Who we are
Suggested text: Our website address is: https://drbhartibansalneuroclinic.com
WhatsApp Business API Privacy Policy
Effective Date: January 12, 2026
Last Updated: January 12, 2026
1. Introduction
Dr. Bharti Bansal Neuro Clinic (“we,” “us,” “our,” or “Company”) is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information through our WhatsApp Business API communication channel. This Privacy Policy explains our practices regarding data collection and usage when you interact with us via WhatsApp.
This policy applies exclusively to communications conducted through the WhatsApp Business API and should be read in conjunction with our main website privacy policy.
2. What Information We Collect
When you communicate with us through WhatsApp Business API, we may collect and process the following categories of information:
2.1 Information You Provide Directly
Phone Number: Your WhatsApp phone number (required to establish contact)
Contact Information: Name, email address, and other details you choose to share
Medical Information: Your health concerns, medical history, symptoms, medications, and treatment preferences (if shared during consultation discussions)
Appointment Details: Appointment dates, times, location preferences, and cancellation requests
Communication Preferences: Your preferences regarding communication frequency and message types
2.2 Automatically Collected Information
Message Metadata: Timestamp of messages, message delivery status, and read receipts
Device Information: Device type and operating system (to optimize message delivery)
Usage Patterns: Information about when and how frequently you interact with our WhatsApp channel
IP Address: Associated with your device for security purposes
2.3 Healthcare-Specific Information
Since Dr. Bharti Bansal Neuro Clinic provides neurological services, we may collect sensitive health information including:
Neurological conditions and diagnoses
Medications and treatment plans
Diagnostic test results
Consultation notes and medical observations
Prescription information
3. Legal Basis for Data Processing
We process your personal data on one or more of the following legal grounds:
3.1 Explicit Consent
You have explicitly consented to receive WhatsApp communications from us. By providing your phone number and engaging with our WhatsApp Business API, you acknowledge and consent to our data processing practices as outlined in this policy.
3.2 Contractual Necessity
Processing is necessary to provide you with healthcare services and appointment-related communications you have requested.
3.3 Legal Obligation
We may process your data to comply with applicable healthcare regulations, including HIPAA (in applicable jurisdictions), GDPR, and other data protection laws.
3.4 Legitimate Business Interest
Processing is necessary for our legitimate interests in improving healthcare services, customer support, and operational efficiency, provided these interests are not overridden by your rights and interests.
4. How We Use Your Information
We use the information collected through WhatsApp Business API for the following purposes:
4.1 Healthcare Service Delivery
Scheduling and confirming medical appointments
Sending appointment reminders
Facilitating preliminary consultations
Providing follow-up care information
Sharing medical test results and prescriptions
Offering healthcare advice and treatment guidance
Managing medical records related to WhatsApp consultations
4.2 Patient Communication
Notifying you of appointment availability
Confirming appointment details
Sending pre-appointment preparation instructions
Providing post-consultation follow-up
Requesting feedback on your healthcare experience
Emergency notifications related to your health
4.3 Quality Improvement
Analyzing communication patterns to improve service delivery
Training our medical and administrative staff
Evaluating the effectiveness of our healthcare services
Conducting internal audits and quality assurance checks
4.4 Administrative and Operational Purposes
Maintaining accurate patient records
Processing billing and payment information
Responding to inquiries and complaints
Resolving disputes
Fraud prevention and security
4.5 Legal and Compliance Purposes
Complying with healthcare regulations and legal obligations
Responding to lawful requests from authorities
Protecting our legal rights and interests
5. Data Sharing and Disclosure
5.1 No Third-Party Sharing for Marketing
We do not sell, rent, or share your personal information with third parties for marketing purposes.
5.2 Authorized Service Providers
We may share your information with authorized service providers who assist us in delivering healthcare services, including:
WhatsApp Business Solution Providers (BSPs)
Cloud storage and data management providers
Healthcare IT service providers
Payment processors (for billing purposes only)
Medical laboratory services (if test results need to be shared)
All service providers are contractually bound to maintain confidentiality and use your information only for purposes necessary to provide their services.
5.3 Data Processing Agreements
We maintain formal Data Processing Agreements (DPAs) with all service providers who access your personal data, ensuring GDPR and local data protection compliance.
5.4 Legal and Regulatory Disclosures
We may disclose your information when required by law or in response to:
Court orders or legal processes
Regulatory investigations by healthcare authorities
Law enforcement requests
Public health emergency situations
5.5 Medical Emergency
In cases of medical emergency, we may share essential health information with emergency medical services without prior consent if it is necessary to protect your health and safety.
5.6 Healthcare Providers
With your explicit consent, we may share relevant medical information with other healthcare providers involved in your treatment to ensure continuity of care.
6. Data Security and Protection
6.1 End-to-End Encryption
All messages transmitted through WhatsApp Business API are protected by end-to-end encryption, ensuring that only you and our clinic can access the message content. WhatsApp cannot access the content of your encrypted messages.
6.2 Secure Storage
Personal and health data are stored on encrypted databases with restricted access
Access is limited to authorized medical and administrative personnel
We implement role-based access controls ensuring staff can only access information necessary for their roles
6.3 Data Security Measures
Regular security audits and vulnerability assessments
Firewalls and intrusion detection systems
Secure password policies and multi-factor authentication
Employee training on data protection and confidentiality
Regular backup procedures with encryption
6.4 Data Retention Policies
Health records are retained in accordance with medical record retention requirements (typically 6-7 years post-consultation)
Appointment metadata is retained for administrative purposes
Communication logs are maintained for service quality and dispute resolution
You may request deletion of your data subject to legal retention requirements
6.5 No Guarantee of Absolute Security
While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information.
7. Your Data Rights and Choices
7.1 Right to Access
You have the right to request access to the personal data we hold about you. We will provide this information within 30 days of your request (or as required by applicable law).
7.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete information we hold about you. Please inform us immediately of any changes to your personal information.
7.3 Right to Erasure (“Right to be Forgotten”)
Under certain circumstances, you have the right to request deletion of your personal data, provided:
The data is no longer necessary for its original purpose
You withdraw your consent
You object to processing and no other legal basis exists
Legal or healthcare record retention requirements do not apply
Note: Due to healthcare regulatory requirements, we may retain essential medical information even after erasure requests for patient safety and legal compliance.
7.4 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and transmit it to another healthcare provider if requested.
7.5 Right to Opt-Out
You can opt out of receiving non-essential WhatsApp communications at any time by:
Replying with “STOP” to any message
Contacting us directly at the phone number listed in Section 10
Adjusting your communication preferences
Important: Opting out of communications may affect our ability to provide appointment reminders and essential healthcare information.
7.6 Right to Object
You have the right to object to certain types of data processing, including:
Processing for marketing purposes
Processing based on legitimate interest
Automated decision-making and profiling (if applicable)
7.7 Right to Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to lodge a complaint with:
The relevant data protection authority in your jurisdiction
Dr. Bharti Bansal Neuro Clinic directly (contact details in Section 10)
8. Children’s Privacy
The WhatsApp Business API communication channel is intended for adults and parents/guardians of pediatric patients. We do not intentionally collect personal information from children under 13 years of age without parental consent. If we become aware of such collection, we will take immediate steps to delete the information and notify the parent/guardian.
For patients under 18, parents or legal guardians are responsible for providing consent and managing the patient’s data.
9. International Data Transfers
9.1 Geographic Scope
This policy applies to residents of India and any other jurisdictions where we operate. If you are a resident of the European Union or European Economic Area, additional protections under GDPR apply.
9.2 Data Storage
Your data is primarily stored on servers located within India. If we transfer data internationally, we ensure:
Compliance with applicable data protection laws
Adequate safeguards and protective measures
Standard contractual clauses or other legal mechanisms as required
Your explicit consent where necessary
10. GDPR Compliance (For EU Residents)
If you are a resident of the European Union, the following additional provisions apply:
10.1 Data Protection Officer
You may contact our Data Protection Officer for privacy-related inquiries.
10.2 Legal Basis Under GDPR
Processing is based on:
Article 6(1)(a): Explicit consent
Article 6(1)(b): Contractual necessity for healthcare services
Article 6(1)(c): Legal obligations
Article 9: Special category data (health information) – processed with explicit consent and for healthcare purposes
10.3 Data Protection Rights
You have the rights enumerated under GDPR Articles 15-22, including access, rectification, erasure, and the right to lodge complaints with your national data protection authority.
10.4 BSP Compliance
Our WhatsApp Business Solution Provider is certified and compliant with GDPR requirements and maintains EU-based data centers or appropriate international transfer mechanisms.
11. HIPAA Compliance (For US-Based Users)
While Dr. Bharti Bansal Neuro Clinic is based in India, if you are a patient in the United States:
11.1 Business Associate Agreement
Our service providers who access your health information maintain Business Associate Agreements (BAAs) compliant with HIPAA regulations.
11.2 Security Rule Compliance
We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule.
11.3 Privacy Rights
You have rights under HIPAA to access, amend, and receive an accounting of disclosures of your Protected Health Information (PHI).
11.4 Breach Notification
In the event of a breach of your unsecured PHI, we will notify you and relevant authorities as required by HIPAA.
12. India Data Protection Laws
As a business operating in India, we comply with:
12.1 Digital Personal Data Protection Act, 2023 (DPDP Act)
We collect only necessary personal data
We maintain transparency regarding data collection and processing
We honor user rights to access and deletion as provided under the DPDP Act
We appoint a Data Protection Officer as required
12.2 Healthcare Data Handling
Healthcare data is handled in accordance with:
Indian Medical Council guidelines
Biomedical Waste Management Rules
National Health Mission standards
Hospital Information System security standards
13. Marketing and Promotional Communications
13.1 Opt-In Requirement
We only send promotional or marketing messages if you have explicitly opted in to receive such communications. Marketing messages will clearly indicate their promotional nature.
13.2 Unsubscribe Option
Every promotional message includes instructions on how to unsubscribe or change your preferences.
13.3 Healthcare Information Exceptions
Essential health-related communications, appointment reminders, and test result notifications are not considered marketing messages and will be sent regardless of promotional preferences.
14. Cookies and Tracking Technologies
The WhatsApp Business API itself does not use cookies. However, if you visit our website:
Cookies may be used to enhance your browsing experience
Refer to our website privacy policy for detailed information about cookie usage
You can control cookie settings through your browser preferences
15. Third-Party Links
Our WhatsApp messages may occasionally contain links to:
External healthcare resources
Medical information portals
Prescription delivery services
Appointment scheduling platforms
We are not responsible for the privacy practices of third-party websites. Please review their privacy policies before providing personal information.
16. Policy Updates and Changes
16.1 Amendments
We may update this Privacy Policy periodically to reflect:
Changes in our data practices
New regulatory requirements
Technological advancements
Legal developments
16.2 Notification of Changes
Material changes will be communicated to you via:
WhatsApp message notification
Website announcement
Email notification (if we have your email address)
16.3 Continued Use
Your continued use of WhatsApp Business API communication after policy changes constitutes acceptance of the updated terms.
17. Contact Information
For questions, concerns, or requests related to this Privacy Policy or your personal data:
Dr. Bharti Bansal Neuro Clinic
Address: Kishore Nursing Home, 1/177-A Bagh Farzana Road, Hariparwat, Agra (UP), India
Phone: +91-8881843961
Email: [Contact through WhatsApp or clinic contact]
WhatsApp Business: +91-8881843961
Office Hours: Monday to Saturday, 10:00 AM – 7:00 PM IST
17.1 Data Protection Officer Inquiry
For GDPR-specific or data protection-related inquiries, please contact us with subject line: “Data Protection Officer – Privacy Request”
17.2 Complaint Resolution
We aim to resolve privacy concerns within 30 days of receipt. If you are unsatisfied with our response, you have the right to escalate your complaint to the relevant data protection authority in your jurisdiction.
18. Disclaimer and Limitation of Liability
18.1 WhatsApp is Not HIPAA-Compliant for Business App
This Privacy Policy applies specifically to communications via WhatsApp Business API. The standard WhatsApp Business app does not provide the same data protection and compliance features and should not be used for sensitive health communications.
18.2 No Medical Advice Warranty
Information provided through WhatsApp should not be considered a substitute for professional medical advice. Always consult with a qualified healthcare provider for medical decisions.
18.3 Emergency Communications
In urgent medical situations, please contact emergency services directly rather than relying on WhatsApp communication.
19. Acknowledgment and Consent
By using WhatsApp Business API to communicate with Dr. Bharti Bansal Neuro Clinic, you acknowledge that:
You have read and understood this Privacy Policy
You consent to the collection and processing of your personal data as described herein
You have the authority to provide your phone number and personal information
You understand the benefits and limitations of WhatsApp communication for healthcare
You agree to comply with applicable laws regarding data usage
Privacy Policy Version: 1.0
Document Reference: DBBSC-WA-PP-2026-01
This Privacy Policy is provided in English. For any discrepancies between the English version and any translated version, the English version shall prevail.
Appendix A: Frequently Asked Questions (FAQs)
Q1: Is my health information secure on WhatsApp?
A: Yes. WhatsApp Business API uses end-to-end encryption for all messages. Only you and our clinic can access message content. However, ensure you use WhatsApp Business API (not the standard app) and that your device is secure.
Q2: How long do you keep my data?
A: Medical records are typically retained for 6-7 years post-consultation as per healthcare regulations. Appointment data is retained for administrative purposes. You may request deletion subject to legal retention requirements.
Q3: Can I opt out of appointment reminders?
A: While you can opt out of promotional messages, appointment reminders and essential healthcare communications are critical for safe care delivery and patient safety. We recommend maintaining these.
Q4: Will you share my medical information with third parties?
A: No, we do not share your health information with third parties for marketing or other non-healthcare purposes. We only share with authorized service providers and with your explicit consent to other healthcare providers for continuity of care.
Q5: What if I live outside India?
A: Our privacy practices comply with international data protection laws. If you’re in the EU, GDPR protections apply. If you’re in the US, HIPAA compliances are maintained. All users receive the same data protection standards.
Q6: How do I request access to my data?
A: Contact us via WhatsApp at +91-8881843961 or through the clinic contact information. We will provide your data within 30 days in a structured, commonly used format.
Q7: What should I do if I suspect a data breach?
A: Contact us immediately via phone at +91-8881843961. We will investigate and notify relevant authorities and affected individuals as required by law.
Q8: Can I delete my account and all my data?
A: You can request deletion of your personal data, though some medical records may be retained for legal compliance. Contact the clinic for details specific to your situation.