Effective Date: 1st January 2026
Website: www.bimshospital.com

1. INTRODUCTION

This Privacy Policy explains how Maruti Hospicare Pvt. Ltd. (“BIMS Hospital”, “we”, “us”, or “our”) collects, processes, stores, and protects personal data and health information.

This policy applies to:

• Patients and caregivers (B2C users)
• Healthcare professionals, partners, vendors (B2B users)
• International users accessing our services

We are committed to protecting your privacy in compliance with:

• Indian laws (Information Technology Act, 2000 & SPDI Rules)
• Principles of the General Data Protection Regulation (GDPR)
• Safeguard standards inspired by the Health Insurance Portability and Accountability Act (HIPAA)

2. DEFINITIONS

• Personal Data: Any information identifying an individual
• Sensitive Personal Data / Health Data: Medical records, diagnosis, treatment data
• Processing: Collection, storage, use, sharing, or deletion
• Data Subject: The individual whose data is processed
• Controller: BIMS Hospital (determines purpose and means of processing)
• Processor: Third parties processing data on our behalf

3. DATA WE COLLECT

3.1 Identity & Contact Data

• Name, age, gender
• Phone number, email address
• Address, nationality

3.2 Health & Medical Data (Special Category Data under GDPR)

• Medical history and conditions
• Diagnostic reports, imaging, prescriptions
• Treatment plans, surgical records
• Teleconsultation records

3.3 Technical Data

• IP address, browser type, device ID
• Cookies, usage analytics

3.4 B2B Data

• Professional credentials and licenses
• Organization details
• Communication and contractual data

4. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)

We process your data based on:

• Explicit Consent (for health data and marketing)
• Performance of Contract (treatment, appointments)
• Legal Obligation (medical record retention, regulatory compliance)
• Vital Interests (life-saving situations)
• Legitimate Interests (service improvement, fraud prevention)

5. PURPOSE OF PROCESSING

We use your data to:

• Deliver medical care and treatment
• Manage appointments and consultations
• Maintain electronic health records (EHR)
• Facilitate diagnostics, pharmacy, and referrals
• Communicate with patients and partners
• Improve services and digital experience
• Conduct internal analytics and audits
• Comply with legal and regulatory requirements

6. HIPAA-INSPIRED HEALTH DATA PROTECTION

We apply strict safeguards for Protected Health Information (PHI):

• Access restricted to authorized medical personnel only
• Role-based access control systems
• Secure Electronic Medical Records (EMR/EHR)
• Confidentiality obligations for all staff
• Audit logs and monitoring systems

7. DATA SHARING & DISCLOSURE

7.1 Permitted Disclosures

We may share data with:

• Doctors, nurses, and clinical teams
• Diagnostic labs and pharmacies
• Insurance providers (with consent)
• Technology and cloud service providers
• Regulatory authorities when legally required

7.2 Data Processing Agreements

All third-party processors are bound by:

• Confidentiality agreements
• Data protection obligations aligned with GDPR/HIPAA principles

We never sell personal or health data.

8. INTERNATIONAL DATA TRANSFERS

• Data may be transferred outside India
• We implement safeguards such as:
  • Standard Contractual Clauses (SCCs)
  • Secure cloud infrastructure
  • Encryption protocols

By using our services, you consent to cross-border data transfers.

9. DATA RETENTION

We retain data:

• As long as necessary for medical and operational purposes
• In compliance with Indian healthcare regulations
• Longer retention may apply for:
  • Legal claims
  • Medical audit requirements

10. DATA SECURITY MEASURES

We implement industry-standard safeguards:

• End-to-end encryption (where applicable)
• Secure servers and firewalls
• Multi-factor authentication
• Regular vulnerability assessments
• Incident response protocols

11. DATA SUBJECT RIGHTS (GDPR RIGHTS)

You have the right to:

• Access your data
• Rectify inaccurate data
• Erase data (“Right to be Forgotten”)
• Restrict Processing
• Data Portability
• Object to Processing
• Withdraw Consent at any time

Requests can be submitted via the contact details below.

12. AUTOMATED DECISION-MAKING

• We do not rely solely on automated decision-making for medical treatment
• Any AI-assisted insights are reviewed by qualified professionals

13. COOKIES & TRACKING TECHNOLOGIES

We use cookies for:

• Website functionality
• Analytics and performance
• Personalization

Users can manage cookie preferences through browser settings or consent banners.

14. CHILDREN’S DATA

• We collect children’s data only with parental/guardian consent
• Special care is taken to protect minors’ health information

15. DATA BREACH NOTIFICATION

In case of a data breach:

• We will notify authorities as required
• Affected users will be informed without undue delay
• Immediate mitigation steps will be taken

16. THIRD-PARTY LINKS

• Our website may link to external platforms
• We are not responsible for their data practices

17. GRIEVANCE REDRESSAL & DATA PROTECTION CONTACT

Grievance Officer / Data Protection Contact
Maruti Hospicare Pvt. Ltd. (BIMS Hospital)
Bhavnagar, Gujarat, India

Email: info@bimshospital.com
Phone: +917227989810

For EU users, you may also contact your local Data Protection Authority.

18. GOVERNING LAW & JURISDICTION

This Privacy Policy is governed by the laws of India.

Any disputes shall fall under the jurisdiction of courts in:
Bhavnagar, Gujarat, India

19. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically.
Updated versions will be posted on this page with a revised effective date.

20. CONSENT & ACKNOWLEDGEMENT

By using our website and services, you confirm that:

• You have read and understood this Privacy Policy
• You consent to the processing of your personal and health data