• International Patients
+91 98195 95672
Instagram Facebook-f Youtube
book a visit
  • SW 10th Ave 1206, Portland, OR, United States
  • Mon – Fri: 8:30 am – 5:00 pm,
    Sat – Sun: Closed
1-800-123-1234
Instagram X-twitter Pinterest-p
book a visit
Home/Privacy Policy

Privacy Policy

Spring IVF, located in Mumbai, India (“we,” “us,” or “our”), is committed to protecting the privacy and security of your personal and sensitive personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you visit our website ivfspring.com (the “Website”), interact with our services, or communicate with us. By accessing or using our Website, you agree to the terms of this Privacy Policy.
 
This Privacy Policy complies with the **Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) under the Information Technology Act, 2000, and, where applicable, international regulations such as the GDPR and the Health Insurance Portability and Accountability Act (HIPAA) for users in relevant jurisdictions.
 
 
1. Information We Collect
 
We collect information about you in the following ways:
 
 1.1 Information You Provide to Us
We collect personal and sensitive personal data that you voluntarily provide when interacting with our Website or services, including:
 
Personal Data: Name, email address, phone number, postal address, date of birth, gender, and other contact details provided when you fill out forms (e.g., appointment requests, contact forms, or patient registration).
Sensitive Personal Data: Medical history, fertility treatment details, health insurance information, or other health-related data provided during inquiries, consultations, or appointment scheduling.
Financial Data: Credit card details, bank account information, or billing address for processing payments for services (handled through secure third-party payment processors).
Communication Data: Information shared when you contact us via email, phone, WhatsApp, or the Website’s chat or messaging features.
Account Data: If you create an account on our patient portal, we collect your username, password, and any profile information you provide.
Identification Data: Government-issued ID numbers (e.g., Aadhaar, PAN, or passport details) where required for medical or legal purposes, subject to compliance with Indian laws.
 
1.2 Information Collected Automatically
When you visit our Website, we may automatically collect certain information using cookies, web beacons, and similar technologies, including:
 
Device Information: IP address, browser type, operating system, device type, and other technical details.
Usage Data: Pages visited, time spent on the Website, links clicked, and referral URLs.
Location Data: General location information derived from your IP address (not precise geolocation unless explicitly provided by you).
-Cookies and Tracking Technologies: We use cookies to enhance user experience, analyze Website performance, and deliver personalized content. See Section 7 for details on cookies.
 
1.3 Information from Third Parties
We may receive information about you from third parties, such as:
 
Referring Healthcare Providers: Medical records, test results, or referral information shared by your doctor or other healthcare providers.
Third-Party Services: Data from analytics providers (e.g., Google Analytics), advertising partners, or social media platforms when you interact with our Website or ads.
Insurance Providers: Information related to your insurance coverage or claims for treatment reimbursement.
 
2. How We Use Your Information
 
We use your information to provide, improve, and personalize our services, including:
 
Providing Services: To schedule appointments, facilitate consultations, process payments, and deliver fertility treatments or related services.
Communicating with You: To respond to inquiries, send appointment reminders, or provide updates about our services via email, SMS, WhatsApp, or phone calls (with your consent where required).
 Personalizing Your Experience: To tailor content, treatment recommendations, or advertisements based on your preferences and interactions.
 Improving Our Website and Services: To analyze usage trends, monitor Website performance, and enhance user experience.
 Compliance and Legal Obligations: To comply with applicable laws, such as the DPDP Act, SPDI Rules, or medical regulations in India, and to maintain records as required by the Indian Medical Council or other authorities.
Marketing and Promotions: To send newsletters, promotional offers, or event invitations (with your consent, as required under the DPDP Act or other laws).
Security: To detect and prevent fraud, unauthorized access, or other security issues.
Research and Development: To conduct anonymized research to improve fertility treatments, subject to your consent where required.
 
3. How We Share Your Information
 
We may share your information in the following circumstances, subject to compliance with applicable laws:
 
3.1 With Service Providers
We engage third-party service providers to perform functions on our behalf, such as:
 
– Payment processors to securely handle transactions (e.g., Razorpay, Paytm).
– Cloud hosting providers to store data securely (e.g., AWS, Google Cloud).
– Analytics providers to track Website usage (e.g., Google Analytics).
– Marketing platforms to deliver targeted advertisements or communications.
 
These providers are bound by contracts to protect your data and use it only for the purposes we specify, in compliance with the DPDP Act and SPDI Rules.
 
 3.2 With Healthcare Partners
We may share your health information with other healthcare providers, laboratories, or pharmacies involved in your treatment, in compliance with applicable medical and privacy regulations.
 
3.3 For Legal Purposes
We may disclose your information to comply with legal obligations, respond to court orders, government requests, or to protect our rights, property, or safety, as permitted under the DPDP Act, SPDI Rules, or other laws.
 
 3.4 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred to the acquiring entity, with appropriate safeguards in place.
 
3.5 With Your Consent
We may share your information with other parties if you provide explicit consent, such as for referrals, sharing success stories, or testimonials (e.g., on our Website or social media).
 
3.6 Anonymized or Aggregated Data
We may share anonymized or aggregated data that cannot identify you for research, marketing, or analytics purposes, in compliance with applicable laws.
 
 3.7 With Government Authorities
Where required by Indian law, we may share certain information (e.g., Aadhaar details) with government authorities, ensuring compliance with the Aadhaar Act, 2016, and other regulations.
 
4. Legal Basis for Processing
 
We process your personal and sensitive personal data under the following legal bases, as applicable:
 
-Consent: When you provide explicit consent (e.g., for marketing communications, cookies, or processing sensitive health data), as required under the DPDP Act 
– Contractual Necessity: To fulfill our obligations under a contract, such as providing fertility treatments or processing payments.
– Legal Obligation: To comply with Indian laws, such as the DPDP Act, SPDI Rules, or medical regulations, and to maintain records as required by the Indian Medical Council.
– Legitimate Interests: For purposes like improving our Website, preventing fraud, or ensuring security, provided these interests do not override your rights and freedoms.
 
For users in the European Union, we ensure compliance with GDPR by obtaining explicit consent or relying on other lawful bases for processing.
 
 5. Your Rights and Choices
 
Under the DPDP Act, 2023, and other applicable laws (e.g., GDPR for EU residents), you have the following rights regarding your personal data:
 
– Right to Access: Request a copy of the personal data we hold about you.
– Right to Correction: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to legal retention requirements (e.g., medical records retention under Indian law).
– Right to Restrict Processing: Request restriction of processing under certain circumstances.
– Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
– Right to Object: Object to certain types of processing, such as direct marketing.
– Right to Withdraw Consent: Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing.
– Right to Nominate: Nominate another person to exercise your rights in case of incapacity, as per the DPDP Act.
– Right to Complain: Lodge a complaint with the Data Protection Board of India or another relevant supervisory authority (e.g., an EU Data Protection Authority for GDPR).
 
To exercise these rights, please contact us at +91 98195 95672. We will respond within the timeframes required by law (e.g., 30 days under the DPDP Act).
 
Opting Out of Marketing
You can opt out of marketing communications by clicking the “unsubscribe” link in our emails, replying “STOP” to SMS/WhatsApp messages, or contacting us directly at
 
 6. Data Security
 
We implement reasonable technical, organizational, and physical safeguards to protect your personal and sensitive personal data, in compliance with the SPDI Rules and DPDP Act, including:
 
– Encryption of sensitive data (e.g., health and payment information) during transmission (using SSL/TLS) and storage.
– Access controls to limit who can view your data to authorized personnel only.
– Regular security audits and vulnerability assessments of our systems.
– Compliance with ISO 27001 standards or equivalent for information security management.
– Secure storage of medical records in accordance with Indian medical regulations.
 
While we take all reasonable measures to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
 
7. Cookies and Tracking Technologies
 
We use cookies and similar technologies to enhance your experience and analyze Website usage. Cookies are small data files stored on your device. We use the following types of cookies:
 
– Essential Cookies: Necessary for the Website to function (e.g., session management, login authentication).
– Performance Cookies: Collect anonymous data to improve Website performance (e.g., Google Analytics).
– Functional Cookies: Enable enhanced features, such as remembering your language or form preferences.
– Advertising Cookies: Deliver personalized ads based on your interests, with your consent.
 
You can manage cookie preferences through our cookie consent tool or your browser settings. Disabling cookies may affect your experience on the Website. For more details, please review our **Cookie Policy** [insert link].
 
8. International Data Transfers
 
If you access our Website from outside India (e.g., the EU or US), your data may be transferred to and processed in India or other countries where our service providers operate (e.g., cloud hosting providers). We ensure appropriate safeguards, such as:
 
– Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision under GDPR.
– Binding Corporate Rules: Where applicable, for intra-group data transfers.
– Compliance with DPDP Act: Ensuring data transfers meet Indian legal requirements.
 
We take steps to ensure your data remains protected during international transfers.
 
 9. Data Retention
 
We retain your personal and sensitive personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law, including:
 
-Medical Records: Retained for at least 5 years from the last treatment date, as per the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002, or longer if required by law.
– Financial Data: Retained for 7 years or as required under Indian tax laws.
– Marketing Data: Retained until you unsubscribe or withdraw consent.
– Website Usage Data: Retained for [insert period, e.g.,  ] for analytics purposes.
 
When data is no longer needed, we securely delete or anonymize it in accordance with applicable laws.
 
10. Children’s Privacy
 
Our Website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected such data, we will take steps to delete it promptly, in compliance with the DPDP Act.
 
11. Third-Party Links
 
Our Website may contain links to third-party websites, such as payment processors, partner clinics, or social media platforms. We are not responsible for the privacy practices or content of these websites. Please review their privacy policies before providing personal data.
 
12. Changes to This Privacy Policy
 
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or industry standards. We will notify you of material changes by posting the updated policy on our Website, sending an email, or using other communication channels. The “Last Updated” date at the top of this policy indicates when it was last revised.
 
13. Contact Us
 
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
 
Spring IVF
3rd Floor, 3C Trust House, Global Hospital Annexe Building, Dr Ernest Borges Rd, Parel East, Mumbai Maharashtra 400012  
Email:ivfspring2017@gmail.com
Phone:+91 98195 95672
 
For GDPR-related inquiries, you may also contact our EU Representative at [insert EU representative details, if applicable].
 
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India (once established under the DPDP Act) .
 
 14. Additional Information for Specific Regulations
 
 14.1 Compliance with DPDP Act, 2023
As a Data Fiduciary under the DPDP Act, Spring IVF ensures that your personal data is processed lawfully, transparently, and with adequate security measures. We provide clear notice and obtain consent where required, and we maintain records of data processing activities as mandated.
 
14.2 Compliance with SPDI Rules
We adhere to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, by implementing reasonable security practices to protect sensitive personal data, such as health and financial information.