly collect personal data from children without such consent. If you believe we have inadvertently collected data from a child without proper consent, please contact us immediately at contact@dhos.co.in.

11. Cross-Border Data Transfers

DHOS primarily stores and processes data within India. Where data is transferred internationally — for example, when using global cloud infrastructure — we ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data export regulations.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, DHOS has appointed a Grievance Officer to address privacy concerns: Grievance Officer: Dandamudi Avanindra Kumar Email: contact@dhos.co.in Phone: 040 23386151 Address: 2nd Floor, Suite No. 3 & 4, Alcazar Plaza Road No. 1, Banjara Hills Hyderabad — 500034, Telangana, India You may also raise a complaint with the Data Protection Board of India if you are unsatisfied with our response.

13. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The revised policy will be posted on our website with an updated effective date. For material changes, we will notify registered users via email or in-app notification. Your continued use of DHOS services after changes are posted constitutes acceptance of the updated policy.

Questions about your privacy?

Contact our Grievance Officer — we respond within 30 days.

contact@dhos.co.in
Terms & Conditions·Sitemap·Home