Privacy Policy

Home /Privacy Policy

The Painex Clinic
Effective Date:08/08/2025
Last Updated:08/08/2025

Your Privacy Matters to Us

At The Painex Clinic, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or use our services. We believe in transparency, so we’ve written this policy in plain language to help you understand your rights and our practices.

1. Who We Are

Data Controller: The Painex Clinic
Address: Gandhi Nursing Home, Dattatray Krushnaji, Plot 102, Bhosale Road, Sector No. 24, Pradhikaran, Nigdi, Pimpri-Chinchwad, Maharashtra 411044
Contact: 08390442266 | digital.thepainexclinic@gmail.com
Data Protection Officer: digital.thepainexclinic@gmail.com

We are a healthcare facility specializing in non-surgical pain management services, located at Gandhi Nursing Home in Nigdi, Pimpri-Chinchwad, serving patients across Maharashtra and India.

2. What Personal Information We Collect

2.1 Information You Give Us Directly

Contact Forms & Inquiries:

  • Name and contact details (phone number, email address)
  • Your message or inquiry details
  • Preferred contact method and time

Appointment Requests:

  • Personal details (name, age, gender)
  • Contact information (phone, email, address)
  • Medical condition or pain-related concerns (brief description)
  • Preferred appointment dates and times
  • Emergency contact information (if provided)

Patient Registration:

  • Complete medical history and current medications
  • Insurance information (if applicable)
  • Identity verification documents (as required by law)
  • Payment information for services

2.2 Information We Collect Automatically

Website Analytics:

  • IP address and browser information
  • Pages visited and time spent on our website
  • Device type and operating system
  • Referring website (how you found us)
  • General location (city/region level only)

Cookies and Similar Technologies:

  • Session cookies to improve website functionality
  • Analytics cookies to understand website usage
  • Preference cookies to remember your settings

2.3 Information from Third Parties

We may receive information about you from:

  • Healthcare referral partners (with your consent)
  • Insurance providers (for claim processing)
  • Emergency contacts (in medical situations)

3. How We Use Your Personal Information

3.1 Providing Healthcare Services

  • Scheduling and managing appointments
  • Providing medical consultations and treatment
  • Maintaining your medical records
  • Following up on treatment progress
  • Managing payment and insurance claims

3.2 Communication

  • Responding to your inquiries and requests
  • Sending appointment confirmations and reminders
  • Sharing important health information or clinic updates
  • Providing customer support
  • Complying with healthcare regulations and legal obligations
  • Ensuring patient safety and quality of care
  • Maintaining accurate medical records as required by law
  • Reporting to health authorities when legally required

3.4 Website Improvement

  • Analyzing website usage to improve user experience
  • Ensuring website security and preventing fraud
  • Troubleshooting technical issues
  • Sending newsletters about pain management tips and clinic updates
  • Sharing information about new services or treatments
  • Inviting participation in health surveys or feedback requests

Note: We will never use your medical information for marketing purposes without your explicit consent.

We process your personal data based on:

Consent: When you give us permission (e.g., for marketing communications)
Contract: When necessary to provide healthcare services you’ve requested
Legal Obligation: When required by healthcare laws and regulations
Vital Interests: In medical emergencies to protect your health
Legitimate Interests: For website analytics and fraud prevention

5. How We Share Your Information

5.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for commercial purposes.

5.2 When We May Share Your Information

Healthcare Providers:

  • Specialist doctors for referrals (with your consent)
  • Diagnostic centers for test results
  • Insurance providers for claim processing
  • Emergency services in critical situations

Service Providers:

  • IT support and website hosting companies
  • Appointment scheduling software providers
  • Payment processing services
  • Email and communication service providers

Legal Requirements:

  • When required by law or legal proceedings
  • To protect patient safety or prevent harm
  • For public health reporting as mandated by authorities

All third parties are bound by strict confidentiality agreements and must comply with data protection laws.

6. Data Retention Policy

6.1 How Long We Keep Your Information

Medical Records: 10 years after your last visit (as per Indian medical guidelines)
Appointment Data: 3 years for scheduling and follow-up purposes
Contact Inquiries: 2 years or until resolved
Website Analytics: 2 years in anonymized form
Marketing Consents: Until you withdraw consent
Financial Records: 7 years for tax and audit purposes

6.2 Secure Deletion

When retention periods expire, we securely delete or anonymize your data using industry-standard methods.

7. How We Protect Your Information

7.1 Technical Safeguards

  • SSL encryption for all website communications
  • Secure, password-protected databases
  • Regular security updates and patches
  • Firewall and anti-malware protection
  • Encrypted backups stored in secure locations

7.2 Administrative Safeguards

  • Access controls limiting who can view your data
  • Regular staff training on data protection
  • Confidentiality agreements for all employees
  • Regular security audits and assessments
  • Incident response procedures

7.3 Physical Safeguards

  • Secure facilities with controlled access
  • Locked filing cabinets for paper records
  • Clean desk policy for sensitive information
  • Secure disposal of documents and devices

8. Your Rights Under GDPR and Indian Law

8.1 Access Rights

  • Request a copy of your personal data
  • Understand how your data is being used
  • Receive information in a portable format

8.2 Correction Rights

  • Update incorrect or incomplete information
  • Ensure your medical records are accurate
  • Modify your contact preferences

8.3 Deletion Rights (“Right to be Forgotten”)

  • Request deletion of your personal data
  • Withdraw consent for data processing
  • Note: Some medical records must be retained by law

8.4 Restriction Rights

  • Limit how we use your information
  • Object to certain types of processing
  • Request temporary suspension of data use

8.5 Portability Rights

  • Receive your data in a machine-readable format
  • Transfer your records to another healthcare provider

8.6 Objection Rights

  • Opt-out of marketing communications
  • Object to automated decision-making
  • Withdraw consent at any time

How to Exercise Your Rights: Contact our Data Protection Officer using the details in Section 12.

9. Cookies Policy

9.1 What Are Cookies?

Cookies are small text files stored on your device that help our website function properly and provide you with a better experience.

9.2 Types of Cookies We Use

Essential Cookies (Always Active):

  • Session management and website functionality
  • Security and fraud prevention
  • Remember your language and accessibility preferences

Analytics Cookies (Can be Disabled):

  • Google Analytics to understand website usage
  • Performance monitoring and improvement
  • User behavior analysis (anonymized)

Marketing Cookies (Opt-in Only):

  • Social media integration
  • Targeted content delivery
  • Email campaign tracking

9.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

Cookie Preferences: [Link to Cookie Settings]

10. Third-Party Services

10.1 Service Providers We Use

  • Google Analytics: Website usage analysis
  • [Appointment System]: Online booking functionality
  • [Email Service]: Communication and newsletters
  • [Payment Processor]: Secure payment processing
  • [Hosting Provider]: Website hosting and security

10.2 Data Protection Standards

All third-party providers must:

  • Comply with GDPR and Indian data protection laws
  • Maintain appropriate security measures
  • Process data only as instructed by us
  • Delete or return data when contracts end

10.3 International Transfers

Some service providers may be located outside India. When this occurs:

  • We ensure adequate data protection through legal safeguards
  • We use providers with GDPR compliance certifications
  • We implement additional security measures as needed

11.1 Stock Photography

We may use images from open platforms and stock photography services on our website. We:

  • Ensure proper licensing for all images used
  • Provide attribution when required by license terms
  • Respect the intellectual property rights of photographers and creators

If you believe any image on our website infringes your copyright:

  • Contact us immediately at digital.thepainexclinic@gmail.com
  • Provide details of the specific image and your ownership claim
  • We will investigate promptly and remove infringing content when verified

11.3 Patient Photos

Any patient photos or testimonials are used only with explicit written consent and for specified purposes.

12. Contact Us for Data Protection Matters

12.1 Data Protection Officer

Name: The Painex Clinic Data Protection Team
Email: digital.thepainexclinic@gmail.com
Phone: 08390442266
Address: Gandhi Nursing Home, Dattatray Krushnaji, Plot 102, Bhosale Road, Sector No. 24, Pradhikaran, Nigdi, Pimpri-Chinchwad, Maharashtra 411044

12.2 General Inquiries

For questions about this Privacy Policy or data protection: Email: digital.thepainexclinic@gmail.com
Phone: 08390442266

12.3 Response Time

We aim to respond to all data protection requests within:

  • Urgent matters: 24-48 hours
  • General inquiries: 5-7 business days
  • Formal rights requests: 30 days (as required by law)

13. International Users

13.1 GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under GDPR. All provisions in this policy comply with GDPR requirements.

13.2 Indian Users

This policy complies with the Information Technology Act, 2000, and the Personal Data Protection Bill (when enacted).

13.3 Other Jurisdictions

Users from other countries are protected under the highest applicable standard between their local laws and this policy.

14. Children’s Privacy

Our services are intended for adults (18+ years). We do not knowingly collect personal information from children under 18 without parental consent. If we discover we have collected information from a child without proper consent, we will delete it immediately.

For Pediatric Patients: Parent/guardian consent is required, and special protections apply.

15. Data Breach Notification

In the unlikely event of a data breach:

  • We will notify authorities within 72 hours (as required by law)
  • Affected individuals will be informed if there is a high risk to their rights
  • We will take immediate steps to contain and remedy the breach
  • We will provide clear information about what happened and what you should do

16. Changes to This Privacy Policy

16.1 Updates

We may update this Privacy Policy to:

  • Reflect changes in our practices or services
  • Comply with new legal requirements
  • Improve clarity and transparency

16.2 Notification

When we make significant changes:

  • We will post the updated policy on our website
  • We will notify you by email if you are a registered patient
  • We will highlight major changes clearly
  • The “Last Updated” date will be revised

16.3 Your Continued Use

Continued use of our website after changes constitutes acceptance of the updated policy.

17. Complaints and Disputes

17.1 Internal Resolution

If you have concerns about our data handling:

  1. Contact our Data Protection Officer first
  2. We will investigate and respond promptly
  3. We aim to resolve issues amicably and quickly

17.2 Regulatory Complaints

You have the right to lodge complaints with:

  • For GDPR: Your local European Data Protection Authority
  • For India: The relevant data protection authority (when established)
  • General: Consumer courts or appropriate legal forums

By using our website or services, you acknowledge that you have:

  • Read and understood this Privacy Policy
  • Consented to the collection and use of your information as described
  • Been informed of your rights regarding your personal data
  • Been provided with clear information about how to contact us

Questions? We’re here to help! Contact us anytime with questions about your privacy or this policy.

This Privacy Policy was last updated on 08/08/2025. Please review it periodically as we may update it from time to time to reflect changes in our practices or applicable laws.