Privacy Policy
Effective Date: October 02, 2025
Last Updated:

1. Introduction

Caritas Healthcare Pvt. Ltd. (“Caritas”, “we”, “us”, “our”) is committed to protecting the privacy and personal data of all individuals with whom we interact—including patients, suppliers, contractors, healthcare professionals, visitors, website users, employees, and others (“you”, “your”). This Privacy Policy explains what Personal Data we collect, how we use it, how we protect it, your rights, and how you can contact us.

2. Definitions

  • Personal Data / Personal Information: Any information that identifies, or can be used to identify, a natural person, whether directly or indirectly. Includes names, contact information, IDs, payment details, etc.
  • Sensitive Personal Data: Data relating to health, biometric, genetic, race, religion, sexual orientation, etc., which requires extra protection.
  • Data Controller: Caritas Healthcare Pvt. Ltd., its employees and processes that determine the purpose and means of processing Personal Data.
  • Data Processor: Any third party that processes Personal Data on behalf of Caritas.

3. What Personal Data We Collect

We collect different types of Personal Data, depending on your relationship with us. Examples include:

  • Contact information (name, address, email, telephone)
  • Identification / authentication data (e.g. login credentials)
  • Professional / supplier data (organization, bank details, trade registration etc.)
  • Financial data (invoices, payment information)
  • Health-related data (where relevant, e.g. patient care, clinical trial etc.)
  • Usage & technical data (IP address, device, browser, cookies / analytics)
  • Any special category / sensitive data only when strictly necessary and with explicit consent.

4. How We Collect Personal Data

  • Directly from you (forms, applications, contracts, interactions)
  • Automatically (via website, cookies, log files)
  • From third parties (e.g. reference checks, regulatory authorities)
  • From suppliers / partner data, where applicable.

5. Purposes of Processing

We use Personal Data for purposes including, but not limited to:

  • To establish, maintain, and fulfil contracts with you (supplier agreements, service agreements, patient care)
  • To manage payments, billing, invoices, and audit purposes
  • To provide, operate, and improve our website, systems, services, and efficiency
  • For security, fraud prevention, compliance with legal / regulatory obligations
  • For health, safety, and medical care purposes (where relevant)
  • For analytics, reporting, business insights, to understand use and improve experience
  • For marketing / communications (only if consented)

6. Legal Basis for Processing

We only process Personal Data when we have one of the following lawful bases:

  • Consent, where applicable
  • Performance of a contract with you or to take steps at your request before entering into a contract
  • Compliance with a legal obligation
  • Legitimate interests of Caritas, except where overridden by your rights or freedoms
  • Protection of your vital interests

7. Sharing & Disclosure of Personal Data

We may share Personal Data:

  • With third-party service providers (e.g. IT, payment, communications) under contract and bound by confidentiality
  • With regulatory, legal, or governmental authorities when required by law
  • With auditors, insurers where necessary
  • With affiliates / subsidiaries of Caritas, where needed for business operations
  • In connection with mergers, acquisitions, or corporate restructuring (with adequate protections in place)

We do not sell your personal data.

8. International / Cross-Border Transfers

If Personal Data is transferred to another country (outside India or your country), we will ensure adequate protection by:

  • Ensuring appropriate safeguards (standard contractual clauses, binding corporate rules, government-approved mechanisms)
  • Ensuring compliance with applicable data protection laws.

9. Data Security

We implement appropriate technical, organizational, and physical security measures to protect Personal Data such as:

  • Encryption in transit and at rest
  • Access controls, least-privilege access
  • Regular security audits and assessments
  • Employee training on data privacy and confidentiality
  • Incident response plan

While we strive for strong security, we cannot guarantee absolute security. We will notify you and relevant authorities of any data breach as required by applicable law.

10. Data Retention

We retain Personal Data only as long as necessary for the purposes for which it was collected, or to comply with legal, regulatory, or contractual obligations. When no longer needed, data is securely deleted or anonymized.

11. Your Rights

You have certain rights regarding your Personal Data, subject to applicable laws:

  • Right to access / receive a copy of your Personal Data
  • Right to correct or update your data if inaccurate or incomplete
  • Right to erase (delete) / restrict processing under certain circumstances
  • Right to object to processing (e.g. for marketing or where legitimate interests are used)
  • Right to data portability (where applicable)
  • Right to withdraw consent (for processing based on consent)

12. Cookies & Tracking Technologies

  • Types of cookies / tracking tools we use (essential / functional / analytics / marketing)
  • How you can manage / disable cookies
  • Third-party analytics providers information

13. Children / Minors

If applicable, we do not knowingly collect Personal Data from minors (under the age set by applicable law) unless explicit parental/guardian consent is provided.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with updated effective date. We encourage you to review it periodically. Your continued use after changes implies acceptance.

15. Contact / Grievance Officer

If you have any questions, requests, or complaints regarding your Personal Data or this Privacy Policy, you can contact:

Data Protection Officer / Privacy Office

Caritas Healthcare Pvt. Ltd.
B – 902-905, Sankalp Iconic Tower, Sanidhya, Nr. Iscon Ambli Crossroad, Ahmedabad – 380054, Gujarat, India
Email: [email protected]
Phone: +91-079-4913-2121

If unsatisfied, you may escalate to [relevant supervisory authority] under applicable law.