Privacy Policy

1. Introduction

PhysioSthanak (“we,” “our,” or “us”) is a physiotherapy clinic operated by Dr. Shiva Jain Sangoi, located at Shop No. 14, Ground Floor, Hari-Smruti Premises, Sardar Vallabhbhai Patel Rd, opp. HDFC Bank, Borivali West, Mumbai, Maharashtra 400092. We are committed to protecting the privacy and confidentiality of all personal and health-related information entrusted to us by our patients and website visitors.

This Privacy Policy applies to information collected through our website at https://physiosthanak.com, in-clinic interactions, telephone consultations, and any other communications with our practice.

2. Information We Collect

2.1 Personal Information

When you book an appointment, contact us, or use our services, we may collect the following personal information:

• Full name
• Phone number and email address
• Date of birth and gender
• Residential address
• Emergency contact details

2.2 Health and Medical Information

To provide effective physiotherapy treatment, we collect health-related information including:

• Medical history, current conditions, and symptoms
• Previous injuries, surgeries, and treatment records
• Diagnostic reports (X-rays, MRI, blood work)
• Physician referral letters and prescriptions
• Treatment notes, progress assessments, and exercise plans
• Photographs or videos taken for clinical assessment (with consent)

2.3 Website Usage Data

When you visit our website, we automatically collect certain technical information:

• IP address and browser type
• Device type and operating system
• Pages visited, time spent, and navigation patterns
• Referring website URL

3. How We Use Your Information

We use the information collected for the following purposes:

• Clinical care: Diagnosing conditions, creating treatment plans, tracking progress, and providing physiotherapy services
• Appointment management: Scheduling, confirming, and sending reminders for appointments via Google Calendar
• Communication: Responding to inquiries, sharing exercise instructions, and providing post-treatment guidance
• Legal compliance: Maintaining records as required by applicable Indian healthcare laws and regulations
• Service improvement: Analyzing website usage patterns to improve our online presence and patient experience
• Billing and payments: Processing consultation fees and generating receipts

4. Patient Data Protection

We handle all patient health information with the highest standards of confidentiality, in accordance with:

• The Digital Personal Data Protection Act, 2023 (DPDPA): India's primary data protection legislation governing the processing of personal data
• Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002: Governing medical professionals' duty of confidentiality
• Information Technology Act, 2000: Provisions relating to the protection of sensitive personal data
• Clinical Establishments Act, 2010: Standards for maintenance of medical records

Patient medical records are stored securely and access is restricted to authorized clinical staff only. We retain medical records for a minimum period of 3 years from the date of last consultation, as recommended under applicable regulations, and may retain them longer if clinically necessary.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. These include:

• Essential cookies: Required for the website to function properly (e.g., session management)
• Analytics cookies: Used via Google Analytics to understand how visitors interact with our website, including page views, traffic sources, and user behaviour patterns
• Third-party widgets: Our Google Reviews widget (Featurable) may set cookies to display review content

You can control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

6. Third-Party Services

We use the following third-party services in connection with our website and practice:

• Google Analytics: For website traffic analysis and visitor behaviour insights. Google Analytics collects anonymized usage data. See Google's Privacy Policy.
• Google Calendar:For appointment scheduling and management. Appointment details (name, contact, appointment time) are processed through Google's services. See Google's Privacy Policy.
• Google Maps: For displaying our clinic location. See Google's Privacy Policy.
• Featurable: For displaying Google Reviews on our website.
• Vercel: Our website hosting provider. See Vercel's Privacy Policy.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal or health information to any third party. We may share your information only in the following circumstances:

• With your consent: When you authorize us to share information with your referring physician, insurance provider, or family members
• For clinical coordination: With other healthcare providers involved in your care, as necessary for treatment continuity
• Legal requirements: When required by law, court order, or government authority
• Emergency situations: To protect the vital interests of the patient or another individual

8. Data Security

We implement appropriate technical and organizational measures to protect your personal and health data, including:

• Secure storage of physical medical records in locked cabinets
• Password-protected access to digital records
• SSL/TLS encryption for all data transmitted through our website
• Regular review of data security practices
• Staff training on data protection and patient confidentiality

9. Your Rights

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you
• Right to correction: Request correction of inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to grievance redressal: Lodge a complaint regarding the handling of your data
• Right to nominate: Nominate another individual to exercise your rights in case of death or incapacity

To exercise any of these rights, please contact us using the details provided below.

10. Children's Privacy

We may treat patients under the age of 18 with the consent of their parent or legal guardian. Personal and health information of minors is collected and processed only with verifiable parental consent, in compliance with the DPDPA provisions for children's data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The updated policy will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is being handled, please contact us: