Privacy
Privacy Policy
Last Updated: May 31, 2026
Privacy Commitment: We are committed to protecting your privacy and ensuring you have a positive experience on our Platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.
IT Act 2000 Compliant SPI Rules 2011 Compliant IG Rules 2021 Compliant

1. INTRODUCTION

This Privacy Policy ("Policy") applies to the access and use of the N.C. Bose Health Care System platform, including all associated web and mobile applications (collectively, the "Platform") and all services provided through the Platform ("Services").

The Platform is owned and operated by NcBose Private Limited ("we", "us", "our", "Company"). This Policy applies to all users including Doctors, Patients, Pharmacy professionals, Pathlab staff, Suppliers, Coordinators, and Administrative personnel (collectively, "Users" or "you").

1.1 Legal Compliance

This Privacy Policy complies with:

  • The Information Technology Act, 2000
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011
  • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Digital Personal Data Protection Act, 2023 (DPDPA) where applicable

2. INFORMATION WE COLLECT

2.1 Personal Information

Personal Information is data that can be used to uniquely identify or contact you. We collect the following categories of Personal Information:

Category Information Collected Applicable To
Identity Information Name, date of birth, age, gender, identification documents All Users
Contact Information Email address, phone number, residential address, clinic address All Users
Medical Information Medical history, health conditions, prescriptions, diagnostic reports, medical records Patients, Doctors
Professional Information Medical license, qualifications, specialties, clinic details, registration numbers Doctors, Pathlab, Pharmacy
Token Information Tokens, transaction history All Users
Biometric Data Fingerprints, facial recognition data (if applicable) Users who opt-in

2.2 Sensitive Personal Information

We collect the following Sensitive Personal Information with explicit consent:

  • Medical records and health history
  • Mental health information and psychological data
  • Financial account information
  • Password and authentication credentials
  • Biometric information (with consent)
  • Sexual orientation and reproductive health information (if medically relevant)

2.3 Non-Personal Information

We also collect information that does not directly identify you:

  • Browser type and operating system
  • IP address and device identifiers
  • Pages visited and time spent on the Platform
  • Features used and services accessed
  • Referral source and interaction data
  • Cookie and tracking data

2.4 Device and Permission Information

To provide full functionality, we request the following permissions on mobile devices:

  • Camera & Photo Gallery: For profile photos and medical document uploads
  • Location: For finding nearby doctors and pharmacies
  • Storage: For saving medical records and documents
  • Contacts: For appointment reminders and communication
  • Microphone & Audio: For video consultations

3. HOW WE COLLECT INFORMATION

3.1 Direct Collection

We collect information directly from you when you:

  • Register or create an account
  • Complete your profile information
  • Use the Services on the Platform
  • Upload documents or medical records
  • Initiate appointments or consultations
  • Make payments or add funds to your wallet
  • Submit support requests or feedback

3.2 Automatic Collection

We automatically collect certain information when you access the Platform:

  • Log data (IP address, browser type, pages visited, timestamp)
  • Cookie data (session tokens, preferences, user identifiers)
  • Device information (device type, model, operating system)
  • Usage analytics (features accessed, time spent, interactions)

3.3 Third-Party Collection

We may receive information from:

  • Third-party service providers (payment processors, storage providers)
  • Medical councils and professional registers (verification)
  • Other users (when they share your contact information)
  • Analytics providers and advertising partners

4. PURPOSE OF DATA COLLECTION AND USE

4.1 Primary Purposes

We collect and use your information for the following primary purposes:

Purpose Data Used
Account creation and management Identity, contact, authentication information
Service delivery (appointments, consultations) Medical records, personal information, contact details
Payment processing and billing Financial information, transaction data
Doctor verification and credentialing Medical license, qualifications, professional information
Medical record management Health data, prescriptions, diagnostic reports
Communication and notifications Contact information, appointment details
Customer support All user-provided information relevant to inquiry

4.2 Additional Uses

With your consent, we may use your information for:

  • Research and statistical analysis (de-identified data)
  • Service improvement and optimization
  • Marketing and promotional communications
  • Personalized recommendations and features
  • Analytics and user behavior studies
  • Fraud detection and prevention
  • Compliance with legal obligations

5. DATA SHARING AND DISCLOSURE

5.1 Third-Party Service Providers

We may share your information with third-party service providers who assist us in operating the Platform:

  • Payment Processors: For transaction processing (financial information only)
  • Cloud Storage Providers: For data storage and backup
  • Email Service Providers: For sending notifications
  • SMS Providers: For sending OTP and appointment reminders
  • Analytics Providers: For usage analysis (non-personal data)
  • Communication Platforms: For video consultations and messaging

5.2 Legal Requirements

We may disclose your information when required by law or legal process:

  • Court orders or judicial summons
  • Government agency requests
  • Investigation of suspected illegal activity
  • Compliance with regulatory authorities
  • Prevention of fraud or security threats

5.3 Business Transfers

If the Company is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction. You will be notified of any such change.

5.4 De-identified and Aggregated Data

We may share de-identified and aggregated data for:

  • Research and statistical analysis
  • Improving healthcare services
  • Public health initiatives
  • Marketing and business intelligence

6. DATA SECURITY

6.1 Security Measures

We implement comprehensive security measures to protect your information:

  • Encryption: AES-256 encryption for data at rest; TLS 1.2+ for data in transit
  • Access Control: Role-based access; multi-factor authentication for sensitive accounts
  • Password Protection: BCrypt password hashing; salted and secured storage
  • Secure Sessions: HTTP-only and secure cookies; session token management
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Physical Security: Secured data centers with access controls
  • Monitoring: Continuous security monitoring and threat detection

6.2 Staff Training

All employees and contractors with access to personal data receive regular training on:

  • Data protection and privacy principles
  • Secure handling of sensitive information
  • Incident response procedures
  • Confidentiality obligations

6.3 Limitation of Liability

Security Disclaimer: While we implement industry-standard security measures, no system is completely secure. We assume no liability for unauthorized access due to factors beyond our reasonable control, including security breaches by third parties or errors in transmission.

7. DATA RETENTION

7.1 Retention Periods

We retain your information for the following periods:

  • Account Data: Retained while your account is active; deleted upon account closure (subject to legal requirements)
  • Medical Records: Retained for 10 years post-consultation as per medical regulations
  • Transaction Data: Retained for 7 years for tax and compliance purposes
  • Support Communications: Retained for 2 years for reference and dispute resolution
  • Marketing Data: Retained until you opt out or for 2 years, whichever is earlier
  • Log Data: Retained for 90 days for security and troubleshooting

7.2 Mandatory Retention

Notwithstanding deletion requests, we may retain certain information to:

  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce agreements
  • Maintain medical records for patient safety
  • Detect and prevent fraud

8. YOUR RIGHTS AND CHOICES

8.1 Access and Portability

You have the right to:

  • Request a copy of all personal information we hold about you
  • Receive your data in a portable, machine-readable format
  • Request information about how your data is used

8.2 Correction and Updates

You may request correction of inaccurate or incomplete information. To update your information:

  • Log into your account and update your profile
  • Email privacy@ncbosehcs.com with requested changes
  • Contact our Grievance Officer

8.3 Deletion and Data Erasure

You may request deletion of your personal information, subject to:

  • Legal retention requirements
  • Medical record retention regulations
  • Ongoing disputes or investigations
  • Tax and compliance obligations

8.4 Withdrawal of Consent

You may withdraw consent for data processing at any time by:

  • Adjusting privacy settings in your account
  • Emailing privacy@ncbosehcs.com
  • Contacting our Grievance Officer

Note: Withdrawal of consent will not affect the lawfulness of processing before withdrawal.

8.5 Opt-Out Options

You may opt out of:

  • Promotional emails (using unsubscribe links)
  • Marketing communications
  • Analytics and tracking (some features may be affected)
  • Third-party data sharing

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Cookie Usage

We use cookies for the following purposes:

  • Session Management: Maintaining your login and session state
  • Security: CSRF protection, fraud detection
  • User Preferences: Remembering language and display settings
  • Analytics: Understanding usage patterns and improving services

9.2 Cookie Types

  • Essential Cookies: Required for Platform functionality
  • Preference Cookies: Remember your choices and preferences
  • Analytics Cookies: Track usage and performance
  • Marketing Cookies: Used with consent for advertising purposes

9.3 Disabling Cookies

You can disable cookies through your browser settings. However, disabling cookies may affect Platform functionality.

10. THIRD-PARTY LINKS AND INTEGRATIONS

10.1 External Links

The Platform may contain links to third-party websites. We are not responsible for:

  • Privacy practices of third-party sites
  • Security of external platforms
  • Content or accuracy of third-party information

10.2 Third-Party Integrations

If you connect your account to third-party services, we collect only the information you authorize. You can revoke access at any time through your third-party account settings.

11. CHILDREN'S PRIVACY

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected information from a child, we will immediately delete such information and notify the user.

12. VIDEO CONSULTATION RECORDING AND CONSENT

12.1 Recording Notice

Video consultations may be recorded for medico-legal purposes. The following applies:

  • Doctors will inform you before recording a consultation
  • You may decline to be recorded (consultation may be terminated)
  • Recordings are stored securely and treated as medical records
  • Recordings are retained per medical record retention policies

12.2 Recording Usage

Recordings are used only for:

  • Medical record keeping
  • Quality assurance and training
  • Legal or regulatory compliance
  • Dispute resolution

13. SECURITY BREACH NOTIFICATION

13.1 Breach Response

In the event of a suspected or confirmed security breach involving your personal information, we will:

  • Investigate the breach immediately
  • Notify affected users within 72 hours (or as required by law)
  • Provide details about the breach and steps taken
  • Offer support and remediation services
  • Notify relevant regulatory authorities if required

13.2 Notification Method

Breach notifications will be sent via:

  • Email to your registered email address
  • SMS to your registered phone number
  • In-app notification
  • Public announcement if breach affects large numbers of users

14. INTERNATIONAL DATA TRANSFERS

Your information is primarily stored in India. If we transfer your data internationally, we will:

  • Implement appropriate safeguards
  • Include contractual protections
  • Comply with local laws of both countries
  • Notify you of transfers when required

15. CONTACT AND GRIEVANCE REDRESSAL

Privacy Officer / Grievance Officer

Name: NcBose HealthCare System

Designation: Privacy Officer / Grievance Officer

Email: privacy@ncbosehcs.com

Phone: +91 9920284451

Address: Basunagar 1, Madhyamgram, Kolkata – 700129, West Bengal, India

Response Time: We aim to respond to all privacy inquiries within 7 business days

15.1 Filing a Privacy Complaint

To file a privacy-related complaint:

  1. Send details to privacy@ncbosehcs.com
  2. Include your name, contact information, and complaint description
  3. Describe the specific privacy concern
  4. Provide any supporting documentation
  5. Specify the resolution you are seeking

16. POLICY AMENDMENTS

16.1 Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Notify you of material changes via email or prominent notice on the Platform
  • Update the "Last Updated" date at the top of this Policy
  • Obtain your consent for material changes where required by law

16.2 Continued Use

Your continued use of the Platform after policy amendments constitutes your acceptance of the updated Policy.

17. LEGAL BASIS FOR PROCESSING

We process your personal information based on:

  • Your explicit consent (medical information, sensitive data)
  • Performance of a contract (service delivery)
  • Legal obligation (compliance, regulatory requirements)
  • Legitimate interests (fraud prevention, security, improvement)
  • Public health interests (where applicable)

18. COMPLIANCE AND CERTIFICATIONS

Information Technology Act, 2000 IT (SPDI) Rules, 2011 IT Intermediary Guidelines, 2021 GDPR Compliant

This Policy is published in compliance with Rule 3 (1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021.

19. DISCLAIMER

This Privacy Policy does not create any legal obligation beyond what is required by applicable law. The Company reserves the right to disclose information when required by law, court order, or government request.

Contact Us

N.C. Bose Health Care System

Email: privacy@ncbosehcs.com

Website: ncbose.com

Phone: +91 9920284451

Address: Basunagar 1, Madhyamgram, Kolkata – 700129, West Bengal, India