NURTURE HOSPITAL

Entity Name: Ambuja Hospitals Private Limited
Corporate Identification Number: U85300KA2020PTC137262
Registration Number: 137262
Address: No. 80 (Old No. 36), 20th Main Road, 2nd Block, Rajajinagar, Bengaluru, Karnataka 560010
Email: info@nurturehospitals.in
Phone: 98800 09596

Effective Date: 01-10-2025
Last Revised: 01-10-2025

ARTICLE I – DEFINITIONS AND SCOPE

This Privacy Policy governs the collection, use, storage, and disclosure of personal and health information by Nurture Hospital, a healthcare facility operated by Ambuja Hospitals Private Limited (“Hospital”, “we”, “us”, or “our”). This policy applies to all patients, visitors, website users, and individuals who interact with our services.

ARTICLE II – INFORMATION COLLECTION

Section 2.1 – Personal Identifiers We collect and maintain personal information including but not limited to name, address, telephone number, email address, date of birth, emergency contact details, and government-issued identification numbers.

Section 2.2 – Protected Health Information In accordance with applicable medical privacy laws, we collect health information necessary for treatment, payment, and healthcare operations, including medical history, current conditions, diagnostic results, treatment plans, prescription records, and maternity-related information.

Section 2.3 – Financial Information We process financial data including insurance information, payment methods, billing addresses, and transaction records for healthcare services provided.

Section 2.4 – Digital Information Through our website and digital platforms, we may collect IP addresses, browser information, device identifiers, cookies, and usage analytics.

ARTICLE III – PURPOSES OF PROCESSING

Section 3.1 – Healthcare Delivery Information is processed to provide medical care, coordinate treatment, schedule appointments, maintain medical records, facilitate communication between healthcare providers, and ensure continuity of care.

Section 3.2 – Administrative Functions Data processing supports billing operations, insurance claim processing, quality assurance, regulatory compliance, facility management, and internal administrative purposes.

Section 3.3 – Legal Compliance We process information to comply with medical regulations, court orders, legal proceedings, public health requirements, and statutory obligations under Indian law.

ARTICLE IV – LEGAL BASIS FOR PROCESSING

Our processing activities are based on:

(a) Contractual Necessity – Performance of healthcare service agreements
(b) Legal Obligation – Compliance with medical and regulatory requirements
(c) Vital Interests – Protection of life and health in emergency situations
(d) Legitimate Interest – Healthcare operations and quality improvement
(e) Consent – Where explicitly provided for specific purposes
(f) Public Interest – Public health and medical research purposes

For individuals in the European Union, processing complies with the General Data Protection Regulation (GDPR) requirements.

ARTICLE V – INFORMATION DISCLOSURE

Section 5.1 – Healthcare Operations Information may be disclosed to healthcare professionals, specialists, laboratories, diagnostic centers, insurance providers, and other entities directly involved in patient care.

Section 5.2 – Legal Requirements Disclosure may occur when mandated by law, court order, regulatory authority, public health department, or in response to lawful requests from government agencies.

Section 5.3 – Emergency Situations In medical emergencies, information may be disclosed without prior authorization to ensure immediate patient care and safety.

Section 5.4 – Third-Party Service Providers We may share information with vendors providing services such as information technology, billing, equipment maintenance, and other operational support, subject to appropriate data protection agreements.

ARTICLE VI – DATA SECURITY AND PROTECTION

We implement administrative, physical, and technical safeguards including access controls, encryption protocols, secure data transmission, regular security assessments, staff training programs, and facility security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal information.

ARTICLE VII – INDIVIDUAL RIGHTS

Section 7.1 – Access Rights Individuals may request access to their personal and health information maintained by the Hospital.

Section 7.2 – Amendment Rights Requests for correction or amendment of inaccurate information will be processed in accordance with applicable regulations.

Section 7.3 – Restriction Rights Individuals may request restrictions on the use or disclosure of their information, subject to legal and medical limitations.

Section 7.4 – GDPR Rights (EU Residents) EU residents have additional rights including data portability, erasure (right to be forgotten), objection to processing, and withdrawal of consent.

ARTICLE VIII – DATA RETENTION

Medical records and health information are retained in accordance with Indian medical regulations and professional standards, typically seven to ten years following the last treatment date. Financial records are maintained for seven years. Website usage data is retained for two years unless earlier deletion is requested.

ARTICLE IX – INTERNATIONAL DATA TRANSFERS

Any transfer of personal information outside India will be conducted with appropriate safeguards including adequacy decisions, standard contractual clauses, or explicit consent, ensuring protection equivalent to Indian data protection standards.

ARTICLE X – COOKIES AND DIGITAL TRACKING

Our website uses cookies for essential functionality, analytics, and user experience enhancement. Users may manage cookie preferences through browser settings, though certain functionality may be affected.

ARTICLE XI – COMPLAINTS AND GRIEVANCES

Section 11.1 – Internal Process Privacy concerns should be directed to our Data Protection Officer at the contact information provided above.

Section 11.2 – Regulatory Authority Complaints may be filed with appropriate data protection authorities or regulatory bodies.

Section 11.3 – EU Residents GDPR-related complaints may be lodged with the relevant European supervisory authority.

ARTICLE XII – POLICY MODIFICATIONS

This Privacy Policy may be revised periodically. Material changes will be communicated through website posting, direct notification, or during service interactions. Continued use of services constitutes acceptance of modifications.

ARTICLE XIII – GOVERNING LAW

This Privacy Policy is governed by the laws of India, including the Information Technology Act 2000, applicable medical regulations, and when applicable, the General Data Protection Regulation for EU residents.

ARTICLE XIV – CONTACT INFORMATION

Data Protection Inquiries:

Ambuja Hospitals Private Limited
Attn: Data Protection Officer
No. 80 (Old No. 36), 20th Main Road, 2nd Block, Rajajinagar
Bengaluru, Karnataka 560010, India

Email: info@nurturehospitals.in
Phone: 98800 09596
Business Hours: Monday through Saturday, 9:00 AM to 6:00 PM

ACKNOWLEDGMENT

By utilizing our services or accessing our website, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

Document Control:

• Version: 1.0
• Language: English
• Jurisdiction: Karnataka, India
• Classification: Public Document

This document has been prepared for compliance with applicable privacy and healthcare regulations. For legal advice regarding specific situations, consult qualified legal counsel.