Medi Cutis – Navigation
Privacy Policy — Medicutis
Legal & Compliance

Your Privacy,
Our Commitment

Effective Date
May 2026
Governed By
IT Act 2000 & IT (SPDI) Rules 2011
Grievance Response
Within 48 working hours
🔒
We take your privacy seriously. Sensitive Personal Data (SPDI) — including medical records and clinical photographs — is collected only with your explicit written consent and is never used for advertising targeting.
1.1
Definitions & Scope

"Medicutis", "we", "us", "our" refers to Medicutis Clinic, operated by Dr. Sonal Tibrewal Garg and Dr. Abhinav Garg, registered at A-1/19, A Block, Prashant Vihar, Sector 14, Rohini, Delhi – 110085.

"You", "user", "patient" refers to any person accessing our website or receiving our services.

"SPDI" means Sensitive Personal Data or Information as defined under Rule 3 of the IT (SPDI) Rules, 2011, and includes medical records, health history, treatment data, and clinical photographs.

This Policy applies to all interactions with our website (www.medicutis.com), mobile platforms, social media, and in-clinic data collection.

1.2
Information Collected

Directly Provided

  • Identity & contact: name, age, gender, DOB, phone, email, address
  • Medical: health history, skin/hair concerns, treatment records, prescriptions
  • Clinical photographs for documentation and before/after comparison
  • Payment details — processed via secure payment gateways; card data not stored by us

Automatically Collected

  • Device & browser data, IP address, pages visited, session duration
  • Cookies and tracking pixels (Google Analytics, Meta Pixel)

SPDI is collected only with express written consent. Health data is never used for advertising targeting.

1.3
Purpose of Processing
  • Delivery and management of clinical and wellness services
  • Appointment scheduling, confirmations, reminders, and aftercare communication
  • Processing payments and maintaining statutory financial records
  • Regulatory compliance under Clinical Establishments Act 2010 and applicable laws
  • Website analytics (anonymised) and digital experience improvement
  • Marketing communications — with consent, with unsubscribe in every message
  • Anonymised remarketing via Google Ads and Meta — no health data used for targeting
1.4
Disclosure of Information

We do not sell, rent, or trade personal data. Disclosure is limited to:

  • Treating physicians and referred specialists — with patient knowledge
  • Payment processors (Razorpay, PhonePe) — under their own compliant privacy frameworks
  • Cloud/software service providers — under data processing agreements
  • Regulatory authorities — when required by law, court order, or government directive
1.5
Cookies & Advertising Compliance
  • Essential cookies: necessary for website function
  • Analytics: Google Analytics (anonymised) — measures traffic and behaviour
  • Remarketing: Google Ads Remarketing + Meta Custom Audiences — anonymised device data only. No health or medical condition data is used.

Our remarketing fully complies with Google's Personalised Advertising Policy and Meta's Sensitive Categories Policy.

Opt out:

1.6
Retention
Data Type Retention Period Basis
Clinical records (adults) Minimum 3 years post last treatment Medical & regulatory compliance
Clinical records (minors) Until age 21 or 3 years post last visit Medical & regulatory compliance
Financial records 8 years Income Tax Act 1961
Marketing consent Until withdrawn Consent-based
Analytics data 26 months Google Analytics default settings
1.7
Your Rights

You have the right to access, correct, or request deletion of your personal data; withdraw consent for marketing; and receive copies of your clinical records.

📋
Access & Copies
Request copies of your personal data or clinical records.
✏️
Correction
Request correction of inaccurate or incomplete information.
🗑️
Deletion
Request deletion of personal data, subject to legal retention obligations.
🔕
Withdraw Consent
Withdraw marketing consent at any time.

To exercise these rights:

Phone
In Person
A-1/19, A Block, Prashant Vihar, Sector 14, Rohini, Delhi – 110085
1.8
Data Security

We apply reasonable security practices per Rule 8, IT (SPDI) Rules 2011: HTTPS encryption, role-based access controls, password-protected systems, physical record security, and periodic security reviews.

We cannot guarantee absolute security of internet transmissions.

1.9
Clinical Photographs

Before/After photographs are used for clinical documentation and marketing only with explicit written consent. Consent may be withdrawn at any time; images will be removed within 30 days, subject to third-party platform constraints.

1.10
Minors

Services for patients under 18 require written parental/guardian consent. We do not knowingly market to persons under 18.

1.11
Grievance Officer

Mandatory under IT Rules 2011 Rule 5(9). Grievances acknowledged within 48 working hours and resolved within 30 days.

Designated Officer
Dr. Sonal Tibrewal Garg
Dr. Abhinav Garg
Address
A-1/19, A Block, Prashant Vihar, Sector 14, Rohini, Delhi – 110085

Get a Call back from our team

Let's have a chat