Doctor Privacy Policy
How Carelix collects, uses, and protects personal and professional data of doctors registered on the Platform.
1 Introduction
Carelix Healthcare Pvt. Ltd. ("Carelix", "we", "us") is committed to protecting the privacy of doctors registered on our platform. This Privacy Policy explains what personal data we collect from you as a doctor, how we use it, with whom we share it, and what rights you have over it.
This policy is in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian laws.
2 Data We Collect
2.1 Identity & Contact Data
- Full legal name (as on Aadhaar/PAN/bank records)
- Mobile number
- Email address
- Selfie / face photograph
2.2 Professional Data
- Medical qualification and degree certificate
- State/National Medical Council registration number
- Specialisation / consultation service type
- Consultation modes (Online / Home Visit / Clinic Visit)
- Consultation fees per mode
2.3 KYC Documents
- Aadhaar card (image or PDF)
- PAN card (image or PDF)
- Highest educational degree certificate (image or PDF)
2.4 Location Data
- Permanent address
- Current address
- Clinic address (if applicable)
- Home-visit base location and coverage radius (GPS data, if you choose to use GPS)
2.5 Financial Data
- Bank account holder name
- Bank name and IFSC code
- Account number
- Cancelled cheque or bank statement
2.6 Usage & Platform Data
- Login activity and timestamps
- Booking history (completed, cancelled, pending)
- Patient ratings and reviews received
- App and device information (device type, OS version, IP address)
3 Why We Collect Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Identity verification & KYC | Name, Aadhaar, PAN, selfie, degree | Consent + Legal obligation |
| Creating & displaying your Doctor Profile | Name, photo, specialisation, fees, location | Contractual necessity |
| Facilitating patient bookings | Profile, availability, booking history | Contractual necessity |
| Processing payments & settlements | Bank details, booking data | Contractual necessity |
| TDS deduction & tax compliance | PAN, earnings data | Legal obligation |
| Sending Leegality agreement for e-signing | Name, email, mobile | Contractual necessity |
| Customer support & dispute resolution | All relevant data | Legitimate interest |
| Platform improvement & analytics | Usage data (anonymised where possible) | Legitimate interest |
| Fraud prevention & security | Login activity, device data, KYC docs | Legitimate interest + Legal obligation |
4 Who We Share Your Data With
We do not sell your personal data. We share your data only in the following circumstances:
Payment gateways
To process patient payments and settle your earnings. Only necessary financial data is shared.
Leegality
Your name, email, and mobile number are shared with Leegality to facilitate e-signing of the Doctor Service Agreement.
Government and regulatory authorities
We may share your data with law enforcement, tax authorities, or medical councils if required by law or court order.
Third-party service providers
Such as cloud hosting, SMS/OTP providers, and analytics tools โ all bound by confidentiality obligations and only given access to data necessary for their specific service.
Patients
Your name, photograph, specialisation, fees, location, and ratings are visible to patients on the platform. Your Aadhaar, PAN, bank details, and other KYC data are never shared with patients.
5 Data Retention
| Data Category | Retention Period |
|---|---|
| KYC documents (Aadhaar, PAN, degree) | 7 years from account termination (for legal/tax compliance) |
| Bank account details | 7 years from last transaction |
| Booking and earnings records | 7 years (Income Tax Act requirement) |
| Profile data (name, photo, specialisation) | Deleted within 90 days of account deactivation |
| Login and usage logs | 2 years from date of log creation |
| Signed Doctor Service Agreement (via Leegality) | 10 years from signing date |
6 Data Security
We implement industry-standard technical and organisational measures to protect your personal data, including:
- Encrypted storage of KYC documents and bank details.
- OTP-based authentication for platform access.
- Access controls ensuring only authorised Carelix staff can view KYC and financial data.
- Secure HTTPS connections for all data transmitted between your device and our servers.
In the event of a data breach that is likely to affect your rights, we will notify you as required under applicable law.
7 Your Rights Under the DPDP Act 2023
As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
Right to access
Request a summary of what personal data we hold about you.
Right to correction
Request correction of inaccurate or incomplete personal data.
Right to erasure
Request deletion of your personal data. Note that we may retain certain data as required by law (see Section 5).
Right to grievance redressal
Raise a complaint about how your data is handled. We will respond within 30 days.
Right to nominate
Nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any of these rights, write to: grievance@carelixhealthcare.com
8 Cookies and App Tracking
The Carelix mobile app may use device identifiers and analytics tools to understand app performance and usage patterns. This data is used internally to improve the app experience and is not sold to third parties. You may limit tracking through your device settings, though this may affect some app functionality.
9 Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be communicated via email or an in-app notification at least 15 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
10 Grievance Officer
In accordance with the Information Technology Act, 2000, and the DPDP Act, 2023, the details of our Grievance Officer are:
Name: Komal Gulati
Designation: Grievance Redressal Officer
Email: grievance@carelixhealthcare.com
Address: Carelix Healthcare Pvt. Ltd., Sohna Road, 141 JMD Galleria, Gurugram, Sector 48, Haryana โ 122001
Response time: Within 30 days of receipt of complaint.