emergency Emergency: +91-8800297600
011-45565656
Patient Portal
Book an Appointment Emergency call: +91-8800297600 Board Number: 011-45565656 patient-portal Patient Portal

Privacy Policy

Request An Appointment right-arrow Find A Doctor right-arrow

Privacy Policy

Sehgal Neo Hospital

Effective Date: 29/12/2025 
Last Updated: 24/03/2026

1. Introduction
Sehgal Neo Hospital (“Hospital”, “we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of all individuals whose Personal Data we process. This Privacy Policy explains how we collect, process, use, disclose, store, and protect Personal Data in our capacity as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Digital Personal Data Protection Rules, 2025 (“DPDP Rules”), along with other applicable Indian laws.
By accessing our website, availing our medical services, or providing any Personal Data, you acknowledge that you have read and understood this Privacy Policy. Where consent is required, we obtain it through a clear, independent Notice in accordance with the DPDP Act.

2. Key Definitions

  • Personal Data: Any data about an individual who is identifiable by or in combination with other information, whether provided voluntarily or collected otherwise (including health-related data).

  • Data Principal: The individual to whom the Personal Data relates (e.g., patients, attendants, or website users).

  • Data Fiduciary: The Hospital, which determines the purpose and means of processing Personal Data.

  • Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or erasure.

  • Child: An individual under 18 years of age.

3. Personal Data We Collect
We collect only Personal Data that is necessary, adequate, and relevant for the stated purposes. Categories include:

A. Patient and Healthcare-Related Data

  • Name, age, gender, contact details, address, and identification proof.

  • Medical history, health conditions, treatment details, diagnostic reports, prescriptions, and related records.

  • Insurance details and payment information.

B. Website and Technical Data

  • IP address, browser type, device information, and usage data (via cookies and analytics tools).

C. Attendant / Emergency Contact Data

  • Name, relationship to the patient, and contact details.

D. Children’s Data

  • For minors, we process Personal Data in accordance with the DPDP Act. As a clinical establishment providing healthcare services, we benefit from applicable exemptions under the DPDP Rules for processing a child’s data in the course of delivering health services. Where required, we obtain consent from the parent or lawful guardian.

4. Purposes and Legal Basis of Processing
We process Personal Data only for lawful purposes and in a fair, transparent manner. Primary purposes include:

  • Providing medical diagnosis, treatment, and healthcare services (including legitimate uses under Section 7 of the DPDP Act, such as medical treatment and emergencies).

  • Appointment scheduling and patient management.

  • Billing, payment processing, and insurance/TPA coordination.

  • Compliance with legal, regulatory, or statutory obligations (including clinical establishments laws).

  • Internal record-keeping, quality improvement, research (where permitted), and service enhancement.

  • Website analytics, security, and user experience improvement.

We limit collection and processing to what is reasonably necessary for these purposes (data minimisation).

5. Notice and Consent
Prior to or at the time of collecting Personal Data for consent-based processing, we provide a clear, independent Notice in plain language (in English or any of the 22 official languages specified in the Eighth Schedule to the Constitution of India, as appropriate). The Notice includes:

  • An itemised description of the Personal Data being collected.

  • The specific purposes of processing and the goods/services enabled.

  • How the Data Principal can exercise their rights and withdraw consent.

  • The manner to file a complaint with the Data Protection Board of India.

Consent is obtained only through a clear, affirmative action. It is free, specific, informed, unconditional, and unambiguous. You may withdraw consent at any time by contacting us or using the mechanism provided in the Notice. Withdrawal may impact our ability to provide certain services.

For processing based on legitimate uses (e.g., provision of healthcare services or emergencies), separate consent may not be required under the DPDP Act.

6. Disclosure and Sharing of Personal Data
We do not sell Personal Data. We may share it with:

  • Doctors, consultants, medical staff, and internal teams involved in your care.

  • Diagnostic laboratories, pharmacies, or allied healthcare providers (as necessary for treatment).

  • Insurance companies, Third-Party Administrators (TPAs), and payment gateway providers.

  • IT service providers, cloud hosting providers, or other Data Processors who are contractually bound by confidentiality, data protection obligations, and DPDP Act compliance.

  • Government authorities, regulatory bodies, or courts when required by law.

All third parties (Data Processors) are bound by written agreements ensuring they process Personal Data only on our instructions and in compliance with the DPDP Act.

7. Data Retention and Erasure
We retain Personal Data only as long as necessary to fulfil the purposes for which it was collected, or as required by applicable medical, tax, legal, or regulatory laws (including for defence of legal claims).

Once the purpose is fulfilled and retention is no longer required, we securely erase or anonymise the Personal Data in accordance with the DPDP Act and Rules.

8. Security Safeguards and Data Breach
We implement reasonable technical and organisational security safeguards to protect Personal Data, including:

  • Role-based access controls and encryption (where appropriate).

  • Secure servers and regular security assessments.

  • Confidentiality obligations for all employees and contractors.

  • Business continuity and incident response plans.

In the event of a Personal Data breach, we will:

  • Notify the Data Protection Board of India without delay and, in any case, provide detailed information within 72 hours (or such extended period as permitted).

  • Notify affected Data Principals without undue delay where the breach is likely to cause harm, in clear and plain language.

  • Take appropriate remedial measures as required under the DPDP Act.

9. Cookies and Website Tracking
Our website uses cookies and similar technologies to enhance user experience, analyse traffic, and improve services. Cookies do not store sensitive medical or financial information. You may manage or disable cookies through your browser settings; however, this may affect website functionality.

10. Cross-Border Transfers
Personal Data may be transferred or processed outside India (e.g., to cloud service providers) only in accordance with Section 16 of the DPDP Act and any applicable government notifications or safeguards. We ensure appropriate contractual protections are in place.

11. Your Rights as a Data Principal
You have the following rights under the DPDP Act (subject to applicable exceptions and verification of identity):

  • Access: Request confirmation of whether your Personal Data is being processed and obtain a summary.

  • Correction and Completion: Request correction of inaccurate or incomplete Personal Data.

  • Erasure: Request erasure of your Personal Data when it is no longer necessary or consent is withdrawn (subject to legal retention obligations).

  • Withdrawal of Consent: Withdraw consent at any time.

  • Nomination: Nominate another person to exercise your rights in case of your death or incapacity.

  • Grievance Redressal: Raise concerns about the processing of your Personal Data.

To exercise these rights, submit a written request to the Grievance Officer (details below). We will respond in accordance with the timelines prescribed under the DPDP Act and Rules.

12. Grievance Officer
We have appointed a Grievance Officer to handle queries, complaints, and rights requests:

Name: Mr. Pradeep Bansal 
Designation: DGM – Finance & Information Technology 
Email: Pradeep.bansal@sehgalnh.co.in 
Contact Address: B-362, 363, 364, Meera Bagh, Outer Ring Road, Paschim Vihar, New Delhi – 110063

All grievances will be acknowledged promptly and resolved within the timelines prescribed under the DPDP Rules (generally within 90 days). If you are not satisfied with our response, you may escalate the matter to the Data Protection Board of India.

13. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices or content of such third-party websites.

14. Policy Updates
This Privacy Policy may be updated periodically to reflect changes in law, our 
practices, or technology. The revised Policy will be posted on our website with the updated “Last Updated” date. Continued use of our services after updates constitutes acceptance of the revised Policy.

15. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in New Delhi.

For any clarifications or to exercise your rights, please contact the Grievance Officer.

Thank you for trusting Sehgal Neo Hospital with your Personal Data. We remain committed to safeguarding your privacy while delivering high-quality healthcare services
 

 


 

Quick Links

Specialities

Treatments

View All

Contact US

Social Media

Login to CareAlly

Others

Emergency

011-8800297600

Healthcare@Home

+91-9211570570
011-45565656 Book an Appointment

Copyright © 2026 Sehgal Neo Hospital. All Rights Reserved.