Website Privacy Policy
1 · Introduction
Aaro Cancer Care Private Limited ("Aaro", "we", "us" or "our") operates www.aarocancercare.com (the "Site"). The Site is a marketing and information portal only; it does not provide online medical consultations, appointment scheduling, payments, or patient‑care services. This Privacy Policy explains how we handle personal information collected through the Site in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology (Reasonable Security Practices & Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and other Indian laws.
If you disagree with any part of this Policy, please do not use the Site.
2 · What Information We Collect
| Category | Typical Sources |
|---|---|
| Contact Data | Name, email address, phone number, city, organisation—when you submit the Enquiry or Wait‑List form or sign up for newsletters. |
| Voluntary Health Context | Any details you choose to write in a free‑text field (e.g., cancer type, treatment interest). We do not request these, but you may voluntarily supply them. |
| Usage & Device Data | IP address, browser type, pages visited, time spent, cookies and similar analytics information gathered automatically. |
We do not intentionally collect payment information, Aadhaar numbers, or detailed medical records on the Site.
3 · Purposes & Legal Bases
| Purpose | Legal basis under DPDP Act |
|---|---|
| Respond to your enquiries or requests for a call‑back | Consent (you provide the data to receive a response) |
| Send email updates, newsletters, or promotional material you opt into | Consent (with clear opt‑out) |
| Analyse Site traffic and improve content/layout | Legitimate interests (to grow our business and enhance user experience) |
| Detect, prevent, and investigate security incidents | Legitimate interests |
4 · How We Share Information
We never sell your data. We may share it only:
- With trusted service providers who host our website, send emails, or provide analytics—subject to confidentiality commitments;
- With government or law‑enforcement authorities when required by applicable law.
5 · International Transfers
Our primary servers are located in India. If technical service partners process data in other countries, we ensure comparable protection and, where required, obtain consent.
6 · Data Retention
- Enquiry & newsletter data: kept for up to 3 years from the last interaction or until you withdraw consent, whichever is earlier.
- Analytics logs: retained for up to 12 months then aggregated or deleted.
7 · Cookies & Similar Technologies
The Site uses first‑party cookies for session management and Google Analytics (or an equivalent privacy‑focused tool) for aggregated usage statistics. You can disable cookies in your browser; the Site will still be viewable, though certain preferences may be lost.
8 · Your Rights
Under the DPDP Act, you may:
- Request confirmation of processing and a copy of your personal data;
- Seek correction of inaccurate data;
- Withdraw consent for marketing emails at any time (click "unsubscribe" in any mailing);
- Nominate a data fiduciary to exercise rights on your behalf;
- Lodge a complaint with the Data Protection Board of India.
9 · Security Measures
We implement reasonable technical and organisational safeguards—TLS encryption, limited access controls, periodic security reviews—to protect information gathered via the Site.
10 · Children's Privacy
The Site is not directed to children under 18. If we learn we have collected personal data from a minor without parental consent, we will delete it promptly.
11 · Changes to This Policy
Material changes will be posted here and, where appropriate, notified by banner or email. Continued use of the Site after changes signifies acceptance.