Effective date: 1 June 2026 | Version: 2026-06-01
This Privacy Notice explains how Children Heart Care (Dr. Gaurav Agrawal) (“we”, “our”, “us”) collects, uses, stores, shares and protects your personal data when you use this website, and the rights you have under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and its Rules. We are the Data Fiduciary responsible for your data.
This is a standalone notice, separate from our Terms of Use. It is available in English and, on request, in any of the languages listed in the Eighth Schedule of the Constitution of India — write to us at [email protected].
1. What data we collect and why
We collect only what we need to respond to you. The legal basis for all of it is your consent, given by ticking the consent box on our forms.
| Data we collect | Why (purpose) |
|---|---|
| Name | To address you and respond to your enquiry. |
| Phone number | To call or message you back about your enquiry or appointment. |
| Email address (optional) | To reply by email if you prefer. |
| Your message / enquiry details (optional) | To understand and respond to your request, including any clinical context you choose to share. |
| Technical data needed to deliver and secure the site (e.g. IP address in server/security logs, anti-spam verification) | To keep the website and our forms working and protected against spam and abuse. |
We do not run advertising, behavioural tracking, or analytics cookies. We do not sell your data or share it for marketing.
2. Consent — and how to withdraw it
We process your personal data only after you give clear, affirmative consent. You may withdraw your consent at any time, and doing so is as easy as giving it — use our Your Data Rights page or email us. Withdrawing consent does not affect processing already carried out lawfully before withdrawal, and we will stop further processing and erase data we no longer need.
3. Your rights
Under the DPDP Act you have the right to:
- Access a summary of your data and how it has been processed.
- Correct, complete or update your data.
- Erase your data where it is no longer needed.
- Withdraw consent at any time.
- Nominate another person to exercise your rights in case of death or incapacity.
- Grievance redressal — a quick, accessible way to complain.
Exercise any of these on our Your Data Rights page, or by emailing [email protected]. We respond within 90 days. We may verify your identity before acting, to protect your data.
4. Children & persons with disabilities
Our services are for parents and guardians acting on behalf of children. We require confirmation that the person submitting a form is 18 or older, and the parent or lawful guardian where the enquiry concerns a child. We do not knowingly process a child’s data without verifiable parental/guardian consent, and we do not carry out behavioural tracking or targeted advertising directed at children. An equivalent guardian-consent approach applies to persons with disabilities who cannot act for themselves. If you believe a child’s data has reached us without proper consent, contact us and we will erase it.
5. How we keep your data secure
- All traffic is encrypted in transit (HTTPS/TLS), with HTTP redirected to HTTPS.
- Where we must temporarily store a submission on our server, it is encrypted at rest.
- Access to systems holding personal data is restricted on a least-privilege basis.
- Server and security logs support breach detection and investigation.
- We carry these safeguards into our agreements with the service providers below.
6. Who processes your data on our behalf, and where
We use a small number of trusted service providers (Data Processors). We remain responsible for your data with each of them.
| Provider | Role | Location |
|---|---|---|
| DigitalOcean | Website hosting / server | As provisioned for this site |
| Cloudflare | Content delivery, security & HTTPS | Global edge network |
| Zoho ZeptoMail | Sends enquiry emails to our team | Zoho data centres |
| Google reCAPTCHA | Anti-spam check, loaded only when you use a form | Google (may be outside India) |
Cross-border transfer: some providers may process data outside India. We only use providers in countries that are not restricted by the Government of India for this purpose, and we require appropriate safeguards.
7. How long we keep your data
- Enquiry emails are kept only as long as needed to handle your request and maintain a reasonable record of communication, after which they are deleted.
- Any temporary server-side copy of a submission is automatically erased within 180 days.
- Consent records are retained as proof of lawful basis and then deleted.
- Where another law independently requires us to keep certain records (e.g. medical record rules), we keep only what that law requires.
8. Cookies
We use only essential cookies needed to run the site securely — a session cookie for form security (CSRF protection) and, when you use a form, Google reCAPTCHA for spam protection. We do not use analytics, advertising or tracking cookies. You can review this any time via the “Manage Cookies” link in the footer.
9. Data-breach handling
If a personal-data breach occurs, we will act to contain it and will notify the Data Protection Board of India and affected individuals in line with the timelines required under the DPDP Rules.
10. Grievance redressal & contact
For any question, request or complaint about your data, contact our grievance contact:
- Grievance Officer, Children Heart Care
- Email: [email protected]
- Phone: +91-9650683055
- We respond within 90 days.
Please use this internal channel first. If your grievance remains unresolved, you may escalate to the Data Protection Board of India.
11. Changes to this notice
We may update this notice. The version number and effective date at the top will change, and material changes may be re-notified to you.