Website Privacy Policy
How Carelix collects, uses, and protects personal data when you visit our website or book services as a patient or visitor.
1 Introduction
Carelix Healthcare Pvt. Ltd. ("Carelix", "we", "us") is committed to protecting the privacy of every person who visits or uses our Platform. This Privacy Policy explains what personal data we collect, why, how we use and protect it, with whom we share it, and what rights you have under Indian law including the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000.
This Policy applies to all users of www.carelixhealthcare.com and the Carelix mobile application — patients, visitors, and callback enquirers. Partners (Doctors, Freelancers, Vendors) are subject to their separate Privacy Policies.
2 Data We Collect
2.1 Information You Provide Directly
- Name, mobile number, and email address (booking forms, callback forms, package purchase).
- Patient details: patient name, age, medical condition/requirement, and home address for service delivery.
- Payment information: card details (processed by our payment gateway — Carelix does not store full card numbers), UPI ID, transaction references.
- Reviews and ratings submitted on the Platform.
- Communications with Carelix via phone, email, WhatsApp, or chat.
2.2 Information Collected Automatically
- Device and browser information: device type, operating system, browser type, IP address.
- Usage data: pages visited, time spent, links clicked, service categories viewed.
- Location data: city-level location used to show relevant services (GPS location only if you explicitly allow it).
- Cookies and tracking technologies (see Section 7).
2.3 Information from Third Parties
- If you contact us via WhatsApp, Facebook, Instagram, or other social media, we may receive your public profile information and message content.
- Google Tag Manager (GTM-WH8HWNF9) is used on the website to manage tracking tags.
- Google Analytics or similar tools may provide aggregated traffic and behaviour data.
3 Why We Collect Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Processing bookings and service delivery | Name, mobile, address, patient details | Contractual necessity |
| Sending booking confirmations and updates | Name, mobile, email | Contractual necessity |
| Processing payments and issuing receipts | Payment details, transaction records | Contractual necessity + Legal obligation |
| Callback and enquiry management | Name, mobile, selected service, city | Consent |
| Sending promotional offers and health content | Name, mobile, email | Consent (DNC override on callback form) |
| Displaying relevant services by location | City-level location | Legitimate interest |
| Platform analytics and improvement | Usage data, device info (anonymised) | Legitimate interest |
| Managing reviews and ratings | Name, review content | Legitimate interest |
| Fraud prevention and security | IP address, device data, transaction records | Legitimate interest + Legal obligation |
| Compliance with legal obligations | All relevant data as required | Legal obligation |
| Partner onboarding (Doctors/Freelancers/Vendors) | Governed by separate Partner Privacy Policies | Separate consent |
4 How We Use Your Contact Information
By submitting your mobile number or email on the Carelix Platform (booking, callback, package purchase), you authorise Carelix and its representatives to contact you via:
- Phone calls (including from our operations team to confirm bookings)
- SMS and WhatsApp messages (booking updates, service reminders, promotional content)
- Email (confirmations, invoices, health content, offers)
This consent applies even if your number is registered on the DNC (Do Not Call) or NDNC list, as explicitly stated in our callback form. You may opt out of promotional communications at any time by writing to info@carelixhealthcare.com or replying STOP to any SMS.
5 Who We Share Your Data With
5.1 Healthcare Professionals and Vendors
When you book a service, Carelix shares your name, contact number, address, and relevant medical/care requirements with the allocated Doctor, Freelancer, or Vendor who will provide your service. We share only what is necessary for service delivery.
5.2 Partner Laboratories and Radiology Providers
For lab test at home and radiology services, your sample collection details and required test information are shared with our partner diagnostic centres for processing.
5.3 Payment Processors
Your payment details are processed by our secure payment gateway partners. Carelix does not store your full card numbers. Payment processors are bound by PCI-DSS compliance standards.
5.4 Technology Service Providers
Cloud hosting, SMS/OTP providers, WhatsApp Business API providers, email service providers, and analytics tools — all bound by confidentiality obligations and given only minimum necessary data.
5.5 Government and Regulatory Authorities
Carelix may share your data with law enforcement, tax authorities, courts, or regulatory bodies when required by law or court order.
5.6 Business Transfers
In the event of a merger, acquisition, or sale of Carelix's business, your data may be transferred to the successor entity, subject to equivalent privacy protections.
We do not sell your personal data to any third party for their independent marketing or commercial use.
6 Data Retention
| Record Type | Retention Period |
|---|---|
| Booking and service records | 7 years (for tax, legal, and audit compliance) |
| Payment and invoice records | 7 years (Income Tax Act requirement) |
| Patient care details shared with professionals | Retained only for service duration; deleted thereafter unless legally required |
| Callback and enquiry records | 1 year from date of enquiry |
| Account and profile data | As long as account is active + 2 years after last activity |
| Marketing communication records (opt-in/opt-out) | 3 years from last interaction |
| Website usage logs and analytics | 2 years from log creation |
| Reviews and ratings | As long as the Platform operates or until you request removal |
7 Cookies and Tracking Technologies
7.1 What We Use
- Essential cookies: required for the Platform to function (session management, login, booking flow).
- Analytics cookies: Google Analytics and Google Tag Manager (GTM-WH8HWNF9) to understand how users interact with our website.
- Marketing cookies: to show relevant Carelix ads on social media and Google platforms based on your interests.
- Social media pixels: Facebook, Instagram, and similar platforms may place tracking pixels on our pages.
7.2 Your Choices
Most browsers allow you to control cookies through browser settings. Disabling cookies may affect some Platform functionality.
You may opt out of Google Analytics tracking at: tools.google.com/dlpage/gaoptout
For ad preferences, visit: adssettings.google.com
8 Data Security
We protect your data through:
- HTTPS encryption for all data transmitted between your device and our servers.
- Secure, PCI-DSS-compliant payment processing through our payment gateway partners.
- Access controls ensuring only authorised Carelix staff can access personal data.
- Regular security reviews and updates.
In the event of a data breach likely to affect your rights, we will notify you as required by applicable law including the DPDP Act, 2023.
9 Your Rights Under the DPDP Act 2023
As a data principal under India's Digital Personal Data Protection Act, 2023, you have the following rights:
Right to Access
Request a summary of what personal data Carelix holds about you.
Right to Correction
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements (Section 6).
Right to Withdraw Consent
Withdraw consent for marketing communications at any time by writing to info@carelixhealthcare.com.
Right to Grievance Redressal
Raise a complaint about how your data is handled. We will respond within 30 days.
Right to Nominate
Nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any of these rights, write to: info@carelixhealthcare.com
10 Children's Privacy
The Carelix Platform is not directed at children under 18. We do not knowingly collect personal data from minors. Parents or guardians may book services for minor patients, in which case the parent/guardian's contact details are used. If you believe we have collected data from a minor without parental consent, please contact us immediately at info@carelixhealthcare.com.
11 Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. The updated Policy will be posted on the Platform with the revised effective date. We encourage you to review this Policy regularly. Continued use of the Platform after changes are posted constitutes acceptance.
12 Grievance Officer
In accordance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, our Grievance Officer details are:
Name: Komal Gulati
Designation: Grievance Redressal Officer
Email: grievance@carelixhealthcare.com
Address: Carelix Healthcare Pvt. Ltd., Sohna Road, 141 JMD Galleria, Gurugram, Sector 48, Haryana – 122001
Response time: Within 30 days of receipt of complaint.